You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by ad...@apache.org on 2004/11/21 21:06:13 UTC
svn commit: r106110 - in geronimo/trunk/modules: assembly/src/plan connector/src/java/org/apache/geronimo/connector/outbound/security security/src/java/org/apache/geronimo/security/jaas security/src/java/org/apache/geronimo/security/realm security/src/test/org/apache/geronimo/security/jaas
Author: adc
Date: Sun Nov 21 12:06:12 2004
New Revision: 106110
Added:
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryFactory.java
Modified:
geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml
geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java
geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java
geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java
geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java
Log:
Replace the static registration with GeronimoLoginConfiguration with an IOC assignment of each security realm to the GLC
http://nagoya.apache.org/jira/browse/GERONIMO-489
Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml?view=diff&rev=106110&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r1=106109&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r2=106110
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml (original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml Sun Nov 21 12:06:12 2004
@@ -127,7 +127,12 @@
</gbean>
<!-- Register GeronimoLoginConfiguration as the LoginConfiguration handler -->
- <gbean name="geronimo.security:type=LoginConfiguration" class="org.apache.geronimo.security.jaas.GeronimoLoginConfiguration"/>
+ <gbean name="geronimo.security:type=LoginConfiguration" class="org.apache.geronimo.security.jaas.GeronimoLoginConfiguration">
+ <references name="Configurations">
+ <pattern>geronimo.security:type=SecurityRealm,*</pattern>
+ <pattern>geronimo.security:type=ConfigurationEntry,*</pattern>
+ </references>
+ </gbean>
<gbean name="geronimo.security:type=SecurityService" class="org.apache.geronimo.security.SecurityService">
<attribute name="policyConfigurationFactory" type="java.lang.String">org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory</attribute>
Modified: geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java?view=diff&rev=106110&p1=geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java&r1=106109&p2=geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java&r2=106110
==============================================================================
--- geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java (original)
+++ geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java Sun Nov 21 12:06:12 2004
@@ -17,19 +17,22 @@
package org.apache.geronimo.connector.outbound.security;
+import javax.resource.spi.ManagedConnectionFactory;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
-import javax.resource.spi.ManagedConnectionFactory;
+import org.apache.regexp.RE;
+import org.apache.geronimo.common.GeronimoSecurityException;
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
-import org.apache.geronimo.common.GeronimoSecurityException;
-import org.apache.geronimo.security.realm.SecurityRealm;
+import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.security.jaas.ConfigurationEntryFactory;
+import org.apache.geronimo.security.jaas.JaasLoginCoordinator;
import org.apache.geronimo.security.jaas.JaasLoginModuleConfiguration;
import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
-import org.apache.regexp.RE;
+import org.apache.geronimo.security.realm.SecurityRealm;
/**
*
@@ -37,16 +40,18 @@
* @version $Rev$ $Date$
*
* */
-public class PasswordCredentialRealm implements SecurityRealm, ManagedConnectionFactoryListener {
+public class PasswordCredentialRealm implements SecurityRealm, ConfigurationEntryFactory, ManagedConnectionFactoryListener {
private static final GBeanInfo GBEAN_INFO;
ManagedConnectionFactory managedConnectionFactory;
- String realmName;
+ private final Kernel kernel;
+ private final String realmName;
static final String REALM_INSTANCE = "org.apache.connector.outbound.security.PasswordCredentialRealm";
- public PasswordCredentialRealm(String realmName) {
+ public PasswordCredentialRealm(Kernel kernel, String realmName) {
+ this.kernel = kernel;
this.realmName = realmName;
}
@@ -54,10 +59,6 @@
return realmName;
}
- public void setRealmName(String realmName) {
- this.realmName = realmName;
- }
-
public Set getGroupPrincipals() throws GeronimoSecurityException {
return null;
}
@@ -100,16 +101,32 @@
return managedConnectionFactory;
}
+ public String getConfigurationName() {
+ return realmName;
+ }
+
+ public JaasLoginModuleConfiguration generateConfiguration() {
+ Map options = new HashMap();
+ options.put("realm", realmName);
+ options.put("kernel", kernel.getKernelName());
+
+ return new JaasLoginModuleConfiguration(realmName, JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true);
+ }
+
static {
GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(PasswordCredentialRealm.class);
+
infoFactory.addInterface(ManagedConnectionFactoryListener.class);
+ infoFactory.addInterface(ConfigurationEntryFactory.class);
+ infoFactory.addAttribute("kernel", Kernel.class, false);
infoFactory.addAttribute("realmName", String.class, true);
- infoFactory.setConstructor(new String[]{"realmName"});
+
+ infoFactory.setConstructor(new String[]{"kernel", "realmName"});
+
GBEAN_INFO = infoFactory.getBeanInfo();
}
public static GBeanInfo getGBeanInfo() {
return GBEAN_INFO;
}
-
}
Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryFactory.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryFactory.java?view=auto&rev=106110
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryFactory.java Sun Nov 21 12:06:12 2004
@@ -0,0 +1,45 @@
+/**
+ *
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.security.jaas;
+
+/**
+ * A factory interface used by <code>GeronimoLoginConfiguration</code> to obtain
+ * <code>JaasLoginModuleConfiguration</code>s from GBean configuration entries.
+ *
+ * @version $Rev: $ $Date: $
+ * @see GeronimoLoginConfiguration
+ * @see DirectConfigurationEntry
+ * @see ServerRealmConfigurationEntry
+ */
+public interface ConfigurationEntryFactory {
+
+ /**
+ * Used to obtain the configuration name to be associated with the generated
+ * <code>JaasLoginModuleConfiguration</code>.
+ *
+ * @return the configuration name
+ */
+ public String getConfigurationName();
+
+ /**
+ * Generate a <code>JaasLoginModuleConfiguration</code>
+ *
+ * @return a <code>JaasLoginModuleConfiguration</code>
+ */
+ public JaasLoginModuleConfiguration generateConfiguration();
+
+}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java?view=diff&rev=106110&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java&r1=106109&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java&r2=106110
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java Sun Nov 21 12:06:12 2004
@@ -18,8 +18,7 @@
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
-import org.apache.geronimo.gbean.GBeanLifecycle;
-import org.apache.geronimo.gbean.WaitingException;
+
/**
* Exposes a LoginModule directly to JAAS clients, without any particular
@@ -29,13 +28,15 @@
*
* @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
*/
-public class DirectConfigurationEntry implements GBeanLifecycle {
- private String applicationConfigName;
- private LoginModuleControlFlag controlFlag;
- private LoginModuleGBean module;
+public class DirectConfigurationEntry implements ConfigurationEntryFactory {
+ private final String applicationConfigName;
+ private final LoginModuleControlFlag controlFlag;
+ private final LoginModuleGBean module;
public DirectConfigurationEntry() {
- // just for use by GBean infrastructure
+ this.applicationConfigName = null;
+ this.controlFlag = null;
+ this.module = null;
}
public DirectConfigurationEntry(String applicationConfigName, LoginModuleControlFlag controlFlag, LoginModuleGBean module) {
@@ -44,21 +45,19 @@
this.module = module;
}
- public void doStart() throws WaitingException, Exception {
- GeronimoLoginConfiguration.register(new JaasLoginModuleConfiguration(applicationConfigName, module.getLoginModuleClass(), controlFlag, module.getOptions(), module.isServerSide()));
- }
-
- public void doStop() throws WaitingException, Exception {
- GeronimoLoginConfiguration.unRegister(applicationConfigName);
+ public String getConfigurationName() {
+ return applicationConfigName;
}
- public void doFail() {
+ public JaasLoginModuleConfiguration generateConfiguration() {
+ return new JaasLoginModuleConfiguration(applicationConfigName, module.getLoginModuleClass(), controlFlag, module.getOptions(), module.isServerSide());
}
public static final GBeanInfo GBEAN_INFO;
static {
GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(DirectConfigurationEntry.class);
+ infoFactory.addInterface(ConfigurationEntryFactory.class);
infoFactory.addAttribute("applicationConfigName", String.class, true);
infoFactory.addAttribute("controlFlag", LoginModuleControlFlag.class, true);
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java?view=diff&rev=106110&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java&r1=106109&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java&r2=106110
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java Sun Nov 21 12:06:12 2004
@@ -17,20 +17,25 @@
package org.apache.geronimo.security.jaas;
-import java.util.Hashtable;
-import java.util.Map;
-import java.util.HashMap;
-import java.util.Properties;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.Map;
+
+import org.apache.commons.logging.LogFactory;
+import org.apache.commons.logging.Log;
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
import org.apache.geronimo.gbean.GBeanLifecycle;
+import org.apache.geronimo.gbean.ReferenceCollection;
+import org.apache.geronimo.gbean.ReferenceCollectionEvent;
+import org.apache.geronimo.gbean.ReferenceCollectionListener;
import org.apache.geronimo.gbean.WaitingException;
import org.apache.geronimo.security.SecurityService;
-import org.apache.geronimo.security.realm.SecurityRealm;
-import org.apache.geronimo.kernel.Kernel;
/**
@@ -42,14 +47,33 @@
*
* @version $Rev$ $Date$
*/
-public class GeronimoLoginConfiguration extends Configuration implements GBeanLifecycle {
+public class GeronimoLoginConfiguration extends Configuration implements GBeanLifecycle, ReferenceCollectionListener {
+ private final Log log = LogFactory.getLog(GeronimoLoginConfiguration.class);
private static Map entries = new Hashtable();
private Configuration oldConfiguration;
- private static Kernel kernel; //todo: this restricts you to one Kernel per JVM
+ private Collection configurations = Collections.EMPTY_SET;
+
- public GeronimoLoginConfiguration(Kernel kernel) {
- this.kernel = kernel;
+ public Collection getConfigurations() {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) sm.checkPermission(SecurityService.CONFIGURE);
+
+ return configurations;
+ }
+
+ public void setConfigurations(Collection configurations) {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) sm.checkPermission(SecurityService.CONFIGURE);
+
+ ReferenceCollection ref = (ReferenceCollection) configurations;
+ ref.addReferenceCollectionListener(this);
+
+ this.configurations = configurations;
+
+ for (Iterator iter = configurations.iterator(); iter.hasNext();) {
+ addConfiguration((ConfigurationEntryFactory) iter.next());
+ }
}
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
@@ -57,55 +81,37 @@
if (entry == null) return null;
-// if(!entry.getOptions().containsKey("kernel")) {
-// entry.getOptions().put("kernel", kernel.getKernelName());
-// }
-
return new AppConfigurationEntry[]{entry};
}
public void refresh() {
}
- /**
- * Registers a single Geronimo LoginModule
- */
- public static void register(JaasLoginModuleConfiguration entry) {
+ public void memberAdded(ReferenceCollectionEvent event) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(SecurityService.CONFIGURE);
- if (entries.containsKey(entry.getName())) throw new java.lang.IllegalArgumentException("ConfigurationEntry already registered");
-
- entries.put(entry.getName(), getAppConfigurationEntry(entry));
- }
+ ConfigurationEntryFactory factory = (ConfigurationEntryFactory) event.getMember();
- private static AppConfigurationEntry getAppConfigurationEntry(JaasLoginModuleConfiguration config) {
- return new AppConfigurationEntry(config.getLoginModuleClassName(), config.getFlag().getFlag(), config.getOptions());
+ addConfiguration(factory);
}
- /**
- * Registers a wrapper configuration that will hit a Geronimo security
- * realm under the covers.
- */
- public static void register(SecurityRealm realm) {
+ public void memberRemoved(ReferenceCollectionEvent event) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(SecurityService.CONFIGURE);
- if (entries.containsKey(realm.getRealmName())) throw new java.lang.IllegalArgumentException("ConfigurationEntry already registered");
- Map options = new HashMap();
- options.put("realm", realm.getRealmName());
- if(kernel != null) {
- options.put("kernel", kernel.getKernelName());
- }
+ ConfigurationEntryFactory factory = (ConfigurationEntryFactory) event.getMember();
- entries.put(realm.getRealmName(), new AppConfigurationEntry("org.apache.geronimo.security.jaas.JaasLoginCoordinator", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options));
+ entries.remove(factory.getConfigurationName());
+ log.info("Removed ACE " + factory.getConfigurationName());
}
- public static void unRegister(String name) {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null) sm.checkPermission(SecurityService.CONFIGURE);
+ private final void addConfiguration(ConfigurationEntryFactory factory) {
+ JaasLoginModuleConfiguration config = factory.generateConfiguration();
+ AppConfigurationEntry ace = new AppConfigurationEntry(config.getLoginModuleClassName(), config.getFlag().getFlag(), config.getOptions());
- entries.remove(name);
+ entries.put(factory.getConfigurationName(), ace);
+ log.info("Added ACE " + factory.getConfigurationName());
}
public void doStart() throws WaitingException, Exception {
@@ -115,14 +121,17 @@
oldConfiguration = null;
}
Configuration.setConfiguration(this);
+ log.info("Installed Geronimo login configuration");
}
public void doStop() throws WaitingException, Exception {
Configuration.setConfiguration(oldConfiguration);
+ log.info("Uninstalled Geronimo login configuration");
}
public void doFail() {
Configuration.setConfiguration(oldConfiguration);
+ log.info("Uninstalled Geronimo login configuration");
}
public static GBeanInfo getGBeanInfo() {
@@ -133,8 +142,9 @@
static {
GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(GeronimoLoginConfiguration.class.getName());
- infoFactory.addAttribute("kernel", Kernel.class, false);
- infoFactory.setConstructor(new String[]{"kernel"});
+ infoFactory.addReference("Configurations", ConfigurationEntryFactory.class);
+
GBEAN_INFO = infoFactory.getBeanInfo();
}
+
}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java?view=diff&rev=106110&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java&r1=106109&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java&r2=106110
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java Sun Nov 21 12:06:12 2004
@@ -19,10 +19,9 @@
import java.util.Properties;
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
-import org.apache.geronimo.gbean.GBeanLifecycle;
-import org.apache.geronimo.gbean.WaitingException;
import org.apache.geronimo.kernel.Kernel;
+
/**
* Creates a LoginModule configuration that will connect a server-side
* component to a security realm. The same thing could be done with a
@@ -31,13 +30,15 @@
*
* @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
*/
-public class ServerRealmConfigurationEntry implements GBeanLifecycle {
- private String applicationConfigName;
- private String realmName;
- private Kernel kernel;
+public class ServerRealmConfigurationEntry implements ConfigurationEntryFactory {
+ private final String applicationConfigName;
+ private final String realmName;
+ private final Kernel kernel;
public ServerRealmConfigurationEntry() {
- // just for use by GBean infrastructure
+ this.applicationConfigName = null;
+ this.realmName = null;
+ this.kernel = null;
}
public ServerRealmConfigurationEntry(String applicationConfigName, String realmName, Kernel kernel) {
@@ -52,25 +53,23 @@
this.kernel = kernel;
}
- public void doStart() throws WaitingException, Exception {
+ public String getConfigurationName() {
+ return applicationConfigName;
+ }
+
+ public JaasLoginModuleConfiguration generateConfiguration() {
Properties options = new Properties();
options.put("realm", realmName);
options.put("kernel", kernel.getKernelName());
- JaasLoginModuleConfiguration entry = new JaasLoginModuleConfiguration(applicationConfigName, JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true);
- GeronimoLoginConfiguration.register(entry);
- }
- public void doStop() throws WaitingException, Exception {
- GeronimoLoginConfiguration.unRegister(applicationConfigName);
- }
-
- public void doFail() {
+ return new JaasLoginModuleConfiguration(applicationConfigName, JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true);
}
public static final GBeanInfo GBEAN_INFO;
static {
GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(ServerRealmConfigurationEntry.class);
+ infoFactory.addInterface(ConfigurationEntryFactory.class);
infoFactory.addAttribute("applicationConfigName", String.class, true);
infoFactory.addAttribute("realmName", String.class, true);
infoFactory.addAttribute("kernel", Kernel.class, false);
@@ -82,4 +81,5 @@
public static GBeanInfo getGBeanInfo() {
return GBEAN_INFO;
}
+
}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java?view=diff&rev=106110&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java&r1=106109&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java&r2=106110
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java Sun Nov 21 12:06:12 2004
@@ -16,6 +16,8 @@
*/
package org.apache.geronimo.security.realm;
+import javax.management.MalformedObjectNameException;
+import javax.management.ObjectName;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
@@ -24,30 +26,30 @@
import java.util.Map;
import java.util.Properties;
import java.util.Set;
-import javax.management.MalformedObjectNameException;
-import javax.management.ObjectName;
+
+import org.apache.regexp.RE;
+
import org.apache.geronimo.common.GeronimoSecurityException;
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
-import org.apache.geronimo.gbean.GBeanLifecycle;
-import org.apache.geronimo.gbean.WaitingException;
import org.apache.geronimo.kernel.Kernel;
import org.apache.geronimo.kernel.jmx.MBeanProxyFactory;
import org.apache.geronimo.security.deploy.Principal;
-import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration;
+import org.apache.geronimo.security.jaas.ConfigurationEntryFactory;
+import org.apache.geronimo.security.jaas.JaasLoginCoordinator;
import org.apache.geronimo.security.jaas.JaasLoginModuleConfiguration;
import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
import org.apache.geronimo.security.jaas.LoginModuleControlFlagEditor;
import org.apache.geronimo.security.jaas.LoginModuleGBean;
import org.apache.geronimo.system.serverinfo.ServerInfo;
-import org.apache.regexp.RE;
+
/**
* A security realm that can be configured for one or more login modules. It
* can handle a combination of client-side and server-side login modules for
* the case of remote clients, and it can auto-role-mapping for its login
* modules (though you must configure it for that).
- *
+ * <p/>
* To configure the list of LoginModules, set the loginModuleConfiguration
* to a Properties object with syntax like this:
* <pre>
@@ -59,7 +61,7 @@
* configuration. Each LoginModuleGBean has the configuration options for its
* login module, and knows whether it should run on the client side or server
* side.
- *
+ * <p/>
* This realm populates a number of special login module options for the
* benefit of Geronimo login modules (though some of them are only available to
* server-side login modules, marked as not Serializable below):
@@ -74,11 +76,12 @@
*
* @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
*/
-public class GenericSecurityRealm implements SecurityRealm, GBeanLifecycle, AutoMapAssistant {
- public final static String KERNEL_LM_OPTION="org.apache.geronimo.security.realm.GenericSecurityRealm.KERNEL";
- public final static String SERVERINFO_LM_OPTION="org.apache.geronimo.security.realm.GenericSecurityRealm.SERVERINFO";
- public final static String CLASSLOADER_LM_OPTION="org.apache.geronimo.security.realm.GenericSecurityRealm.CLASSLOADER";
- private String name;
+public class GenericSecurityRealm implements SecurityRealm, ConfigurationEntryFactory, AutoMapAssistant {
+
+ public final static String KERNEL_LM_OPTION = "org.apache.geronimo.security.realm.GenericSecurityRealm.KERNEL";
+ public final static String SERVERINFO_LM_OPTION = "org.apache.geronimo.security.realm.GenericSecurityRealm.SERVERINFO";
+ public final static String CLASSLOADER_LM_OPTION = "org.apache.geronimo.security.realm.GenericSecurityRealm.CLASSLOADER";
+ private String realmName;
private JaasLoginModuleConfiguration[] config;
private Kernel kernel;
private ServerInfo serverInfo;
@@ -87,26 +90,15 @@
private Principal defaultPrincipal;
public GenericSecurityRealm(String realmName, Kernel kernel, ServerInfo serverInfo, Properties loginModuleConfiguration, ClassLoader classLoader) throws MalformedObjectNameException {
- this.name = realmName;
+ this.realmName = realmName;
this.kernel = kernel;
this.serverInfo = serverInfo;
this.classLoader = classLoader;
processConfiguration(loginModuleConfiguration);
}
- public void doStart() throws WaitingException, Exception {
- GeronimoLoginConfiguration.register(this);
- }
-
- public void doStop() throws WaitingException, Exception {
- GeronimoLoginConfiguration.unRegister(name);
- }
-
- public void doFail() {
- }
-
public String getRealmName() {
- return name;
+ return realmName;
}
public JaasLoginModuleConfiguration[] getAppConfigurationEntries() {
@@ -138,9 +130,9 @@
}
public void setDefaultPrincipal(String code) {
- if(code != null) {
- String[] parts=code.split("=");
- if(parts.length != 2) {
+ if (code != null) {
+ String[] parts = code.split("=");
+ if (parts.length != 2) {
throw new IllegalArgumentException("Default Principal should have the form 'name=class'");
}
defaultPrincipal = new Principal();
@@ -150,7 +142,7 @@
}
public void setAutoMapPrincipalClasses(String classes) {
- if(classes != null) {
+ if (classes != null) {
autoMapPrincipals = classes.split(",");
} else {
autoMapPrincipals = new String[0];
@@ -189,33 +181,45 @@
return null; //todo
}
+ public String getConfigurationName() {
+ return realmName;
+ }
+
+ public JaasLoginModuleConfiguration generateConfiguration() {
+ Map options = new HashMap();
+ options.put("realm", realmName);
+ options.put("kernel", kernel.getKernelName());
+
+ return new JaasLoginModuleConfiguration(realmName, JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true);
+ }
+
private void processConfiguration(Properties props) throws MalformedObjectNameException {
int i = 1;
List list = new ArrayList();
LoginModuleControlFlagEditor editor = new LoginModuleControlFlagEditor();
- while(true) {
+ while (true) {
boolean found = false;
- String prefix = "LoginModule."+i+".";
+ String prefix = "LoginModule." + i + ".";
for (Enumeration en = props.propertyNames(); en.hasMoreElements();) {
String key = (String) en.nextElement();
- if(key.startsWith(prefix)) {
+ if (key.startsWith(prefix)) {
String flagName = key.substring(prefix.length()).toUpperCase();
editor.setAsText(flagName);
LoginModuleControlFlag flag = (LoginModuleControlFlag) editor.getValue();
LoginModuleGBean module = (LoginModuleGBean) MBeanProxyFactory.getProxy(LoginModuleGBean.class, kernel.getMBeanServer(), new ObjectName(props.getProperty(key)));
Map options = module.getOptions();
- if(options != null) {
+ if (options != null) {
options = new HashMap(options);
} else {
options = new HashMap();
}
- if(kernel != null && !options.containsKey(KERNEL_LM_OPTION)) {
+ if (kernel != null && !options.containsKey(KERNEL_LM_OPTION)) {
options.put(KERNEL_LM_OPTION, kernel.getKernelName());
}
- if(serverInfo != null && !options.containsKey(SERVERINFO_LM_OPTION)) {
+ if (serverInfo != null && !options.containsKey(SERVERINFO_LM_OPTION)) {
options.put(SERVERINFO_LM_OPTION, serverInfo);
}
- if(classLoader != null && !options.containsKey(CLASSLOADER_LM_OPTION)) {
+ if (classLoader != null && !options.containsKey(CLASSLOADER_LM_OPTION)) {
options.put(CLASSLOADER_LM_OPTION, classLoader);
}
JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(module.getObjectName(), module.getLoginModuleClass(), flag, options, module.isServerSide());
@@ -225,7 +229,7 @@
break;
}
}
- if(!found) {
+ if (!found) {
break;
}
}
@@ -239,6 +243,7 @@
GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(GenericSecurityRealm.class);
infoFactory.addInterface(SecurityRealm.class);
+ infoFactory.addInterface(ConfigurationEntryFactory.class);
infoFactory.addAttribute("realmName", String.class, true);
infoFactory.addAttribute("kernel", Kernel.class, false);
infoFactory.addAttribute("loginModuleConfiguration", Properties.class, true);
@@ -252,7 +257,7 @@
infoFactory.addOperation("obtainDefaultPrincipal", new Class[0]);
infoFactory.addOperation("obtainRolePrincipalClasses", new Class[0]);
- infoFactory.setConstructor(new String[]{"realmName","kernel","ServerInfo","loginModuleConfiguration","classLoader"});
+ infoFactory.setConstructor(new String[]{"realmName", "kernel", "ServerInfo", "loginModuleConfiguration", "classLoader"});
GBEAN_INFO = infoFactory.getBeanInfo();
}
@@ -260,4 +265,5 @@
public static GBeanInfo getGBeanInfo() {
return GBEAN_INFO;
}
+
}
Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java?view=diff&rev=106110&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java&r1=106109&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java&r2=106110
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java (original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java Sun Nov 21 12:06:12 2004
@@ -23,6 +23,7 @@
import java.io.File;
import java.net.URI;
import java.util.Collections;
+import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
@@ -117,6 +118,10 @@
gbean = new GBeanMBean("org.apache.geronimo.security.jaas.GeronimoLoginConfiguration");
loginConfiguration = new ObjectName("geronimo.security:type=LoginConfiguration");
+ Set configurations = new HashSet();
+ configurations.add(new ObjectName("geronimo.security:type=SecurityRealm,*"));
+ configurations.add(new ObjectName("geronimo.security:type=ConfigurationEntry,*"));
+ gbean.setReferencePatterns("Configurations", configurations);
kernel.loadGBean(loginConfiguration, gbean);
gbean = new GBeanMBean("org.apache.geronimo.security.jaas.JaasLoginService");
Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java?view=diff&rev=106110&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java&r1=106109&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java&r2=106110
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java (original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java Sun Nov 21 12:06:12 2004
@@ -23,6 +23,8 @@
import javax.security.auth.login.LoginException;
import java.util.Properties;
import java.util.Collections;
+import java.util.Set;
+import java.util.HashSet;
import org.apache.geronimo.gbean.jmx.GBeanMBean;
import org.apache.geronimo.security.AbstractTest;
@@ -56,6 +58,10 @@
GBeanMBean gbean = new GBeanMBean("org.apache.geronimo.security.jaas.GeronimoLoginConfiguration");
loginConfiguration = new ObjectName("geronimo.security:type=LoginConfiguration");
+ Set configurations = new HashSet();
+ configurations.add(new ObjectName("geronimo.security:type=SecurityRealm,*"));
+ configurations.add(new ObjectName("geronimo.security:type=ConfigurationEntry,*"));
+ gbean.setReferencePatterns("Configurations", configurations);
kernel.loadGBean(loginConfiguration, gbean);
gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java?view=diff&rev=106110&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java&r1=106109&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java&r2=106110
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java (original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java Sun Nov 21 12:06:12 2004
@@ -22,6 +22,7 @@
import javax.security.auth.login.LoginContext;
import java.io.File;
import java.util.Collections;
+import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
@@ -58,6 +59,10 @@
gbean = new GBeanMBean("org.apache.geronimo.security.jaas.GeronimoLoginConfiguration");
loginConfiguration = new ObjectName("geronimo.security:type=LoginConfiguration");
+ Set configurations = new HashSet();
+ configurations.add(new ObjectName("geronimo.security:type=SecurityRealm,*"));
+ configurations.add(new ObjectName("geronimo.security:type=ConfigurationEntry,*"));
+ gbean.setReferencePatterns("Configurations", configurations);
kernel.loadGBean(loginConfiguration, gbean);
gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java?view=diff&rev=106110&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java&r1=106109&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java&r2=106110
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java (original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java Sun Nov 21 12:06:12 2004
@@ -21,19 +21,19 @@
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import java.io.File;
+import java.net.URI;
import java.util.Collections;
+import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
-import java.net.URI;
import org.apache.geronimo.gbean.jmx.GBeanMBean;
+import org.apache.geronimo.kernel.Kernel;
import org.apache.geronimo.security.AbstractTest;
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.security.IdentificationPrincipal;
import org.apache.geronimo.security.RealmPrincipal;
-import org.apache.geronimo.security.bridge.TestLoginModule;
import org.apache.geronimo.system.serverinfo.ServerInfo;
-import org.apache.geronimo.kernel.Kernel;
/**
@@ -99,6 +99,10 @@
gbean = new GBeanMBean("org.apache.geronimo.security.jaas.GeronimoLoginConfiguration");
loginConfiguration = new ObjectName("geronimo.security:type=LoginConfiguration");
+ Set configurations = new HashSet();
+ configurations.add(new ObjectName("geronimo.security:type=SecurityRealm,*"));
+ configurations.add(new ObjectName("geronimo.security:type=ConfigurationEntry,*"));
+ gbean.setReferencePatterns("Configurations", configurations);
kernel.loadGBean(loginConfiguration, gbean);
gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");