You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by ad...@apache.org on 2005/01/20 06:21:52 UTC
svn commit: r125716 - in geronimo/trunk/modules/tomcat/src: java/org/apache/geronimo/tomcat test/org/apache/geronimo/tomcat
Author: adc
Date: Wed Jan 19 21:21:50 2005
New Revision: 125716
URL: http://svn.apache.org/viewcvs?view=rev&rev=125716
Log:
JACC (JSR 115) authorization from Tomcat Web Container
http://issues.apache.org/jira/browse/GERONIMO-314
Checkin of Jeff Genender.
Added:
geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java
geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatGeronimoRealm.java
geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JAASSecurityTest.java
geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JACCSecurityTest.java
Removed:
geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/SecurityTest.java
Modified:
geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatJAASRealm.java
geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java
geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java
Added: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java?view=auto&rev=125716
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java Wed Jan 19 21:21:50 2005
@@ -0,0 +1,47 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.tomcat;
+
+
+import java.security.Principal;
+import java.util.Stack;
+import javax.security.auth.Subject;
+
+
+/**
+ * @version $Rev: 122776 $ $Date: 2004-12-19 12:11:07 -0700 (Sun, 19 Dec 2004) $
+ */
+public class JAASTomcatPrincipal implements Principal {
+ private final String name;
+ private Subject subject;
+
+ public JAASTomcatPrincipal(String name) {
+ this.name = name;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public Subject getSubject() {
+ return subject;
+ }
+
+ public void setSubject(Subject subject) {
+ this.subject = subject;
+ }
+}
Added: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatGeronimoRealm.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatGeronimoRealm.java?view=auto&rev=125716
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatGeronimoRealm.java Wed Jan 19 21:21:50 2005
@@ -0,0 +1,619 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.tomcat;
+
+import java.io.IOException;
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Permissions;
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+import javax.security.auth.Subject;
+import javax.security.auth.login.AccountExpiredException;
+import javax.security.auth.login.CredentialExpiredException;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.security.jacc.PolicyConfiguration;
+import javax.security.jacc.PolicyConfigurationFactory;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.WebRoleRefPermission;
+import javax.security.jacc.WebUserDataPermission;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.deploy.LoginConfig;
+import org.apache.catalina.deploy.SecurityConstraint;
+import org.apache.catalina.realm.JAASCallbackHandler;
+import org.apache.catalina.realm.JAASRealm;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.apache.geronimo.common.GeronimoSecurityException;
+import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.IdentificationPrincipal;
+import org.apache.geronimo.security.PrimaryRealmPrincipal;
+import org.apache.geronimo.security.RealmPrincipal;
+import org.apache.geronimo.security.SubjectId;
+import org.apache.geronimo.security.deploy.DefaultPrincipal;
+import org.apache.geronimo.security.deploy.Realm;
+import org.apache.geronimo.security.deploy.Role;
+import org.apache.geronimo.security.deploy.Security;
+import org.apache.geronimo.security.jacc.PolicyContextHandlerContainerSubject;
+import org.apache.geronimo.security.jacc.RoleMappingConfiguration;
+import org.apache.geronimo.security.util.ConfigurationUtil;
+
+
+public class TomcatGeronimoRealm extends JAASRealm {
+
+ private static final Log log = LogFactory.getLog(TomcatGeronimoRealm.class);
+
+ private String policyContextID = null;
+ private PolicyConfigurationFactory factory = null;
+ private PolicyConfiguration policyConfiguration = null;
+ private Subject defaultSubject = null;
+ private PermissionCollection checked = new Permissions();
+ private Map roleDesignates = new HashMap();
+ private String loginDomainName = null;
+
+ private Context context = null;
+ private static ThreadLocal currentRequest = new ThreadLocal();
+
+ /**
+ * Descriptive information about this <code>Realm</code> implementation.
+ */
+ protected static final String info = "org.apache.geronimo.tomcat.TomcatGeronimoRealm/1.0";
+
+ /**
+ * Descriptive information about this <code>Realm</code> implementation.
+ */
+ protected static final String name = "TomcatGeronimoRealm";
+
+ public TomcatGeronimoRealm(String policyContextID,
+ Security securityConfig,
+ String loginDomainName,
+ Set securityRoles,
+ PermissionCollection uncheckedPermissions,
+ PermissionCollection excludedPermissions,
+ Map rolePermissions) throws PolicyContextException, ClassNotFoundException {
+
+ this.policyContextID = policyContextID;
+ this.defaultSubject = generateDefaultSubject(securityConfig, loginDomainName);
+
+ /**
+ * Register our default subject with the ContextManager
+ */
+ ContextManager.registerSubject(defaultSubject);
+ SubjectId id = ContextManager.getSubjectId(defaultSubject);
+ defaultSubject.getPrincipals().add(new IdentificationPrincipal(id));
+
+ factory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
+ policyConfiguration = factory.getPolicyConfiguration(policyContextID, true);
+
+ configure(uncheckedPermissions, excludedPermissions, rolePermissions);
+ addRoleMappings(securityRoles, loginDomainName, securityConfig, (RoleMappingConfiguration) policyConfiguration);
+ policyConfiguration.commit();
+ this.loginDomainName = loginDomainName;
+
+ Set allRolePermissions = new HashSet();
+ for (Iterator iterator = rolePermissions.entrySet().iterator(); iterator.hasNext();) {
+ Map.Entry entry = (Map.Entry) iterator.next();
+ Set permissionsForRole = (Set) entry.getValue();
+ allRolePermissions.addAll(permissionsForRole);
+ }
+ for (Iterator iterator = allRolePermissions.iterator(); iterator.hasNext();) {
+ Permission permission = (Permission) iterator.next();
+ checked.add(permission);
+ }
+ }
+
+ protected Subject generateDefaultSubject(Security securityConfig, String loginDomainName)
+ throws GeronimoSecurityException {
+ DefaultPrincipal defaultPrincipal = securityConfig.getDefaultPrincipal();
+ if (defaultPrincipal == null) {
+ throw new GeronimoSecurityException("Unable to generate default principal");
+ }
+
+ Subject subject = new Subject();
+
+ RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(defaultPrincipal.getPrincipal(), loginDomainName, defaultPrincipal.getRealmName());
+ if (realmPrincipal == null) {
+ throw new GeronimoSecurityException("Unable to create realm principal");
+ }
+ PrimaryRealmPrincipal primaryRealmPrincipal = ConfigurationUtil.generatePrimaryRealmPrincipal(defaultPrincipal.getPrincipal(), loginDomainName, defaultPrincipal.getRealmName());
+ if (primaryRealmPrincipal == null) {
+ throw new GeronimoSecurityException("Unable to create primary realm principal");
+ }
+
+ subject.getPrincipals().add(realmPrincipal);
+ subject.getPrincipals().add(primaryRealmPrincipal);
+
+ return subject;
+ }
+
+
+ /**
+ * Enforce any user data constraint required by the security constraint
+ * guarding this request URI. Return <code>true</code> if this constraint
+ * was not violated and processing should continue, or <code>false</code>
+ * if we have created a response already.
+ *
+ * @param request Request we are processing
+ * @param response Response we are creating
+ * @param constraints Security constraint being checked
+ * @throws IOException if an input/output error occurs
+ */
+ public boolean hasUserDataPermission(Request request,
+ Response response,
+ SecurityConstraint[] constraints)
+ throws IOException {
+
+ //Set the proper context
+ PolicyContext.setContextID(policyContextID);
+
+ //Get an authenticated subject, if there is one
+ Subject subject = null;
+ try {
+
+ //We will use the PolicyContextHandlerContainerSubject.HANDLER_KEY to see if a user
+ //has authenticated, since a request.getUserPrincipal() will not pick up the user
+ //unless its using a acached session.
+ subject = (Subject) PolicyContext.getContext(PolicyContextHandlerContainerSubject.HANDLER_KEY);
+
+ } catch (PolicyContextException e) {
+ log.error(e);
+ }
+
+ //If nothing has authenticated yet, do the normal
+ if (subject == null)
+ return super.hasUserDataPermission(request, response, constraints);
+
+ ContextManager.setCurrentCaller(subject);
+
+ try {
+
+ AccessControlContext acc = ContextManager.getCurrentContext();
+
+ /**
+ * JACC v1.0 secion 4.1.1
+ */
+ acc.checkPermission(new WebUserDataPermission(request));
+
+ } catch (AccessControlException ace) {
+ response.sendError(Response.SC_FORBIDDEN);
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Perform access control based on the specified authorization constraint.
+ * Return <code>true</code> if this constraint is satisfied and processing
+ * should continue, or <code>false</code> otherwise.
+ *
+ * @param request Request we are processing
+ * @param response Response we are creating
+ * @param constraint Security constraint we are enforcing
+ * @param context The Context to which client of this class is attached.
+ * @throws java.io.IOException if an input/output error occurs
+ */
+ public boolean hasResourcePermission(Request request,
+ Response response,
+ SecurityConstraint[] constraint,
+ Context context)
+ throws IOException {
+
+ //Set the current request (for hasRole)
+ currentRequest.set(request);
+
+ // Specifically allow access to the form login and form error pages
+ // and the "j_security_check" action
+ LoginConfig config = context.getLoginConfig();
+ if ((config != null) &&
+ (org.apache.catalina.realm.Constants.FORM_METHOD.equals(config.getAuthMethod()))) {
+ String requestURI = request.getDecodedRequestURI();
+ String loginPage = context.getPath() + config.getLoginPage();
+ if (loginPage.equals(requestURI)) {
+ if (log.isDebugEnabled())
+ log.debug(" Allow access to login page " + loginPage);
+ return (true);
+ }
+ String errorPage = context.getPath() + config.getErrorPage();
+ if (errorPage.equals(requestURI)) {
+ if (log.isDebugEnabled())
+ log.debug(" Allow access to error page " + errorPage);
+ return (true);
+ }
+ if (requestURI.endsWith(org.apache.catalina.realm.Constants.FORM_ACTION)) {
+ if (log.isDebugEnabled())
+ log.debug(" Allow access to username/password submission");
+ return (true);
+ }
+ }
+
+ // Which user principal have we already authenticated?
+ Principal principal = request.getUserPrincipal();
+
+ //If we have no principal, then we should use the default.
+ if (principal == null) {
+ ContextManager.setCurrentCaller(defaultSubject);
+ } else {
+ ContextManager.setCurrentCaller(((JAASTomcatPrincipal) principal).getSubject());
+ }
+
+ try {
+
+ AccessControlContext acc = ContextManager.getCurrentContext();
+
+
+ /**
+ * JACC v1.0 secion 4.1.2
+ */
+ acc.checkPermission(new WebResourcePermission(request));
+
+ } catch (AccessControlException ace) {
+ response.sendError(Response.SC_FORBIDDEN);
+ return false;
+ }
+
+ return true;
+
+ }
+
+ private String getServletName(Request request) {
+
+ String contextPath = ((HttpServletRequest) request.getRequest()).getContextPath();
+ String requestURI = request.getDecodedRequestURI();
+ String relativeURI = requestURI.substring(contextPath.length());
+ String servletPath = relativeURI;
+ String name = null;
+
+ //Try exact match
+ if (!(relativeURI.equals("/")))
+ name = context.findServletMapping(relativeURI);
+
+ //Try prefix match (i.e. xyz/* )
+ if (name == null) {
+ servletPath = relativeURI;
+ while (true) {
+ name = context.findServletMapping(servletPath + "/*");
+ if (name != null) {
+ break;
+ }
+ int slash = servletPath.lastIndexOf('/');
+ if (slash < 0)
+ break;
+ servletPath = servletPath.substring(0, slash);
+ }
+ }
+
+ //Try extension match (i.e. *.do )
+ if (name == null) {
+ int slash = relativeURI.lastIndexOf('/');
+ if (slash >= 0) {
+ String last = relativeURI.substring(slash);
+ int period = last.lastIndexOf('.');
+ if (period >= 0) {
+ String pattern = "*" + last.substring(period);
+ name = context.findServletMapping(pattern);
+ }
+ }
+ }
+
+ //Try default match
+ if (name == null) {
+ name = context.findServletMapping("/");
+ }
+
+ /**
+ * JACC v1.0 secion B.19
+ */
+ if (name.equals("jsp")) {
+ name = "";
+ }
+
+ return (name == null ? "" : name);
+ }
+
+ /**
+ * Return <code>true</code> if the specified Principal has the specified
+ * security role, within the context of this Realm; otherwise return
+ * <code>false</code>.
+ *
+ * @param principal Principal for whom the role is to be checked
+ * @param role Security role to be checked
+ */
+ public boolean hasRole(Principal principal, String role) {
+
+ if ((principal == null) || (role == null) || !(principal instanceof JAASTomcatPrincipal)) {
+ return false;
+ }
+
+ Request request = (Request) currentRequest.get();
+ if (currentRequest == null) {
+ log.error("No currentRequest found.");
+ return false;
+ }
+
+ String name = getServletName(request);
+
+ //Set the caller
+ ContextManager.setCurrentCaller(((JAASTomcatPrincipal) principal).getSubject());
+
+ AccessControlContext acc = ContextManager.getCurrentContext();
+
+ try {
+ /**
+ * JACC v1.0 secion 4.1.3
+ */
+ acc.checkPermission(new WebRoleRefPermission(name, role));
+ } catch (AccessControlException e) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Return the <code>Principal</code> associated with the specified
+ * username and credentials, if there is one; otherwise return
+ * <code>null</code>.
+ * <p/>
+ * If there are any errors with the JDBC connection, executing the query or
+ * anything we return null (don't authenticate). This event is also logged,
+ * and the connection will be closed so that a subsequent request will
+ * automatically re-open it.
+ *
+ * @param username Username of the <code>Principal</code> to look up
+ * @param credentials Password or other credentials to use in authenticating this
+ * username
+ */
+ public Principal authenticate(String username, String credentials) {
+
+ // Establish a LoginContext to use for authentication
+ try {
+ LoginContext loginContext = null;
+ if (appName == null)
+ appName = "Tomcat";
+
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.beginLogin", username, appName));
+
+ // What if the LoginModule is in the container class loader ?
+ ClassLoader ocl = null;
+
+ if (isUseContextClassLoader()) {
+ ocl = Thread.currentThread().getContextClassLoader();
+ Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
+ }
+
+ try {
+ loginContext = new LoginContext(loginDomainName, new JAASCallbackHandler(this, username, credentials));
+ } catch (Throwable e) {
+ log.error(sm.getString("jaasRealm.unexpectedError"), e);
+ return (null);
+ } finally {
+ if (isUseContextClassLoader()) {
+ Thread.currentThread().setContextClassLoader(ocl);
+ }
+ }
+
+ if (log.isDebugEnabled())
+ log.debug("Login context created " + username);
+
+ // Negotiate a login via this LoginContext
+ Subject subject = null;
+ try {
+ loginContext.login();
+ Subject tempSubject = loginContext.getSubject();
+ if (tempSubject == null) {
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.failedLogin", username));
+ return (null);
+ }
+
+ subject = ContextManager.getServerSideSubject(tempSubject);
+ if (subject == null) {
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.failedLogin", username));
+ return (null);
+ }
+
+ ContextManager.setCurrentCaller(subject);
+
+ } catch (AccountExpiredException e) {
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.accountExpired", username));
+ return (null);
+ } catch (CredentialExpiredException e) {
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.credentialExpired", username));
+ return (null);
+ } catch (FailedLoginException e) {
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.failedLogin", username));
+ return (null);
+ } catch (LoginException e) {
+ log.warn(sm.getString("jaasRealm.loginException", username), e);
+ return (null);
+ } catch (Throwable e) {
+ log.error(sm.getString("jaasRealm.unexpectedError"), e);
+ return (null);
+ }
+
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.loginContextCreated", username));
+
+ // Return the appropriate Principal for this authenticated Subject
+/* Principal principal = createPrincipal(username, subject);
+ if (principal == null) {
+ log.debug(sm.getString("jaasRealm.authenticateFailure", username));
+ return (null);
+ }
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("jaasRealm.authenticateSuccess", username));
+ }
+*/
+ JAASTomcatPrincipal jaasPrincipal = new JAASTomcatPrincipal(username);
+ jaasPrincipal.setSubject(subject);
+
+ return (jaasPrincipal);
+
+ } catch (Throwable t) {
+ log.error("error ", t);
+ return null;
+ }
+ }
+
+
+ public void addRoleMappings(Set securityRoles, String loginDomainName, Security security, RoleMappingConfiguration roleMapper) throws PolicyContextException, GeronimoSecurityException {
+
+ for (Iterator roleMappings = security.getRoleMappings().values().iterator(); roleMappings.hasNext();) {
+ Role role = (Role) roleMappings.next();
+ String roleName = role.getRoleName();
+ Set principalSet = new HashSet();
+
+ if (!securityRoles.contains(roleName)) {
+ throw new GeronimoSecurityException("Role does not exist in this configuration");
+ }
+
+ Subject roleDesignate = new Subject();
+
+ for (Iterator realms = role.getRealms().values().iterator(); realms.hasNext();) {
+ Realm realm = (Realm) realms.next();
+
+ for (Iterator principals = realm.getPrincipals().iterator(); principals.hasNext();) {
+ org.apache.geronimo.security.deploy.Principal principal = (org.apache.geronimo.security.deploy.Principal) principals.next();
+
+ RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(principal, loginDomainName, realm.getRealmName());
+ if (realmPrincipal == null) {
+ throw new GeronimoSecurityException("Unable to create realm principal");
+ }
+
+ principalSet.add(realmPrincipal);
+ if (principal.isDesignatedRunAs()) {
+ roleDesignate.getPrincipals().add(realmPrincipal);
+ }
+ }
+ }
+ roleMapper.addRoleMapping(roleName, principalSet);
+
+ if (roleDesignate.getPrincipals().size() > 0) {
+ setRoleDesignate(roleName, roleDesignate);
+ }
+ }
+
+ /**
+ * Register the role designates with the context manager.
+ */
+ for (Iterator iter = roleDesignates.keySet().iterator(); iter.hasNext();) {
+ String roleName = (String) iter.next();
+ Subject roleDesignate = (Subject) roleDesignates.get(roleName);
+
+ ContextManager.registerSubject(roleDesignate);
+ SubjectId id = ContextManager.getSubjectId(roleDesignate);
+ roleDesignate.getPrincipals().add(new IdentificationPrincipal(id));
+ }
+
+ }
+
+ private void setRoleDesignate(String roleName, Subject subject) {
+ roleDesignates.put(roleName, subject);
+ }
+
+ private void configure(PermissionCollection uncheckedPermissions,
+ PermissionCollection excludedPermissions,
+ Map rolePermissions) throws GeronimoSecurityException {
+ try {
+ policyConfiguration.addToExcludedPolicy(excludedPermissions);
+ policyConfiguration.addToUncheckedPolicy(uncheckedPermissions);
+ for (Iterator iterator = rolePermissions.entrySet().iterator(); iterator.hasNext();) {
+ Map.Entry entry = (Map.Entry) iterator.next();
+ String roleName = (String) entry.getKey();
+ Set permissions = (Set) entry.getValue();
+ for (Iterator iterator1 = permissions.iterator(); iterator1.hasNext();) {
+ Permission permission = (Permission) iterator1.next();
+ policyConfiguration.addToRole(roleName, permission);
+ }
+ }
+ } catch (PolicyContextException e) {
+ throw new GeronimoSecurityException(e);
+ }
+ }
+
+ /**
+ * Prepare for active use of the public methods of this <code>Component</code>.
+ *
+ * @throws org.apache.catalina.LifecycleException
+ * if this component detects a fatal error
+ * that prevents it from being started
+ */
+ public void start() throws LifecycleException {
+
+ // Perform normal superclass initialization
+ super.start();
+
+ }
+
+
+ /**
+ * Gracefully shut down active use of the public methods of this <code>Component</code>.
+ *
+ * @throws LifecycleException if this component detects a fatal error
+ * that needs to be reported
+ */
+ public void stop() throws LifecycleException {
+
+ // Perform normal superclass finalization
+ super.stop();
+
+ for (Iterator iter = roleDesignates.keySet().iterator(); iter.hasNext();) {
+ String roleName = (String) iter.next();
+ Subject roleDesignate = (Subject) roleDesignates.get(roleName);
+
+ ContextManager.unregisterSubject(roleDesignate);
+ }
+ ContextManager.unregisterSubject(defaultSubject);
+
+ try {
+
+ if (policyConfiguration != null)
+ policyConfiguration.delete();
+
+ } catch (PolicyContextException pce) {
+ //Oh well, we tried
+ }
+
+ }
+
+ public void setContext(Context context) {
+ this.context = context;
+ }
+
+}
Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatJAASRealm.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatJAASRealm.java?view=diff&rev=125716&p1=geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatJAASRealm.java&r1=125715&p2=geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatJAASRealm.java&r2=125716
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatJAASRealm.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatJAASRealm.java Wed Jan 19 21:21:50 2005
@@ -1,157 +1,164 @@
-/**
- *
- * Copyright 2003-2004 The Apache Software Foundation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.geronimo.tomcat;
-
-import java.security.Principal;
-
-import javax.security.auth.Subject;
-import javax.security.auth.login.AccountExpiredException;
-import javax.security.auth.login.CredentialExpiredException;
-import javax.security.auth.login.FailedLoginException;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-
-import org.apache.catalina.realm.JAASCallbackHandler;
-import org.apache.catalina.realm.JAASRealm;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.geronimo.security.ContextManager;
-
-/**
- * @version $Rev: 106522 $ $Date: 2004-11-25 01:28:57 +0100 (Thu, 25 Nov 2004) $
- */
-public class TomcatJAASRealm extends JAASRealm {
- private static final Log log = LogFactory.getLog(TomcatJAASRealm.class);
-
- /**
- * Descriptive information about this <code>Realm</code> implementation.
- */
- protected static final String info = "org.apache.geronimo.tomcat.TomcatJAASRealm/1.0";
-
- /**
- * Descriptive information about this <code>Realm</code> implementation.
- */
- protected static final String name = "TomcatJAASRealm";
-
- /**
- * Return the <code>Principal</code> associated with the specified
- * username and credentials, if there is one; otherwise return
- * <code>null</code>.
- *
- * If there are any errors with the JDBC connection, executing the query or
- * anything we return null (don't authenticate). This event is also logged,
- * and the connection will be closed so that a subsequent request will
- * automatically re-open it.
- *
- * @param username
- * Username of the <code>Principal</code> to look up
- * @param credentials
- * Password or other credentials to use in authenticating this
- * username
- */
- public Principal authenticate(String username, String credentials) {
-
- // Establish a LoginContext to use for authentication
- try {
- LoginContext loginContext = null;
- if (appName == null)
- appName = "Tomcat";
-
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.beginLogin", username, appName));
-
- // What if the LoginModule is in the container class loader ?
- ClassLoader ocl = null;
-
- if (isUseContextClassLoader()) {
- ocl = Thread.currentThread().getContextClassLoader();
- Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
- }
-
- try {
- loginContext = new LoginContext(appName, new JAASCallbackHandler(this, username, credentials));
- } catch (Throwable e) {
- log.error(sm.getString("jaasRealm.unexpectedError"), e);
- return (null);
- } finally {
- if (isUseContextClassLoader()) {
- Thread.currentThread().setContextClassLoader(ocl);
- }
- }
-
- if (log.isDebugEnabled())
- log.debug("Login context created " + username);
-
- // Negotiate a login via this LoginContext
- Subject subject = null;
- try {
- loginContext.login();
- Subject tempSubject = loginContext.getSubject();
- if (tempSubject == null) {
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.failedLogin", username));
- return (null);
- }
-
- subject = ContextManager.getServerSideSubject(tempSubject);
- if (subject == null) {
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.failedLogin", username));
- return (null);
- }
-
- } catch (AccountExpiredException e) {
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.accountExpired", username));
- return (null);
- } catch (CredentialExpiredException e) {
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.credentialExpired", username));
- return (null);
- } catch (FailedLoginException e) {
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.failedLogin", username));
- return (null);
- } catch (LoginException e) {
- log.warn(sm.getString("jaasRealm.loginException", username), e);
- return (null);
- } catch (Throwable e) {
- log.error(sm.getString("jaasRealm.unexpectedError"), e);
- return (null);
- }
-
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.loginContextCreated", username));
-
- // Return the appropriate Principal for this authenticated Subject
- Principal principal = createPrincipal(username, subject);
- if (principal == null) {
- log.debug(sm.getString("jaasRealm.authenticateFailure", username));
- return (null);
- }
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.authenticateSuccess", username));
- }
-
- return (principal);
- } catch (Throwable t) {
- log.error("error ", t);
- return null;
- }
- }
-
-}
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.tomcat;
+
+import java.security.Principal;
+import javax.security.auth.Subject;
+import javax.security.auth.login.AccountExpiredException;
+import javax.security.auth.login.CredentialExpiredException;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+import org.apache.catalina.realm.JAASCallbackHandler;
+import org.apache.catalina.realm.JAASRealm;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.apache.geronimo.security.ContextManager;
+
+
+/**
+ * @version $Rev: 106522 $ $Date: 2004-11-25 01:28:57 +0100 (Thu, 25 Nov 2004) $
+ */
+public class TomcatJAASRealm extends JAASRealm {
+ private static final Log log = LogFactory.getLog(TomcatJAASRealm.class);
+
+ /**
+ * Descriptive information about this <code>Realm</code> implementation.
+ */
+ protected static final String info = "org.apache.geronimo.tomcat.TomcatJAASRealm/1.0";
+
+ /**
+ * Descriptive information about this <code>Realm</code> implementation.
+ */
+ protected static final String name = "TomcatJAASRealm";
+ private String loginDomainName = null;
+
+ public TomcatJAASRealm(String loginDomainName) {
+ super();
+
+ this.loginDomainName = loginDomainName;
+
+ }
+
+ /**
+ * Return the <code>Principal</code> associated with the specified
+ * username and credentials, if there is one; otherwise return
+ * <code>null</code>.
+ * <p/>
+ * If there are any errors with the JDBC connection, executing the query or
+ * anything we return null (don't authenticate). This event is also logged,
+ * and the connection will be closed so that a subsequent request will
+ * automatically re-open it.
+ *
+ * @param username Username of the <code>Principal</code> to look up
+ * @param credentials Password or other credentials to use in authenticating this
+ * username
+ */
+ public Principal authenticate(String username, String credentials) {
+
+ // Establish a LoginContext to use for authentication
+ try {
+ LoginContext loginContext = null;
+ if (appName == null)
+ appName = "Tomcat";
+
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.beginLogin", username, appName));
+
+ // What if the LoginModule is in the container class loader ?
+ ClassLoader ocl = null;
+
+ if (isUseContextClassLoader()) {
+ ocl = Thread.currentThread().getContextClassLoader();
+ Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
+ }
+
+ try {
+ loginContext = new LoginContext(loginDomainName, new JAASCallbackHandler(this, username, credentials));
+ } catch (Throwable e) {
+ log.error(sm.getString("jaasRealm.unexpectedError"), e);
+ return (null);
+ } finally {
+ if (isUseContextClassLoader()) {
+ Thread.currentThread().setContextClassLoader(ocl);
+ }
+ }
+
+ if (log.isDebugEnabled())
+ log.debug("Login context created " + username);
+
+ // Negotiate a login via this LoginContext
+ Subject subject = null;
+ try {
+ loginContext.login();
+ Subject tempSubject = loginContext.getSubject();
+ if (tempSubject == null) {
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.failedLogin", username));
+ return (null);
+ }
+
+ subject = ContextManager.getServerSideSubject(tempSubject);
+ if (subject == null) {
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.failedLogin", username));
+ return (null);
+ }
+
+ } catch (AccountExpiredException e) {
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.accountExpired", username));
+ return (null);
+ } catch (CredentialExpiredException e) {
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.credentialExpired", username));
+ return (null);
+ } catch (FailedLoginException e) {
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.failedLogin", username));
+ return (null);
+ } catch (LoginException e) {
+ log.warn(sm.getString("jaasRealm.loginException", username), e);
+ return (null);
+ } catch (Throwable e) {
+ log.error(sm.getString("jaasRealm.unexpectedError"), e);
+ return (null);
+ }
+
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.loginContextCreated", username));
+
+ // Return the appropriate Principal for this authenticated Subject
+ Principal principal = createPrincipal(username, subject);
+ if (principal == null) {
+ log.debug(sm.getString("jaasRealm.authenticateFailure", username));
+ return (null);
+ }
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("jaasRealm.authenticateSuccess", username));
+ }
+
+ return (principal);
+ } catch (Throwable t) {
+ log.error("error ", t);
+ return null;
+ }
+ }
+
+}
Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java?view=diff&rev=125716&p1=geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java&r1=125715&p2=geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java&r2=125716
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java Wed Jan 19 21:21:50 2005
@@ -1,197 +1,221 @@
-/**
- *
- * Copyright 2003-2004 The Apache Software Foundation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.geronimo.tomcat;
-
-import java.net.URI;
-import java.net.URL;
-
-import org.apache.catalina.Context;
-import org.apache.catalina.Realm;
-import org.apache.catalina.deploy.SecurityConstraint;
-import org.apache.catalina.deploy.LoginConfig;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import org.apache.geronimo.gbean.GBeanInfo;
-import org.apache.geronimo.gbean.GBeanInfoBuilder;
-import org.apache.geronimo.gbean.GBeanLifecycle;
-import org.apache.geronimo.gbean.WaitingException;
-
-
-/**
- * Wrapper for a WebApplicationContext that sets up its J2EE environment.
- *
- * @version $Rev: 56022 $ $Date: 2004-10-30 07:16:18 +0200 (Sat, 30 Oct 2004) $
- */
-public class TomcatWebAppContext implements GBeanLifecycle, TomcatContext {
-
- private static Log log = LogFactory.getLog(TomcatWebAppContext.class);
-
- protected final TomcatContainer container;
-
- protected Context context = null;
-
- private final URI webAppRoot;
-
- private String path = null;
-
- private String docBase = null;
-
- private final LoginConfig loginConfig;
-
- private final Realm tomcatRealm;
-
- private final SecurityConstraint[] securityConstraints;
-
- private final String[] securityRoles;
-
-
- public TomcatWebAppContext(URI webAppRoot, URI[] webClassPath, URL configurationBaseUrl, String authMethod,
- String realmName, String loginPage, String errorPage, Realm tomcatRealm,
- SecurityConstraint[] securityConstraints, String[] securityRoles,
- TomcatContainer container) {
- assert webAppRoot != null;
- assert webClassPath != null;
- assert configurationBaseUrl != null;
- assert container != null;
-
- this.webAppRoot = webAppRoot;
- this.container = container;
-
- this.setDocBase(this.webAppRoot.getPath());
- this.tomcatRealm = tomcatRealm;
- this.securityConstraints = securityConstraints;
- this.securityRoles = securityRoles;
-
- if (authMethod != null){
- loginConfig = new LoginConfig();
- loginConfig.setAuthMethod(authMethod);
- loginConfig.setRealmName(realmName);
- loginConfig.setLoginPage(loginPage);
- loginConfig.setErrorPage(errorPage);
- } else {
- loginConfig = null;
- }
- }
-
- public String getDocBase() {
- return docBase;
- }
-
- public void setDocBase(String docBase) {
- this.docBase = docBase;
- }
-
- public void setContextProperties() {
- context.setDocBase(webAppRoot.getPath());
- context.setPath(path);
-
- //Security
- if (tomcatRealm != null)
- context.setRealm(tomcatRealm);
-
- if (loginConfig != null)
- context.setLoginConfig(loginConfig);
-
- // Add the security constraints
- if (securityConstraints != null) {
- for (int i = 0; i < securityConstraints.length; i++) {
- SecurityConstraint sc = securityConstraints[i];
- context.addConstraint(sc);
- }
- }
-
- // Add the security roles
- if (securityRoles != null) {
- for (int i = 0; i < securityRoles.length; i++) {
- context.addSecurityRole(securityRoles[i]);
- }
- }
- }
-
- public Context getContext() {
- return context;
- }
-
- public void setContext(Context context) {
- this.context = context;
- }
-
- public String getPath() {
- return path;
- }
-
- public void setPath(String path) {
- this.path = path;
- }
-
- public void doStart() throws WaitingException, Exception {
-
- // See the note of TomcatContainer::addContext
- container.addContext(this);
- // Is it necessary - doesn't Tomcat Embedded take care of it?
- // super.start();
-
- log.info("TomcatWebAppContext started");
- }
-
- public void doStop() throws Exception {
- container.removeContext(this);
-
- log.info("TomcatWebAppContext stopped");
- }
-
- public void doFail() {
- container.removeContext(this);
-
- log.info("TomcatWebAppContext failed");
- }
-
- public static final GBeanInfo GBEAN_INFO;
-
- static {
- GBeanInfoBuilder infoFactory = new GBeanInfoBuilder("Tomcat WebApplication Context", TomcatWebAppContext.class);
-
- infoFactory.addAttribute("webAppRoot", URI.class, true);
- infoFactory.addAttribute("webClassPath", URI[].class, true);
- infoFactory.addAttribute("configurationBaseUrl", URL.class, true);
-
- infoFactory.addAttribute("path", String.class, true);
-
- infoFactory.addAttribute("authMethod", String.class, true);
- infoFactory.addAttribute("realmName", String.class, true);
- infoFactory.addAttribute("loginPage", String.class, true);
- infoFactory.addAttribute("errorPage", String.class, true);
-
- infoFactory.addAttribute("tomcatRealm", Realm.class, true);
- infoFactory.addAttribute("securityConstraints", SecurityConstraint[].class, true);
- infoFactory.addAttribute("securityRoles", String[].class, true);
-
- infoFactory.addReference("Container", TomcatContainer.class);
-
- infoFactory.setConstructor(new String[]{"webAppRoot", "webClassPath", "configurationBaseUrl", "authMethod",
- "realmName", "loginPage", "errorPage", "tomcatRealm",
- "securityConstraints", "securityRoles", "Container"});
-
- GBEAN_INFO = infoFactory.getBeanInfo();
- }
-
- public static GBeanInfo getGBeanInfo() {
- return GBEAN_INFO;
- }
-}
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geronimo.tomcat;
+
+import java.net.URI;
+import java.net.URL;
+import java.security.PermissionCollection;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Realm;
+import org.apache.catalina.deploy.LoginConfig;
+import org.apache.catalina.deploy.SecurityConstraint;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+import org.apache.geronimo.gbean.GBeanLifecycle;
+import org.apache.geronimo.gbean.WaitingException;
+import org.apache.geronimo.security.deploy.Security;
+
+
+/**
+ * Wrapper for a WebApplicationContext that sets up its J2EE environment.
+ *
+ * @version $Rev: 56022 $ $Date: 2004-10-30 07:16:18 +0200 (Sat, 30 Oct 2004) $
+ */
+public class TomcatWebAppContext implements GBeanLifecycle, TomcatContext {
+
+ private static Log log = LogFactory.getLog(TomcatWebAppContext.class);
+
+ protected final TomcatContainer container;
+
+ protected Context context = null;
+ private final URI webAppRoot;
+ private String path = null;
+ private String docBase = null;
+ private final LoginConfig loginConfig;
+ private final Realm tomcatRealm;
+ private final Set securityConstraints;
+ private final Set securityRoles;
+
+ public TomcatWebAppContext(URI webAppRoot,
+ URI[] webClassPath,
+ URL configurationBaseUrl,
+ LoginConfig loginConfig,
+ Realm tomcatRealm,
+ Set securityConstraints,
+
+ String policyContextID,
+ String loginDomainName,
+ Security securityConfig,
+ Set securityRoles,
+ PermissionCollection uncheckedPermissions,
+ PermissionCollection excludedPermissions,
+ Map rolePermissions,
+
+ TomcatContainer container) {
+
+ assert webAppRoot != null;
+ assert webClassPath != null;
+ assert configurationBaseUrl != null;
+ assert container != null;
+
+ this.webAppRoot = webAppRoot;
+ this.container = container;
+
+ this.setDocBase(this.webAppRoot.getPath());
+ this.tomcatRealm = tomcatRealm;
+ this.securityConstraints = securityConstraints;
+ this.securityRoles = securityRoles;
+ this.loginConfig = loginConfig;
+ }
+
+ public String getDocBase() {
+ return docBase;
+ }
+
+ public void setDocBase(String docBase) {
+ this.docBase = docBase;
+ }
+
+ public void setContextProperties() {
+ context.setDocBase(webAppRoot.getPath());
+ context.setPath(path);
+
+ //Security
+ if (tomcatRealm != null) {
+ if (tomcatRealm instanceof TomcatGeronimoRealm) {
+ ((TomcatGeronimoRealm) tomcatRealm).setContext(context);
+ }
+
+ context.setRealm(tomcatRealm);
+ }
+
+ if (loginConfig != null)
+ context.setLoginConfig(loginConfig);
+
+ // Add the security constraints
+ if (securityConstraints != null) {
+ Iterator conIterator = securityConstraints.iterator();
+ while (conIterator.hasNext()) {
+ context.addConstraint((SecurityConstraint) conIterator.next());
+ }
+ }
+
+ // Add the security roles
+ if (securityRoles != null) {
+ Iterator secIterator = securityRoles.iterator();
+ while (secIterator.hasNext()) {
+ context.addSecurityRole((String) secIterator.next());
+ }
+ }
+ }
+
+ public Context getContext() {
+ return context;
+ }
+
+ public void setContext(Context context) {
+ this.context = context;
+ }
+
+ public String getPath() {
+ return path;
+ }
+
+ public void setPath(String path) {
+ this.path = path;
+ }
+
+ public void doStart() throws WaitingException, Exception {
+
+ // See the note of TomcatContainer::addContext
+ container.addContext(this);
+ // Is it necessary - doesn't Tomcat Embedded take care of it?
+ // super.start();
+
+ log.info("TomcatWebAppContext started");
+ }
+
+ public void doStop() throws Exception {
+ container.removeContext(this);
+
+ log.info("TomcatWebAppContext stopped");
+ }
+
+ public void doFail() {
+ container.removeContext(this);
+
+ log.info("TomcatWebAppContext failed");
+ }
+
+ public static final GBeanInfo GBEAN_INFO;
+
+ static {
+ GBeanInfoBuilder infoFactory = new GBeanInfoBuilder("Tomcat WebApplication Context", TomcatWebAppContext.class);
+
+ infoFactory.addAttribute("webAppRoot", URI.class, true);
+ infoFactory.addAttribute("webClassPath", URI[].class, true);
+ infoFactory.addAttribute("configurationBaseUrl", URL.class, true);
+
+ infoFactory.addAttribute("path", String.class, true);
+
+ infoFactory.addAttribute("loginConfig", LoginConfig.class, true);
+
+ infoFactory.addAttribute("tomcatRealm", Realm.class, true);
+ infoFactory.addAttribute("securityConstraints", Set.class, true);
+
+ infoFactory.addAttribute("policyContextID", String.class, true);
+ infoFactory.addAttribute("loginDomainName", String.class, true);
+ infoFactory.addAttribute("securityConfig", Security.class, true);
+ infoFactory.addAttribute("securityRoles", Set.class, true);
+ infoFactory.addAttribute("uncheckedPermissions", PermissionCollection.class, true);
+ infoFactory.addAttribute("excludedPermissions", PermissionCollection.class, true);
+ infoFactory.addAttribute("rolePermissions", Map.class, true);
+
+ infoFactory.addReference("Container", TomcatContainer.class);
+
+ infoFactory.setConstructor(new String[]{
+ "webAppRoot",
+ "webClassPath",
+ "configurationBaseUrl",
+ "loginConfig",
+ "tomcatRealm",
+ "securityConstraints",
+ "policyContextID",
+ "loginDomainName",
+ "securityConfig",
+ "securityRoles",
+ "uncheckedPermissions",
+ "excludedPermissions",
+ "rolePermissions",
+ "Container"
+ });
+
+ GBEAN_INFO = infoFactory.getBeanInfo();
+ }
+
+ public static GBeanInfo getGBeanInfo() {
+ return GBEAN_INFO;
+ }
+}
Modified: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java?view=diff&rev=125716&p1=geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java&r1=125715&p2=geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java&r2=125716
==============================================================================
--- geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java (original)
+++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java Wed Jan 19 21:21:50 2005
@@ -1,272 +1,292 @@
-/**
- *
- * Copyright 2003-2004 The Apache Software Foundation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.geronimo.tomcat;
-
-import java.io.File;
-import java.net.URI;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Properties;
-import java.util.Set;
-
-import javax.management.ObjectName;
-
-import junit.framework.TestCase;
-
-import org.apache.catalina.deploy.SecurityConstraint;
-import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
-import org.apache.geronimo.gbean.GBeanData;
-import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContext;
-import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContextImpl;
-import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
-import org.apache.geronimo.kernel.Kernel;
-import org.apache.geronimo.kernel.management.State;
-import org.apache.geronimo.security.SecurityServiceImpl;
-import org.apache.geronimo.security.deploy.MapOfSets;
-import org.apache.geronimo.security.deploy.Principal;
-import org.apache.geronimo.security.jaas.JaasLoginService;
-import org.apache.geronimo.security.jaas.LoginModuleGBean;
-import org.apache.geronimo.security.realm.GenericSecurityRealm;
-import org.apache.geronimo.system.serverinfo.ServerInfo;
-import org.apache.geronimo.tomcat.connector.HTTPConnector;
-import org.apache.geronimo.transaction.context.TransactionContextManager;
-import org.apache.geronimo.transaction.manager.TransactionManagerImpl;
-
-/**
- * @version $Rev: 111239 $ $Date: 2004-12-08 02:29:11 -0700 (Wed, 08 Dec 2004) $
- */
-public class AbstractWebModuleTest extends TestCase {
-
- protected static final String securityRealmName = "demo-properties-realm";
-
- protected Kernel kernel;
-
- private GBeanData container;
-
- private ObjectName containerName;
-
- private ObjectName connectorName;
-
- private GBeanData connector;
-
- private ObjectName webModuleName;
-
- private ObjectName tmName;
-
- private ObjectName ctcName;
-
- private GBeanData tm;
-
- private GBeanData ctc;
-
- private ObjectName tcmName;
-
- private GBeanData tcm;
-
- private ClassLoader cl;
-
- private J2eeContext moduleContext = new J2eeContextImpl("tomcat.test", "test", "null", "tomcatTest", null, null);
-
- private GBeanData securityServiceGBean;
-
- protected ObjectName securityServiceName;
-
- private ObjectName loginServiceName;
-
- private GBeanData loginServiceGBean;
-
- protected GBeanData propertiesLMGBean;
-
- protected ObjectName propertiesLMName;
-
- private ObjectName propertiesRealmName;
-
- private GBeanData propertiesRealmGBean;
-
- private ObjectName serverInfoName;
-
- private GBeanData serverInfoGBean;
-
- public void testDummy() throws Exception {
- }
-
- protected void setUpInsecureAppContext() throws Exception {
-
- GBeanData app = new GBeanData(webModuleName, TomcatWebAppContext.GBEAN_INFO);
- // GBeanData app = new GBeanData(webModuleName,
- // TomcatWebAppContext.GBEAN_INFO);
- app.setAttribute("webAppRoot", new File("target/var/catalina/webapps/war1/").toURI());
- // app.setAttribute("componentContext", null);
- // OnlineUserTransaction userTransaction = new OnlineUserTransaction();
- // app.setAttribute("userTransaction", userTransaction);
- // we have no classes or libs.
- app.setAttribute("webClassPath", new URI[] {});
- // app.setAttribute("contextPriorityClassLoader", Boolean.FALSE);
- app.setAttribute("configurationBaseUrl", new File("target/var/catalina/webapps/war1/WEB-INF/web.xml").toURL());
- // app.setReferencePattern("TransactionContextManager", tcmName);
- // app.setReferencePattern("TrackedConnectionAssociator", ctcName);
- app.setReferencePattern("Container", containerName);
-
- // app.setAttribute("contextPath", "/test");
- app.setAttribute("path", "/test");
-
- start(app);
- }
-
- // protected void setUpSecureAppContext(Security securityConfig, Set
- // uncheckedPermissions, Set excludedPermissions, Map rolePermissions, Set
- // securityRoles, Map legacySecurityConstraintMap) throws Exception {
- protected ObjectName setUpSecureAppContext(SecurityConstraint[] securityConstraints, String[] securityRoles)
- throws Exception {
- GBeanData app = new GBeanData(webModuleName, TomcatWebAppContext.GBEAN_INFO);
- app.setAttribute("webAppRoot", new File("target/var/catalina/webapps/war3/").toURI());
- app.setAttribute("webClassPath", new URI[] {});
- app.setAttribute("configurationBaseUrl", new File("target/var/catalina/webapps/war3/WEB-INF/web.xml").toURL());
- app.setAttribute("path", "/securetest");
- app.setAttribute("authMethod", "FORM");
- app.setAttribute("realmName", "Test JAAS Realm");
- app.setAttribute("loginPage", "/auth/logon.html?param=test");
- app.setAttribute("errorPage", "/auth/logonError.html?param=test");
-
- app.setAttribute("securityConstraints", securityConstraints);
- app.setAttribute("securityRoles", securityRoles);
-
- TomcatJAASRealm realm = new TomcatJAASRealm();
- realm.setUserClassNames("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
- realm.setRoleClassNames("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
- app.setAttribute("tomcatRealm", realm);
-
- app.setReferencePattern("Container", containerName);
- start(app);
-
- return webModuleName;
- }
-
- protected void setUpSecurity() throws Exception {
- securityServiceName = new ObjectName("geronimo.security:type=SecurityService");
- securityServiceGBean = new GBeanData(securityServiceName, SecurityServiceImpl.GBEAN_INFO);
- securityServiceGBean.setAttribute("policyConfigurationFactory", "org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory");
-
- loginServiceName = JaasLoginService.OBJECT_NAME;
- loginServiceGBean = new GBeanData(loginServiceName, JaasLoginService.GBEAN_INFO);
- loginServiceGBean.setReferencePatterns("Realms", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*")));
- // loginServiceGBean.setAttribute("reclaimPeriod", new Long(1000 *
- // 1000));
- loginServiceGBean.setAttribute("algorithm", "HmacSHA1");
- loginServiceGBean.setAttribute("password", "secret");
-
- propertiesLMName = new ObjectName("geronimo.security:type=LoginModule,name=demo-properties-login");
- propertiesLMGBean = new GBeanData(propertiesLMName, LoginModuleGBean.GBEAN_INFO);
- propertiesLMGBean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule");
- propertiesLMGBean.setAttribute("serverSide", Boolean.TRUE);
- Properties options = new Properties();
- options.setProperty("usersURI", "src/test-resources/data/users.properties");
- options.setProperty("groupsURI", "src/test-resources/data/groups.properties");
- propertiesLMGBean.setAttribute("options", options);
- propertiesLMGBean.setAttribute("loginDomainName", securityRealmName);
-
- propertiesRealmName = new ObjectName("geronimo.security:type=SecurityRealm,realm=demo-properties-realm");
- propertiesRealmGBean = new GBeanData(propertiesRealmName, GenericSecurityRealm.GBEAN_INFO);
- propertiesRealmGBean.setReferencePatterns("ServerInfo", Collections.singleton(serverInfoName));
- propertiesRealmGBean.setAttribute("realmName", securityRealmName);
- Properties config = new Properties();
- config.setProperty("LoginModule.1.REQUIRED", propertiesLMName.getCanonicalName());
- propertiesRealmGBean.setAttribute("loginModuleConfiguration", config);
- Principal.PrincipalEditor principalEditor = new Principal.PrincipalEditor();
- principalEditor.setAsText("metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
- propertiesRealmGBean.setAttribute("defaultPrincipal", principalEditor.getValue());
-
- start(securityServiceGBean);
- start(loginServiceGBean);
- start(propertiesLMGBean);
- start(propertiesRealmGBean);
-
- }
-
- protected void tearDownSecurity() throws Exception {
- stop(propertiesRealmName);
- stop(propertiesLMName);
- stop(serverInfoName);
- stop(loginServiceName);
- stop(securityServiceName);
- }
-
- private void start(GBeanData gbeanData) throws Exception {
- kernel.loadGBean(gbeanData, cl);
- kernel.startGBean(gbeanData.getName());
- if (((Integer) kernel.getAttribute(gbeanData.getName(), "state")).intValue() != State.RUNNING_INDEX) {
- fail("gbean not started: " + gbeanData.getName());
- }
- }
-
- protected void stop(ObjectName name) throws Exception {
- kernel.stopGBean(name);
- kernel.unloadGBean(name);
- }
-
- protected void setUp() throws Exception {
- cl = this.getClass().getClassLoader();
- containerName = NameFactory.getWebComponentName(null, null, null, null, "tomcatContainer", "WebResource", moduleContext);
- connectorName = NameFactory.getWebComponentName(null, null, null, null, "tomcatConnector", "WebResource", moduleContext);
- webModuleName = NameFactory.getWebComponentName(null, null, null, null, NameFactory.WEB_MODULE, "WebResource", moduleContext);
-
- tmName = NameFactory.getComponentName(null, null, null, null, "TransactionManager", NameFactory.JTA_RESOURCE, moduleContext);
- tcmName = NameFactory.getComponentName(null, null, null, null, "TransactionContextManager", NameFactory.JTA_RESOURCE, moduleContext);
- ctcName = new ObjectName("geronimo.test:role=ConnectionTrackingCoordinator");
-
- kernel = new Kernel("test.kernel");
- kernel.boot();
-
- serverInfoName = new ObjectName("geronimo.system:role=ServerInfo");
- serverInfoGBean = new GBeanData(serverInfoName, ServerInfo.GBEAN_INFO);
- serverInfoGBean.setAttribute("baseDirectory", ".");
-
- start(serverInfoGBean);
-
- // Need to override the constructor for unit tests
- container = new GBeanData(containerName, TomcatContainer.GBEAN_INFO);
- container.setAttribute("catalinaHome", "target/var/catalina");
- container.setAttribute("endorsedDirs", "target/endorsed");
- container.setReferencePattern("ServerInfo", serverInfoName);
-
- connector = new GBeanData(connectorName, HTTPConnector.GBEAN_INFO);
- connector.setAttribute("port", new Integer(8080));
- connector.setReferencePattern("TomcatContainer", containerName);
-
- start(container);
- start(connector);
-
- tm = new GBeanData(tmName, TransactionManagerImpl.GBEAN_INFO);
- Set patterns = new HashSet();
- patterns.add(ObjectName.getInstance("geronimo.server:j2eeType=JCAManagedConnectionFactory,*"));
- tm.setAttribute("defaultTransactionTimeoutSeconds", new Integer(10));
- tm.setReferencePatterns("ResourceManagers", patterns);
- start(tm);
- tcm = new GBeanData(tcmName, TransactionContextManager.GBEAN_INFO);
- tcm.setReferencePattern("TransactionManager", tmName);
- start(tcm);
- ctc = new GBeanData(ctcName, ConnectionTrackingCoordinator.GBEAN_INFO);
- start(ctc);
- }
-
- protected void tearDown() throws Exception {
- stop(ctcName);
- stop(tmName);
- stop(containerName);
- kernel.shutdown();
- }
-}
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.tomcat;
+
+import java.io.File;
+import java.net.URI;
+import java.security.PermissionCollection;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+import javax.management.ObjectName;
+
+import junit.framework.TestCase;
+import org.apache.catalina.authenticator.Constants;
+import org.apache.catalina.deploy.LoginConfig;
+
+import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
+import org.apache.geronimo.gbean.GBeanData;
+import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContext;
+import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContextImpl;
+import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.kernel.management.State;
+import org.apache.geronimo.security.SecurityServiceImpl;
+import org.apache.geronimo.security.deploy.Principal;
+import org.apache.geronimo.security.deploy.Security;
+import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration;
+import org.apache.geronimo.security.jaas.JaasLoginService;
+import org.apache.geronimo.security.jaas.LoginModuleGBean;
+import org.apache.geronimo.security.realm.GenericSecurityRealm;
+import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.tomcat.connector.HTTPConnector;
+import org.apache.geronimo.transaction.context.TransactionContextManager;
+import org.apache.geronimo.transaction.manager.TransactionManagerImpl;
+
+
+/**
+ * @version $Rev: 111239 $ $Date: 2004-12-08 02:29:11 -0700 (Wed, 08 Dec 2004) $
+ */
+public class AbstractWebModuleTest extends TestCase {
+
+ protected static final String securityRealmName = "demo-properties-realm";
+ protected Kernel kernel;
+ private GBeanData container;
+ private ObjectName containerName;
+ private ObjectName connectorName;
+ private GBeanData connector;
+ private ObjectName webModuleName;
+ private ObjectName tmName;
+ private ObjectName ctcName;
+ private GBeanData tm;
+ private GBeanData ctc;
+ private ObjectName tcmName;
+ private GBeanData tcm;
+ private ClassLoader cl;
+ private J2eeContext moduleContext = new J2eeContextImpl("tomcat.test", "test", "null", "tomcatTest", null, null);
+ private GBeanData securityServiceGBean;
+ protected ObjectName securityServiceName;
+ private ObjectName loginServiceName;
+ private GBeanData loginServiceGBean;
+ private GBeanData loginConfigurationGBean;
+ protected ObjectName loginConfigurationName;
+ protected GBeanData propertiesLMGBean;
+ protected ObjectName propertiesLMName;
+ protected ObjectName propertiesRealmName;
+ private GBeanData propertiesRealmGBean;
+ private ObjectName serverInfoName;
+ private GBeanData serverInfoGBean;
+
+ public void testDummy() throws Exception {
+ }
+
+ protected void setUpInsecureAppContext() throws Exception {
+
+ GBeanData app = new GBeanData(webModuleName, TomcatWebAppContext.GBEAN_INFO);
+ app.setAttribute("webAppRoot", new File("target/var/catalina/webapps/war1/").toURI());
+ app.setAttribute("webClassPath", new URI[]{});
+ app.setAttribute("configurationBaseUrl", new File("target/var/catalina/webapps/war1/WEB-INF/web.xml").toURL());
+ app.setReferencePattern("Container", containerName);
+ app.setAttribute("path", "/test");
+
+ start(app);
+ }
+
+ protected ObjectName setUpJAASSecureAppContext(Set securityConstraints, Set securityRoles) throws Exception {
+ GBeanData app = new GBeanData(webModuleName, TomcatWebAppContext.GBEAN_INFO);
+ app.setAttribute("webAppRoot", new File("target/var/catalina/webapps/war3/").toURI());
+ app.setAttribute("webClassPath", new URI[]{});
+ app.setAttribute("configurationBaseUrl", new File("target/var/catalina/webapps/war3/WEB-INF/web.xml").toURL());
+ app.setAttribute("path", "/securetest");
+
+ LoginConfig loginConfig = new LoginConfig();
+ loginConfig.setAuthMethod(Constants.FORM_METHOD);
+ loginConfig.setRealmName("Test JAAS Realm");
+ loginConfig.setLoginPage("/auth/logon.html?param=test");
+ loginConfig.setErrorPage("/auth/logonError.html?param=test");
+ app.setAttribute("loginConfig", loginConfig);
+ app.setAttribute("loginConfig", loginConfig);
+
+ app.setAttribute("securityConstraints", securityConstraints);
+ app.setAttribute("securityRoles", securityRoles);
+
+ TomcatJAASRealm realm = new TomcatJAASRealm("demo-properties-realm");
+ realm.setUserClassNames("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
+ realm.setRoleClassNames("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
+ app.setAttribute("tomcatRealm", realm);
+
+ app.setReferencePattern("Container", containerName);
+ start(app);
+
+ return webModuleName;
+ }
+
+ protected ObjectName setUpSecureAppContext(Security securityConfig,
+ Set securityConstraints,
+ PermissionCollection uncheckedPermissions,
+ PermissionCollection excludedPermissions,
+ Map rolePermissions,
+ Set securityRoles)
+ throws Exception {
+
+ GBeanData app = new GBeanData(webModuleName, TomcatWebAppContext.GBEAN_INFO);
+ app.setAttribute("webAppRoot", new File("target/var/catalina/webapps/war3/").toURI());
+ app.setAttribute("webClassPath", new URI[]{});
+ app.setAttribute("configurationBaseUrl", new File("target/var/catalina/webapps/war3/WEB-INF/web.xml").toURL());
+ app.setAttribute("path", "/securetest");
+
+ LoginConfig loginConfig = new LoginConfig();
+ loginConfig.setAuthMethod(Constants.FORM_METHOD);
+ loginConfig.setRealmName("Test JACC Realm");
+ loginConfig.setLoginPage("/auth/logon.html?param=test");
+ loginConfig.setErrorPage("/auth/logonError.html?param=test");
+ app.setAttribute("loginConfig", loginConfig);
+
+ app.setAttribute("securityConstraints", securityConstraints);
+ app.setAttribute("securityRoles", securityRoles);
+
+ TomcatGeronimoRealm realm = new TomcatGeronimoRealm("securetest",
+ securityConfig,
+ "demo-properties-realm",
+ securityRoles,
+ uncheckedPermissions,
+ excludedPermissions,
+ rolePermissions);
+ realm.setUserClassNames("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
+ realm.setRoleClassNames("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
+ app.setAttribute("tomcatRealm", realm);
+
+ app.setReferencePattern("Container", containerName);
+ start(app);
+
+ return webModuleName;
+ }
+
+ protected void setUpSecurity() throws Exception {
+
+ loginConfigurationName = new ObjectName("geronimo.security:type=LoginConfiguration");
+ loginConfigurationGBean = new GBeanData(loginConfigurationName, GeronimoLoginConfiguration.getGBeanInfo());
+ Set configurations = new HashSet();
+ configurations.add(new ObjectName("geronimo.server:j2eeType=SecurityRealm,*"));
+ configurations.add(new ObjectName("geronimo.server:j2eeType=ConfigurationEntry,*"));
+ loginConfigurationGBean.setReferencePatterns("Configurations", configurations);
+
+ securityServiceName = new ObjectName("geronimo.server:j2eeType=SecurityService");
+ securityServiceGBean = new GBeanData(securityServiceName, SecurityServiceImpl.GBEAN_INFO);
+ securityServiceGBean.setAttribute("policyConfigurationFactory", "org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory");
+
+ loginServiceName = JaasLoginService.OBJECT_NAME;
+ loginServiceGBean = new GBeanData(loginServiceName, JaasLoginService.GBEAN_INFO);
+ loginServiceGBean.setReferencePattern("Realms", new ObjectName("geronimo.server:j2eeType=SecurityRealm,*"));
+ loginServiceGBean.setAttribute("algorithm", "HmacSHA1");
+ loginServiceGBean.setAttribute("password", "secret");
+
+ propertiesLMName = new ObjectName("geronimo.security:type=LoginModule,name=demo-properties-login");
+ propertiesLMGBean = new GBeanData(propertiesLMName, LoginModuleGBean.GBEAN_INFO);
+ propertiesLMGBean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule");
+ propertiesLMGBean.setAttribute("serverSide", Boolean.TRUE);
+ Properties options = new Properties();
+ options.setProperty("usersURI", "src/test-resources/data/users.properties");
+ options.setProperty("groupsURI", "src/test-resources/data/groups.properties");
+ propertiesLMGBean.setAttribute("options", options);
+ propertiesLMGBean.setAttribute("loginDomainName", "demo-properties-realm");
+
+ propertiesRealmName = new ObjectName("geronimo.server:j2eeType=SecurityRealm,name=demo-properties-realm");
+ propertiesRealmGBean = new GBeanData(propertiesRealmName, GenericSecurityRealm.GBEAN_INFO);
+ propertiesRealmGBean.setReferencePattern("ServerInfo", serverInfoName);
+ propertiesRealmGBean.setAttribute("realmName", "demo-properties-realm");
+ Properties config = new Properties();
+ config.setProperty("LoginModule.1.REQUIRED", propertiesLMName.getCanonicalName());
+ propertiesRealmGBean.setAttribute("loginModuleConfiguration", config);
+ Principal.PrincipalEditor principalEditor = new Principal.PrincipalEditor();
+ principalEditor.setAsText("metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
+ propertiesRealmGBean.setAttribute("defaultPrincipal", principalEditor.getValue());
+
+ start(loginConfigurationGBean);
+ start(securityServiceGBean);
+ start(loginServiceGBean);
+ start(propertiesLMGBean);
+ start(propertiesRealmGBean);
+
+ }
+
+ protected void tearDownSecurity() throws Exception {
+ stop(propertiesRealmName);
+ stop(propertiesLMName);
+ stop(loginServiceName);
+ stop(securityServiceName);
+ stop(loginConfigurationName);
+ }
+
+ private void start(GBeanData gbeanData) throws Exception {
+ kernel.loadGBean(gbeanData, cl);
+ kernel.startGBean(gbeanData.getName());
+ if (((Integer) kernel.getAttribute(gbeanData.getName(), "state")).intValue() != State.RUNNING_INDEX) {
+ fail("gbean not started: " + gbeanData.getName());
+ }
+ }
+
+ protected void stop(ObjectName name) throws Exception {
+ kernel.stopGBean(name);
+ kernel.unloadGBean(name);
+ }
+
+ protected void setUp() throws Exception {
+ cl = this.getClass().getClassLoader();
+ containerName = NameFactory.getWebComponentName(null, null, null, null, "tomcatContainer", "WebResource", moduleContext);
+ connectorName = NameFactory.getWebComponentName(null, null, null, null, "tomcatConnector", "WebResource", moduleContext);
+ webModuleName = NameFactory.getWebComponentName(null, null, null, null, NameFactory.WEB_MODULE, "WebResource", moduleContext);
+
+ tmName = NameFactory.getComponentName(null, null, null, null, "TransactionManager", NameFactory.JTA_RESOURCE, moduleContext);
+ tcmName = NameFactory.getComponentName(null, null, null, null, "TransactionContextManager", NameFactory.JTA_RESOURCE, moduleContext);
+
+ ctcName = new ObjectName("geronimo.test:role=ConnectionTrackingCoordinator");
+
+ kernel = new Kernel("test.kernel");
+ kernel.boot();
+
+ serverInfoName = new ObjectName("geronimo.system:role=ServerInfo");
+ serverInfoGBean = new GBeanData(serverInfoName, ServerInfo.GBEAN_INFO);
+ serverInfoGBean.setAttribute("baseDirectory", ".");
+
+ start(serverInfoGBean);
+
+ // Need to override the constructor for unit tests
+ container = new GBeanData(containerName, TomcatContainer.GBEAN_INFO);
+ container.setAttribute("catalinaHome", "target/var/catalina");
+ container.setAttribute("endorsedDirs", "target/endorsed");
+ container.setReferencePattern("ServerInfo", serverInfoName);
+
+ connector = new GBeanData(connectorName, HTTPConnector.GBEAN_INFO);
+ connector.setAttribute("port", new Integer(8080));
+ connector.setReferencePattern("TomcatContainer", containerName);
+
+ start(container);
+ start(connector);
+
+ tm = new GBeanData(tmName, TransactionManagerImpl.GBEAN_INFO);
+ Set patterns = new HashSet();
+ patterns.add(ObjectName.getInstance("geronimo.server:j2eeType=JCAManagedConnectionFactory,*"));
+ tm.setAttribute("defaultTransactionTimeoutSeconds", new Integer(10));
+ tm.setReferencePatterns("ResourceManagers", patterns);
+ start(tm);
+ tcm = new GBeanData(tcmName, TransactionContextManager.GBEAN_INFO);
+ tcm.setReferencePattern("TransactionManager", tmName);
+ start(tcm);
+ ctc = new GBeanData(ctcName, ConnectionTrackingCoordinator.GBEAN_INFO);
+ start(ctc);
+ }
+
+ protected void tearDown() throws Exception {
+ stop(ctcName);
+ stop(tmName);
+ stop(containerName);
+ stop(serverInfoName);
+ kernel.shutdown();
+ }
+}
Modified: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java?view=diff&rev=125716&p1=geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java&r1=125715&p2=geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java&r2=125716
==============================================================================
--- geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java (original)
+++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java Wed Jan 19 21:21:50 2005
@@ -1,40 +1,41 @@
-/**
- *
- * Copyright 2003-2004 The Apache Software Foundation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.geronimo.tomcat;
-
-import java.io.BufferedReader;
-import java.io.InputStreamReader;
-import java.net.HttpURLConnection;
-import java.net.URL;
-
-/**
- * @version $Rev: 111239 $ $Date: 2004-12-08 02:29:11 -0700 (Wed, 08 Dec 2004) $
- */
-public class ApplicationTest extends AbstractWebModuleTest {
-
- public void testApplication() throws Exception {
- setUpInsecureAppContext();
-
- HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:8080/test/hello.txt")
- .openConnection();
- BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
- assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
- assertEquals("Hello World", reader.readLine());
- connection.disconnect();
- }
-
-}
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.tomcat;
+
+import java.io.BufferedReader;
+import java.io.InputStreamReader;
+import java.net.HttpURLConnection;
+import java.net.URL;
+
+
+/**
+ * @version $Rev: 111239 $ $Date: 2004-12-08 02:29:11 -0700 (Wed, 08 Dec 2004) $
+ */
+public class ApplicationTest extends AbstractWebModuleTest {
+
+ public void testApplication() throws Exception {
+ setUpInsecureAppContext();
+
+ HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:8080/test/hello.txt")
+ .openConnection();
+ BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+ assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+ assertEquals("Hello World", reader.readLine());
+ connection.disconnect();
+ }
+
+}
Added: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JAASSecurityTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JAASSecurityTest.java?view=auto&rev=125716
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JAASSecurityTest.java Wed Jan 19 21:21:50 2005
@@ -0,0 +1,228 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.tomcat;
+
+import java.io.BufferedReader;
+import java.io.InputStreamReader;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.util.HashSet;
+import java.util.Set;
+import javax.management.ObjectName;
+
+import org.apache.catalina.deploy.SecurityCollection;
+import org.apache.catalina.deploy.SecurityConstraint;
+
+
+/**
+ * Tests the JAAS security for Tomcat
+ *
+ * @version $Revision$ $Date$
+ */
+public class JAASSecurityTest extends AbstractWebModuleTest {
+
+ ObjectName appName = null;
+
+ public void testNotAuthorized() throws Exception {
+
+ Set constraints = new HashSet();
+
+ SecurityConstraint sc = new SecurityConstraint();
+ sc.setAuthConstraint(true);
+ sc.addAuthRole("content-administrator");
+ sc.addAuthRole("auto-administrator");
+ SecurityCollection coll = new SecurityCollection("Admin Role");
+ coll.addPattern("/protected/*");
+ sc.addCollection(coll);
+ constraints.add(sc);
+
+ sc = new SecurityConstraint();
+ sc.setAuthConstraint(false);
+ coll = new SecurityCollection("NO ACCESS");
+ coll.addPattern("/auth/logon.html");
+ sc.addCollection(coll);
+ constraints.add(sc);
+
+ Set securityRoles = new HashSet();
+ securityRoles.add("content-administrator");
+ securityRoles.add("auto-administrator");
+
+ startWebApp(constraints, securityRoles);
+
+ //Begin the test
+ HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:8080/securetest/protected/hello.txt").openConnection();
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+ //Be sure we have been given the login page
+ BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+ assertEquals("<!-- Login Page -->", reader.readLine());
+ reader.close();
+
+ String cookie = connection.getHeaderField("Set-Cookie");
+ cookie = cookie.substring(0, cookie.lastIndexOf(';'));
+ String location = "http://localhost:8080/securetest/protected/j_security_check?j_username=alan&j_password=starcraft";
+ connection = (HttpURLConnection) new URL(location).openConnection();
+ connection.setRequestMethod("POST");
+ connection.setRequestProperty("Cookie", cookie);
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+ location = connection.getHeaderField("Location");
+ connection = (HttpURLConnection) new URL(location).openConnection();
+ connection.setRequestProperty("Cookie", cookie);
+ connection.setInstanceFollowRedirects(true);
+ assertEquals(HttpURLConnection.HTTP_FORBIDDEN, connection.getResponseCode());
+ connection.disconnect();
+
+ stopWebApp();
+ }
+
+ public void testBadAuthentication() throws Exception {
+
+ Set constraints = new HashSet();
+
+ SecurityConstraint sc = new SecurityConstraint();
+ sc.setAuthConstraint(true);
+ sc.addAuthRole("content-administrator");
+ sc.addAuthRole("auto-administrator");
+ SecurityCollection coll = new SecurityCollection("Admin Role");
+ coll.addPattern("/protected/*");
+ sc.addCollection(coll);
+ constraints.add(sc);
+
+ sc = new SecurityConstraint();
+ sc.setAuthConstraint(false);
+ coll = new SecurityCollection("NO ACCESS");
+ coll.addPattern("/auth/logon.html");
+ sc.addCollection(coll);
+ constraints.add(sc);
+
+ Set securityRoles = new HashSet();
+ securityRoles.add("content-administrator");
+ securityRoles.add("auto-administrator");
+
+ startWebApp(constraints, securityRoles);
+
+ //Begin the test
+ HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:8080/securetest/protected/hello.txt").openConnection();
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+
+ //Be sure we have been given the login page
+ BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+ assertEquals("<!-- Login Page -->", reader.readLine());
+ reader.close();
+
+ String cookie = connection.getHeaderField("Set-Cookie");
+ cookie = cookie.substring(0, cookie.lastIndexOf(';'));
+ String location = "http://localhost:8080/securetest/protected/j_security_check?j_username=alan&j_password=basspassword";
+
+ connection = (HttpURLConnection) new URL(location).openConnection();
+ connection.setRequestMethod("POST");
+ connection.setRequestProperty("Cookie", cookie);
+ connection.setInstanceFollowRedirects(true);
+
+ //Be sure we have been given the login error page
+ reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+ assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+
+ location = connection.getHeaderField("Location");
+ assertEquals("<!-- Not Authorized -->", reader.readLine());
+ reader.close();
+
+ connection.disconnect();
+
+ stopWebApp();
+ }
+
+ public void testGoodAuthentication() throws Exception {
+
+ Set constraints = new HashSet();
+
+ SecurityConstraint sc = new SecurityConstraint();
+ sc.setAuthConstraint(true);
+ sc.addAuthRole("content-administrator");
+ sc.addAuthRole("auto-administrator");
+ SecurityCollection coll = new SecurityCollection("Admin Role");
+ coll.addPattern("/protected/*");
+ sc.addCollection(coll);
+ constraints.add(sc);
+
+ sc = new SecurityConstraint();
+ sc.setAuthConstraint(false);
+ coll = new SecurityCollection("NO ACCESS");
+ coll.addPattern("/auth/logon.html");
+ sc.addCollection(coll);
+ constraints.add(sc);
+
+ Set securityRoles = new HashSet();
+ securityRoles.add("content-administrator");
+ securityRoles.add("auto-administrator");
+
+ startWebApp(constraints, securityRoles);
+
+ //Begin the test
+ HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:8080/securetest/protected/hello.txt").openConnection();
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+
+ //Be sure we have been given the login page
+ BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+ assertEquals("<!-- Login Page -->", reader.readLine());
+ reader.close();
+
+ String cookie = connection.getHeaderField("Set-Cookie");
+ cookie = cookie.substring(0, cookie.lastIndexOf(';'));
+ String location = "http://localhost:8080/securetest/protected/j_security_check?j_username=izumi&j_password=violin";
+
+ connection = (HttpURLConnection) new URL(location).openConnection();
+ connection.setRequestMethod("POST");
+ connection.setRequestProperty("Cookie", cookie);
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+ connection = (HttpURLConnection) new URL("http://localhost:8080/securetest/protected/hello.txt").openConnection();
+ connection.setRequestProperty("Cookie", cookie);
+ connection.setInstanceFollowRedirects(false);
+ reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+
+ assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+ assertEquals("Hello World", reader.readLine());
+ connection.disconnect();
+
+ stopWebApp();
+ }
+
+ protected void startWebApp(Set securityConstraints, Set securityRoles) throws Exception {
+ appName = setUpJAASSecureAppContext(securityConstraints, securityRoles);
+ }
+
+ protected void stopWebApp() throws Exception {
+ stop(appName);
+ }
+
+ protected void setUp() throws Exception {
+ super.setUp();
+ setUpSecurity();
+ }
+
+ protected void tearDown() throws Exception {
+ tearDownSecurity();
+ super.tearDown();
+ }
+
+}
Added: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JACCSecurityTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JACCSecurityTest.java?view=auto&rev=125716
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JACCSecurityTest.java Wed Jan 19 21:21:50 2005
@@ -0,0 +1,215 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.tomcat;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.security.PermissionCollection;
+import java.security.Permissions;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import javax.management.ObjectName;
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.WebUserDataPermission;
+
+import org.apache.catalina.deploy.SecurityCollection;
+import org.apache.catalina.deploy.SecurityConstraint;
+
+import org.apache.geronimo.security.deploy.DefaultPrincipal;
+import org.apache.geronimo.security.deploy.Principal;
+import org.apache.geronimo.security.deploy.Realm;
+import org.apache.geronimo.security.deploy.Role;
+import org.apache.geronimo.security.deploy.Security;
+
+
+/**
+ * Tests the JACC security for Tomcat
+ *
+ * @version $Revision$ $Date$
+ */
+public class JACCSecurityTest extends AbstractWebModuleTest {
+
+ ObjectName appName = null;
+
+ /**
+ * Test the explicit map feature. Only Alan should be able to log in.
+ *
+ * @throws Exception thrown if an error in the test occurs
+ */
+ public void testExplicitMapping() throws Exception {
+
+ Set constraints = new HashSet();
+
+ SecurityConstraint sc = new SecurityConstraint();
+ sc.setAuthConstraint(true);
+ sc.addAuthRole("content-administrator");
+ sc.addAuthRole("auto-administrator");
+ SecurityCollection coll = new SecurityCollection("Admin Role");
+ coll.addPattern("/protected/*");
+ sc.addCollection(coll);
+ constraints.add(sc);
+
+ sc = new SecurityConstraint();
+ sc.setAuthConstraint(false);
+ coll = new SecurityCollection("NO ACCESS");
+ coll.addPattern("/auth/logon.html");
+ sc.addCollection(coll);
+ constraints.add(sc);
+
+ Security securityConfig = new Security();
+ securityConfig.setUseContextHandler(false);
+
+ DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
+ defaultPrincipal.setRealmName("demo-properties-realm");
+ Principal principal = new Principal();
+ principal.setClassName("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
+ principal.setPrincipalName("izumi");
+ defaultPrincipal.setPrincipal(principal);
+
+ securityConfig.setDefaultPrincipal(defaultPrincipal);
+
+ Role role = new Role();
+ role.setRoleName("content-administrator");
+ principal = new Principal();
+ principal.setClassName("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
+ principal.setPrincipalName("it");
+ Realm realm = new Realm();
+ realm.setRealmName("demo-properties-realm");
+ realm.getPrincipals().add(principal);
+ role.getRealms().put(realm.getRealmName(), realm);
+
+ securityConfig.getRoleMappings().put(role.getRoleName(), role);
+
+ PermissionCollection uncheckedPermissions = new Permissions();
+
+ PermissionCollection excludedPermissions = new Permissions();
+ excludedPermissions.add(new WebResourcePermission("/auth/login.html", ""));
+ excludedPermissions.add(new WebUserDataPermission("/auth/login.html", ""));
+
+ Map rolePermissions = new HashMap();
+ Set permissions = new HashSet();
+ permissions.add(new WebUserDataPermission("/protected/*", ""));
+ permissions.add(new WebResourcePermission("/protected/*", ""));
+ rolePermissions.put("content-administrator", permissions);
+ rolePermissions.put("auto-administrator", permissions);
+
+ Set securityRoles = new HashSet();
+ securityRoles.add("content-administrator");
+ securityRoles.add("auto-administrator");
+
+ startWebApp(securityConfig, constraints, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles);
+
+ //Begin the test
+ HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:8080/securetest/protected/hello.txt").openConnection();
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+
+ //Be sure we have been given the login page
+ BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+ assertEquals("<!-- Login Page -->", reader.readLine());
+ reader.close();
+
+ String cookie = connection.getHeaderField("Set-Cookie");
+ cookie = cookie.substring(0, cookie.lastIndexOf(';'));
+ String location = "http://localhost:8080/securetest/protected/j_security_check?j_username=alan&j_password=starcraft";
+
+ connection = (HttpURLConnection) new URL(location).openConnection();
+ connection.setRequestMethod("POST");
+ connection.setRequestProperty("Cookie", cookie);
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+ connection = (HttpURLConnection) new URL("http://localhost:8080/securetest/protected/hello.txt").openConnection();
+ connection.setRequestProperty("Cookie", cookie);
+ connection.setInstanceFollowRedirects(false);
+ reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+
+ assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+ assertEquals("Hello World", reader.readLine());
+ connection.disconnect();
+
+ //Now lets try it with izumi
+ connection = (HttpURLConnection) new URL("http://localhost:8080/securetest/protected/hello.txt").openConnection();
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+
+ cookie = connection.getHeaderField("Set-Cookie");
+ cookie = cookie.substring(0, cookie.lastIndexOf(';'));
+
+ //Be sure we have been given the login page
+ reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+ assertEquals("<!-- Login Page -->", reader.readLine());
+ reader.close();
+
+ location = "http://localhost:8080/securetest/protected/j_security_check?j_username=izumi&j_password=violin";
+
+ connection = (HttpURLConnection) new URL(location).openConnection();
+ connection.setRequestMethod("POST");
+ connection.setRequestProperty("Cookie", cookie);
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+ try {
+ connection = (HttpURLConnection) new URL("http://localhost:8080/securetest/protected/hello.txt").openConnection();
+ connection.setRequestProperty("Cookie", cookie);
+ connection.setInstanceFollowRedirects(false);
+ reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+
+ fail("Should throw an IOException for HTTP 403 response");
+ } catch (IOException e) {
+ }
+
+ assertEquals(HttpURLConnection.HTTP_FORBIDDEN, connection.getResponseCode());
+ connection.disconnect();
+
+
+ stopWebApp();
+ }
+
+ protected void startWebApp(Security securityConfig,
+ Set securityConstraints,
+ PermissionCollection uncheckedPermissions,
+ PermissionCollection excludedPermissions,
+ Map rolePermissions,
+ Set securityRoles) throws Exception {
+
+ appName = setUpSecureAppContext(securityConfig, securityConstraints, uncheckedPermissions,
+ excludedPermissions, rolePermissions, securityRoles);
+
+
+ }
+
+ protected void stopWebApp() throws Exception {
+ stop(appName);
+ }
+
+ protected void setUp() throws Exception {
+ super.setUp();
+ setUpSecurity();
+ }
+
+ protected void tearDown() throws Exception {
+ tearDownSecurity();
+ super.tearDown();
+ }
+
+}
Deleted: /geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/SecurityTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/SecurityTest.java?view=auto&rev=125715
==============================================================================