You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by am...@apache.org on 2005/11/20 09:40:52 UTC
svn commit: r345728 [3/3] - in /geronimo/trunk:
applications/console-core/src/java/org/apache/geronimo/console/core/security/
applications/console-core/src/java/org/apache/geronimo/console/util/
applications/console-ear/src/plan/ applications/console-f...
Modified: geronimo/trunk/modules/assembly/src/plan/webconsole-tomcat-plan.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/webconsole-tomcat-plan.xml?rev=345728&r1=345727&r2=345728&view=diff
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/webconsole-tomcat-plan.xml (original)
+++ geronimo/trunk/modules/assembly/src/plan/webconsole-tomcat-plan.xml Sun Nov 20 00:40:24 2005
@@ -1 +1,135 @@
-<?xml version="1.0" encoding="UTF-8"?>
<application
xmlns="http://geronimo.apache.org/xml/ns/j2ee/application-1.0"
configId="org/apache/geronimo/Console/Tomcat"
parentId="org/apache/geronimo/Server">
<import>
<uri>org/apache/geronimo/Tomcat</uri>
</import>
<!-- these dependencies must be kept here so that their classes are loaded in the "EARs" classloader. -->
<dependency>
<groupId>portlet-api</groupId>
<artifactId>portlet-api</artifactId>
<version>${portlet_api_version}</version>
</dependency>
<dependency>
<groupId>org.apache.pluto</groupId>
<artifactId>pluto</artifactId>
<version>${pluto_version}</version>
</dependency>
<dependency>
<groupId>geronimo</groupId>
<artifactId>geronimo-console-core</artifactId>
<version>${geronimo_version}</version>
</dependency>
<!-- The following are for configuration and deployment via JSR-88 -->
<dependency
>
<groupId>geronimo</groupId>
<artifactId>geronimo-test-ddbean</artifactId>
<version>${geronimo_version}</version>
</dependency>
<dependency>
<groupId>geronimo</groupId>
<artifactId>geronimo-deploy-jsr88</artifactId>
<version>${geronimo_version}</version>
</dependency>
<dependency>
<groupId>geronimo</groupId>
<artifactId>geronimo-deploy-config</artifactId>
<version>${geronimo_version}</version>
</dependency>
<dependency>
<groupId>geronimo</groupId>
<artifactId>geronimo-service-builder</artifactId>
<version>${geronimo_version}</version>
</dependency>
<dependency>
<groupId>geronimo</groupId>
<artifactId>geronimo-connector-builder</artifactId>
<version>${geronimo_version}</version>
</dependency>
<dependency>
<groupId>geronimo</groupId>
<artifactId>geronimo-j2ee-schema</artifactId>
<version>${geron
imo_version}</version>
</dependency>
<dependency>
<groupId>xmlbeans</groupId>
<artifactId>xbean</artifactId>
<version>${xmlbeans_version}</version>
</dependency>
<dependency>
<groupId>stax</groupId>
<artifactId>stax-api</artifactId>
<version>${stax_api_version}</version>
</dependency>
<!-- Keystore dependency -->
<dependency>
<groupId>geronimo</groupId>
<artifactId>geronimo-util</artifactId>
<version>${geronimo_version}</version>
</dependency>
<module>
<web>geronimo-console-framework-${pom.currentVersion}.war</web>
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.0" configId="console">
<context-root>/console</context-root>
<context-priority-classloader>false</context-priority-classloader>
<cross-context/>
<security-realm-name>geronimo-properties-realm</security-realm-name>
<
security>
<default-principal>
<principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/>
</default-principal>
<role-mappings>
<role role-name="admin">
<principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="admin" designated-run-as="true"/>
</role>
</role-mappings>
</security>
</web-app>
</module>
<module>
<web>geronimo-console-standard-${pom.currentVersion}.war</web>
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.0" configId="console-standard">
<context-root>/console-standard</context-root>
<context-priority-classloader>false</context-priority-classloader>
<cross-context/>
</web-app>
</module>
<!-- Console specific server info -->
<gbean name="PropertiesLoginManager" class="org.apache.geronimo.console.core.security.PropertiesLoginModuleManager">
<reference name="ServerInfo">
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/System,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name>
</reference>
<reference name="LoginModule">
<!-- <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Server,J2EEServer=geronimo,j2eeType=LoginModule,name=properties-login</gbean-name>-->
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Security,J2EEServer=geronimo,j2eeType=LoginModule,name=properties-login</gbean-name>
</reference>
</gbean>
<!-- Keystore configuration -->
<gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">
<attribute name="keyStoreLocation">var/
security/ssl-keystore-1</attribute>
<attribute name="keyStoreType">jks</attribute>
<attribute name="keyStoreProvider">SUN</attribute>
<attribute name="keyStorePassword">password</attribute>
<reference name="serverInfo">
<application>null</application>
<moduleType>J2EEModule</moduleType>
<module>org/apache/geronimo/System</module>
<type>GBean</type>
<name>ServerInfo</name>
</reference>
</gbean>
</application>
\ No newline at end of file
+<?xml version="1.0" encoding="UTF-8"?>
+<application
+ xmlns="http://geronimo.apache.org/xml/ns/j2ee/application-1.0"
+ configId="org/apache/geronimo/Console/Tomcat"
+ parentId="org/apache/geronimo/Server">
+
+ <import>
+ <uri>org/apache/geronimo/Tomcat</uri>
+ </import>
+
+ <!-- these dependencies must be kept here so that their classes are loaded in the "EARs" classloader. -->
+ <dependency>
+ <groupId>portlet-api</groupId>
+ <artifactId>portlet-api</artifactId>
+ <version>${portlet_api_version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.pluto</groupId>
+ <artifactId>pluto</artifactId>
+ <version>${pluto_version}</version>
+ </dependency>
+ <dependency>
+ <groupId>geronimo</groupId>
+ <artifactId>geronimo-console-core</artifactId>
+ <version>${geronimo_version}</version>
+ </dependency>
+ <!-- The following are for configuration and deployment via JSR-88 -->
+ <dependency>
+ <groupId>geronimo</groupId>
+ <artifactId>geronimo-test-ddbean</artifactId>
+ <version>${geronimo_version}</version>
+ </dependency>
+ <dependency>
+ <groupId>geronimo</groupId>
+ <artifactId>geronimo-deploy-jsr88</artifactId>
+ <version>${geronimo_version}</version>
+ </dependency>
+ <dependency>
+ <groupId>geronimo</groupId>
+ <artifactId>geronimo-deploy-config</artifactId>
+ <version>${geronimo_version}</version>
+ </dependency>
+ <dependency>
+ <groupId>geronimo</groupId>
+ <artifactId>geronimo-service-builder</artifactId>
+ <version>${geronimo_version}</version>
+ </dependency>
+ <dependency>
+ <groupId>geronimo</groupId>
+ <artifactId>geronimo-connector-builder</artifactId>
+ <version>${geronimo_version}</version>
+ </dependency>
+ <dependency>
+ <groupId>geronimo</groupId>
+ <artifactId>geronimo-security-builder</artifactId>
+ <version>${geronimo_version}</version>
+ </dependency>
+ <dependency>
+ <groupId>geronimo</groupId>
+ <artifactId>geronimo-j2ee-schema</artifactId>
+ <version>${geronimo_version}</version>
+ </dependency>
+ <dependency>
+ <groupId>xmlbeans</groupId>
+ <artifactId>xbean</artifactId>
+ <version>${xmlbeans_version}</version>
+ </dependency>
+ <dependency>
+ <groupId>stax</groupId>
+ <artifactId>stax-api</artifactId>
+ <version>${stax_api_version}</version>
+ </dependency>
+
+ <!-- Keystore dependency -->
+ <dependency>
+ <groupId>geronimo</groupId>
+ <artifactId>geronimo-util</artifactId>
+ <version>${geronimo_version}</version>
+ </dependency>
+ <module>
+ <web>geronimo-console-framework-${pom.currentVersion}.war</web>
+ <web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.0" configId="console">
+ <context-root>/console</context-root>
+ <context-priority-classloader>false</context-priority-classloader>
+ <cross-context/>
+ <security-realm-name>geronimo-properties-realm</security-realm-name>
+ <security>
+ <default-principal>
+ <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/>
+ </default-principal>
+ <role-mappings>
+ <role role-name="admin">
+ <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="admin" designated-run-as="true"/>
+ </role>
+ </role-mappings>
+ </security>
+ </web-app>
+ </module>
+
+ <module>
+ <web>geronimo-console-standard-${pom.currentVersion}.war</web>
+ <web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.0" configId="console-standard">
+ <context-root>/console-standard</context-root>
+ <context-priority-classloader>false</context-priority-classloader>
+ <cross-context/>
+ </web-app>
+ </module>
+
+ <!-- Console specific server info -->
+ <gbean name="PropertiesLoginManager" class="org.apache.geronimo.console.core.security.PropertiesLoginModuleManager">
+ <reference name="ServerInfo">
+ <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/System,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name>
+ </reference>
+ <reference name="LoginModule">
+ <!-- <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Server,J2EEServer=geronimo,j2eeType=LoginModule,name=properties-login</gbean-name>-->
+ <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Security,J2EEServer=geronimo,j2eeType=LoginModule,name=properties-login</gbean-name>
+ </reference>
+ </gbean>
+
+ <!-- Keystore configuration -->
+ <gbean gbeanName="geronimo.security:type=KeyStore" class="org.apache.geronimo.console.core.keystore.KeyStoreGBean">
+ <attribute name="keyStoreLocation">var/security/ssl-keystore-1</attribute>
+ <attribute name="keyStoreType">jks</attribute>
+ <attribute name="keyStoreProvider">SUN</attribute>
+ <attribute name="keyStorePassword">password</attribute>
+ <reference name="serverInfo">
+ <application>null</application>
+ <moduleType>J2EEModule</moduleType>
+ <module>org/apache/geronimo/System</module>
+ <type>GBean</type>
+ <name>ServerInfo</name>
+ </reference>
+ </gbean>
+
+</application>
Modified: geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/ManagedConnectionFactoryWrapper.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/ManagedConnectionFactoryWrapper.java?rev=345728&r1=345727&r2=345728&view=diff
==============================================================================
--- geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/ManagedConnectionFactoryWrapper.java (original)
+++ geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/ManagedConnectionFactoryWrapper.java Sun Nov 20 00:40:24 2005
@@ -262,6 +262,10 @@
return null;
}
+ public Object getConnectionFactory() {
+ return $getResource();
+ }
+
public Object $getResource() {
return proxy;
}
Modified: geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/impl/J2EEServerImpl.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/impl/J2EEServerImpl.java?rev=345728&r1=345727&r2=345728&view=diff
==============================================================================
--- geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/impl/J2EEServerImpl.java (original)
+++ geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/impl/J2EEServerImpl.java Sun Nov 20 00:40:24 2005
@@ -31,7 +31,6 @@
import org.apache.geronimo.system.serverinfo.ServerInfo;
import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
import org.apache.geronimo.management.geronimo.J2EEServer;
-import org.apache.geronimo.management.geronimo.WebContainer;
import org.apache.geronimo.management.geronimo.EJBManager;
import org.apache.geronimo.management.geronimo.JMSManager;
import org.apache.geronimo.management.geronimo.WebManager;
@@ -182,6 +181,28 @@
names[i++] = name.getCanonicalName();
}
return names;
+ }
+
+ public String[] getSecurityRealms() {
+ GBeanQuery query = new GBeanQuery(null, "org.apache.geronimo.security.realm.SecurityRealm");
+ Set set = kernel.listGBeans(query);
+ String[] names = new String[set.size()];
+ int i=0;
+ for (Iterator it = set.iterator(); it.hasNext();) {
+ ObjectName name = (ObjectName) it.next();
+ names[i++] = name.getCanonicalName();
+ }
+ return names;
+ }
+
+ public String getServerInfo() {
+ GBeanQuery query = new GBeanQuery(null, ServerInfo.class.getName());
+ Set set = kernel.listGBeans(query);
+ for (Iterator it = set.iterator(); it.hasNext();) {
+ ObjectName name = (ObjectName) it.next();
+ return name.getCanonicalName();
+ }
+ return null;
}
public String getServerVendor() {
Modified: geronimo/trunk/modules/management/src/java/org/apache/geronimo/management/geronimo/J2EEServer.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/management/src/java/org/apache/geronimo/management/geronimo/J2EEServer.java?rev=345728&r1=345727&r2=345728&view=diff
==============================================================================
--- geronimo/trunk/modules/management/src/java/org/apache/geronimo/management/geronimo/J2EEServer.java (original)
+++ geronimo/trunk/modules/management/src/java/org/apache/geronimo/management/geronimo/J2EEServer.java Sun Nov 20 00:40:24 2005
@@ -67,4 +67,24 @@
* @return The ObjectNames of the repositories, in String form.
*/
public String[] getRepositories();
+
+ /**
+ * Gets the ObjectNames of the SecurityRealms associated with this
+ * J2EEServer.
+ *
+ * @see org.apache.geronimo.security.realm.SecurityRealm
+ *
+ * @return The ObjectNames of the realms, in String form.
+ */
+ public String[] getSecurityRealms();
+
+ /**
+ * Gets the ObjectName of the ServerInfo associated with this
+ * J2EEServer.
+ *
+ * @see org.apache.geronimo.system.serverinfo.ServerInfo
+ *
+ * @return The ObjectName of the ServerInfo, in String form.
+ */
+ public String getServerInfo();
}
Modified: geronimo/trunk/modules/management/src/java/org/apache/geronimo/management/geronimo/JCAManagedConnectionFactory.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/management/src/java/org/apache/geronimo/management/geronimo/JCAManagedConnectionFactory.java?rev=345728&r1=345727&r2=345728&view=diff
==============================================================================
--- geronimo/trunk/modules/management/src/java/org/apache/geronimo/management/geronimo/JCAManagedConnectionFactory.java (original)
+++ geronimo/trunk/modules/management/src/java/org/apache/geronimo/management/geronimo/JCAManagedConnectionFactory.java Sun Nov 20 00:40:24 2005
@@ -52,4 +52,6 @@
* @return
*/
public String getConnectionManager();
+
+ public Object getConnectionFactory();
}
Modified: geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/LoginConfigBuilder.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/LoginConfigBuilder.java?rev=345728&r1=345727&r2=345728&view=diff
==============================================================================
--- geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/LoginConfigBuilder.java (original)
+++ geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/LoginConfigBuilder.java Sun Nov 20 00:40:24 2005
@@ -21,6 +21,7 @@
import java.util.Collections;
import java.util.Properties;
import java.util.Set;
+import java.util.List;
import javax.management.MalformedObjectNameException;
import javax.management.ObjectName;
@@ -63,7 +64,7 @@
throw new DeploymentException("Invalid login configuration:\n" + errors + "\nDescriptor: " + loginConfig.toString());
}
XmlCursor xmlCursor = loginConfig.newCursor();
- ObjectName nextName = null;
+ List uses = new ArrayList();
try {
boolean atStart = true;
while ((atStart && xmlCursor.toFirstChild()) || (!atStart && xmlCursor.toNextSibling())) {
@@ -130,16 +131,19 @@
GBeanData loginModuleUseGBeanData = new GBeanData(thisName, JaasLoginModuleUse.GBEAN_INFO);
loginModuleUseGBeanData.setAttribute("controlFlag", controlFlag);
loginModuleUseGBeanData.setReferencePattern("LoginModule", loginModuleName);
- if (nextName != null) {
- loginModuleUseGBeanData.setReferencePattern("Next", nextName);
+ uses.add(loginModuleUseGBeanData);
+ }
+ for(int i=uses.size()-1; i>=0; i--) {
+ GBeanData data = (GBeanData) uses.get(i);
+ if(i > 0) {
+ ((GBeanData)uses.get(i-1)).setReferencePattern("Next", data.getName());
}
- context.addGBean(loginModuleUseGBeanData);
- nextName = thisName;
+ context.addGBean(data);
}
} finally {
xmlCursor.dispose();
}
- return Collections.singleton(nextName);
+ return uses.size() == 0 ? Collections.EMPTY_SET : Collections.singleton(((GBeanData)uses.get(0)).getName());
}
private String trim(String string) {
Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleChain.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleChain.java?rev=345728&view=auto
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleChain.java (added)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleChain.java Sun Nov 20 00:40:24 2005
@@ -0,0 +1,46 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.security.jaas;
+
+/**
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public interface JaasLoginModuleChain {
+ /**
+ * Gets the ObjectName of the login module that this node in the
+ * chain corresponds to (a LoginModuleGBean).
+ *
+ * @return The ObjectName of the login module GBean, in String form.
+ */
+ String getLoginModuleName();
+
+ /**
+ * Gets the ObjectName of the next node in the chain after this one
+ * (another JaasLoginModuleChain).
+ *
+ * @return The ObjectName of the next node, in String form, or null
+ * if this is the last.
+ */
+ public String getNextName();
+
+ /**
+ * The String form of the control flag for the login module at this
+ * position in the chain.
+ */
+ public String getControlFlag();
+
+}
Propchange: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleChain.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java?rev=345728&r1=345727&r2=345728&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java Sun Nov 20 00:40:24 2005
@@ -35,29 +35,32 @@
*
* @version $Rev$ $Date$
*/
-public class JaasLoginModuleUse {
+public class JaasLoginModuleUse implements JaasLoginModuleChain {
// See also http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASLMDevGuide.html for more standard login module option keys
- public final static String KERNEL_LM_OPTION = "org.apache.geronimo.security.realm.GenericSecurityRealm.KERNEL";
+ public final static String KERNEL_NAME_LM_OPTION = "org.apache.geronimo.security.realm.GenericSecurityRealm.KERNEL";
public final static String SERVERINFO_LM_OPTION = "org.apache.geronimo.security.realm.GenericSecurityRealm.SERVERINFO";
public final static String CLASSLOADER_LM_OPTION = "org.apache.geronimo.security.realm.GenericSecurityRealm.CLASSLOADER";
private final LoginModuleGBean loginModule;
private final JaasLoginModuleUse next;
- private final LoginModuleControlFlag controlFlag;
+ private LoginModuleControlFlag controlFlag;
+ private final Kernel kernel;
//for reference.
public JaasLoginModuleUse() {
loginModule = null;
next = null;
controlFlag = null;
+ kernel = null;
}
- public JaasLoginModuleUse(LoginModuleGBean loginModule, JaasLoginModuleUse next, String controlFlag) {
+ public JaasLoginModuleUse(LoginModuleGBean loginModule, JaasLoginModuleUse next, String controlFlag, Kernel kernel) {
this.loginModule = loginModule;
this.next = next;
LoginModuleControlFlagEditor editor = new LoginModuleControlFlagEditor();
editor.setAsText(controlFlag);
this.controlFlag = (LoginModuleControlFlag) editor.getValue();
+ this.kernel = kernel;
}
public LoginModuleGBean getLoginModule() {
@@ -68,10 +71,27 @@
return next;
}
+ public String getLoginModuleName() {
+ return kernel.getObjectNameFor(loginModule).getCanonicalName();
+ }
+
+ public String getNextName() {
+ if(next == null) {
+ return null;
+ }
+ return kernel.getObjectNameFor(next).getCanonicalName();
+ }
+
public String getControlFlag() {
return controlFlag.toString();
}
+ public void setControlFlag(String controlFlag) {
+ LoginModuleControlFlagEditor ed = new LoginModuleControlFlagEditor();
+ ed.setAsText(controlFlag);
+ this.controlFlag = (LoginModuleControlFlag) ed.getValue();
+ }
+
public void configure(Set domainNames, List loginModuleConfigurations, Kernel kernel, ServerInfo serverInfo, ClassLoader classLoader) {
Map options = loginModule.getOptions();
if (options != null) {
@@ -79,8 +99,8 @@
} else {
options = new HashMap();
}
- if (kernel != null && !options.containsKey(KERNEL_LM_OPTION)) {
- options.put(KERNEL_LM_OPTION, kernel.getKernelName());
+ if (kernel != null && !options.containsKey(KERNEL_NAME_LM_OPTION)) {
+ options.put(KERNEL_NAME_LM_OPTION, kernel.getKernelName());
}
if (serverInfo != null && !options.containsKey(SERVERINFO_LM_OPTION)) {
options.put(SERVERINFO_LM_OPTION, serverInfo);
@@ -108,12 +128,13 @@
static {
GBeanInfoBuilder infoBuilder = new GBeanInfoBuilder(JaasLoginModuleUse.class, "LoginModuleUse");
infoBuilder.addAttribute("controlFlag", String.class, true);
+ infoBuilder.addAttribute("kernel", Kernel.class, false, false);
infoBuilder.addReference("LoginModule", LoginModuleGBean.class, NameFactory.LOGIN_MODULE);
infoBuilder.addReference("Next", JaasLoginModuleUse.class);
infoBuilder.addOperation("configure", new Class[]{Set.class, List.class, Kernel.class, ServerInfo.class, ClassLoader.class});
-
- infoBuilder.setConstructor(new String[]{"LoginModule", "Next", "controlFlag"});
+ infoBuilder.addInterface(JaasLoginModuleChain.class);
+ infoBuilder.setConstructor(new String[]{"LoginModule", "Next", "controlFlag", "kernel"});
GBEAN_INFO = infoBuilder.getBeanInfo();
}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java?rev=345728&r1=345727&r2=345728&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java Sun Nov 20 00:40:24 2005
@@ -32,17 +32,18 @@
*
* @version $Rev$ $Date$
*/
-public class LoginModuleGBean {
+public class LoginModuleGBean implements LoginModuleSettings {
private String loginDomainName;
private String loginModuleClass;
private Properties options;
- private String objectName;
+ private final String objectName;
private boolean serverSide;
private boolean wrapPrincipals;
private final ClassLoader classLoader;
public LoginModuleGBean() {
- this.classLoader = null;
+ classLoader = null;
+ objectName = null;
}
public LoginModuleGBean(String loginModuleClass, String objectName, boolean serverSide, boolean wrapPrincipals, ClassLoader classLoader) {
@@ -81,10 +82,6 @@
return objectName;
}
- public void setObjectName(String objectName) {
- this.objectName = objectName;
- }
-
public boolean isServerSide() {
return serverSide;
}
@@ -116,6 +113,7 @@
infoFactory.addAttribute("loginDomainName", String.class, true);
infoFactory.addAttribute("wrapPrincipals", boolean.class, true);
infoFactory.addAttribute("classLoader", ClassLoader.class, false);
+ infoFactory.addInterface(LoginModuleSettings.class);
infoFactory.setConstructor(new String[]{"loginModuleClass", "objectName", "serverSide", "wrapPrincipals", "classLoader"});
GBEAN_INFO = infoFactory.getBeanInfo();
Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleSettings.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleSettings.java?rev=345728&view=auto
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleSettings.java (added)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleSettings.java Sun Nov 20 00:40:24 2005
@@ -0,0 +1,44 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.security.jaas;
+
+import java.util.Properties;
+
+/**
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public interface LoginModuleSettings {
+ public String getLoginDomainName();
+
+ public void setLoginDomainName(String loginDomainName);
+
+ public Properties getOptions();
+
+ public void setOptions(Properties options);
+
+ public String getLoginModuleClass();
+
+ public void setLoginModuleClass(String loginModuleClass);
+
+ public boolean isServerSide();
+
+ public void setServerSide(boolean serverSide);
+
+ public boolean isWrapPrincipals();
+
+ public void setWrapPrincipals(boolean wrapPrincipals);
+}
Propchange: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleSettings.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java?rev=345728&r1=345727&r2=345728&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java Sun Nov 20 00:40:24 2005
@@ -70,7 +70,7 @@
private String[] domains;
private final boolean restrictPrincipalsToServer;
private final boolean wrapPrincipals;
-
+ private final JaasLoginModuleUse loginModuleUse;
public GenericSecurityRealm(String realmName,
JaasLoginModuleUse loginModuleUse,
@@ -87,6 +87,7 @@
this.wrapPrincipals = wrapPrincipals;
this.defaultPrincipalInfo = defaultPrincipalInfo;
this.loginService = loginService;
+ this.loginModuleUse = loginModuleUse;
Set domainNames = new HashSet();
List loginModuleConfigurations = new ArrayList();
@@ -106,6 +107,10 @@
public JaasLoginModuleConfiguration[] getAppConfigurationEntries() {
return config;
+ }
+
+ public String getLoginModuleChainName() {
+ return kernel.getObjectNameFor(loginModuleUse).getCanonicalName();
}
/**
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java?rev=345728&r1=345727&r2=345728&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java Sun Nov 20 00:40:24 2005
@@ -60,4 +60,11 @@
*/
public String[] getLoginDomains();
+ /**
+ * Gets the ObjectName of the first JaasLoginModuleChain node in the
+ * chain of LoginModules for this realm.
+ *
+ * @return The ObjectName, in String form.
+ */
+ public String getLoginModuleChainName();
}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/CertificatePropertiesFileLoginModule.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/CertificatePropertiesFileLoginModule.java?rev=345728&r1=345727&r2=345728&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/CertificatePropertiesFileLoginModule.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/CertificatePropertiesFileLoginModule.java Sun Nov 20 00:40:24 2005
@@ -32,7 +32,6 @@
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.FailedLoginException;
@@ -42,8 +41,6 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.geronimo.common.GeronimoSecurityException;
-import org.apache.geronimo.kernel.Kernel;
-import org.apache.geronimo.kernel.KernelRegistry;
import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
import org.apache.geronimo.system.serverinfo.ServerInfo;
@@ -78,18 +75,17 @@
this.subject = subject;
this.handler = callbackHandler;
try {
- Kernel kernel = KernelRegistry.getKernel((String)options.get(JaasLoginModuleUse.KERNEL_LM_OPTION));
ServerInfo serverInfo = (ServerInfo) options.get(JaasLoginModuleUse.SERVERINFO_LM_OPTION);
URI usersURI = new URI((String)options.get(USERS_URI));
URI groupsURI = new URI((String)options.get(GROUPS_URI));
- loadProperties(kernel, serverInfo, usersURI, groupsURI);
+ loadProperties(serverInfo, usersURI, groupsURI);
} catch (Exception e) {
log.error(e);
throw new IllegalArgumentException("Unable to configure properties file login module: "+e);
}
}
- public void loadProperties(Kernel kernel, ServerInfo serverInfo, URI usersURI, URI groupURI) throws GeronimoSecurityException {
+ public void loadProperties(ServerInfo serverInfo, URI usersURI, URI groupURI) throws GeronimoSecurityException {
try {
URI userFile = serverInfo.resolve(usersURI);
URI groupFile = serverInfo.resolve(groupURI);
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java?rev=345728&r1=345727&r2=345728&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java Sun Nov 20 00:40:24 2005
@@ -69,14 +69,19 @@
this.subject = subject;
this.handler = callbackHandler;
try {
- Kernel kernel = KernelRegistry.getKernel((String)options.get(JaasLoginModuleUse.KERNEL_LM_OPTION));
+ Kernel kernel = KernelRegistry.getKernel((String)options.get(JaasLoginModuleUse.KERNEL_NAME_LM_OPTION));
ServerInfo serverInfo = (ServerInfo) options.get(JaasLoginModuleUse.SERVERINFO_LM_OPTION);
- URI usersURI = new URI((String)options.get(USERS_URI));
- URI groupsURI = new URI((String)options.get(GROUPS_URI));
+ final String users = (String)options.get(USERS_URI);
+ final String groups = (String)options.get(GROUPS_URI);
+ if(users == null || groups == null) {
+ throw new IllegalArgumentException("Both "+USERS_URI+" and "+GROUPS_URI+" must be provided!");
+ }
+ URI usersURI = new URI(users);
+ URI groupsURI = new URI(groups);
loadProperties(kernel, serverInfo, usersURI, groupsURI);
} catch (Exception e) {
- log.error(e);
- throw new IllegalArgumentException("Unable to configure properties file login module: "+e);
+ log.error("Initialization failed", e);
+ throw new IllegalArgumentException("Unable to configure properties file login module: "+e.getMessage());
}
}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/RepeatedFailureLockoutLoginModule.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/RepeatedFailureLockoutLoginModule.java?rev=345728&r1=345727&r2=345728&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/RepeatedFailureLockoutLoginModule.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/RepeatedFailureLockoutLoginModule.java Sun Nov 20 00:40:24 2005
@@ -16,18 +16,8 @@
*/
package org.apache.geronimo.security.realm.providers;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.PrintWriter;
import java.io.Serializable;
-import java.nio.channels.FileChannel;
-import java.nio.channels.FileLock;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-import java.util.Date;
import java.util.Map;
-import java.util.Hashtable;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.Iterator;
@@ -38,9 +28,6 @@
import javax.security.auth.login.LoginException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.spi.LoginModule;
-
-import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
-import org.apache.geronimo.system.serverinfo.ServerInfo;
/**
* Tracks the number of recent login failures for each user, and starts
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java?rev=345728&r1=345727&r2=345728&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java Sun Nov 20 00:40:24 2005
@@ -37,13 +37,35 @@
import javax.security.auth.login.LoginException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.spi.LoginModule;
+import javax.management.ObjectName;
+import javax.sql.DataSource;
import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
+import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.kernel.KernelRegistry;
+import org.apache.geronimo.gbean.GBeanQuery;
+import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.management.geronimo.JCAManagedConnectionFactory;
/**
* A login module that loads security information from a SQL database. Expects
* to be run by a GenericSecurityRealm (doesn't work on its own).
+ * <p>
+ * This requires database connectivity information (either 1: a dataSourceName and
+ * optional dataSourceApplication or 2: a JDBC driver, URL, username, and password)
+ * and 2 SQL queries.
+ * <p>
+ * The userSelect query should return 2 values, the username and the password in
+ * that order. It should include one PreparedStatement parameter (a ?) which
+ * will be filled in with the username. In other words, the query should look
+ * like: <tt>SELECT user, password FROM users WHERE username=?</tt>
+ * <p>
+ * The groupSelect query should return 2 values, the username and the group name in
+ * that order (but it may return multiple rows, one per group). It should include
+ * one PreparedStatement parameter (a ?) which will be filled in with the username.
+ * In other words, the query should look like:
+ * <tt>SELECT user, role FROM user_roles WHERE username=?</tt>
*
* @version $Rev$ $Date$
*/
@@ -54,10 +76,12 @@
public final static String USER = "jdbcUser";
public final static String PASSWORD = "jdbcPassword";
public final static String DRIVER = "jdbcDriver";
- //todo: support JNDI data sources too
+ public final static String DATABASE_POOL_NAME = "dataSourceName";
+ public final static String DATABASE_POOL_APP_NAME = "dataSourceApplication";
private String connectionURL;
private Properties properties;
private Driver driver;
+ private JCAManagedConnectionFactory factory;
private String userSelect;
private String groupSelect;
@@ -70,20 +94,47 @@
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
this.subject = subject;
this.handler = callbackHandler;
-
- connectionURL = (String) options.get(CONNECTION_URL);
- properties = new Properties();
- properties.put("user", options.get(USER));
- properties.put("password", options.get(PASSWORD));
userSelect = (String) options.get(USER_SELECT);
groupSelect = (String) options.get(GROUP_SELECT);
- ClassLoader cl = (ClassLoader) options.get(JaasLoginModuleUse.CLASSLOADER_LM_OPTION);
- try {
- this.driver = (Driver) cl.loadClass((String) options.get(DRIVER)).newInstance();
- } catch (ClassNotFoundException e) {
- throw new IllegalArgumentException("Driver class " + driver + " is not available. Perhaps you need to add it as a dependency in your deployment plan?");
- } catch (Exception e) {
- throw new IllegalArgumentException("Unable to load, instantiate, register driver " + driver + ": " + e.getMessage());
+
+ String dataSourceName = (String) options.get(DATABASE_POOL_NAME);
+ if(dataSourceName != null) {
+ dataSourceName = dataSourceName.trim();
+ String dataSourceAppName = (String) options.get(DATABASE_POOL_APP_NAME);
+ if(dataSourceAppName == null || dataSourceAppName.trim().equals("")) {
+ dataSourceAppName = "null";
+ } else {
+ dataSourceAppName = dataSourceAppName.trim();
+ }
+ String kernelName = (String) options.get(JaasLoginModuleUse.KERNEL_NAME_LM_OPTION);
+ Kernel kernel = KernelRegistry.getKernel(kernelName);
+ Set set = kernel.listGBeans(new GBeanQuery(null, JCAManagedConnectionFactory.class.getName()));
+ JCAManagedConnectionFactory factory;
+ for (Iterator it = set.iterator(); it.hasNext();) {
+ ObjectName name = (ObjectName) it.next();
+ if(name.getKeyProperty(NameFactory.J2EE_APPLICATION).equals(dataSourceAppName) &&
+ name.getKeyProperty(NameFactory.J2EE_NAME).equals(dataSourceName)) {
+ factory = (JCAManagedConnectionFactory) kernel.getProxyManager().createProxy(name, JCAManagedConnectionFactory.class.getClassLoader());
+ String type = factory.getConnectionFactoryInterface();
+ if(type.equals(DataSource.class.getName())) {
+ this.factory = factory;
+ break;
+ }
+ }
+ }
+ } else {
+ connectionURL = (String) options.get(CONNECTION_URL);
+ properties = new Properties();
+ properties.put("user", options.get(USER));
+ properties.put("password", options.get(PASSWORD));
+ ClassLoader cl = (ClassLoader) options.get(JaasLoginModuleUse.CLASSLOADER_LM_OPTION);
+ try {
+ this.driver = (Driver) cl.loadClass((String) options.get(DRIVER)).newInstance();
+ } catch (ClassNotFoundException e) {
+ throw new IllegalArgumentException("Driver class " + driver + " is not available. Perhaps you need to add it as a dependency in your deployment plan?");
+ } catch (Exception e) {
+ throw new IllegalArgumentException("Unable to load, instantiate, register driver " + driver + ": " + e.getMessage());
+ }
}
}
@@ -109,15 +160,18 @@
boolean found = false;
try {
- Connection conn = driver.connect(connectionURL, properties);
+ Connection conn;
+ if(factory != null) {
+ DataSource ds = (DataSource) factory.getConnectionFactory();
+ conn = ds.getConnection();
+ } else {
+ conn = driver.connect(connectionURL, properties);
+ }
try {
PreparedStatement statement = conn.prepareStatement(userSelect);
try {
- int count = statement.getParameterMetaData().getParameterCount();
- for (int i = 1; i <= count; ++i) {
- statement.setObject(i, cbUsername);
- }
+ statement.setObject(1, cbUsername);
ResultSet result = statement.executeQuery();
try {
@@ -125,9 +179,9 @@
String userName = result.getString(1);
String userPassword = result.getString(2);
- if (cbUsername.equals(userName) && ((cbPassword == null && userPassword == null) ||
- (cbPassword != null && userPassword != null && cbPassword.equals(userPassword)))) {
- found = true;
+ if (cbUsername.equals(userName)) {
+ found = (cbPassword == null && userPassword == null) ||
+ (cbPassword != null && userPassword != null && cbPassword.equals(userPassword));
break;
}
}
@@ -144,16 +198,13 @@
statement = conn.prepareStatement(groupSelect);
try {
- int count = statement.getParameterMetaData().getParameterCount();
- for (int i = 1; i <= count; ++i) {
- statement.setObject(i, cbUsername);
- }
+ statement.setObject(1, cbUsername);
ResultSet result = statement.executeQuery();
try {
while (result.next()) {
- String groupName = result.getString(1);
- String userName = result.getString(2);
+ String userName = result.getString(1);
+ String groupName = result.getString(2);
if (cbUsername.equals(userName)) {
groups.add(new GeronimoGroupPrincipal(groupName));
Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java?rev=345728&r1=345727&r2=345728&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java (original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java Sun Nov 20 00:40:24 2005
@@ -91,7 +91,7 @@
props.put("jdbcUser", "loginmodule");
props.put("jdbcPassword", "password");
props.put("userSelect", "SELECT UserName, Password FROM Users where UserName = ?");
- props.put("groupSelect", "SELECT GroupName, UserName FROM Groups where UserName = ?");
+ props.put("groupSelect", "SELECT UserName, GroupName FROM Groups where UserName = ?");
gbean.setAttribute("options", props);
gbean.setAttribute("loginDomainName", "SQLDomain");
gbean.setAttribute("wrapPrincipals", Boolean.TRUE);