You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2010/09/23 07:53:15 UTC
svn commit: r1000329 [2/2] - in /geronimo/server/trunk/plugins:
j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/
j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/
j2ee/geronimo-w...
Modified: geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/WebAppContextWrapper.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/WebAppContextWrapper.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/WebAppContextWrapper.java (original)
+++ geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/WebAppContextWrapper.java Thu Sep 23 05:53:14 2010
@@ -18,7 +18,10 @@
package org.apache.geronimo.jetty8;
import java.net.URL;
-import java.util.*;
+import java.util.HashMap;
+import java.util.Hashtable;
+import java.util.Map;
+import java.util.Set;
import javax.management.MalformedObjectNameException;
import javax.management.ObjectName;
@@ -36,12 +39,12 @@ import org.apache.geronimo.gbean.annotat
import org.apache.geronimo.gbean.annotation.SpecialAttributeType;
import org.apache.geronimo.j2ee.RuntimeCustomizer;
import org.apache.geronimo.j2ee.annotation.Holder;
-import org.apache.geronimo.j2ee.annotation.LifecycleMethod;
import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
import org.apache.geronimo.j2ee.jndi.ContextSource;
import org.apache.geronimo.j2ee.management.impl.InvalidObjectNameException;
import org.apache.geronimo.jetty8.handler.GeronimoWebAppContext;
import org.apache.geronimo.jetty8.handler.IntegrationContext;
+import org.apache.geronimo.jetty8.security.JACCSecurityEventListener;
import org.apache.geronimo.jetty8.security.SecurityHandlerFactory;
import org.apache.geronimo.kernel.Kernel;
import org.apache.geronimo.kernel.ObjectNameUtil;
@@ -49,19 +52,19 @@ import org.apache.geronimo.management.J2
import org.apache.geronimo.management.J2EEServer;
import org.apache.geronimo.management.geronimo.WebContainer;
import org.apache.geronimo.management.geronimo.WebModule;
+import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
import org.apache.geronimo.security.jacc.RunAsSource;
import org.apache.geronimo.transaction.GeronimoUserTransaction;
+import org.apache.geronimo.web.WebAttributeName;
import org.apache.geronimo.web.info.WebAppInfo;
import org.eclipse.jetty.http.MimeTypes;
import org.eclipse.jetty.security.SecurityHandler;
import org.eclipse.jetty.server.session.SessionHandler;
import org.eclipse.jetty.servlet.ErrorPageErrorHandler;
import org.eclipse.jetty.servlet.ServletHandler;
-import org.eclipse.jetty.servlet.ServletHolder;
-import org.eclipse.jetty.servlet.ServletMapping;
+import org.osgi.framework.Bundle;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.osgi.framework.Bundle;
/**
* Wrapper for a WebApplicationContext that sets up its J2EE environment.
@@ -120,6 +123,7 @@ public class WebAppContextWrapper implem
@ParamAttribute(name = "policyContextID") String policyContextID,
@ParamReference(name = "SecurityHandlerFactory") SecurityHandlerFactory securityHandlerFactory,
@ParamReference(name = "RunAsSource") RunAsSource runAsSource,
+ @ParamReference(name = "applicationPolicyConfigurationManager") ApplicationPolicyConfigurationManager applicationPolicyConfigurationManager,
@ParamAttribute(name = "holder") Holder holder,
@ParamAttribute(name = "webAppInfo") WebAppInfo webAppInfo,
@@ -133,6 +137,8 @@ public class WebAppContextWrapper implem
@ParamReference(name = "J2EEApplication") J2EEApplication application,
@ParamReference(name = "ContextSource") ContextSource contextSource,
@ParamReference(name = "TransactionManager") TransactionManager transactionManager,
+
+ @ParamAttribute(name = "deploymentAttributes") Map<String, Object> deploymentAttributes,
@ParamSpecial(type = SpecialAttributeType.kernel) Kernel kernel) throws Exception {
assert contextSource != null;
@@ -240,6 +246,13 @@ public class WebAppContextWrapper implem
}
//supply web.xml to jasper
webAppContext.setAttribute(JASPER_WEB_XML_NAME, originalSpecDD);
+
+ if (securityHandlerFactory != null) {
+ float schemaVersion = (Float) deploymentAttributes.get(WebAttributeName.SCHEMA_VERSION.name());
+ boolean metaComplete = (Boolean) deploymentAttributes.get(WebAttributeName.META_COMPLETE.name());
+ webAppContext.addLifeCycleListener(new JACCSecurityEventListener(bundle, webAppInfo, schemaVersion >= 2.5f && !metaComplete, applicationPolicyConfigurationManager, policyContextID,
+ (GeronimoWebAppContext.SecurityContext) webAppContext.getServletContext()));
+ }
}
@@ -283,7 +296,7 @@ public class WebAppContextWrapper implem
public void fullyStarted() {
webAppContext.registerServletContext();
}
-
+
public void doStart() throws Exception {
// reset the classsloader... jetty likes to set it to null when stopping
webAppContext.setClassLoader(webClassLoader);
Modified: geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/EJBWebServiceContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/EJBWebServiceContext.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/EJBWebServiceContext.java (original)
+++ geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/EJBWebServiceContext.java Thu Sep 23 05:53:14 2010
@@ -16,26 +16,9 @@
*/
package org.apache.geronimo.jetty8.handler;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.geronimo.webservices.WebServiceContainer;
-import org.apache.geronimo.jetty8.security.SecurityHandlerFactory;
-import org.eclipse.jetty.server.Request;
-import org.eclipse.jetty.server.Response;
-import org.eclipse.jetty.http.HttpException;
-import org.eclipse.jetty.servlet.ServletHandler;
-import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.security.SecurityHandler;
+import org.eclipse.jetty.servlet.ServletContextHandler;
+import org.eclipse.jetty.servlet.ServletHandler;
/**
* Specialization of ContextHandler that just has a security and servlet handler.
Added: geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoApplicationServletRegistrationAdapter.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoApplicationServletRegistrationAdapter.java?rev=1000329&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoApplicationServletRegistrationAdapter.java (added)
+++ geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoApplicationServletRegistrationAdapter.java Thu Sep 23 05:53:14 2010
@@ -0,0 +1,122 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geronimo.jetty8.handler;
+
+import java.util.Collection;
+import java.util.Map;
+import java.util.Set;
+
+import javax.servlet.MultipartConfigElement;
+import javax.servlet.ServletRegistration;
+import javax.servlet.ServletSecurityElement;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class GeronimoApplicationServletRegistrationAdapter implements ServletRegistration.Dynamic {
+
+ private ServletRegistration.Dynamic applicationServletRegistration;
+
+ private GeronimoWebAppContext webAppContext;
+
+ private GeronimoWebAppContext.SecurityContext applicationContext;
+
+ public GeronimoApplicationServletRegistrationAdapter(GeronimoWebAppContext webAppContext, ServletRegistration.Dynamic applicationServletRegistration) {
+ this.webAppContext = webAppContext;
+ this.applicationServletRegistration = applicationServletRegistration;
+ this.applicationContext = (GeronimoWebAppContext.SecurityContext) webAppContext.getServletContext();
+ }
+
+ @Override
+ public void setLoadOnStartup(int loadOnStartup) {
+ applicationServletRegistration.setLoadOnStartup(loadOnStartup);
+ }
+
+ @Override
+ public void setMultipartConfig(MultipartConfigElement multipartConfig) {
+ applicationServletRegistration.setMultipartConfig(multipartConfig);
+ }
+
+ @Override
+ public void setRunAsRole(String roleName) {
+ applicationServletRegistration.setRunAsRole(roleName);
+ applicationContext.getWebSecurityConstraintStore().declareRoles(roleName);
+ }
+
+ @Override
+ public Set<String> setServletSecurity(ServletSecurityElement constraint) {
+ if (constraint == null) {
+ throw new IllegalArgumentException("ServletSecurityElement configured by setServletSecurity should not be null");
+ }
+ if (webAppContext.isStarted())
+ throw new IllegalStateException();
+ if (!applicationContext.isEnabled())
+ throw new UnsupportedOperationException();
+ return applicationContext.getWebSecurityConstraintStore().setDynamicServletSecurity(getName(), constraint, getMappings());
+ }
+
+ @Override
+ public Set<String> addMapping(String... urlPatterns) {
+ return applicationServletRegistration.addMapping(urlPatterns);
+ }
+
+ @Override
+ public Collection<String> getMappings() {
+ return applicationServletRegistration.getMappings();
+ }
+
+ @Override
+ public String getRunAsRole() {
+ return applicationServletRegistration.getRunAsRole();
+ }
+
+ @Override
+ public void setAsyncSupported(boolean asyncSupported) {
+ applicationServletRegistration.setAsyncSupported(asyncSupported);
+ }
+
+ @Override
+ public String getClassName() {
+ return applicationServletRegistration.getClassName();
+ }
+
+ @Override
+ public String getInitParameter(String name) {
+ return applicationServletRegistration.getInitParameter(name);
+ }
+
+ @Override
+ public Map<String, String> getInitParameters() {
+ return applicationServletRegistration.getInitParameters();
+ }
+
+ @Override
+ public String getName() {
+ return applicationServletRegistration.getName();
+ }
+
+ @Override
+ public boolean setInitParameter(String name, String value) {
+ return applicationServletRegistration.setInitParameter(name, value);
+ }
+
+ @Override
+ public Set<String> setInitParameters(Map<String, String> initParameters) {
+ return applicationServletRegistration.setInitParameters(initParameters);
+ }
+}
Modified: geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoWebAppContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoWebAppContext.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoWebAppContext.java (original)
+++ geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoWebAppContext.java Thu Sep 23 05:53:14 2010
@@ -30,32 +30,33 @@ import java.util.HashSet;
import java.util.Set;
import javax.naming.NamingException;
-
import javax.servlet.Filter;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
+import javax.servlet.ServletRegistration.Dynamic;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.geronimo.connector.outbound.connectiontracking.ConnectorInstanceContext;
+import org.apache.geronimo.connector.outbound.connectiontracking.SharedConnectorInstanceContext;
+import org.apache.geronimo.osgi.web.WebApplicationConstants;
+import org.apache.geronimo.osgi.web.WebApplicationUtils;
import org.apache.geronimo.web.assembler.Assembler;
import org.apache.geronimo.web.info.WebAppInfo;
+import org.apache.geronimo.web.security.WebSecurityConstraintStore;
+import org.apache.xbean.osgi.bundle.util.BundleUtils;
+import org.eclipse.jetty.security.SecurityHandler;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.handler.ErrorHandler;
-import org.eclipse.jetty.security.SecurityHandler;
-import org.eclipse.jetty.servlet.ServletHandler;
import org.eclipse.jetty.server.session.SessionHandler;
-import org.eclipse.jetty.webapp.WebAppContext;
+import org.eclipse.jetty.servlet.ServletHandler;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.URIUtil;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.resource.URLResource;
+import org.eclipse.jetty.webapp.WebAppContext;
import org.osgi.framework.Bundle;
import org.osgi.framework.ServiceRegistration;
-import org.apache.geronimo.connector.outbound.connectiontracking.ConnectorInstanceContext;
-import org.apache.geronimo.connector.outbound.connectiontracking.SharedConnectorInstanceContext;
-import org.apache.xbean.osgi.bundle.util.BundleUtils;
-import org.apache.geronimo.osgi.web.WebApplicationConstants;
-import org.apache.geronimo.osgi.web.WebApplicationUtils;
/**
* @version $Rev$ $Date$
@@ -71,18 +72,18 @@ public class GeronimoWebAppContext exten
public GeronimoWebAppContext(SecurityHandler securityHandler, SessionHandler sessionHandler, ServletHandler servletHandler, ErrorHandler errorHandler, IntegrationContext integrationContext, ClassLoader classLoader, String modulePath, WebAppInfo webAppInfo) {
super(sessionHandler, securityHandler, servletHandler, errorHandler);
- _scontext = new Context();
+ _scontext = securityHandler == null ? new Context() : new SecurityContext();
this.integrationContext = integrationContext;
setClassLoader(classLoader);
this.classLoader = classLoader;
setAttribute(WebApplicationConstants.BUNDLE_CONTEXT_ATTRIBUTE, integrationContext.getBundle().getBundleContext());
- // now set the module context ValidatorFactory in a context property.
+ // now set the module context ValidatorFactory in a context property.
try {
javax.naming.Context ctx = integrationContext.getComponentContext();
Object validatorFactory = ctx.lookup("comp/ValidatorFactory");
setAttribute("javax.faces.validator.beanValidator.ValidatorFactory", validatorFactory);
} catch (NamingException e) {
- // ignore. We just don't set the property if it's not available.
+ // ignore. We just don't set the property if it's not available.
}
this.modulePath = modulePath;
this.webAppInfo = webAppInfo;
@@ -95,13 +96,13 @@ public class GeronimoWebAppContext exten
serviceRegistration = WebApplicationUtils.registerServletContext(bundle, getServletContext());
}
}
-
+
public void unregisterServletContext() {
if (serviceRegistration != null) {
serviceRegistration.unregister();
}
}
-
+
@Override
protected void doStart() throws Exception {
javax.naming.Context context = integrationContext.setContext();
@@ -113,6 +114,7 @@ public class GeronimoWebAppContext exten
try {
Assembler assembler = new Assembler();
assembler.assemble(getServletContext(), webAppInfo);
+ ((GeronimoWebAppContext.Context) _scontext).webXmlProcessed = true;
super.doStart();
fullyStarted = true;
} finally {
@@ -162,17 +164,17 @@ public class GeronimoWebAppContext exten
}
@Override
- protected boolean isProtectedTarget(String target) {
+ protected boolean isProtectedTarget(String target) {
while (target.startsWith("//")) {
target=URIUtil.compactPath(target);
}
-
- return StringUtil.startsWithIgnoreCase(target, "/web-inf") ||
+
+ return StringUtil.startsWithIgnoreCase(target, "/web-inf") ||
StringUtil.startsWithIgnoreCase(target, "/meta-inf") ||
StringUtil.startsWithIgnoreCase(target, "/osgi-inf") ||
StringUtil.startsWithIgnoreCase(target, "/osgi-opt");
}
-
+
@Override
public Resource newResource(String url) throws IOException {
if (url == null) {
@@ -180,7 +182,7 @@ public class GeronimoWebAppContext exten
}
return newResource(new URL(url));
}
-
+
@Override
public Resource newResource(URL url) throws IOException {
if (url == null) {
@@ -194,7 +196,7 @@ public class GeronimoWebAppContext exten
return super.newResource(url);
}
}
-
+
@Override
public Resource getResource(String uriInContext) throws MalformedURLException {
if (uriInContext == null || !uriInContext.startsWith("/")) {
@@ -244,9 +246,9 @@ public class GeronimoWebAppContext exten
protected BundleFileResource(URL url) {
super(url, null);
}
-
- /*
- * Always return true as we are pretty sure the resource does exist. This prevents
+
+ /*
+ * Always return true as we are pretty sure the resource does exist. This prevents
* NPE as described at https://bugs.eclipse.org/bugs/show_bug.cgi?id=193269
*/
@Override
@@ -257,6 +259,8 @@ public class GeronimoWebAppContext exten
public class Context extends WebAppContext.Context {
+ protected boolean webXmlProcessed = false;
+
@Override
public <T extends Filter> T createFilter(Class<T> c) throws ServletException {
try {
@@ -290,4 +294,80 @@ public class GeronimoWebAppContext exten
}
}
}
+
+ public class SecurityContext extends Context {
+
+ private WebSecurityConstraintStore webSecurityConstraintStore;
+
+ @Override
+ public Dynamic addServlet(String servletName, Class<? extends Servlet> servletClass) {
+ Dynamic dynamic = super.addServlet(servletName, servletClass);
+ if (!webXmlProcessed) {
+ return dynamic;
+ }
+ webSecurityConstraintStore.addContainerCreatedDynamicServletEntry(servletName, servletClass.getName());
+ return createGeronimoApplicationServletRegistrationAdapter(dynamic, servletName);
+ }
+
+ @Override
+ public Dynamic addServlet(String servletName, Servlet servlet) {
+ Dynamic dynamic = super.addServlet(servletName, servlet);
+ if (!webXmlProcessed) {
+ return dynamic;
+ }
+ if (webSecurityConstraintStore.isContainerCreatedDynamicServlet(servlet)) {
+ webSecurityConstraintStore.addContainerCreatedDynamicServletEntry(servletName, servlet.getClass().getName());
+ }
+ return createGeronimoApplicationServletRegistrationAdapter(dynamic, servletName);
+ }
+
+ @Override
+ public Dynamic addServlet(String servletName, String className) {
+ Dynamic dynamic = super.addServlet(servletName, className);
+ if (!webXmlProcessed) {
+ return dynamic;
+ }
+ webSecurityConstraintStore.addContainerCreatedDynamicServletEntry(servletName, className);
+ return createGeronimoApplicationServletRegistrationAdapter(dynamic, servletName);
+ }
+
+ @Override
+ public void declareRoles(String... roles) {
+ if (!isStarting())
+ throw new IllegalStateException();
+ if (!_enabled)
+ throw new UnsupportedOperationException();
+ webSecurityConstraintStore.declareRoles(roles);
+ }
+
+ protected Dynamic createGeronimoApplicationServletRegistrationAdapter(Dynamic applicationServletRegistration, String servletName) {
+ if (applicationServletRegistration == null) {
+ return null;
+ }
+ return new GeronimoApplicationServletRegistrationAdapter(GeronimoWebAppContext.this, applicationServletRegistration);
+ }
+
+ public WebSecurityConstraintStore getWebSecurityConstraintStore() {
+ return webSecurityConstraintStore;
+ }
+
+ public void setWebSecurityConstraintStore(WebSecurityConstraintStore webSecurityConstraintStore) {
+ this.webSecurityConstraintStore = webSecurityConstraintStore;
+ }
+
+ @Override
+ public <T extends Servlet> T createServlet(Class<T> c) throws ServletException {
+ try {
+ T servlet = (T) integrationContext.getHolder().newInstance(c.getName(), classLoader, integrationContext.getComponentContext());
+ if (isStarting()) {
+ webSecurityConstraintStore.addContainerCreatedDynamicServlet(servlet);
+ }
+ return servlet;
+ } catch (IllegalAccessException e) {
+ throw new ServletException("Could not create servlet " + c.getName(), e);
+ } catch (InstantiationException e) {
+ throw new ServletException("Could not create servlet " + c.getName(), e);
+ }
+ }
+ }
}
Added: geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/JACCSecurityEventListener.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/JACCSecurityEventListener.java?rev=1000329&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/JACCSecurityEventListener.java (added)
+++ geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/JACCSecurityEventListener.java Thu Sep 23 05:53:14 2010
@@ -0,0 +1,112 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geronimo.jetty8.security;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.login.LoginException;
+import javax.security.jacc.PolicyContextException;
+
+import org.apache.geronimo.common.DeploymentException;
+import org.apache.geronimo.jetty8.handler.GeronimoWebAppContext;
+import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
+import org.apache.geronimo.security.jacc.ComponentPermissions;
+import org.apache.geronimo.web.info.WebAppInfo;
+import org.apache.geronimo.web.security.SpecSecurityBuilder;
+import org.apache.geronimo.web.security.WebSecurityConstraintStore;
+import org.eclipse.jetty.util.component.LifeCycle;
+import org.osgi.framework.Bundle;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class JACCSecurityEventListener implements LifeCycle.Listener {
+
+ private static final Logger logger = LoggerFactory.getLogger(JACCSecurityEventListener.class);
+
+ private Bundle bundle;
+
+ private boolean annotationScanRequired;
+
+ private String contextId;
+
+ private ApplicationPolicyConfigurationManager applicationPolicyConfigurationManager;
+
+ private WebAppInfo webXmlAppInfo;
+
+ private GeronimoWebAppContext.SecurityContext applicationContext;
+
+ private WebSecurityConstraintStore webSecurityConstraintStore;
+
+ public JACCSecurityEventListener(Bundle bundle, WebAppInfo webXmlAppInfo, boolean annotationScanRequired, ApplicationPolicyConfigurationManager applicationPolicyConfigurationManager,
+ String contextId, GeronimoWebAppContext.SecurityContext applicationContext) {
+ this.bundle = bundle;
+ this.contextId = contextId;
+ this.annotationScanRequired = annotationScanRequired;
+ this.applicationPolicyConfigurationManager = applicationPolicyConfigurationManager;
+ this.webXmlAppInfo = webXmlAppInfo == null ? new WebAppInfo() : webXmlAppInfo;
+ this.applicationContext = applicationContext;
+ }
+
+ @Override
+ public void lifeCycleStarting(LifeCycle event) {
+ webSecurityConstraintStore = new WebSecurityConstraintStore(webXmlAppInfo, bundle, annotationScanRequired, applicationContext);
+ applicationContext.setWebSecurityConstraintStore(webSecurityConstraintStore);
+ }
+
+ @Override
+ public void lifeCycleStarted(LifeCycle event) {
+ //Calculate the final Security Permissions
+ SpecSecurityBuilder specSecurityBuilder = new SpecSecurityBuilder(webSecurityConstraintStore.exportMergedWebAppInfo());
+ Map<String, ComponentPermissions> contextIdPermissionsMap = new HashMap<String, ComponentPermissions>();
+ contextIdPermissionsMap.put(contextId, specSecurityBuilder.buildSpecSecurityConfig());
+ //Update ApplicationPolicyConfigurationManager
+ try {
+ applicationPolicyConfigurationManager.updateApplicationPolicyConfiguration(contextIdPermissionsMap);
+ } catch (LoginException e) {
+ logger.error("Fail to set application policy configurations", e);
+ throw new RuntimeException("Fail to set application policy configurations", e);
+ } catch (PolicyContextException e) {
+ logger.error("Fail to set application policy configurations", e);
+ throw new RuntimeException("Fail to set application policy configurations", e);
+ } catch (ClassNotFoundException e) {
+ logger.error("Fail to set application policy configurations", e);
+ throw new RuntimeException("Fail to set application policy configurations", e);
+ } finally {
+ //Clear SpecSecurityBuilder
+ specSecurityBuilder.clear();
+ applicationContext.setWebSecurityConstraintStore(null);
+ }
+ }
+
+ @Override
+ public void lifeCycleFailure(LifeCycle event, Throwable cause) {
+ }
+
+ @Override
+ public void lifeCycleStopping(LifeCycle event) {
+ }
+
+ @Override
+ public void lifeCycleStopped(LifeCycle event) {
+ }
+
+}
Modified: geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/test/java/org/apache/geronimo/jetty8/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/test/java/org/apache/geronimo/jetty8/AbstractWebModuleTest.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/test/java/org/apache/geronimo/jetty8/AbstractWebModuleTest.java (original)
+++ geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/test/java/org/apache/geronimo/jetty8/AbstractWebModuleTest.java Thu Sep 23 05:53:14 2010
@@ -18,10 +18,10 @@ package org.apache.geronimo.jetty8;
import java.io.File;
import java.net.URL;
+import java.security.AccessControlContext;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Principal;
-import java.security.AccessControlContext;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
@@ -29,11 +29,13 @@ import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebUserDataPermission;
-import javax.transaction.TransactionManager;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
+import javax.transaction.TransactionManager;
import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
import org.apache.geronimo.connector.outbound.connectiontracking.GeronimoTransactionListener;
@@ -41,14 +43,14 @@ import org.apache.geronimo.j2ee.annotati
import org.apache.geronimo.j2ee.jndi.ContextSource;
import org.apache.geronimo.j2ee.jndi.WebContextSource;
import org.apache.geronimo.jetty8.connector.HTTPSocketConnector;
+import org.apache.geronimo.jetty8.handler.GeronimoUserIdentity;
import org.apache.geronimo.jetty8.security.SecurityHandlerFactory;
import org.apache.geronimo.jetty8.security.ServerAuthenticationGBean;
-import org.apache.geronimo.jetty8.handler.GeronimoUserIdentity;
import org.apache.geronimo.kernel.config.ConfigurationData;
import org.apache.geronimo.kernel.osgi.MockBundleContext;
import org.apache.geronimo.kernel.repository.Artifact;
-import org.apache.geronimo.security.SecurityServiceImpl;
import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.SecurityServiceImpl;
import org.apache.geronimo.security.deploy.SubjectInfo;
import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
import org.apache.geronimo.security.jacc.ComponentPermissions;
@@ -63,16 +65,17 @@ import org.apache.geronimo.system.server
import org.apache.geronimo.system.serverinfo.ServerInfo;
import org.apache.geronimo.testsupport.TestSupport;
import org.apache.geronimo.transaction.manager.TransactionManagerImpl;
+import org.apache.geronimo.web.WebAttributeName;
import org.apache.geronimo.web.info.ServletInfo;
import org.apache.geronimo.web.info.WebAppInfo;
-import org.eclipse.jetty.server.UserIdentity;
-import org.eclipse.jetty.server.Authentication;
-import org.eclipse.jetty.security.LoginService;
-import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.IdentityService;
+import org.eclipse.jetty.security.LoginService;
+import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.UserAuthentication;
import org.eclipse.jetty.security.authentication.FormAuthenticator;
+import org.eclipse.jetty.server.Authentication;
+import org.eclipse.jetty.server.UserIdentity;
import org.osgi.framework.Bundle;
@@ -108,12 +111,14 @@ public class AbstractWebModuleTest exten
protected WebAppContextWrapper setUpAppContext(String securityRealmName, SecurityHandlerFactory securityHandlerFactory, String policyContextId, RunAsSource runAsSource, String uriString, WebAppInfo webAppInfo) throws Exception {
+ ApplicationPolicyConfigurationManager applicationPolicyConfigurationManager = null;
+
if (securityHandlerFactory == null) {
Permissions unchecked = new Permissions();
unchecked.add(new WebUserDataPermission("/", null));
unchecked.add(new WebResourcePermission("/", ""));
ComponentPermissions componentPermissions = new ComponentPermissions(new Permissions(), unchecked, Collections.<String, PermissionCollection>emptyMap());
- setUpJACC(Collections.<String, SubjectInfo>emptyMap(), Collections.<Principal, Set<String>>emptyMap(), componentPermissions, policyContextId);
+ applicationPolicyConfigurationManager = setUpJACC(Collections.<String, SubjectInfo>emptyMap(), Collections.<Principal, Set<String>>emptyMap(), componentPermissions, policyContextId);
LoginService loginService = newLoginService();
// final ServletCallbackHandler callbackHandler = new ServletCallbackHandler(loginService);
final Subject subject = new Subject();
@@ -137,6 +142,9 @@ public class AbstractWebModuleTest exten
}, loginService);
}
String contextPath = "/test";
+ Map<String, Object> deploymentAttributes = new HashMap<String, Object>();
+ deploymentAttributes.put(WebAttributeName.META_COMPLETE.name(), Boolean.TRUE);
+ deploymentAttributes.put(WebAttributeName.SCHEMA_VERSION.name(), 3.0f);
ContextSource contextSource = new WebContextSource(Collections.<String, Object>emptyMap(),
Collections.<String, Object>emptyMap(),
transactionManager,
@@ -167,6 +175,7 @@ public class AbstractWebModuleTest exten
policyContextId,
securityHandlerFactory,
runAsSource,
+ applicationPolicyConfigurationManager == null ? (ApplicationPolicyConfigurationManager) runAsSource : applicationPolicyConfigurationManager,
new Holder(),
webAppInfo,
null,
@@ -176,7 +185,9 @@ public class AbstractWebModuleTest exten
null,
null,
contextSource,
- transactionManager, null);
+ transactionManager,
+ deploymentAttributes,
+ null);
app.doStart();
return app;
}
@@ -205,7 +216,13 @@ public class AbstractWebModuleTest exten
PrincipalRoleMapper roleMapper = new ApplicationPrincipalRoleConfigurationManager(principalRoleMap, null, roleDesignates, null);
Map<String, ComponentPermissions> contextIDToPermissionsMap = new HashMap<String, ComponentPermissions>();
contextIDToPermissionsMap.put(policyContextId, componentPermissions);
- ApplicationPolicyConfigurationManager jacc = new ApplicationPolicyConfigurationManager(contextIDToPermissionsMap, roleMapper, cl);
+ ApplicationPolicyConfigurationManager jacc = new ApplicationPolicyConfigurationManager(contextIDToPermissionsMap, roleMapper, cl) {
+
+ @Override
+ public void updateApplicationPolicyConfiguration(Map<String, ComponentPermissions> arg0) throws PolicyContextException, ClassNotFoundException, LoginException {
+ //JACCSecurity Test build the ComponnentPermissions manually, use an empty update method to prevent JACCSecurityListener to update the permissions
+ }
+ };
jacc.doStart();
return jacc;
}
Modified: geronimo/server/trunk/plugins/jetty8/jetty8-deployer/src/main/history/dependencies.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty8/jetty8-deployer/src/main/history/dependencies.xml?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty8/jetty8-deployer/src/main/history/dependencies.xml (original)
+++ geronimo/server/trunk/plugins/jetty8/jetty8-deployer/src/main/history/dependencies.xml Thu Sep 23 05:53:14 2010
@@ -26,4 +26,29 @@
<artifactId>geronimo-jetty8-builder</artifactId>
<type>jar</type>
</dependency>
+ <dependency>
+ <groupId>org.apache.geronimo.modules</groupId>
+ <artifactId>geronimo-web</artifactId>
+ <type>jar</type>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.geronimo.specs</groupId>
+ <artifactId>geronimo-jacc_1.4_spec</artifactId>
+ <type>jar</type>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.geronimo.specs</groupId>
+ <artifactId>geronimo-jaspic_1.0_spec</artifactId>
+ <type>jar</type>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.geronimo.specs</groupId>
+ <artifactId>geronimo-osgi-locator</artifactId>
+ <type>jar</type>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.xbean</groupId>
+ <artifactId>xbean-bundleutils</artifactId>
+ <type>jar</type>
+ </dependency>
</plugin-artifact>
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java Thu Sep 23 05:53:14 2010
@@ -16,12 +16,7 @@
*/
package org.apache.geronimo.tomcat;
-import java.io.DataInputStream;
-import java.io.DataOutputStream;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
import java.beans.PropertyChangeListener;
-import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
@@ -45,6 +40,7 @@ import javax.servlet.Servlet;
import javax.servlet.ServletContainerInitializer;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
+
import org.apache.catalina.Container;
import org.apache.catalina.ContainerListener;
import org.apache.catalina.Engine;
@@ -58,6 +54,7 @@ import org.apache.catalina.Valve;
import org.apache.catalina.Wrapper;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
+import org.apache.catalina.core.ApplicationContext;
import org.apache.catalina.core.StandardContext;
import org.apache.catalina.core.StandardWrapper;
import org.apache.catalina.ha.CatalinaCluster;
@@ -86,8 +83,6 @@ import org.apache.geronimo.webservices.P
import org.apache.geronimo.webservices.WebServiceContainer;
import org.apache.geronimo.webservices.WebServiceContainerInvoker;
import org.apache.naming.resources.FileDirContext;
-import org.apache.openejb.jee.JaxbJavaee;
-import org.apache.openejb.jee.WebApp;
import org.apache.tomcat.InstanceManager;
import org.osgi.framework.Bundle;
import org.osgi.framework.ServiceRegistration;
@@ -161,7 +156,6 @@ public class GeronimoStandardContext ext
}
if (tomcatWebAppContext.getSecurityHolder() != null) {
configurationFactory = tomcatWebAppContext.getSecurityHolder().getConfigurationFactory();
-
//Add JACCSecurityLifecycleListener, it will calculate the security configurations when web module is initialized
addJACCSecurityLifecycleListener(tomcatWebAppContext);
}
@@ -314,9 +308,7 @@ public class GeronimoStandardContext ext
float schemaVersion = (Float) tomcatWebAppContext.getDeploymentAttribute(WebAttributeName.SCHEMA_VERSION.name());
boolean metaComplete = (Boolean) tomcatWebAppContext.getDeploymentAttribute(WebAttributeName.META_COMPLETE.name());
try {
- WebApp webApp = tomcatWebAppContext.getDeploymentDescriptor() == null ? null : (WebApp) JaxbJavaee.unmarshalJavaee(WebApp.class, new ByteArrayInputStream(tomcatWebAppContext
- .getDeploymentDescriptor().getBytes()));
- addLifecycleListener(new JACCSecurityLifecycleListener(bundle, webApp, schemaVersion >= 2.5f && !metaComplete, tomcatWebAppContext.getApplicationPolicyConfigurationManager(),
+ addLifecycleListener(new JACCSecurityLifecycleListener(bundle, tomcatWebAppContext.getWebAppInfo(), schemaVersion >= 2.5f && !metaComplete, tomcatWebAppContext.getApplicationPolicyConfigurationManager(),
tomcatWebAppContext.getSecurityHolder().getPolicyContextID()));
} catch (DeploymentException e) {
throw e;
@@ -580,11 +572,10 @@ public class GeronimoStandardContext ext
super.setLoader(loader);
}
-
@Override
public ServletContext getServletContext() {
if (context == null) {
- context = new GeronimoApplicationContext(this);
+ context = new GeronimoApplicationContext(this);
if (getAltDDName() != null)
context.setAttribute(Globals.ALT_DD_ATTR, getAltDDName());
}
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/core/GeronimoApplicationContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/core/GeronimoApplicationContext.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/core/GeronimoApplicationContext.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/core/GeronimoApplicationContext.java Thu Sep 23 05:53:14 2010
@@ -18,13 +18,14 @@
package org.apache.geronimo.tomcat.core;
import javax.servlet.Servlet;
+import javax.servlet.ServletException;
import javax.servlet.ServletRegistration.Dynamic;
import org.apache.catalina.LifecycleState;
import org.apache.catalina.Wrapper;
import org.apache.catalina.core.ApplicationContext;
import org.apache.geronimo.tomcat.GeronimoStandardContext;
-import org.apache.geronimo.web.security.SpecSecurityBuilder;
+import org.apache.geronimo.web.security.WebSecurityConstraintStore;
/**
* @version $Rev$ $Date$
@@ -33,8 +34,7 @@ public class GeronimoApplicationContext
private GeronimoStandardContext context;
- private SpecSecurityBuilder specSecurityBuilder;
-
+ private WebSecurityConstraintStore webSecurityConstraintStore;
/**
* @param context
*/
@@ -45,26 +45,55 @@ public class GeronimoApplicationContext
@Override
public Dynamic addServlet(String servletName, Class<? extends Servlet> servletClass) throws IllegalStateException {
- return createGeronimoApplicationServletRegistrationAdapter(super.addServlet(servletName, servletClass), servletName);
+ Dynamic dynamic = super.addServlet(servletName, servletClass);
+ if (!context.getConfigured() || webSecurityConstraintStore == null) {
+ return dynamic;
+ }
+ webSecurityConstraintStore.addContainerCreatedDynamicServletEntry(servletName, servletClass.getName());
+ return createGeronimoApplicationServletRegistrationAdapter(dynamic, servletName);
}
@Override
public Dynamic addServlet(String servletName, Servlet servlet) throws IllegalStateException {
- return createGeronimoApplicationServletRegistrationAdapter(super.addServlet(servletName, servlet), servletName);
+ Dynamic dynamic = super.addServlet(servletName, servlet);
+ if (!context.getConfigured() || webSecurityConstraintStore == null) {
+ return dynamic;
+ }
+ if (webSecurityConstraintStore.isContainerCreatedDynamicServlet(servlet)) {
+ webSecurityConstraintStore.addContainerCreatedDynamicServletEntry(servletName, servlet.getClass().getName());
+ }
+ return createGeronimoApplicationServletRegistrationAdapter(dynamic, servletName);
}
@Override
public Dynamic addServlet(String servletName, String servletClass) throws IllegalStateException {
- return createGeronimoApplicationServletRegistrationAdapter(super.addServlet(servletName, servletClass), servletName);
+ Dynamic dynamic = super.addServlet(servletName, servletClass);
+ if (!context.getConfigured() || webSecurityConstraintStore == null) {
+ return dynamic;
+ }
+ webSecurityConstraintStore.addContainerCreatedDynamicServletEntry(servletName, servletClass);
+ return createGeronimoApplicationServletRegistrationAdapter(dynamic, servletName);
+ }
+
+ @Override
+ public <T extends Servlet> T createServlet(Class<T> c) throws ServletException {
+ T servlet = super.createServlet(c);
+ if (!context.getConfigured() || webSecurityConstraintStore == null) {
+ webSecurityConstraintStore.addContainerCreatedDynamicServlet(servlet);
+ }
+ return servlet;
}
@Override
public void declareRoles(String... roles) {
+ if (!context.getConfigured() || webSecurityConstraintStore == null) {
+ super.declareRoles(roles);
+ return;
+ }
if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
throw new IllegalStateException("declareRoles is not allowed to invoke after the ServletContext is initialized");
}
- specSecurityBuilder.declareRoles(roles);
- //super.declareRoles(roles);
+ webSecurityConstraintStore.declareRoles(roles);
}
protected Dynamic createGeronimoApplicationServletRegistrationAdapter(Dynamic applicationServletRegistration, String servletName) {
@@ -74,11 +103,11 @@ public class GeronimoApplicationContext
return new GeronimoApplicationServletRegistrationAdapter(context, this, (Wrapper) context.findChild(servletName), applicationServletRegistration);
}
- public SpecSecurityBuilder getSpecSecurityBuilder() {
- return specSecurityBuilder;
+ public WebSecurityConstraintStore getWebSecurityConstraintStore() {
+ return webSecurityConstraintStore;
}
- public void setSpecSecurityBuilder(SpecSecurityBuilder specSecurityBuilder) {
- this.specSecurityBuilder = specSecurityBuilder;
+ public void setWebSecurityConstraintStore(WebSecurityConstraintStore webSecurityConstraintStore) {
+ this.webSecurityConstraintStore = webSecurityConstraintStore;
}
}
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/core/GeronimoApplicationServletRegistrationAdapter.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/core/GeronimoApplicationServletRegistrationAdapter.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/core/GeronimoApplicationServletRegistrationAdapter.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/core/GeronimoApplicationServletRegistrationAdapter.java Thu Sep 23 05:53:14 2010
@@ -28,7 +28,6 @@ import javax.servlet.ServletSecurityElem
import org.apache.catalina.LifecycleState;
import org.apache.catalina.Wrapper;
import org.apache.geronimo.tomcat.GeronimoStandardContext;
-import org.apache.geronimo.web.security.SpecSecurityBuilder;
/**
* @version $Rev$ $Date$
@@ -65,10 +64,7 @@ public class GeronimoApplicationServletR
public void setRunAsRole(String roleName) {
if (roleName != null) {
applicationServletRegistration.setRunAsRole(roleName);
- SpecSecurityBuilder specSecurityBuilder = applicationContext.getSpecSecurityBuilder();
- if (specSecurityBuilder != null) {
- specSecurityBuilder.declareRoles(roleName);
- }
+ applicationContext.getWebSecurityConstraintStore().declareRoles(roleName);
}
}
@@ -80,13 +76,7 @@ public class GeronimoApplicationServletR
if (standardContext.getState() != LifecycleState.STARTING_PREP) {
throw new IllegalStateException("setServletSecurity action is not allowed after the context " + standardContext.getPath() + " is initialized");
}
- SpecSecurityBuilder specSecurityBuilder = applicationContext.getSpecSecurityBuilder();
- if (specSecurityBuilder == null) {
- //Should Never Happen ?
- throw new IllegalStateException(
- "Web security builder is null, setServletSecurity action is not supported, you must make sure enable the security configuration while deploying the web application");
- }
- return specSecurityBuilder.setServletSecurity(constraint, getMappings());
+ return applicationContext.getWebSecurityConstraintStore().setDynamicServletSecurity(getName(), constraint, getMappings());
}
@Override
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/listener/JACCSecurityLifecycleListener.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/listener/JACCSecurityLifecycleListener.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/listener/JACCSecurityLifecycleListener.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/listener/JACCSecurityLifecycleListener.java Thu Sep 23 05:53:14 2010
@@ -22,6 +22,7 @@ import java.util.Map;
import javax.security.auth.login.LoginException;
import javax.security.jacc.PolicyContextException;
+
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleEvent;
import org.apache.catalina.LifecycleListener;
@@ -30,8 +31,9 @@ import org.apache.geronimo.security.jacc
import org.apache.geronimo.security.jacc.ComponentPermissions;
import org.apache.geronimo.tomcat.GeronimoStandardContext;
import org.apache.geronimo.tomcat.core.GeronimoApplicationContext;
+import org.apache.geronimo.web.info.WebAppInfo;
import org.apache.geronimo.web.security.SpecSecurityBuilder;
-import org.apache.openejb.jee.WebApp;
+import org.apache.geronimo.web.security.WebSecurityConstraintStore;
import org.osgi.framework.Bundle;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -52,15 +54,15 @@ public class JACCSecurityLifecycleListen
private ApplicationPolicyConfigurationManager applicationPolicyConfigurationManager;
- private WebApp deploymentDescriptor;
+ private WebAppInfo webXmlAppInfo;
- public JACCSecurityLifecycleListener(Bundle bundle, WebApp deploymentDescriptor, boolean annotationScanRequired, ApplicationPolicyConfigurationManager applicationPolicyConfigurationManager,
+ public JACCSecurityLifecycleListener(Bundle bundle, WebAppInfo webXmlAppInfo, boolean annotationScanRequired, ApplicationPolicyConfigurationManager applicationPolicyConfigurationManager,
String contextId) throws DeploymentException {
this.bundle = bundle;
this.contextId = contextId;
this.annotationScanRequired = annotationScanRequired;
this.applicationPolicyConfigurationManager = applicationPolicyConfigurationManager;
- this.deploymentDescriptor = deploymentDescriptor == null? new WebApp(): deploymentDescriptor;
+ this.webXmlAppInfo = webXmlAppInfo == null ? new WebAppInfo() : webXmlAppInfo;
}
@Override
@@ -68,15 +70,15 @@ public class JACCSecurityLifecycleListen
String lifecycleEventType = lifecycleEvent.getType();
if (lifecycleEventType.equals(Lifecycle.BEFORE_START_EVENT)) {
//Initialize SpecSecurityBuilder
- SpecSecurityBuilder specSecurityBuilder = new SpecSecurityBuilder(deploymentDescriptor, bundle, annotationScanRequired);
GeronimoStandardContext standardContext = (GeronimoStandardContext) lifecycleEvent.getSource();
GeronimoApplicationContext applicationContext = (GeronimoApplicationContext) standardContext.getInternalServletContext();
- applicationContext.setSpecSecurityBuilder(specSecurityBuilder);
+ WebSecurityConstraintStore webSecurityConstraintStore = new WebSecurityConstraintStore(webXmlAppInfo, bundle, annotationScanRequired, applicationContext);
+ applicationContext.setWebSecurityConstraintStore(webSecurityConstraintStore);
} else if (lifecycleEventType.equals(Lifecycle.START_EVENT)) {
GeronimoStandardContext standardContext = (GeronimoStandardContext) lifecycleEvent.getSource();
GeronimoApplicationContext applicationContext = (GeronimoApplicationContext) standardContext.getInternalServletContext();
//Calculate the final Security Permissions
- SpecSecurityBuilder specSecurityBuilder = applicationContext.getSpecSecurityBuilder();
+ SpecSecurityBuilder specSecurityBuilder = new SpecSecurityBuilder(applicationContext.getWebSecurityConstraintStore().exportMergedWebAppInfo());
Map<String, ComponentPermissions> contextIdPermissionsMap = new HashMap<String, ComponentPermissions>();
contextIdPermissionsMap.put(contextId, specSecurityBuilder.buildSpecSecurityConfig());
//Update ApplicationPolicyConfigurationManager
@@ -94,7 +96,7 @@ public class JACCSecurityLifecycleListen
} finally {
//Clear SpecSecurityBuilder
specSecurityBuilder.clear();
- applicationContext.setSpecSecurityBuilder(null);
+ applicationContext.setWebSecurityConstraintStore(null);
}
}
}