You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2004/12/22 09:19:54 UTC
svn commit: r123061 - in geronimo/trunk/modules: assembly/src/plan axis/src/test/org/apache/geronimo/axis axis/src/test/org/apache/geronimo/axis/preconditions jetty-builder/src/java/org/apache/geronimo/jetty/deployment jetty-builder/src/test/org/apache/geronimo/jetty/deployment jetty/src/java/org/apache/geronimo/jetty jetty/src/java/org/apache/geronimo/jetty/interceptor jetty/src/test/org/apache/geronimo/jetty security-builder security-builder/src/java/org/apache/geronimo/security/deployment security/src/java/org/apache/geronimo/security security/src/java/org/apache/geronimo/security/deploy security/src/java/org/apache/geronimo/security/realm security/src/test/org/apache/geronimo/security/bridge service-builder/src/java/org/apache/geronimo/deployment/service tomcat/src/test/org/apache/geronimo/tomcat
Author: djencks
Date: Wed Dec 22 00:19:52 2004
New Revision: 123061
URL: http://svn.apache.org/viewcvs?view=rev&rev=123061
Log:
Move all role auto mapping to deploy time, and make more of it work. There are still problems: DeploymentSupport is ignored, loginDomainName is the wrong name, and handling of GSR gbeans deployed in a war is unsatisfactory. This also changes the naming convention for GSR's from realm=name to name=name
Added:
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/MapOfSets.java
Removed:
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityService.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/AutoMapAssistant.java
Modified:
geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml
geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml
geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml
geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml
geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/AbstractWebServiceTest.java
geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/preconditions/DynamicEJBDeploymentTest.java
geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java
geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
geronimo/trunk/modules/security-builder/project.xml
geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Principal.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/AbstractUserPasswordBridgeTest.java
geronimo/trunk/modules/service-builder/src/java/org/apache/geronimo/deployment/service/GBeanHelper.java
geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml?view=diff&rev=123061&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml&r1=123060&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml&r2=123061
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml (original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml Wed Dec 22 00:19:52 2004
@@ -160,10 +160,8 @@
<reference name="AppClientConfigBuilder">geronimo.deployer:role=ModuleBuilder,type=AppClient,config=org/apache/geronimo/J2EEDeployer</reference>
</gbean>
- <!--can this SecurityService actually do anything in this configuration???-->
<gbean name="geronimo.deployer:type=SecurityService" class="org.apache.geronimo.security.SecurityServiceImpl">
<attribute name="policyConfigurationFactory" type="java.lang.String">org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory</attribute>
- <reference name="Mappers">geronimo.security:type=SecurityRealm,*</reference>
</gbean>
<gbean name="geronimo.deployer:role=ModuleBuilder,type=Web,config=org/apache/geronimo/J2EEDeployer" class="org.apache.geronimo.jetty.deployment.JettyModuleBuilder">
@@ -171,7 +169,6 @@
<attribute name="defaultSessionTimeoutSeconds">1800</attribute>
<attribute name="defaultWelcomeFiles">index.html,index.htm,index.jsp</attribute>
<attribute name="jettyContainerObjectName">geronimo.server:type=WebContainer,container=Jetty</attribute>
- <reference name="SecurityService">geronimo.deployer:type=SecurityService</reference>
<attribute name="defaultServlets">geronimo.deployer:role=DefaultServlet,config=org/apache/geronimo/J2EEDeployer,*</attribute>
</gbean>
Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml?view=diff&rev=123061&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml&r1=123060&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml&r2=123061
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml (original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml Wed Dec 22 00:19:52 2004
@@ -94,7 +94,6 @@
<attribute name="defaultSessionTimeoutSeconds">1800</attribute>
<attribute name="defaultWelcomeFiles">index.html,index.htm,index.jsp</attribute>
<attribute name="jettyContainerObjectName">geronimo.server:type=WebContainer,container=Jetty</attribute>
- <reference name="SecurityService">geronimo.security:type=SecurityService</reference>
<attribute name="defaultServlets">geronimo.deployer:role=DefaultServlet,config=org/apache/geronimo/RuntimeDeployer,*</attribute>
</gbean>
Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml?view=diff&rev=123061&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml&r1=123060&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml&r2=123061
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml (original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml Wed Dec 22 00:19:52 2004
@@ -34,22 +34,22 @@
<gbean name="geronimo.security:type=LoginModule,name=demo-properties-login"
class="org.apache.geronimo.security.jaas.LoginModuleGBean">
- <attribute name="loginModuleClass" type="java.lang.String">org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</attribute>
- <attribute name="serverSide" type="boolean">true</attribute>
- <attribute name="options" type="java.util.Properties">
+ <attribute name="loginModuleClass">org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</attribute>
+ <attribute name="serverSide">true</attribute>
+ <attribute name="options">
usersURI=var/security/demo_users.properties
groupsURI=var/security/demo_groups.properties
</attribute>
- <attribute name="loginDomainName" type="java.lang.String">demo-properties-realm</attribute>
+ <attribute name="loginDomainName">demo-properties-realm</attribute>
</gbean>
- <gbean name="geronimo.security:type=SecurityRealm,realm=demo-properties-realm"
+ <gbean name="geronimo.security:type=SecurityRealm,name=demo-properties-realm"
class="org.apache.geronimo.security.realm.GenericSecurityRealm">
- <attribute name="realmName" type="java.lang.String">demo-properties-realm</attribute>
- <attribute name="loginModuleConfiguration" type="java.util.Properties">
+ <attribute name="realmName">demo-properties-realm</attribute>
+ <attribute name="loginModuleConfiguration">
LoginModule.1.REQUIRED=geronimo.security:type=LoginModule,name=demo-properties-login
</attribute>
- <attribute name="autoMapPrincipalClasses" type="java.lang.String">org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal</attribute>
+ <attribute name="autoMapPrincipalClasses">demo-properties-realm=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal</attribute>
<reference name="ServerInfo">geronimo.system:role=ServerInfo</reference>
</gbean>
Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml?view=diff&rev=123061&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r1=123060&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r2=123061
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml (original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml Wed Dec 22 00:19:52 2004
@@ -122,29 +122,29 @@
<!-- Default security realm using properties files -->
<gbean name="geronimo.security:type=LoginModule,name=properties-login"
class="org.apache.geronimo.security.jaas.LoginModuleGBean">
- <attribute name="loginModuleClass" type="java.lang.String">org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</attribute>
- <attribute name="serverSide" type="boolean">true</attribute>
- <attribute name="options" type="java.util.Properties">
+ <attribute name="loginModuleClass">org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</attribute>
+ <attribute name="serverSide">true</attribute>
+ <attribute name="options">
usersURI=var/security/users.properties
groupsURI=var/security/groups.properties
</attribute>
<attribute name="loginDomainName" type="java.lang.String">geronimo-properties-realm</attribute>
</gbean>
- <gbean name="geronimo.security:type=SecurityRealm,realm=geronimo-properties-realm"
+ <gbean name="geronimo.security:type=SecurityRealm,name=geronimo-properties-realm"
class="org.apache.geronimo.security.realm.GenericSecurityRealm">
- <attribute name="realmName" type="java.lang.String">geronimo-properties-realm</attribute>
- <attribute name="loginModuleConfiguration" type="java.util.Properties">
+ <attribute name="realmName">geronimo-properties-realm</attribute>
+ <attribute name="loginModuleConfiguration">
LoginModule.1.REQUIRED=geronimo.security:type=LoginModule,name=properties-login
</attribute>
<reference name="ServerInfo">geronimo.system:role=ServerInfo</reference>
- <attribute name="autoMapPrincipalClasses" type="java.lang.String">org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal</attribute>
+ <attribute name="autoMapPrincipalClasses">geronimo-properties-realm=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal</attribute>
</gbean>
<gbean name="geronimo.security:type=ConfigurationEntry,jaasId=JMX"
class="org.apache.geronimo.security.jaas.ServerRealmConfigurationEntry">
- <attribute name="applicationConfigName" type="java.lang.String">JMX</attribute>
- <attribute name="realmName" type="java.lang.String">geronimo-properties-realm</attribute>
+ <attribute name="applicationConfigName">JMX</attribute>
+ <attribute name="realmName">geronimo-properties-realm</attribute>
</gbean>
<!-- Register GeronimoLoginConfiguration as the LoginConfiguration handler -->
@@ -156,51 +156,50 @@
</gbean>
<gbean name="geronimo.security:type=SecurityService" class="org.apache.geronimo.security.SecurityServiceImpl">
- <attribute name="policyConfigurationFactory" type="java.lang.String">org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory</attribute>
- <reference name="Mappers">geronimo.security:type=SecurityRealm,*</reference>
+ <attribute name="policyConfigurationFactory">org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory</attribute>
</gbean>
<gbean name="geronimo.security:type=JaasLoginService" class="org.apache.geronimo.security.jaas.JaasLoginService">
<reference name="Realms">geronimo.security:type=SecurityRealm,*</reference>
<!-- <attribute name="reclaimPeriod" type="long">100000</attribute>-->
- <attribute name="algorithm" type="java.lang.String">HmacSHA1</attribute>
- <attribute name="password" type="java.lang.String">secret</attribute>
+ <attribute name="algorithm">HmacSHA1</attribute>
+ <attribute name="password">secret</attribute>
</gbean>
<gbean name="geronimo.server:type=ThreadPool,name=DefaultThreadPool" class="org.apache.geronimo.pool.ThreadPool">
- <attribute name="keepAliveTime" type="long">5000</attribute>
- <attribute name="poolSize" type="int">10</attribute>
- <attribute name="poolName" type="java.lang.String">DefaultThreadPool</attribute>
+ <attribute name="keepAliveTime">5000</attribute>
+ <attribute name="poolSize">10</attribute>
+ <attribute name="poolName">DefaultThreadPool</attribute>
</gbean>
<gbean name="geronimo.server:type=ConnectionTracker" class="org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator">
</gbean>
<gbean name="geronimo.server:J2EEServer=geronimo,j2eeType=JCAWorkManager,name=DefaultWorkManager" class="org.apache.geronimo.connector.work.GeronimoWorkManager">
- <attribute name="syncMaximumPoolSize" type="int">10</attribute>
- <attribute name="startMaximumPoolSize" type="int">10</attribute>
- <attribute name="scheduledMaximumPoolSize" type="int">10</attribute>
+ <attribute name="syncMaximumPoolSize">10</attribute>
+ <attribute name="startMaximumPoolSize">10</attribute>
+ <attribute name="scheduledMaximumPoolSize">10</attribute>
<reference name="TransactionContextManager">geronimo.server:type=TransactionContextManager</reference>
</gbean>
<gbean name="geronimo.server:type=HOWLTransactionLog" class="org.apache.geronimo.transaction.log.HOWLLog">
- <attribute name="bufferClassName" type="java.lang.String">org.objectweb.howl.log.BlockLogBuffer</attribute>
- <attribute name="bufferSizeKBytes" type="int">32</attribute>
- <attribute name="checksumEnabled" type="boolean">true</attribute>
- <attribute name="flushSleepTimeMilliseconds" type="int">50</attribute>
- <attribute name="logFileDir" type="java.lang.String">var/txlog</attribute>
- <attribute name="logFileExt" type="java.lang.String">log</attribute>
- <attribute name="logFileName" type="java.lang.String">howl</attribute>
- <attribute name="maxBlocksPerFile" type="int">-1</attribute>
- <attribute name="maxBuffers" type="int">0</attribute>
- <attribute name="maxLogFiles" type="int">2</attribute>
- <attribute name="minBuffers" type="int">4</attribute>
- <attribute name="threadsWaitingForceThreshold" type="int">-1</attribute>
+ <attribute name="bufferClassName">org.objectweb.howl.log.BlockLogBuffer</attribute>
+ <attribute name="bufferSizeKBytes">32</attribute>
+ <attribute name="checksumEnabled">true</attribute>
+ <attribute name="flushSleepTimeMilliseconds">50</attribute>
+ <attribute name="logFileDir">var/txlog</attribute>
+ <attribute name="logFileExt">log</attribute>
+ <attribute name="logFileName">howl</attribute>
+ <attribute name="maxBlocksPerFile">-1</attribute>
+ <attribute name="maxBuffers">0</attribute>
+ <attribute name="maxLogFiles">2</attribute>
+ <attribute name="minBuffers">4</attribute>
+ <attribute name="threadsWaitingForceThreshold">-1</attribute>
<reference name="serverInfo">geronimo.system:role=ServerInfo</reference>
</gbean>
<gbean name="geronimo.server:type=TransactionManager" class="org.apache.geronimo.transaction.manager.TransactionManagerImpl">
- <attribute name="defaultTransactionTimeoutSeconds" type="int">300</attribute>
+ <attribute name="defaultTransactionTimeoutSeconds">300</attribute>
<reference name="TransactionLog">geronimo.server:type=HOWLTransactionLog</reference>
<references name="ResourceManagers">
<pattern>geronimo.server:j2eeType=JCAManagedConnectionFactory,*</pattern>
@@ -225,7 +224,7 @@
</gbean>
<gbean name="geronimo.server:type=WebConnector,container=Jetty,port=8080" class="org.apache.geronimo.jetty.connector.HTTPConnector">
- <attribute name="port" type="int">8080</attribute>
+ <attribute name="port">8080</attribute>
<reference name="JettyContainer">geronimo.server:type=WebContainer,container=Jetty</reference>
<!-- <attribute name="MaxConnections" type="int">10</attribute>-->
<!-- <attribute name="MaxIdleTime" type="int">10</attribute>-->
@@ -243,13 +242,13 @@
<!-- EJB Protocol -->
<gbean name="openejb:type=SocketService,name=EJB" class="org.openejb.server.SimpleSocketService">
- <attribute name="serviceClassName" type="java.lang.String">org.openejb.server.ejbd.EjbServer</attribute>
- <attribute name="onlyFrom" type="java.net.InetAddress[]">127.0.0.1</attribute>
+ <attribute name="serviceClassName">org.openejb.server.ejbd.EjbServer</attribute>
+ <attribute name="onlyFrom">127.0.0.1</attribute>
<reference name="ContainerIndex">openejb:type=ContainerIndex</reference>
</gbean>
<gbean name="openejb:type=ServiceDaemon,name=EJB" class="org.openejb.server.ServiceDaemon">
- <attribute name="port" type="int">4201</attribute>
- <attribute name="inetAddress" type="java.net.InetAddress">127.0.0.1</attribute>
+ <attribute name="port">4201</attribute>
+ <attribute name="inetAddress">127.0.0.1</attribute>
<reference name="SocketService">openejb:type=SocketService,name=EJB</reference>
</gbean>
@@ -262,8 +261,8 @@
<!-- JMX Remoting -->
<gbean name="geronimo.server:role=JMXService,name=localhost" class="org.apache.geronimo.jmxremoting.JMXConnector">
- <attribute name="URL" type="java.lang.String">service:jmx:rmi://localhost/jndi/rmi:/JMXConnector</attribute>
- <attribute name="applicationConfigName" type="java.lang.String">JMX</attribute>
+ <attribute name="URL">service:jmx:rmi://localhost/jndi/rmi:/JMXConnector</attribute>
+ <attribute name="applicationConfigName">JMX</attribute>
</gbean>
</configuration>
Modified: geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/AbstractWebServiceTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/AbstractWebServiceTest.java?view=diff&rev=123061&p1=geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/AbstractWebServiceTest.java&r1=123060&p2=geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/AbstractWebServiceTest.java&r2=123061
==============================================================================
--- geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/AbstractWebServiceTest.java (original)
+++ geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/AbstractWebServiceTest.java Wed Dec 22 00:19:52 2004
@@ -127,7 +127,7 @@
//
// kernel.loadGBean(AxisGeronimoConstants.EAR_CONF_BUILDER_NAME,moduleBuilder);
//
- OpenEJBModuleBuilder moduleBuilder = new OpenEJBModuleBuilder(null, defaultParentId, null);
+ OpenEJBModuleBuilder moduleBuilder = new OpenEJBModuleBuilder(defaultParentId, null, kernel);
EARConfigBuilder earConfigBuilder =
new EARConfigBuilder(defaultParentId,
Modified: geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/preconditions/DynamicEJBDeploymentTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/preconditions/DynamicEJBDeploymentTest.java?view=diff&rev=123061&p1=geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/preconditions/DynamicEJBDeploymentTest.java&r1=123060&p2=geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/preconditions/DynamicEJBDeploymentTest.java&r2=123061
==============================================================================
--- geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/preconditions/DynamicEJBDeploymentTest.java (original)
+++ geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/preconditions/DynamicEJBDeploymentTest.java Wed Dec 22 00:19:52 2004
@@ -72,7 +72,7 @@
File jarFile = new File(outDir , "echo-jar/echo-ewsimpl.jar");
URI defaultParentId = new URI("org/apache/geronimo/Server");
- OpenEJBModuleBuilder moduleBuilder = new OpenEJBModuleBuilder(null, defaultParentId, null);
+ OpenEJBModuleBuilder moduleBuilder = new OpenEJBModuleBuilder(defaultParentId, null, kernel);
EARConfigBuilder earConfigBuilder =
Modified: geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java?view=diff&rev=123061&p1=geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r1=123060&p2=geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r2=123061
==============================================================================
--- geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java (original)
+++ geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java Wed Dec 22 00:19:52 2004
@@ -69,11 +69,10 @@
import org.apache.geronimo.naming.deployment.GBeanResourceEnvironmentBuilder;
import org.apache.geronimo.naming.java.ReadOnlyContext;
import org.apache.geronimo.schema.SchemaConversionUtils;
-import org.apache.geronimo.security.SecurityService;
import org.apache.geronimo.security.deploy.Security;
-import org.apache.geronimo.security.deploy.AutoMapAssistant;
import org.apache.geronimo.security.deployment.SecurityBuilder;
import org.apache.geronimo.security.util.URLPattern;
+import org.apache.geronimo.security.realm.GenericSecurityRealm;
import org.apache.geronimo.transaction.OnlineUserTransaction;
import org.apache.geronimo.xbeans.geronimo.jetty.JettyDependencyType;
import org.apache.geronimo.xbeans.geronimo.jetty.JettyGbeanType;
@@ -121,7 +120,6 @@
private final ObjectName defaultServlets;
private final ObjectName defaultFilters;
private final ObjectName defaultFilterMappings;
- private final SecurityService securityService;
private final List defaultWelcomeFiles;
private final Integer defaultSessionTimeoutSeconds;
@@ -135,12 +133,10 @@
ObjectName defaultServlets,
ObjectName defaultFilters,
ObjectName defaultFilterMappings,
- SecurityService securityService,
Kernel kernel) {
this.defaultParentId = defaultParentId;
this.defaultSessionTimeoutSeconds = (defaultSessionTimeoutSeconds == null) ? new Integer(30 * 60) : defaultSessionTimeoutSeconds;
this.jettyContainerObjectName = jettyContainerObjectName;
- this.securityService = securityService;
this.defaultServlets = defaultServlets;
this.defaultFilters = defaultFilters;
this.defaultFilterMappings = defaultFilterMappings;
@@ -349,11 +345,16 @@
contextPriorityClassLoader = Boolean.valueOf(jettyWebApp.getContextPriorityClassloader()).booleanValue();
}
ClassLoader webClassLoader = new JettyClassLoader(webClassPathURLs, cl, contextPriorityClassLoader);
-
+ Map localSecurityRealms = new HashMap();
if (jettyWebApp != null) {
JettyGbeanType[] gbeans = jettyWebApp.getGbeanArray();
for (int i = 0; i < gbeans.length; i++) {
- GBeanHelper.addGbean(new JettyGBeanAdapter(gbeans[i]), webClassLoader, earContext);
+ GBeanData gBeanData = GBeanHelper.getGBeanData(new JettyGBeanAdapter(gbeans[i]), webClassLoader);
+ earContext.addGBean(gBeanData);
+ String className = gBeanData.getGBeanInfo().getClassName();
+ if (GenericSecurityRealm.class.getName().equals(className)) {
+ localSecurityRealms.put(gBeanData.getAttribute("realmName"), gBeanData);
+ }
}
}
@@ -369,27 +370,16 @@
GBeanData webModuleData = new GBeanData(webModuleName, JettyWebAppContext.GBEAN_INFO);
try {
- Set securityRoles = new HashSet();
+ Set securityRoles = collectRoleNames(webApp);
if (jettyWebApp.isSetLoginDomainName()) {
- Security security = SecurityBuilder.buildSecurityConfig(jettyWebApp.getSecurity(), collectRoleNames(webApp));
- security.autoGenerate(securityService);
- webModuleData.setAttribute("loginDomainName", jettyWebApp.getLoginDomainName().trim());
+ String loginDomainName = jettyWebApp.getLoginDomainName().trim();
+ Security security = SecurityBuilder.buildSecurityConfig(Collections.singleton(loginDomainName), jettyWebApp.getSecurity(), securityRoles, localSecurityRealms, kernel);
+ webModuleData.setAttribute("loginDomainName", loginDomainName);
webModuleData.setAttribute("securityConfig", security);
String policyContextID = webModuleName.getCanonicalName();
webModuleData.setAttribute("policyContextID", policyContextID);
buildSpecSecurityConfig(webApp, webModuleData, securityRoles);
- AutoMapAssistant assistant = security.getAssistant();
- if (assistant != null) {
- String realmName = assistant.getSecurityRealm();
- ObjectName securityRealmName = null;
- try {
- securityRealmName = NameFactory.getSecurityRealmName(realmName);
- } catch (MalformedObjectNameException e) {
- throw new DeploymentException("Could not construct security realm name", e);
- }
- webModuleData.setReferencePattern("SecurityRealm", securityRealmName);
- }
}
webModuleData.setAttribute("uri", URI.create(module.getTargetPath() + "/"));
@@ -762,11 +752,6 @@
Set allSet = new HashSet(); // == allMap.values()
Map allMap = new HashMap(); //uncheckedPatterns union excludedPatterns union rolesPatterns.
- SecurityRoleType[] securityRoleArray = webApp.getSecurityRoleArray();
- for (int i = 0; i < securityRoleArray.length; i++) {
- SecurityRoleType securityRoleType = securityRoleArray[i];
- securityRoles.add(securityRoleType.getRoleName().getStringValue().trim());
- }
webModuleData.setAttribute("securityRoles", securityRoles);
SecurityConstraintType[] securityConstraintArray = webApp.getSecurityConstraintArray();
@@ -942,7 +927,7 @@
SecurityRoleType[] securityRoles = webApp.getSecurityRoleArray();
for (int i = 0; i < securityRoles.length; i++) {
- roleNames.add(securityRoles[i].getRoleName().getStringValue());
+ roleNames.add(securityRoles[i].getRoleName().getStringValue().trim());
}
return roleNames;
@@ -1067,7 +1052,6 @@
infoBuilder.addAttribute("defaultServlets", ObjectName.class, true);
infoBuilder.addAttribute("defaultFilters", ObjectName.class, true);
infoBuilder.addAttribute("defaultFilterMappings", ObjectName.class, true);
- infoBuilder.addReference("SecurityService", SecurityService.class);
infoBuilder.addAttribute("kernel", Kernel.class, false);
infoBuilder.addInterface(ModuleBuilder.class);
@@ -1079,7 +1063,6 @@
"defaultServlets",
"defaultFilters",
"defaultFilterMappings",
- "SecurityService",
"kernel"});
GBEAN_INFO = infoBuilder.getBeanInfo();
}
Modified: geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java?view=diff&rev=123061&p1=geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java&r1=123060&p2=geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java&r2=123061
==============================================================================
--- geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java (original)
+++ geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java Wed Dec 22 00:19:52 2004
@@ -184,9 +184,10 @@
kernel = new Kernel("test.kernel");
kernel.boot();
ObjectName defaultServlets = ObjectName.getInstance("test:name=test,type=none,*");
- SecurityServiceImpl securityService = new SecurityServiceImpl("org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory", null);
+ //install the policy configuration factory
+ SecurityServiceImpl securityService = new SecurityServiceImpl("org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory");
- builder = new JettyModuleBuilder(new URI("null"), new Integer(1800), Collections.EMPTY_LIST, containerName, defaultServlets, null, null, securityService, kernel);
+ builder = new JettyModuleBuilder(new URI("null"), new Integer(1800), Collections.EMPTY_LIST, containerName, defaultServlets, null, null, kernel);
container = new GBeanData(containerName, JettyContainerImpl.GBEAN_INFO);
Modified: geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java?view=diff&rev=123061&p1=geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java&r1=123060&p2=geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java&r2=123061
==============================================================================
--- geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java (original)
+++ geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java Wed Dec 22 00:19:52 2004
@@ -14,7 +14,7 @@
*/
public class PlanParsingTest extends TestCase {
ObjectName jettyContainerObjectName = JMXUtil.getObjectName("test:type=JettyContainer");
- private JettyModuleBuilder builder = new JettyModuleBuilder(null, new Integer(1800), null, jettyContainerObjectName, null, null, null, null, null);
+ private JettyModuleBuilder builder = new JettyModuleBuilder(null, new Integer(1800), null, jettyContainerObjectName, null, null, null, null);
private File basedir = new File(System.getProperty("basedir", "."));
public void testResourceRef() throws Exception {
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java?view=diff&rev=123061&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java&r1=123060&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java&r2=123061
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java Wed Dec 22 00:19:52 2004
@@ -125,8 +125,7 @@
TransactionContextManager transactionContextManager,
TrackedConnectionAssociator trackedConnectionAssociator,
- JettyContainer jettyContainer,
- AutoMapAssistant assistant) throws Exception, IllegalAccessException, InstantiationException, ClassNotFoundException {
+ JettyContainer jettyContainer) throws Exception, IllegalAccessException, InstantiationException, ClassNotFoundException {
assert uri != null;
assert componentContext != null;
@@ -185,7 +184,7 @@
//set the JAASJettyRealm as our realm.
JAASJettyRealm realm = new JAASJettyRealm(realmName, loginDomainName);
setRealm(realm);
- this.securityInterceptor = new SecurityContextBeforeAfter(interceptor, index++, index++, policyContextID, securityConfig, loginDomainName, assistant, authenticator, securityRoles, uncheckedPermissions, excludedPermissions, rolePermissions, realm);
+ this.securityInterceptor = new SecurityContextBeforeAfter(interceptor, index++, index++, policyContextID, securityConfig, loginDomainName, authenticator, securityRoles, uncheckedPermissions, excludedPermissions, rolePermissions, realm);
interceptor = securityInterceptor;
} else {
securityInterceptor = null;
@@ -412,8 +411,6 @@
infoBuilder.addAttribute("excludedPermissions", PermissionCollection.class, true);
infoBuilder.addAttribute("rolePermissions", Map.class, true);
- infoBuilder.addReference("SecurityRealm", AutoMapAssistant.class);
-
infoBuilder.setConstructor(new String[]{
"uri",
"componentContext",
@@ -449,8 +446,7 @@
"TransactionContextManager",
"TrackedConnectionAssociator",
- "JettyContainer",
- "SecurityRealm",
+ "JettyContainer"
});
GBEAN_INFO = infoBuilder.getBeanInfo();
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java?view=diff&rev=123061&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java&r1=123060&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java&r2=123061
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java Wed Dec 22 00:19:52 2004
@@ -49,7 +49,6 @@
import org.apache.geronimo.security.deploy.Role;
import org.apache.geronimo.security.deploy.Security;
import org.apache.geronimo.security.jacc.RoleMappingConfiguration;
-import org.apache.geronimo.security.realm.AutoMapAssistant;
import org.apache.geronimo.security.util.ConfigurationUtil;
import org.mortbay.http.Authenticator;
import org.mortbay.http.HttpException;
@@ -89,7 +88,6 @@
String policyContextID,
Security securityConfig,
String loginDomainName,
- AutoMapAssistant assistant,
Authenticator authenticator,
Set securityRoles,
PermissionCollection uncheckedPermissions,
@@ -101,7 +99,7 @@
this.webAppContextIndex = webAppContextIndex;
this.policyContextID = policyContextID;
- this.defaultPrincipal = generateDefaultPrincipal(securityConfig, loginDomainName, assistant);
+ this.defaultPrincipal = generateDefaultPrincipal(securityConfig, loginDomainName);
if (authenticator instanceof FormAuthenticator) {
String formLoginPath = ((FormAuthenticator) authenticator).getLoginPage();
@@ -333,24 +331,13 @@
* @param loginDomainName
* @return the default principal
*/
- protected JAASJettyPrincipal generateDefaultPrincipal(Security securityConfig, String loginDomainName, AutoMapAssistant assistant) throws GeronimoSecurityException {
+ protected JAASJettyPrincipal generateDefaultPrincipal(Security securityConfig, String loginDomainName) throws GeronimoSecurityException {
DefaultPrincipal defaultPrincipal = securityConfig.getDefaultPrincipal();
if (defaultPrincipal == null) {
- if (assistant != null) {
- org.apache.geronimo.security.deploy.Principal principal = assistant.obtainDefaultPrincipal();
- defaultPrincipal = new DefaultPrincipal();
- defaultPrincipal.setPrincipal(principal);
- defaultPrincipal.setRealmName(assistant.getRealmName());
- }
-
+ throw new GeronimoSecurityException("Unable to generate default principal");
}
- if (defaultPrincipal == null) throw new GeronimoSecurityException("Unable to generate default principal");
-
- return generateDefaultPrincipal(securityConfig, defaultPrincipal, loginDomainName);
- }
-
- protected JAASJettyPrincipal generateDefaultPrincipal(Security securityConfig, DefaultPrincipal defaultPrincipal, String loginDomainName) throws GeronimoSecurityException {
+
JAASJettyPrincipal result = new JAASJettyPrincipal("default");
Subject defaultSubject = new Subject();
Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?view=diff&rev=123061&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r1=123060&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r2=123061
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java (original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Wed Dec 22 00:19:52 2004
@@ -39,6 +39,8 @@
import org.apache.geronimo.kernel.management.State;
import org.apache.geronimo.security.SecurityServiceImpl;
import org.apache.geronimo.security.deploy.Security;
+import org.apache.geronimo.security.deploy.MapOfSets;
+import org.apache.geronimo.security.deploy.Principal;
import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration;
import org.apache.geronimo.security.jaas.JaasLoginService;
import org.apache.geronimo.security.jaas.LoginModuleGBean;
@@ -76,10 +78,11 @@
private GBeanData loginServiceGBean;
protected GBeanData propertiesLMGBean;
protected ObjectName propertiesLMName;
- private ObjectName propertiesRealmName;
+ protected ObjectName propertiesRealmName;
private GBeanData propertiesRealmGBean;
private ObjectName serverInfoName;
private GBeanData serverInfoGBean;
+ protected final static String securityRealmName = "demo-properties-realm";
public void testDummy() throws Exception {
}
@@ -151,7 +154,6 @@
app.setReferencePattern("TransactionContextManager", tcmName);
app.setReferencePattern("TrackedConnectionAssociator", ctcName);
app.setReferencePattern("JettyContainer", containerName);
- app.setReferencePattern("SecurityRealm", propertiesRealmName);
app.setAttribute("contextPath", "/test");
@@ -169,12 +171,11 @@
securityServiceName = new ObjectName("geronimo.security:type=SecurityService");
securityServiceGBean = new GBeanData(securityServiceName, SecurityServiceImpl.GBEAN_INFO);
- securityServiceGBean.setReferencePatterns("Mappers", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*")));
securityServiceGBean.setAttribute("policyConfigurationFactory", "org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory");
loginServiceName = new ObjectName("geronimo.security:type=JaasLoginService");
loginServiceGBean = new GBeanData(loginServiceName, JaasLoginService.GBEAN_INFO);
- loginServiceGBean.setReferencePatterns("Realms", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*")));
+ loginServiceGBean.setReferencePattern("Realms", new ObjectName("geronimo.security:type=SecurityRealm,*"));
// loginServiceGBean.setAttribute("reclaimPeriod", new Long(1000 * 1000));
loginServiceGBean.setAttribute("algorithm", "HmacSHA1");
loginServiceGBean.setAttribute("password", "secret");
@@ -195,13 +196,17 @@
propertiesRealmName = new ObjectName("geronimo.security:type=SecurityRealm,realm=demo-properties-realm");
propertiesRealmGBean = new GBeanData(propertiesRealmName, GenericSecurityRealm.GBEAN_INFO);
- propertiesRealmGBean.setReferencePatterns("ServerInfo", Collections.singleton(serverInfoName));
+ propertiesRealmGBean.setReferencePattern("ServerInfo", serverInfoName);
propertiesRealmGBean.setAttribute("realmName", "demo-properties-realm");
Properties config = new Properties();
config.setProperty("LoginModule.1.REQUIRED", propertiesLMName.getCanonicalName());
propertiesRealmGBean.setAttribute("loginModuleConfiguration", config);
-// propertiesRealmGBean.setAttribute("autoMapPrincipalClasses", "org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal");
- propertiesRealmGBean.setAttribute("defaultPrincipal", "metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
+ MapOfSets.MapOfSetsEditor mapEditor = new MapOfSets.MapOfSetsEditor();
+ mapEditor.setAsText(securityRealmName + "=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
+ propertiesRealmGBean.setAttribute("autoMapPrincipalClasses", mapEditor.getValue());
+ Principal.PrincipalEditor principalEditor = new Principal.PrincipalEditor();
+ principalEditor.setAsText("metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
+ propertiesRealmGBean.setAttribute("defaultPrincipal", principalEditor.getValue());
start(loginConfigurationGBean);
start(securityServiceGBean);
Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java?view=diff&rev=123061&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r1=123060&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r2=123061
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java (original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Wed Dec 22 00:19:52 2004
@@ -24,6 +24,7 @@
import java.net.URL;
import java.security.PermissionCollection;
import java.security.Permissions;
+import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@@ -31,8 +32,6 @@
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebUserDataPermission;
-import org.apache.geronimo.security.SecurityService;
-import org.apache.geronimo.security.deploy.AutoMapAssistant;
import org.apache.geronimo.security.deploy.DefaultPrincipal;
import org.apache.geronimo.security.deploy.Principal;
import org.apache.geronimo.security.deploy.Realm;
@@ -47,6 +46,8 @@
*/
public class SecurityTest extends AbstractWebModuleTest {
+ private final static Set autoMapPrincipalClasses = Collections.singleton("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
+
/**
* Test the explicit map feature. Only Alan should be able to log in.
*
@@ -170,19 +171,17 @@
Security securityConfig = new Security();
securityConfig.setUseContextHandler(false);
- AutoMapAssistant assistant = new AutoMapAssistant();
- assistant.setSecurityRealm("demo-properties-realm");
- securityConfig.setAssistant(assistant);
-
securityConfig.getRoleNames().add("content-administrator");
securityConfig.getRoleNames().add("auto-administrator");
- SecurityService securityService = (SecurityService) kernel.getProxyManager().createProxy(securityServiceName, SecurityService.class);
- try {
- securityConfig.autoGenerate(securityService);
- } finally {
- kernel.getProxyManager().destroyProxy(securityService);
- }
+ securityConfig.autoGenerate(securityRealmName, securityRealmName, autoMapPrincipalClasses);
+
+ //cribbed from SecurityBuilder
+ Principal principal = (Principal) kernel.getAttribute(propertiesRealmName, "defaultPrincipal");
+ DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
+ defaultPrincipal.setPrincipal(principal);
+ defaultPrincipal.setRealmName(securityRealmName);
+ securityConfig.setDefaultPrincipal(defaultPrincipal);
PermissionCollection uncheckedPermissions = new Permissions();
@@ -278,22 +277,13 @@
Security securityConfig = new Security();
securityConfig.setUseContextHandler(false);
- AutoMapAssistant assistant = new AutoMapAssistant();
- assistant.setSecurityRealm("demo-properties-realm");
- securityConfig.setAssistant(assistant);
-
securityConfig.getRoleNames().add("content-administrator");
securityConfig.getRoleNames().add("auto-administrator");
- SecurityService securityService = (SecurityService) kernel.getProxyManager().createProxy(securityServiceName, SecurityService.class);
- try {
- securityConfig.autoGenerate(securityService);
- } finally {
- kernel.getProxyManager().destroyProxy(securityService);
- }
+ securityConfig.autoGenerate(securityRealmName, securityRealmName, autoMapPrincipalClasses);
DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
- defaultPrincipal.setRealmName("demo-properties-realm");
+ defaultPrincipal.setRealmName(securityRealmName);
Principal principal = new Principal();
principal.setClassName("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
principal.setPrincipalName("izumi");
Modified: geronimo/trunk/modules/security-builder/project.xml
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security-builder/project.xml?view=diff&rev=123061&p1=geronimo/trunk/modules/security-builder/project.xml&r1=123060&p2=geronimo/trunk/modules/security-builder/project.xml&r2=123061
==============================================================================
--- geronimo/trunk/modules/security-builder/project.xml (original)
+++ geronimo/trunk/modules/security-builder/project.xml Wed Dec 22 00:19:52 2004
@@ -71,6 +71,30 @@
</properties>
</dependency>
+ <dependency>
+ <groupId>geronimo</groupId>
+ <artifactId>geronimo-common</artifactId>
+ <version>${pom.currentVersion}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>geronimo</groupId>
+ <artifactId>geronimo-j2ee</artifactId>
+ <version>${pom.currentVersion}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>geronimo</groupId>
+ <artifactId>geronimo-kernel</artifactId>
+ <version>${pom.currentVersion}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>mx4j</groupId>
+ <artifactId>mx4j</artifactId>
+ <version>${mx4j_version}</version>
+ </dependency>
+
</dependencies>
Modified: geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java?view=diff&rev=123061&p1=geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java&r1=123060&p2=geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java&r2=123061
==============================================================================
--- geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java (original)
+++ geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java Wed Dec 22 00:19:52 2004
@@ -16,9 +16,19 @@
*/
package org.apache.geronimo.security.deployment;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
import java.util.Set;
+import javax.management.MalformedObjectNameException;
+import javax.management.ObjectName;
-import org.apache.geronimo.security.deploy.AutoMapAssistant;
+import org.apache.geronimo.common.DeploymentException;
+import org.apache.geronimo.gbean.GBeanData;
+import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.kernel.GBeanNotFoundException;
+import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.kernel.NoSuchAttributeException;
import org.apache.geronimo.security.deploy.DefaultPrincipal;
import org.apache.geronimo.security.deploy.Principal;
import org.apache.geronimo.security.deploy.Realm;
@@ -39,66 +49,135 @@
*/
public class SecurityBuilder {
- public static Security buildSecurityConfig(GerSecurityType securityType, Set roleNames) {
+ public static Security buildSecurityConfig(Set loginDomainNames, GerSecurityType securityType, Set roleNames, Map localSecurityRealms, Kernel kernel) throws MalformedObjectNameException, DeploymentException {
Security security = null;
- if (securityType != null) {
- security = new Security();
+ if (securityType == null) {
+ return null;
+ }
+ security = new Security();
- security.setDoAsCurrentCaller(securityType.getDoasCurrentCaller());
- security.setUseContextHandler(securityType.getUseContextHandler());
- security.setDefaultRole(securityType.getDefaultRole());
+ security.setDoAsCurrentCaller(securityType.getDoasCurrentCaller());
+ security.setUseContextHandler(securityType.getUseContextHandler());
+ if (securityType.isSetDefaultRole()) {
+ security.setDefaultRole(securityType.getDefaultRole().trim());
+ }
- GerDefaultPrincipalType defaultPrincipalType = securityType.getDefaultPrincipal();
- DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
+ GerRoleMappingsType roleMappingsType = securityType.getRoleMappings();
+ Set allRealms = new HashSet();
+ if (roleMappingsType != null) {
+ for (int i = 0; i < roleMappingsType.sizeOfRoleArray(); i++) {
+ GerRoleType roleType = roleMappingsType.getRoleArray(i);
+ Role role = new Role();
+
+ String roleName = roleType.getRoleName().trim();
+ role.setRoleName(roleName);
+
+ for (int j = 0; j < roleType.sizeOfRealmArray(); j++) {
+ GerRealmType realmType = roleType.getRealmArray(j);
+ String realmName = realmType.getRealmName().trim();
+ allRealms.add(realmName);
+ Realm realm = new Realm();
- defaultPrincipal.setRealmName(defaultPrincipalType.getRealmName());
- defaultPrincipal.setPrincipal(buildPrincipal(defaultPrincipalType.getPrincipal()));
+ realm.setRealmName(realmName);
- security.setDefaultPrincipal(defaultPrincipal);
+ for (int k = 0; k < realmType.sizeOfPrincipalArray(); k++) {
+ realm.getPrincipals().add(buildPrincipal(realmType.getPrincipalArray(k)));
+ }
- GerRoleMappingsType roleMappingsType = securityType.getRoleMappings();
- if (roleMappingsType != null) {
- for (int i = 0; i < roleMappingsType.sizeOfRoleArray(); i++) {
- GerRoleType roleType = roleMappingsType.getRoleArray(i);
- Role role = new Role();
+ role.getRealms().put(realmName, realm);
+ }
- role.setRoleName(roleType.getRoleName());
+ security.getRoleMappings().put(roleName, role);
+ }
+ }
- for (int j = 0; j < roleType.sizeOfRealmArray(); j++) {
- GerRealmType realmType = roleType.getRealmArray(j);
- Realm realm = new Realm();
+ GerAutoMapRolesType autoMapRolesType = securityType.getAutoMapRoles();
+ String autoMapRealmName = null;
+ Set autoMapClassOverrides = null;
+ if (autoMapRolesType != null) {
+
+ autoMapRealmName = autoMapRolesType.getSecurityRealm().trim();
+
+ GerClassOverrideType[] classOverrideArray = autoMapRolesType.getClassOverrideArray();
+ if (classOverrideArray.length > 0) {
+ autoMapClassOverrides = new HashSet();
+ }
+ for (int i = 0; i < classOverrideArray.length; i++) {
+ autoMapClassOverrides.add(classOverrideArray[i].getClass1().trim());
+ }
- realm.setRealmName(realmType.getRealmName());
+ }
- for (int k = 0; k < realmType.sizeOfPrincipalArray(); k++) {
- realm.getPrincipals().add(buildPrincipal(realmType.getPrincipalArray(k)));
- }
+ security.getRoleNames().addAll(roleNames);
- role.getRealms().put(realm.getRealmName(), realm);
- }
+ DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
+ if (securityType.isSetDefaultPrincipal()) {
+ GerDefaultPrincipalType defaultPrincipalType = securityType.getDefaultPrincipal();
+
+ defaultPrincipal.setRealmName(defaultPrincipalType.getRealmName().trim());
+ defaultPrincipal.setPrincipal(buildPrincipal(defaultPrincipalType.getPrincipal()));
- security.getRoleMappings().put(role.getRoleName(), role);
+ } else {
+ if (autoMapRealmName == null) {
+ throw new DeploymentException("No default principal configured, and no automap realm specific for default principal source");
+ }
+ Principal principal;
+ GBeanData realmData = (GBeanData) localSecurityRealms.get(autoMapRealmName);
+ if (realmData != null) {
+ principal = (Principal) realmData.getAttribute("defaultPrincipal");
+ } else {
+ ObjectName realmObjectName = NameFactory.getSecurityRealmName(autoMapRealmName);
+
+ try {
+ principal = (Principal) kernel.getAttribute(realmObjectName, "defaultPrincipal");
+ } catch (GBeanNotFoundException e) {
+ throw new DeploymentException("No realm with supplied name: " + autoMapRealmName, e);
+ } catch (NoSuchAttributeException e) {
+ throw new DeploymentException("Realm " + autoMapRealmName + " is not able to supply default principal", e);
+ } catch (Exception e) {
+ throw new DeploymentException("Could not retrieve attribute autoMapPrincipalClasses from realm with supplied name: " + autoMapRealmName, e);
}
}
+ defaultPrincipal = new DefaultPrincipal();
+ defaultPrincipal.setPrincipal(principal);
+ defaultPrincipal.setRealmName(autoMapRealmName);
- GerAutoMapRolesType autoMapRolesType = securityType.getAutoMapRoles();
- if (autoMapRolesType != null) {
- AutoMapAssistant assistant = new AutoMapAssistant();
-
- assistant.setSecurityRealm(autoMapRolesType.getSecurityRealm());
-
- GerClassOverrideType[] classOverrideArray = autoMapRolesType.getClassOverrideArray();
- for (int i = 0; i < classOverrideArray.length; i++) {
- assistant.getClassOverrides().add(classOverrideArray[i].getClass1());
- }
+ }
+ security.setDefaultPrincipal(defaultPrincipal);
- security.setAssistant(assistant);
+ for (Iterator realmNames = allRealms.iterator(); realmNames.hasNext();) {
+ String realmName = (String) realmNames.next();
+
+ Map autoMapPrincipalClassesMap;
+ GBeanData realmData = (GBeanData) localSecurityRealms.get(realmName);
+ if (realmData != null) {
+ autoMapPrincipalClassesMap = (Map) realmData.getAttribute("autoMapPrincipalClasses");
+ } else {
+ ObjectName realmObjectName = NameFactory.getSecurityRealmName(realmName);
+ try {
+ autoMapPrincipalClassesMap = (Map) kernel.getAttribute(realmObjectName, "autoMapPrincipalClasses");
+
+ } catch (GBeanNotFoundException e) {
+ throw new DeploymentException("No realm with supplied name: " + realmName, e);
+ } catch (NoSuchAttributeException e) {
+ //its not an automapper
+ break;
+ } catch (Exception e) {
+ throw new DeploymentException("Could not retrieve attribute autoMapPrincipalClasses from realm with supplied name: " + realmName, e);
+ }
}
+ for (Iterator iterator = loginDomainNames.iterator(); iterator.hasNext();) {
+ String loginDomainName = (String) iterator.next();
+ Set autoMapPrincipalClasses;
+ if (realmName.equals(autoMapRealmName)) {
+ autoMapPrincipalClasses = autoMapClassOverrides;
+ }
+ autoMapPrincipalClasses = (Set) autoMapPrincipalClassesMap.get(loginDomainName);
- security.getRoleNames().addAll(roleNames);
+ security.autoGenerate(loginDomainName, realmName, autoMapPrincipalClasses);
+ }
}
-
return security;
}
Deleted: /geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityService.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityService.java?view=auto&rev=123060
==============================================================================
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java?view=diff&rev=123061&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java&r1=123060&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java&r2=123061
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java Wed Dec 22 00:19:52 2004
@@ -45,19 +45,17 @@
*
* @version $Rev$ $Date$
*/
-public class SecurityServiceImpl implements SecurityService {
+public class SecurityServiceImpl {
- private final Log log = LogFactory.getLog(SecurityService.class);
+ private final Log log = LogFactory.getLog(SecurityServiceImpl.class);
- private final ConcurrentHashMap mappersMap = new ConcurrentHashMap();
/**
* Permissions that protect access to sensitive security information
*/
public static final GeronimoSecurityPermission CONFIGURE = new GeronimoSecurityPermission("configure");
- public SecurityServiceImpl(String policyConfigurationFactory,
- Collection mappers) throws PolicyContextException, ClassNotFoundException {
+ public SecurityServiceImpl(String policyConfigurationFactory) throws PolicyContextException, ClassNotFoundException {
/**
* @see "JSR 115 4.6.1" Container Subject Policy Context Handler
*/
@@ -71,43 +69,9 @@
PolicyConfigurationFactory factory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
GeronimoPolicyConfigurationFactory geronimoPolicyConfigurationFactory = (GeronimoPolicyConfigurationFactory) factory;
Policy.setPolicy(new GeronimoPolicy(geronimoPolicyConfigurationFactory));
- if (mappers != null) {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null) {
- sm.checkPermission(CONFIGURE);
- }
- ((ReferenceCollection) mappers).addReferenceCollectionListener(new ReferenceCollectionListener() {
-
- public void memberAdded(ReferenceCollectionEvent event) {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null) {
- sm.checkPermission(CONFIGURE);
- }
- AutoMapAssistant assistant = (AutoMapAssistant) event.getMember();
- mappersMap.put(assistant.getRealmName(), assistant);
- }
-
- public void memberRemoved(ReferenceCollectionEvent event) {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null) {
- sm.checkPermission(CONFIGURE);
- }
- AutoMapAssistant assistant = (AutoMapAssistant) event.getMember();
- mappersMap.remove(assistant.getRealmName());
- }
- });
- for (Iterator iterator = mappers.iterator(); iterator.hasNext();) {
- AutoMapAssistant assistant = (AutoMapAssistant) iterator.next();
- mappersMap.put(assistant.getRealmName(), assistant);
- }
- }
log.info("Security service started");
}
- public AutoMapAssistant getMapper(String name) {
- return (AutoMapAssistant) mappersMap.get(name);
- }
-
public static final GBeanInfo GBEAN_INFO;
@@ -116,10 +80,8 @@
infoFactory.addAttribute("policyConfigurationFactory", String.class, true);
- infoFactory.addReference("Mappers", AutoMapAssistant.class);
- infoFactory.addOperation("getMapper", new Class[]{String.class});
- infoFactory.setConstructor(new String[]{"policyConfigurationFactory", "Mappers"});
+ infoFactory.setConstructor(new String[]{"policyConfigurationFactory"});
GBEAN_INFO = infoFactory.getBeanInfo();
}
Deleted: /geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/AutoMapAssistant.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/AutoMapAssistant.java?view=auto&rev=123060
==============================================================================
Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/MapOfSets.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/MapOfSets.java?view=auto&rev=123061
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/MapOfSets.java Wed Dec 22 00:19:52 2004
@@ -0,0 +1,100 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.security.deploy;
+
+import java.beans.PropertyEditorManager;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
+import org.apache.geronimo.common.propertyeditor.PropertyEditorException;
+import org.apache.geronimo.common.propertyeditor.TextPropertyEditorSupport;
+
+/**
+ * @version $Rev: $ $Date: $
+ */
+public class MapOfSets extends HashMap {
+
+ public MapOfSets() {
+ super();
+ }
+
+ public MapOfSets(int size) {
+ super(size);
+ }
+
+ public MapOfSets(Map map) {
+ super(map);
+ }
+
+ static {
+ PropertyEditorManager.registerEditor(MapOfSets.class, MapOfSetsEditor.class);
+ }
+
+ public static class MapOfSetsEditor extends TextPropertyEditorSupport {
+
+ public void setAsText(String text) {
+ if (text != null) {
+ try {
+ ByteArrayInputStream is = new ByteArrayInputStream(text.getBytes());
+ Properties p = new Properties();
+ p.load(is);
+
+ Map result = new MapOfSets(p.size());
+ for (Iterator iterator = p.entrySet().iterator(); iterator.hasNext();) {
+ Map.Entry entry = (Map.Entry) iterator.next();
+ Set values = new HashSet(Arrays.asList(((String) entry.getValue()).split(",")));
+ result.put(entry.getKey(), values);
+ }
+ setValue(result);
+ } catch (IOException e) {
+ throw new PropertyEditorException(e);
+ }
+ } else {
+ setValue(null);
+ }
+ }
+
+ public String getAsText() {
+ Map map = (Map) getValue();
+ if (map == null) {
+ return null;
+ }
+ StringBuffer text = new StringBuffer();
+ for (Iterator iterator = map.entrySet().iterator(); iterator.hasNext();) {
+ Map.Entry entry = (Map.Entry) iterator.next();
+ text.append(entry.getKey()).append("=");
+ Set values = (Set) entry.getValue();
+ for (Iterator iterator1 = values.iterator(); iterator1.hasNext();) {
+ String value = (String) iterator1.next();
+ text.append(value);
+ if (iterator1.hasNext()) {
+ text.append(",");
+ }
+ }
+ }
+ return text.toString();
+ }
+
+ }
+}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Principal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Principal.java?view=diff&rev=123061&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Principal.java&r1=123060&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Principal.java&r2=123061
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Principal.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Principal.java Wed Dec 22 00:19:52 2004
@@ -17,12 +17,21 @@
package org.apache.geronimo.security.deploy;
import java.io.Serializable;
+import java.beans.PropertyEditorManager;
+
+import org.apache.geronimo.common.propertyeditor.TextPropertyEditorSupport;
+import org.apache.geronimo.common.propertyeditor.PropertyEditorException;
/**
* @version $Rev$ $Date$
*/
public class Principal implements Serializable {
+
+ static {
+ PropertyEditorManager.registerEditor(Principal.class, PrincipalEditor.class);
+ }
+
private String className;
private String principalName;
private boolean designatedRunAs;
@@ -49,5 +58,31 @@
public void setDesignatedRunAs(boolean designatedRunAs) {
this.designatedRunAs = designatedRunAs;
+ }
+
+ public static class PrincipalEditor extends TextPropertyEditorSupport {
+
+ public void setAsText(String text) {
+ if (text != null) {
+ String[] parts = text.split("=");
+ if (parts.length != 2) {
+ throw new PropertyEditorException("Principal should have the form 'name=class'");
+ }
+ Principal principal = new Principal();
+ principal.setPrincipalName(parts[0]);
+ principal.setClassName(parts[1]);
+ setValue(principal);
+ } else {
+ setValue(null);
+ }
+ }
+
+ public String getAsText() {
+ Principal principal = (Principal) getValue();
+ if (principal == null) {
+ return null;
+ }
+ return new StringBuffer(principal.getPrincipalName()).append("=").append(principal.getClassName()).toString();
+ }
}
}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java?view=diff&rev=123061&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java&r1=123060&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java&r2=123061
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java Wed Dec 22 00:19:52 2004
@@ -23,8 +23,6 @@
import java.util.Map;
import java.util.Set;
-import org.apache.geronimo.security.SecurityService;
-
/**
* @version $Rev$ $Date$
@@ -37,7 +35,6 @@
private DefaultPrincipal defaultPrincipal;
private Map roleMappings = new HashMap();
private Set roleNames = new HashSet();
- private AutoMapAssistant assistant;
public Security() {
}
@@ -82,14 +79,6 @@
return roleNames;
}
- public AutoMapAssistant getAssistant() {
- return assistant;
- }
-
- public void setAssistant(AutoMapAssistant assistant) {
- this.assistant = assistant;
- }
-
public void append(Role role) {
if (roleMappings.containsKey(role.getRoleName())) {
Role existing = (Role) roleMappings.get(role.getRoleName());
@@ -106,16 +95,8 @@
* <p/>
* NOTE: This method should be called during deployment.
*
- * @param securityService used to obtain the configured auto map assistant.
*/
- public void autoGenerate(SecurityService securityService) {
- if (securityService == null) return;
- if (assistant == null) return;
-
- String realmName = assistant.getSecurityRealm();
- org.apache.geronimo.security.realm.AutoMapAssistant autoMapAssistant = securityService.getMapper(realmName);
- if (autoMapAssistant == null) return;
-
+ public void autoGenerate(String loginDomainName, String realmName, Set principalClasseSet) {
/**
* Append roles
*/
@@ -127,10 +108,9 @@
Realm realm = new Realm();
- realm.setRealmName(assistant.getSecurityRealm());
+ realm.setRealmName(realmName);
- //todo: the usage of the realm name in the next call instead of the login domain name is an error!
- for (Iterator principalClasses = autoMapAssistant.obtainRolePrincipalClasses(realmName).iterator(); principalClasses.hasNext();) {
+ for (Iterator principalClasses = principalClasseSet.iterator(); principalClasses.hasNext();) {
Principal principal = new Principal();
//todo: Principal class needs to handle login domain as well
principal.setClassName((String) principalClasses.next());
@@ -144,14 +124,5 @@
append(role);
}
- /**
- * Add default principal
- */
- if (defaultPrincipal != null) return;
-
- defaultPrincipal = new DefaultPrincipal();
-
- defaultPrincipal.setPrincipal(autoMapAssistant.obtainDefaultPrincipal());
- defaultPrincipal.setRealmName(realmName);
}
}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java?view=diff&rev=123061&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java&r1=123060&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java&r2=123061
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java Wed Dec 22 00:19:52 2004
@@ -16,8 +16,7 @@
*/
package org.apache.geronimo.security.realm;
-import java.util.Set;
-
+import org.apache.geronimo.security.deploy.MapOfSets;
import org.apache.geronimo.security.deploy.Principal;
@@ -44,13 +43,13 @@
*
* @return the default principal
*/
- public Principal obtainDefaultPrincipal();
+ public Principal getDefaultPrincipal();
/**
* Provides a set of principal class names to be used when automatically
* mapping principals to roles.
*
- * @return a set of principal class names
+ * @return a map of logindomain name to set of principal class names
*/
- public Set obtainRolePrincipalClasses(String loginDomain);
+ public MapOfSets getAutoMapPrincipalClasses();
}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java?view=diff&rev=123061&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java&r1=123060&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java&r2=123061
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java Wed Dec 22 00:19:52 2004
@@ -17,11 +17,10 @@
package org.apache.geronimo.security.realm;
import java.util.ArrayList;
-import java.util.Collections;
+import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
-import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
@@ -35,6 +34,7 @@
import org.apache.geronimo.gbean.GBeanInfoBuilder;
import org.apache.geronimo.kernel.Kernel;
import org.apache.geronimo.kernel.proxy.ProxyManager;
+import org.apache.geronimo.security.deploy.MapOfSets;
import org.apache.geronimo.security.deploy.Principal;
import org.apache.geronimo.security.jaas.ConfigurationEntryFactory;
import org.apache.geronimo.security.jaas.JaasLoginCoordinator;
@@ -82,25 +82,42 @@
public final static String KERNEL_LM_OPTION = "org.apache.geronimo.security.realm.GenericSecurityRealm.KERNEL";
public final static String SERVERINFO_LM_OPTION = "org.apache.geronimo.security.realm.GenericSecurityRealm.SERVERINFO";
public final static String CLASSLOADER_LM_OPTION = "org.apache.geronimo.security.realm.GenericSecurityRealm.CLASSLOADER";
- private String realmName;
+ private final String realmName;
private JaasLoginModuleConfiguration[] config;
- private Kernel kernel;
- private ServerInfo serverInfo;
- private ClassLoader classLoader;
- private Map autoMapPrincipals = new HashMap();
- private Principal defaultPrincipal;
- private Properties deploymentSupport;
+ private final Kernel kernel;
+ private final ServerInfo serverInfo;
+ private final ClassLoader classLoader;
+
+ private final MapOfSets autoMapPrincipalClasses;
+ private final Principal defaultPrincipal;
+
private Map deployment;
private String[] domains;
private boolean restrictPrincipalsToServer;
- public GenericSecurityRealm(String realmName, Kernel kernel, ServerInfo serverInfo, Properties loginModuleConfiguration, ClassLoader classLoader) throws MalformedObjectNameException {
+ public GenericSecurityRealm(String realmName,
+ Properties loginModuleConfiguration,
+ boolean restrictPrincipalsToServer,
+ Principal defaultPrincipal,
+ MapOfSets autoMapPrincipalClasses,
+ Properties deploymentSupport,
+ ServerInfo serverInfo,
+ ClassLoader classLoader,
+ Kernel kernel) throws MalformedObjectNameException {
this.realmName = realmName;
this.kernel = kernel;
this.serverInfo = serverInfo;
this.classLoader = classLoader;
+ this.restrictPrincipalsToServer = restrictPrincipalsToServer;
+ this.defaultPrincipal = defaultPrincipal;
+ if (autoMapPrincipalClasses != null) {
+ this.autoMapPrincipalClasses = autoMapPrincipalClasses;
+ } else {
+ this.autoMapPrincipalClasses = new MapOfSets();
+ }
+
processConfiguration(loginModuleConfiguration);
- initializeDeployment();
+ initializeDeployment(deploymentSupport);
}
public String getRealmName() {
@@ -130,13 +147,6 @@
return domains;
}
- public Properties getDeploymentSupport() {
- return deploymentSupport;
- }
-
- public void setDeploymentSupport(Properties deploymentSupport) {
- this.deploymentSupport = deploymentSupport;
- }
/**
* Provides the default principal to be used when an unauthenticated
@@ -144,49 +154,12 @@
*
* @return the default principal
*/
- public Principal obtainDefaultPrincipal() {
+ public Principal getDefaultPrincipal() {
return defaultPrincipal;
}
- /**
- * Provides a set of principal class names to be used when automatically
- * mapping principals to roles.
- *
- * @return a set of principal class names
- */
- public Set obtainRolePrincipalClasses(String loginDomain) {
- String[] list = (String[]) autoMapPrincipals.get(loginDomain);
- if(list == null) {
- return Collections.EMPTY_SET;
- }
- Set set = new HashSet();
- for (int i = 0; i < list.length; i++) {
- set.add(list[i]);
- }
- return set;
- }
-
- public void setDefaultPrincipal(String code) {
- if (code != null) {
- String[] parts = code.split("=");
- if (parts.length != 2) {
- throw new IllegalArgumentException("Default Principal should have the form 'name=class'");
- }
- defaultPrincipal = new Principal();
- defaultPrincipal.setPrincipalName(parts[0]);
- defaultPrincipal.setClassName(parts[1]);
- }
- }
-
- /**
- * Should be of the form loginDomain=class,class,class...
- */
- public void setAutoMapPrincipalClasses(Properties props) {
- for (Iterator it = props.keySet().iterator(); it.hasNext();) {
- String key = (String) it.next();
- String value = props.getProperty(key);
- autoMapPrincipals.put(key, value.split(","));
- }
+ public MapOfSets getAutoMapPrincipalClasses() {
+ return autoMapPrincipalClasses;
}
/**
@@ -199,10 +172,6 @@
return restrictPrincipalsToServer;
}
- public void setRestrictPrincipalsToServer(boolean restrictPrincipalsToServer) {
- this.restrictPrincipalsToServer = restrictPrincipalsToServer;
- }
-
public String getConfigurationName() {
return realmName;
}
@@ -273,7 +242,7 @@
config = (JaasLoginModuleConfiguration[]) list.toArray(new JaasLoginModuleConfiguration[list.size()]);
}
- private void initializeDeployment() {
+ private void initializeDeployment(Properties deploymentSupport) {
deployment = new HashMap();
for (int i = 0; i < config.length; i++) {
if(config[i].getLoginDomainName() == null) {
@@ -296,7 +265,7 @@
deployment.put(config[i].getLoginDomainName(), support);
String[] auto = support.getAutoMapPrincipalClassNames();
if(auto != null) {
- autoMapPrincipals.put(config[i].getLoginDomainName(), auto);
+ autoMapPrincipalClasses.put(config[i].getLoginDomainName(), new HashSet(Arrays.asList(auto)));
}
}
}
@@ -314,19 +283,25 @@
infoFactory.addAttribute("kernel", Kernel.class, false);
infoFactory.addAttribute("loginModuleConfiguration", Properties.class, true);
infoFactory.addAttribute("classLoader", ClassLoader.class, false);
- infoFactory.addAttribute("autoMapPrincipalClasses", String.class, true);
- infoFactory.addAttribute("defaultPrincipal", String.class, true);
+ infoFactory.addAttribute("autoMapPrincipalClasses", MapOfSets.class, true);
+ infoFactory.addAttribute("defaultPrincipal", Principal.class, true);
infoFactory.addAttribute("deploymentSupport", Properties.class, true);
infoFactory.addAttribute("restrictPrincipalsToServer", boolean.class, true);
infoFactory.addReference("ServerInfo", ServerInfo.class);
infoFactory.addOperation("getAppConfigurationEntries", new Class[0]);
- infoFactory.addOperation("obtainDefaultPrincipal", new Class[0]);
- infoFactory.addOperation("obtainRolePrincipalClasses", new Class[]{String.class});
infoFactory.addOperation("getDeploymentSupport", new Class[]{String.class});
- infoFactory.setConstructor(new String[]{"realmName", "kernel", "ServerInfo", "loginModuleConfiguration", "classLoader"});
+ infoFactory.setConstructor(new String[]{"realmName",
+ "loginModuleConfiguration",
+ "restrictPrincipalsToServer",
+ "defaultPrincipal",
+ "autoMapPrincipalClasses",
+ "deploymentSupport",
+ "ServerInfo",
+ "classLoader",
+ "kernel"});
GBEAN_INFO = infoFactory.getBeanInfo();
}
Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/AbstractUserPasswordBridgeTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/AbstractUserPasswordBridgeTest.java?view=diff&rev=123061&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/AbstractUserPasswordBridgeTest.java&r1=123060&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/AbstractUserPasswordBridgeTest.java&r2=123061
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/AbstractUserPasswordBridgeTest.java (original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/AbstractUserPasswordBridgeTest.java Wed Dec 22 00:19:52 2004
@@ -20,7 +20,6 @@
import javax.security.auth.Subject;
import org.apache.geronimo.security.AbstractTest;
-import org.apache.geronimo.security.SecurityService;
import org.apache.geronimo.security.realm.providers.GeronimoPasswordCredential;
@@ -28,7 +27,6 @@
* @version $Rev$ $Date$
*/
public abstract class AbstractUserPasswordBridgeTest extends AbstractTest {
- private SecurityService securityService;
protected final static String USER = "testuser";
protected final static String PASSWORD = "testpassword";
Modified: geronimo/trunk/modules/service-builder/src/java/org/apache/geronimo/deployment/service/GBeanHelper.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/service-builder/src/java/org/apache/geronimo/deployment/service/GBeanHelper.java?view=diff&rev=123061&p1=geronimo/trunk/modules/service-builder/src/java/org/apache/geronimo/deployment/service/GBeanHelper.java&r1=123060&p2=geronimo/trunk/modules/service-builder/src/java/org/apache/geronimo/deployment/service/GBeanHelper.java&r2=123061
==============================================================================
--- geronimo/trunk/modules/service-builder/src/java/org/apache/geronimo/deployment/service/GBeanHelper.java (original)
+++ geronimo/trunk/modules/service-builder/src/java/org/apache/geronimo/deployment/service/GBeanHelper.java Wed Dec 22 00:19:52 2004
@@ -19,6 +19,7 @@
import org.apache.geronimo.common.DeploymentException;
import org.apache.geronimo.deployment.DeploymentContext;
+import org.apache.geronimo.gbean.GBeanData;
/**
*
@@ -28,6 +29,12 @@
* */
public class GBeanHelper {
public static void addGbean(GBeanAdapter gbean, ClassLoader cl, DeploymentContext context) throws DeploymentException {
+ GBeanData gBeanData = getGBeanData(gbean, cl);
+
+ context.addGBean(gBeanData);
+ }
+
+ public static GBeanData getGBeanData(GBeanAdapter gbean, ClassLoader cl) throws DeploymentException {
GBeanBuilder builder = new GBeanBuilder(gbean.getName(), cl, gbean.getClass1());
// set up attributes
@@ -45,6 +52,7 @@
builder.setReference(gbean.getReferencesName(j), gbean.getReferencesPatternArray(j));
}
- context.addGBean(builder.getGBeanData());
+ GBeanData gBeanData = builder.getGBeanData();
+ return gBeanData;
}
}
Modified: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java?view=diff&rev=123061&p1=geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java&r1=123060&p2=geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java&r2=123061
==============================================================================
--- geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java (original)
+++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java Wed Dec 22 00:19:52 2004
@@ -36,6 +36,8 @@
import org.apache.geronimo.kernel.Kernel;
import org.apache.geronimo.kernel.management.State;
import org.apache.geronimo.security.SecurityServiceImpl;
+import org.apache.geronimo.security.deploy.MapOfSets;
+import org.apache.geronimo.security.deploy.Principal;
import org.apache.geronimo.security.jaas.JaasLoginService;
import org.apache.geronimo.security.jaas.LoginModuleGBean;
import org.apache.geronimo.security.realm.GenericSecurityRealm;
@@ -48,6 +50,9 @@
* @version $Rev: 111239 $ $Date: 2004-12-08 02:29:11 -0700 (Wed, 08 Dec 2004) $
*/
public class AbstractWebModuleTest extends TestCase {
+
+ protected static final String securityRealmName = "demo-properties-realm";
+
protected Kernel kernel;
private GBeanData container;
@@ -154,7 +159,6 @@
protected void setUpSecurity() throws Exception {
securityServiceName = new ObjectName("geronimo.security:type=SecurityService");
securityServiceGBean = new GBeanData(securityServiceName, SecurityServiceImpl.GBEAN_INFO);
- securityServiceGBean.setReferencePatterns("Mappers", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*")));
securityServiceGBean.setAttribute("policyConfigurationFactory", "org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory");
loginServiceName = new ObjectName("geronimo.security:type=JaasLoginService");
@@ -173,18 +177,21 @@
options.setProperty("usersURI", "src/test-resources/data/users.properties");
options.setProperty("groupsURI", "src/test-resources/data/groups.properties");
propertiesLMGBean.setAttribute("options", options);
- propertiesLMGBean.setAttribute("loginDomainName", "demo-properties-realm");
+ propertiesLMGBean.setAttribute("loginDomainName", securityRealmName);
propertiesRealmName = new ObjectName("geronimo.security:type=SecurityRealm,realm=demo-properties-realm");
propertiesRealmGBean = new GBeanData(propertiesRealmName, GenericSecurityRealm.GBEAN_INFO);
propertiesRealmGBean.setReferencePatterns("ServerInfo", Collections.singleton(serverInfoName));
- propertiesRealmGBean.setAttribute("realmName", "demo-properties-realm");
+ propertiesRealmGBean.setAttribute("realmName", securityRealmName);
Properties config = new Properties();
config.setProperty("LoginModule.1.REQUIRED", propertiesLMName.getCanonicalName());
propertiesRealmGBean.setAttribute("loginModuleConfiguration", config);
- // propertiesRealmGBean.setAttribute("autoMapPrincipalClasses",
- // "org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal");
- propertiesRealmGBean.setAttribute("defaultPrincipal", "metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
+ MapOfSets.MapOfSetsEditor mapEditor = new MapOfSets.MapOfSetsEditor();
+ mapEditor.setAsText(securityRealmName + "=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
+ propertiesRealmGBean.setAttribute("autoMapPrincipalClasses", mapEditor.getValue());
+ Principal.PrincipalEditor principalEditor = new Principal.PrincipalEditor();
+ principalEditor.setAsText("metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
+ propertiesRealmGBean.setAttribute("defaultPrincipal", principalEditor.getValue());
start(securityServiceGBean);
start(loginServiceGBean);