You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by ad...@apache.org on 2004/11/19 04:51:44 UTC
svn commit: r103456 - in geronimo/trunk/modules: assembly/src/plan jetty-builder/src/java/org/apache/geronimo/jetty/deployment jetty-builder/src/test/org/apache/geronimo/jetty/deployment jetty/src/java/org/apache/geronimo/jetty jetty/src/test/org/apache/geronimo/jetty security/src/java/org/apache/geronimo/security security/src/java/org/apache/geronimo/security/deploy security/src/java/org/apache/geronimo/security/realm
Author: adc
Date: Thu Nov 18 19:51:43 2004
New Revision: 103456
Modified:
geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml
geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml
geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java
geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java
geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityService.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java
Log:
Intermediate checkin for http://nagoya.apache.org/jira/browse/GERONIMO-454.
Auto mapping now properly occurs at deploy time.
Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml (original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml Thu Nov 18 19:51:43 2004
@@ -138,6 +138,7 @@
<gbean name="geronimo.deployer:role=ModuleBuilder,type=Web,config=org/apache/geronimo/J2EEDeployer" class="org.apache.geronimo.jetty.deployment.JettyModuleBuilder">
<attribute name="defaultParentId">org/apache/geronimo/Server</attribute>
+ <!-- reference name="SecurityService">geronimo.security:type=SecurityService</reference -->
</gbean>
<gbean name="geronimo.deployer:role=ModuleBuilder,type=EJB,config=org/apache/geronimo/J2EEDeployer" class="org.openejb.deployment.OpenEJBModuleBuilder">
Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml (original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml Thu Nov 18 19:51:43 2004
@@ -88,6 +88,7 @@
<gbean name="geronimo.deployer:role=ModuleBuilder,type=Web,config=org/apache/geronimo/Server" class="org.apache.geronimo.jetty.deployment.JettyModuleBuilder">
<attribute name="defaultParentId">org/apache/geronimo/Server</attribute>
+ <reference name="SecurityService">geronimo.security:type=SecurityService</reference>
</gbean>
<gbean name="geronimo.deployer:role=ModuleBuilder,type=EJB,config=org/apache/geronimo/Server" class="org.openejb.deployment.OpenEJBModuleBuilder">
Modified: geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
==============================================================================
--- geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java (original)
+++ geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java Thu Nov 18 19:51:43 2004
@@ -59,6 +59,7 @@
import org.apache.geronimo.schema.SchemaConversionUtils;
import org.apache.geronimo.security.deploy.Security;
import org.apache.geronimo.security.deployment.SecurityBuilder;
+import org.apache.geronimo.security.SecurityService;
import org.apache.geronimo.transaction.OnlineUserTransaction;
import org.apache.geronimo.xbeans.geronimo.jetty.JettyDependencyType;
import org.apache.geronimo.xbeans.geronimo.jetty.JettyGbeanType;
@@ -79,9 +80,11 @@
*/
public class JettyModuleBuilder implements ModuleBuilder {
private final URI defaultParentId;
+ private final SecurityService securityService;
- public JettyModuleBuilder(URI defaultParentId) {
+ public JettyModuleBuilder(URI defaultParentId, SecurityService securityService) {
this.defaultParentId = defaultParentId;
+ this.securityService = securityService;
}
public Module createModule(File plan, JarFile moduleFile) throws DeploymentException {
@@ -300,7 +303,11 @@
UserTransaction userTransaction = new OnlineUserTransaction();
ReadOnlyContext compContext = buildComponentContext(earContext, webModule, webApp, jettyWebApp, userTransaction, webClassLoader);
+ /**
+ * Build the security configuration. Attempt to auto generate role mappings.
+ */
Security security = SecurityBuilder.buildSecurityConfig(jettyWebApp.getSecurity(), collectRoleNames(webApp));
+ if (security != null) security.autoGenerate(securityService);
GBeanMBean gbean;
try {
@@ -464,9 +471,10 @@
static {
GBeanInfoBuilder infoBuilder = new GBeanInfoBuilder(JettyModuleBuilder.class);
infoBuilder.addAttribute("defaultParentId", URI.class, true);
+ infoBuilder.addReference("SecurityService", SecurityService.class);
infoBuilder.addInterface(ModuleBuilder.class);
- infoBuilder.setConstructor(new String[] {"defaultParentId"});
+ infoBuilder.setConstructor(new String[] {"defaultParentId", "SecurityService"});
GBEAN_INFO = infoBuilder.getBeanInfo();
}
Modified: geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java
==============================================================================
--- geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java (original)
+++ geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java Thu Nov 18 19:51:43 2004
@@ -11,7 +11,7 @@
/**
*/
public class PlanParsingTest extends TestCase {
- private JettyModuleBuilder builder = new JettyModuleBuilder(null);
+ private JettyModuleBuilder builder = new JettyModuleBuilder(null, null);
private File basedir = new File(System.getProperty("basedir", "."));
public void testResourceRef() throws Exception {
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java Thu Nov 18 19:51:43 2004
@@ -87,7 +87,7 @@
private final Kernel kernel;
private final String policyContextID;
private final Security securityConfig;
- private SecurityService securityService;
+ private final SecurityService securityService;
private final JAASJettyPrincipal defaultPrincipal;
private PolicyConfigurationFactory factory;
@@ -102,6 +102,7 @@
kernel = null;
policyContextID = null;
securityConfig = null;
+ securityService = null;
defaultPrincipal = null;
}
@@ -118,6 +119,7 @@
Set applicationManagedSecurityResources,
String policyContextID,
Security securityConfig,
+ SecurityService securityService,
TransactionContextManager transactionContextManager,
TrackedConnectionAssociator trackedConnectionAssociator,
JettyContainer jettyContainer) throws MalformedURLException {
@@ -138,7 +140,8 @@
this.kernel = kernel;
this.policyContextID = policyContextID;
this.securityConfig = securityConfig;
- defaultPrincipal = generateDefaultPrincipal(securityConfig);
+ this.securityService = securityService;
+ this.defaultPrincipal = generateDefaultPrincipal(securityConfig);
/**
* We want to use our own web-app handler.
@@ -162,10 +165,6 @@
return securityService;
}
- public void setSecurityService(SecurityService securityService) {
- this.securityService = securityService;
- }
-
public Subject getRoleDesignate(String roleName) {
return (Subject) roleDesignates.get(roleName);
}
@@ -562,6 +561,7 @@
"applicationManagedSecurityResources",
"policyContextID",
"securityConfig",
+ "SecurityService",
"TransactionContextManager",
"TrackedConnectionAssociator",
"JettyContainer",
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java Thu Nov 18 19:51:43 2004
@@ -23,8 +23,6 @@
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;
import javax.servlet.UnavailableException;
-import javax.management.ObjectName;
-import javax.management.MalformedObjectNameException;
import java.io.IOException;
import java.net.MalformedURLException;
import java.util.HashMap;
@@ -40,13 +38,11 @@
import org.apache.geronimo.common.GeronimoSecurityException;
import org.apache.geronimo.security.RealmPrincipal;
-import org.apache.geronimo.security.deploy.AutoMapAssistant;
import org.apache.geronimo.security.deploy.Principal;
import org.apache.geronimo.security.deploy.Realm;
import org.apache.geronimo.security.deploy.Role;
import org.apache.geronimo.security.deploy.Security;
import org.apache.geronimo.security.jacc.RoleMappingConfiguration;
-import org.apache.geronimo.security.realm.SecurityRealm;
import org.apache.geronimo.security.util.ConfigurationUtil;
import org.apache.geronimo.security.util.URLPattern;
@@ -125,10 +121,6 @@
*
* @param node deployment descriptor from which to obtain the
* security constraints that are to be translated.
- * @throws org.apache.geronimo.security.GeronimoSecurityException
- * if there
- * is any violation of the semantics of the security descriptor or the state
- * of the module configuration.
* @see javax.security.jacc.PolicyConfiguration
* @see "Java Authorization Contract for Containers", section 3.1.3
*/
@@ -330,57 +322,6 @@
}
protected void addRoleMappings(RoleMappingConfiguration roleMapper, Security security) throws PolicyContextException, GeronimoSecurityException {
- autoMapRoles(roleMapper, security);
- addExplicitMappings(roleMapper, security);
- }
-
- protected void autoMapRoles(RoleMappingConfiguration roleMapper, Security security) throws PolicyContextException, GeronimoSecurityException {
-
- JettyWebAppJACCContext context = (JettyWebAppJACCContext) getWebApplicationContext();
- AutoMapAssistant config = security.getAssistant();
- try {
- if (config != null) {
- ObjectName assistantName = new ObjectName("geronimo.security:type=SecurityRealm,realm=" + config.getSecurityRealm());
- Set assistants = context.getKernel().listGBeans(assistantName);
- if (assistants.size() < 1 || assistants.size() > 1) throw new GeronimoSecurityException("Only one auto mapping assistant should match " + assistantName);
-
- org.apache.geronimo.security.realm.AutoMapAssistant assistant = (org.apache.geronimo.security.realm.AutoMapAssistant) assistants.iterator().next();
- String realmName = ((SecurityRealm) assistant).getRealmName();
- Iterator principalClasses = null;
- if (config.getClassOverrides().size() > 0) {
- principalClasses = config.getClassOverrides().iterator();
- } else {
- principalClasses = assistant.obtainRolePrincipalClasses().iterator();
- }
-
- Iterator roles = securityRoles.iterator();
- while (roles.hasNext()) {
- String roleName = (String) roles.next();
- Set principalSet = new HashSet();
- Subject roleDesignate = new Subject();
-
- while (principalClasses.hasNext()) {
- Principal principal = new Principal();
- principal.setClassName((String) principalClasses.next());
- principal.setPrincipalName(roleName);
-
- RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(principal, realmName);
- if (realmPrincipal == null) throw new GeronimoSecurityException("Unable to create realm principal");
-
- principalSet.add(realmPrincipal);
- roleDesignate.getPrincipals().add(realmPrincipal);
- }
- roleMapper.addRoleMapping(roleName, principalSet);
- if (roleDesignate.getPrincipals().size() > 0) context.setRoleDesignate(roleName, roleDesignate);
- }
- }
- } catch (MalformedObjectNameException e) {
- throw new GeronimoSecurityException("Bad object name geronimo.security:type=SecurityRealm,realm=" + config.getSecurityRealm());
- }
- }
-
- protected void addExplicitMappings(RoleMappingConfiguration roleMapper, Security security) throws PolicyContextException, GeronimoSecurityException {
-
JettyWebAppJACCContext context = (JettyWebAppJACCContext) getWebApplicationContext();
Iterator rollMappings = security.getRoleMappings().values().iterator();
Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java (original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java Thu Nov 18 19:51:43 2004
@@ -108,6 +108,7 @@
securityServiceGBean = new GBeanMBean("org.apache.geronimo.security.SecurityService");
securityServiceName = new ObjectName("geronimo.security:type=SecurityService");
securityServiceGBean.setReferencePatterns("Realms", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*")));
+ securityServiceGBean.setReferencePatterns("Mappers", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*")));
securityServiceGBean.setAttribute("policyConfigurationFactory", "org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory");
loginServiceGBean = new GBeanMBean("org.apache.geronimo.security.jaas.JaasLoginService");
Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java (original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Thu Nov 18 19:51:43 2004
@@ -18,12 +18,16 @@
package org.apache.geronimo.jetty;
import java.io.BufferedReader;
+import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URL;
import org.apache.geronimo.gbean.jmx.GBeanMBean;
+import org.apache.geronimo.kernel.jmx.MBeanProxyFactory;
+import org.apache.geronimo.security.SecurityService;
+import org.apache.geronimo.security.deploy.AutoMapAssistant;
import org.apache.geronimo.security.deploy.DefaultPrincipal;
import org.apache.geronimo.security.deploy.Principal;
import org.apache.geronimo.security.deploy.Realm;
@@ -33,14 +37,18 @@
/**
+ * Tests the JAAC security for Jetty by using both explicit and auto role mapping
+ *
* @version $Rev$ $Date$
*/
public class SecurityTest extends BaseSecurityTest {
- public void testDummy() throws Exception {
- }
-
- public void testSecurity() throws Exception {
+ /**
+ * Test the explicit map feature. Only Alan should be able to log in.
+ *
+ * @throws Exception thrown if an error in the test occurs
+ */
+ public void testExplicitMapping() throws Exception {
Security securityConfig = new Security();
securityConfig.setUseContextHandler(false);
@@ -91,7 +99,228 @@
connection.setRequestProperty("Cookie", cookie);
connection.setInstanceFollowRedirects(false);
BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
- System.out.println("Headers: "+connection.getHeaderFields());
+
+ assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+ assertEquals("Hello World", reader.readLine());
+ connection.disconnect();
+
+ connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+ cookie = connection.getHeaderField("Set-Cookie");
+ cookie = cookie.substring(0, cookie.lastIndexOf(';'));
+ location = connection.getHeaderField("Location");
+
+ connection = (HttpURLConnection) new URL(location).openConnection();
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+
+ location = location.substring(0, location.lastIndexOf('/')) + "/j_security_check?j_username=izumi&j_password=violin";
+
+ connection = (HttpURLConnection) new URL(location).openConnection();
+ connection.setRequestMethod("POST");
+ connection.setRequestProperty("Cookie", cookie);
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+ try {
+ connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+ connection.setRequestProperty("Cookie", cookie);
+ connection.setInstanceFollowRedirects(false);
+ reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+
+ fail("Should throw an IOException for HTTP 403 response");
+ } catch (IOException e) {
+ }
+
+ assertEquals(HttpURLConnection.HTTP_FORBIDDEN, connection.getResponseCode());
+ connection.disconnect();
+
+ stopWebApp();
+ }
+
+ /**
+ * Test the auto map feature. Only Izumi should be able to log in.
+ *
+ * @throws Exception thrown if an error in the test occurs
+ */
+ public void testAutoMapping() throws Exception {
+ Security securityConfig = new Security();
+ securityConfig.setUseContextHandler(false);
+
+ AutoMapAssistant assistant = new AutoMapAssistant();
+ assistant.setSecurityRealm("demo-properties-realm");
+ securityConfig.setAssistant(assistant);
+
+ securityConfig.getRoleNames().add("content-administrator");
+ securityConfig.getRoleNames().add("auto-administrator");
+
+ securityConfig.autoGenerate((SecurityService) MBeanProxyFactory.getProxy(SecurityService.class, kernel.getMBeanServer(), securityServiceName));
+
+ startWebApp(securityConfig);
+
+ HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+ String cookie = connection.getHeaderField("Set-Cookie");
+ cookie = cookie.substring(0, cookie.lastIndexOf(';'));
+ String location = connection.getHeaderField("Location");
+
+ connection = (HttpURLConnection) new URL(location).openConnection();
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+
+ location = location.substring(0, location.lastIndexOf('/')) + "/j_security_check?j_username=izumi&j_password=violin";
+
+ connection = (HttpURLConnection) new URL(location).openConnection();
+ connection.setRequestMethod("POST");
+ connection.setRequestProperty("Cookie", cookie);
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+ connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+ connection.setRequestProperty("Cookie", cookie);
+ connection.setInstanceFollowRedirects(false);
+ BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+
+ assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+ assertEquals("Hello World", reader.readLine());
+ connection.disconnect();
+
+
+ connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+ cookie = connection.getHeaderField("Set-Cookie");
+ cookie = cookie.substring(0, cookie.lastIndexOf(';'));
+ location = connection.getHeaderField("Location");
+
+ connection = (HttpURLConnection) new URL(location).openConnection();
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+
+ location = location.substring(0, location.lastIndexOf('/')) + "/j_security_check?j_username=alan&j_password=starcraft";
+
+ connection = (HttpURLConnection) new URL(location).openConnection();
+ connection.setRequestMethod("POST");
+ connection.setRequestProperty("Cookie", cookie);
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+ try {
+ connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+ connection.setRequestProperty("Cookie", cookie);
+ connection.setInstanceFollowRedirects(false);
+ reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+
+ fail("Should throw an IOException for HTTP 403 response");
+ } catch (IOException e) {
+ }
+
+ assertEquals(HttpURLConnection.HTTP_FORBIDDEN, connection.getResponseCode());
+ connection.disconnect();
+ stopWebApp();
+ }
+
+ /**
+ * Mixed the auto map and the standard explicit map. Both Alan and Izumi
+ * should be able to login.
+ *
+ * @throws Exception thrown if an error in the test occurs
+ */
+ public void testMixedMapping() throws Exception {
+ Security securityConfig = new Security();
+ securityConfig.setUseContextHandler(false);
+
+ AutoMapAssistant assistant = new AutoMapAssistant();
+ assistant.setSecurityRealm("demo-properties-realm");
+ securityConfig.setAssistant(assistant);
+
+ securityConfig.getRoleNames().add("content-administrator");
+ securityConfig.getRoleNames().add("auto-administrator");
+
+ securityConfig.autoGenerate((SecurityService) MBeanProxyFactory.getProxy(SecurityService.class, kernel.getMBeanServer(), securityServiceName));
+
+ DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
+ defaultPrincipal.setRealmName("demo-properties-realm");
+ Principal principal = new Principal();
+ principal.setClassName("org.apache.geronimo.security.realm.providers.PropertiesFileUserPrincipal");
+ principal.setPrincipalName("izumi");
+ defaultPrincipal.setPrincipal(principal);
+
+ securityConfig.setDefaultPrincipal(defaultPrincipal);
+
+ Role role = new Role();
+ role.setRoleName("content-administrator");
+ principal = new Principal();
+ principal.setClassName("org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal");
+ principal.setPrincipalName("it");
+ Realm realm = new Realm();
+ realm.setRealmName("demo-properties-realm");
+ realm.getPrincipals().add(principal);
+ role.getRealms().put(realm.getRealmName(), realm);
+
+ securityConfig.append(role);
+
+ startWebApp(securityConfig);
+
+ HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+ String cookie = connection.getHeaderField("Set-Cookie");
+ cookie = cookie.substring(0, cookie.lastIndexOf(';'));
+ String location = connection.getHeaderField("Location");
+
+ connection = (HttpURLConnection) new URL(location).openConnection();
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+
+ location = location.substring(0, location.lastIndexOf('/')) + "/j_security_check?j_username=izumi&j_password=violin";
+
+ connection = (HttpURLConnection) new URL(location).openConnection();
+ connection.setRequestMethod("POST");
+ connection.setRequestProperty("Cookie", cookie);
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+ connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+ connection.setRequestProperty("Cookie", cookie);
+ connection.setInstanceFollowRedirects(false);
+ BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+
+ assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+ assertEquals("Hello World", reader.readLine());
+ connection.disconnect();
+
+
+ connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+ cookie = connection.getHeaderField("Set-Cookie");
+ cookie = cookie.substring(0, cookie.lastIndexOf(';'));
+ location = connection.getHeaderField("Location");
+
+ connection = (HttpURLConnection) new URL(location).openConnection();
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+
+ location = location.substring(0, location.lastIndexOf('/')) + "/j_security_check?j_username=alan&j_password=starcraft";
+
+ connection = (HttpURLConnection) new URL(location).openConnection();
+ connection.setRequestMethod("POST");
+ connection.setRequestProperty("Cookie", cookie);
+ connection.setInstanceFollowRedirects(false);
+ assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+ connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+ connection.setRequestProperty("Cookie", cookie);
+ connection.setInstanceFollowRedirects(false);
+ reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
assertEquals("Hello World", reader.readLine());
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityService.java
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityService.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityService.java Thu Nov 18 19:51:43 2004
@@ -39,6 +39,7 @@
import org.apache.geronimo.security.jacc.PolicyContextHandlerSOAPMessage;
import org.apache.geronimo.security.jacc.GeronimoPolicy;
import org.apache.geronimo.security.realm.SecurityRealm;
+import org.apache.geronimo.security.realm.AutoMapAssistant;
import org.apache.geronimo.security.util.ConfigurationUtil;
@@ -57,6 +58,7 @@
private String policyConfigurationFactory;
private Collection realms = Collections.EMPTY_SET;
+ private Collection mappers = Collections.EMPTY_SET;
private Collection moduleConfigurations = Collections.EMPTY_SET;
@@ -117,6 +119,19 @@
this.realms = realms;
}
+ public Collection getMappers() throws GeronimoSecurityException {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) sm.checkPermission(CONFIGURE);
+ return mappers;
+ }
+
+
+ public void setMappers(Collection mappers) {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) sm.checkPermission(CONFIGURE);
+ this.mappers = mappers;
+ }
+
public Collection getModuleConfigurations() {
return moduleConfigurations;
}
@@ -135,6 +150,16 @@
return null;
}
+ public AutoMapAssistant getMapper(String name) {
+ for (Iterator iter = mappers.iterator(); iter.hasNext();) {
+ AutoMapAssistant mapper = (AutoMapAssistant) iter.next();
+ if (name.equals(mapper.getRealmName())) {
+ return mapper;
+ }
+ }
+ return null;
+ }
+
public void doStart() throws WaitingException, Exception {
PolicyConfigurationFactory factory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
Policy.setPolicy(new GeronimoPolicy(factory));
@@ -158,8 +183,10 @@
infoFactory.addAttribute("policyConfigurationFactory", String.class, true);
infoFactory.addReference("Realms", SecurityRealm.class);
+ infoFactory.addReference("Mappers", AutoMapAssistant.class);
infoFactory.addReference("ModuleConfigurations", ModuleConfiguration.class);
infoFactory.addOperation("getRealm", new Class[]{String.class});
+ infoFactory.addOperation("getMapper", new Class[]{String.class});
infoFactory.setConstructor(new String[]{"policyConfigurationFactory"});
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java Thu Nov 18 19:51:43 2004
@@ -24,7 +24,6 @@
import java.util.Set;
import org.apache.geronimo.security.SecurityService;
-import org.apache.geronimo.security.realm.SecurityRealm;
/**
@@ -95,21 +94,27 @@
if (roleMappings.containsKey(role.getRoleName())) {
Role existing = (Role) roleMappings.get(role.getRoleName());
for (Iterator iter = role.getRealms().keySet().iterator(); iter.hasNext();) {
- existing.append((Realm) iter.next());
+ existing.append((Realm) role.getRealms().get(iter.next()));
}
} else {
roleMappings.put(role.getRoleName(), role);
}
}
- public void autoGenerate(SecurityService secyrityService) {
- if (secyrityService == null) return;
+ /**
+ * Automatically generate role mappings and add them to the existing role mappings.
+ * <p/>
+ * NOTE: This method should be called during deployment.
+ *
+ * @param securityService used to obtain the configured auto map assistant.
+ */
+ public void autoGenerate(SecurityService securityService) {
+ if (securityService == null) return;
if (assistant == null) return;
String realmName = assistant.getSecurityRealm();
- SecurityRealm securityRealm = secyrityService.getRealm(realmName);
- if (securityRealm == null || !(securityRealm instanceof AutoMapAssistant)) return;
- org.apache.geronimo.security.realm.AutoMapAssistant autoMapAssistant = (org.apache.geronimo.security.realm.AutoMapAssistant) securityRealm;
+ org.apache.geronimo.security.realm.AutoMapAssistant autoMapAssistant = securityService.getMapper(realmName);
+ if (autoMapAssistant == null) return;
/**
* Append roles
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java Thu Nov 18 19:51:43 2004
@@ -33,6 +33,12 @@
public interface AutoMapAssistant {
/**
+ * Provides the realm name of the auto map assistant.
+ * @return the realm name of the auto map assistant
+ */
+ public String getRealmName();
+
+ /**
* Provides the default principal to be used when an unauthenticated
* subject uses a container.
*