You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2004/12/04 21:51:00 UTC
svn commit: r109824 - in geronimo/branches/djencks/jetty-deployer1/trunk/modules: jetty-builder/src/java/org/apache/geronimo/jetty/deployment jetty/src/java/org/apache/geronimo/jetty jetty/src/test/org/apache/geronimo/jetty
Author: djencks
Date: Sat Dec 4 12:51:00 2004
New Revision: 109824
URL: http://svn.apache.org/viewcvs?view=rev&rev=109824
Log:
add missing security configuration piece. With luck we can figure out how to take this out again
Modified:
geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java?view=diff&rev=109824&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r1=109823&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r2=109824
==============================================================================
--- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java (original)
+++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java Sat Dec 4 12:51:00 2004
@@ -26,6 +26,7 @@
import java.net.URL;
import java.util.ArrayList;
import java.util.Collection;
+import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
@@ -34,7 +35,6 @@
import java.util.List;
import java.util.Map;
import java.util.Set;
-import java.util.Collections;
import java.util.jar.JarFile;
import java.util.zip.ZipEntry;
import javax.management.MalformedObjectNameException;
@@ -107,6 +107,7 @@
import org.mortbay.http.BasicAuthenticator;
import org.mortbay.http.ClientCertAuthenticator;
import org.mortbay.http.DigestAuthenticator;
+import org.mortbay.http.SecurityConstraint;
import org.mortbay.jetty.servlet.FormAuthenticator;
@@ -378,6 +379,8 @@
}
webModuleData.setAttribute("policyContextID", policyContextID);
buildSpecSecurityConfig(webApp, webModuleData, securityRoles);
+ //TODO figure out if we can avoid this.
+ buildLegacySecurityConstraints(webApp, webModuleData);
} else {
webModuleData = new GBeanData(webModuleName, JettyWebAppContext.GBEAN_INFO);
@@ -846,6 +849,72 @@
webModuleData.setAttribute("excludedPermissions", excludedPermissions);
webModuleData.setAttribute("uncheckedPermissions", uncheckedPermissions);
webModuleData.setAttribute("rolePermissions", rolePermissions);
+ }
+
+ private void buildLegacySecurityConstraints(WebAppType webApp, GBeanData webModuleData) throws DeploymentException {
+ //this is basically what jetty's XMLConfiguration does. I would hope we could come up with a better way.
+ Map urlToSecurityConstraintListMap = new HashMap();
+ SecurityConstraintType[] securityConstraintArray = webApp.getSecurityConstraintArray();
+ for (int i = 0; i < securityConstraintArray.length; i++) {
+ SecurityConstraintType securityConstraintType = securityConstraintArray[i];
+
+ SecurityConstraint scBase = new SecurityConstraint();
+ if (securityConstraintType.isSetAuthConstraint()) {
+ scBase.setAuthenticate(true);
+ RoleNameType[] roleNameArray = securityConstraintType.getAuthConstraint().getRoleNameArray();
+ for (int j = 0; j < roleNameArray.length; j++) {
+ RoleNameType roleNameType = roleNameArray[j];
+ scBase.addRole(roleNameType.getStringValue().trim());
+ }
+ }
+ if (securityConstraintType.isSetUserDataConstraint()) {
+ String guarantee = securityConstraintType.getUserDataConstraint().getTransportGuarantee().getStringValue().trim();
+ if (guarantee == null || guarantee.length() == 0 || "NONE".equals(guarantee))
+ scBase.setDataConstraint(SecurityConstraint.DC_NONE);
+ else if ("INTEGRAL".equals(guarantee))
+ scBase.setDataConstraint(SecurityConstraint.DC_INTEGRAL);
+ else if ("CONFIDENTIAL".equals(guarantee))
+ scBase.setDataConstraint(SecurityConstraint.DC_CONFIDENTIAL);
+ else
+ {
+ //ToDO what do we do here?
+// log.warn("Unknown user-data-constraint:" + guarantee);
+ scBase.setDataConstraint(SecurityConstraint.DC_CONFIDENTIAL);
+ }
+ }
+ WebResourceCollectionType[] webResourceCollectionArray = securityConstraintType.getWebResourceCollectionArray();
+ for (int j = 0; j < webResourceCollectionArray.length; j++) {
+ WebResourceCollectionType webResourceCollectionType = webResourceCollectionArray[j];
+
+ String name = webResourceCollectionType.getWebResourceName().getStringValue().trim();
+ SecurityConstraint sc = null;
+ try {
+ sc = (SecurityConstraint) scBase.clone();
+ } catch (CloneNotSupportedException e) {
+ throw new DeploymentException("this should not have happened", e);
+ }
+ sc.setName(name);
+ HttpMethodType[] httpMethodArray = webResourceCollectionType.getHttpMethodArray();
+ for (int k = 0; k < httpMethodArray.length; k++) {
+ HttpMethodType httpMethodType = httpMethodArray[k];
+ sc.addMethod(httpMethodType.getStringValue().trim());
+ }
+ UrlPatternType[] urlPatternArray = webResourceCollectionType.getUrlPatternArray();
+ for (int k = 0; k < urlPatternArray.length; k++) {
+ UrlPatternType urlPatternType = urlPatternArray[k];
+ String urlPattern = urlPatternType.getStringValue();
+ List securityConstraints = (List) urlToSecurityConstraintListMap.get(urlPattern);
+ if (securityConstraints == null) {
+ securityConstraints = new ArrayList();
+ urlToSecurityConstraintListMap.put(urlPattern, securityConstraints);
+ }
+ securityConstraints.add(sc);
+ }
+ }
+ }
+
+ webModuleData.setAttribute("legacySecurityConstraintMap", urlToSecurityConstraintListMap);
+
}
private static Set collectRoleNames(WebAppType webApp) {
Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java?view=diff&rev=109824&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r1=109823&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r2=109824
==============================================================================
--- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java (original)
+++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java Sat Dec 4 12:51:00 2004
@@ -25,13 +25,13 @@
import java.security.AccessControlException;
import java.security.Permission;
import java.security.Principal;
+import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
-import java.util.Collection;
import javax.management.MalformedObjectNameException;
import javax.management.ObjectName;
import javax.security.auth.Subject;
@@ -154,6 +154,9 @@
Set excludedPermissions,
Map rolePermissions,
+ //TODO remove
+ Map legacySecurityConstraintMap,
+
TransactionContextManager transactionContextManager,
TrackedConnectionAssociator trackedConnectionAssociator,
JettyContainer jettyContainer,
@@ -203,18 +206,18 @@
this.defaultPrincipal = generateDefaultPrincipal(securityConfig, loginDomainName);
- }
-
- public Kernel getKernel() {
- return kernel;
- }
+ //TODO remove
+ for (Iterator entries = legacySecurityConstraintMap.entrySet().iterator(); entries.hasNext();) {
+ Map.Entry entry = (Map.Entry) entries.next();
+ String urlPattern = (String) entry.getKey();
+ List securityConstraints = (List) entry.getValue();
+ for (Iterator constraints = securityConstraints.iterator(); constraints.hasNext();) {
+ SecurityConstraint securityConstraint = (SecurityConstraint) constraints.next();
+ addSecurityConstraint(urlPattern, securityConstraint);
+ }
- public String getPolicyContextID() {
- return policyContextID;
- }
+ }
- public Security getSecurityConfig() {
- return securityConfig;
}
public Subject getRoleDesignate(String roleName) {
@@ -514,7 +517,7 @@
SubjectId id = ContextManager.getSubjectId(defaultSubject);
defaultSubject.getPrincipals().add(new IdentificationPrincipal(id));
- log.debug("Default subject " + id + " for JACC policy '" + ((JettyWebAppJACCContext) getHttpContext()).getPolicyContextID() + "' registered.");
+ log.debug("Default subject " + id + " for JACC policy '" + policyContextID + "' registered.");
/**
* Get the JACC policy configuration that's associated with this
@@ -552,7 +555,7 @@
id = ContextManager.getSubjectId(roleDesignate);
roleDesignate.getPrincipals().add(new IdentificationPrincipal(id));
- log.debug("Role designate " + id + " for role '" + roleName + "' for JACC policy '" + ((JettyWebAppJACCContext) getHttpContext()).getPolicyContextID() + "' registered.");
+ log.debug("Role designate " + id + " for role '" + roleName + "' for JACC policy '" + policyContextID + "' registered.");
}
log.info("JettyWebAppJACCContext started with JACC policy '" + policyContextID + "'");
@@ -564,7 +567,7 @@
/**
* Unregister the default principal and role designates
*/
- log.debug("Default subject " + ContextManager.getSubjectId(defaultPrincipal.getSubject()) + " for JACC policy " + ((JettyWebAppJACCContext) getHttpContext()).getPolicyContextID() + "' unregistered.");
+ log.debug("Default subject " + ContextManager.getSubjectId(defaultPrincipal.getSubject()) + " for JACC policy " + policyContextID + "' unregistered.");
ContextManager.unregisterSubject(defaultPrincipal.getSubject());
@@ -574,7 +577,7 @@
Subject roleDesignate = (Subject) roleDesignates.get(roleName);
ContextManager.unregisterSubject(roleDesignate);
- log.debug("Role designate " + ContextManager.getSubjectId(roleDesignate) + " for role '" + roleName + "' for JACC policy '" + ((JettyWebAppJACCContext) getHttpContext()).getPolicyContextID() + "' unregistered.");
+ log.debug("Role designate " + ContextManager.getSubjectId(roleDesignate) + " for role '" + roleName + "' for JACC policy '" + policyContextID + "' unregistered.");
}
/**
@@ -677,6 +680,8 @@
infoBuilder.addAttribute("uncheckedPermissions", Set.class, true);
infoBuilder.addAttribute("excludedPermissions", Set.class, true);
infoBuilder.addAttribute("rolePermissions", Map.class, true);
+ //TODO remove
+ infoBuilder.addAttribute("legacySecurityConstraintMap", Map.class, true);
infoBuilder.addAttribute("kernel", Kernel.class, false);
@@ -712,6 +717,8 @@
"uncheckedPermissions",
"excludedPermissions",
"rolePermissions",
+ //TODO remove
+ "legacySecurityConstraintMap",
"TransactionContextManager",
"TrackedConnectionAssociator",
Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?view=diff&rev=109824&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r1=109823&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r2=109824
==============================================================================
--- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java (original)
+++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Sat Dec 4 12:51:00 2004
@@ -119,7 +119,7 @@
start(app);
}
- protected void setUpSecureAppContext(Security securityConfig, Set uncheckedPermissions, Set excludedPermissions, Map rolePermissions, Set securityRoles) throws Exception {
+ protected void setUpSecureAppContext(Security securityConfig, Set uncheckedPermissions, Set excludedPermissions, Map rolePermissions, Set securityRoles, Map legacySecurityConstraintMap) throws Exception {
GBeanData app = new GBeanData(webModuleName, JettyWebAppJACCContext.GBEAN_INFO);
app.setAttribute("loginDomainName", "jaasTest");
app.setAttribute("securityConfig", securityConfig);
@@ -127,6 +127,7 @@
app.setAttribute("excludedPermissions", excludedPermissions);
app.setAttribute("rolePermissions", rolePermissions);
app.setAttribute("securityRoles", securityRoles);
+ app.setAttribute("legacySecurityConstraintMap", legacySecurityConstraintMap);
FormAuthenticator formAuthenticator = new FormAuthenticator();
formAuthenticator.setLoginPage("/auth/logon.html?param=test");
formAuthenticator.setErrorPage("/auth/logonError.html?param=test");
Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java?view=diff&rev=109824&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r1=109823&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r2=109824
==============================================================================
--- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java (original)
+++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Sat Dec 4 12:51:00 2004
@@ -81,8 +81,9 @@
Set excludedPermissions = new HashSet();
Map rolePermissions = new HashMap();
Set securityRoles = new HashSet();
+ Map legacySecurityConstraintMap = new HashMap();
- startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles);
+ startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap);
HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
connection.setInstanceFollowRedirects(false);
@@ -190,7 +191,9 @@
securityRoles.add("content-administrator");
securityRoles.add("auto-administrator");
- startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles);
+ Map legacySecurityConstraintMap = new HashMap();
+
+ startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap);
HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
connection.setInstanceFollowRedirects(false);
@@ -306,8 +309,9 @@
Set excludedPermissions = new HashSet();
Map rolePermissions = new HashMap();
Set securityRoles = new HashSet();
+ Map legacySecurityConstraintMap = new HashMap();
- startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles);
+ startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap);
HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
connection.setInstanceFollowRedirects(false);
@@ -371,8 +375,8 @@
stopWebApp();
}
- protected void startWebApp(Security securityConfig, Set uncheckedPermissions, Set excludedPermissions, Map rolePermissions, Set securityRoles) throws Exception {
- setUpSecureAppContext(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles);
+ protected void startWebApp(Security securityConfig, Set uncheckedPermissions, Set excludedPermissions, Map rolePermissions, Set securityRoles, Map legacySecurityConstraintMap) throws Exception {
+ setUpSecureAppContext(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap);
setUpStaticContentServlet();
// GBeanMBean app = new GBeanMBean(JettyWebAppJACCContext.GBEAN_INFO);
//