You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by am...@apache.org on 2004/11/23 03:03:24 UTC
svn commit: r106257 - in geronimo/trunk/modules: assembly/src/plan connector/src/java/org/apache/geronimo/connector/outbound/security jetty/src/java/org/apache/geronimo/jetty jetty/src/test-resources/deployables/war3/WEB-INF jetty/src/test/org/apache/geronimo/jetty security/src/java/org/apache/geronimo/security security/src/java/org/apache/geronimo/security/deploy security/src/java/org/apache/geronimo/security/jaas security/src/java/org/apache/geronimo/security/realm security/src/java/org/apache/geronimo/security/realm/providers security/src/java/org/apache/geronimo/security/util security/src/test/org/apache/geronimo/security security/src/test/org/apache/geronimo/security/jaas security/src/test/org/apache/geronimo/security/network/protocol
Author: ammulder
Date: Mon Nov 22 18:03:22 2004
New Revision: 106257
Added:
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/DeploymentSupport.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/FileAuditLoginModule.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoGroupPrincipal.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoUserPrincipal.java
geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/DeploymentSupportTest.java
Removed:
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileGroupPrincipal.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileUserPrincipal.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLGroupPrincipal.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLUserPrincipal.java
Modified:
geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml
geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml
geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java
geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml
geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java
geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java
geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java
geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java
geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java
geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java
geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java
geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java
Log:
Next round of security improvements
- add login domains
- consolidate principal classes
- pull deployment methods out of realm into helper interface
- add auditing login module
- test & fix realms with multiple login modules
- add flag to control whether server-side principals are returned to client
- update all tests and plans with the new syntax
Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml?view=diff&rev=106257&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml&r1=106256&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml&r2=106257
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml (original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml Mon Nov 22 18:03:22 2004
@@ -44,6 +44,7 @@
usersURI=var/security/demo_users.properties
groupsURI=var/security/demo_groups.properties
</attribute>
+ <attribute name="loginDomainName" type="java.lang.String">demo-properties-realm</attribute>
</gbean>
<gbean name="geronimo.security:type=SecurityRealm,realm=demo-properties-realm"
Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml?view=diff&rev=106257&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r1=106256&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r2=106257
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml (original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml Mon Nov 22 18:03:22 2004
@@ -108,6 +108,7 @@
usersURI=var/security/users.properties
groupsURI=var/security/groups.properties
</attribute>
+ <attribute name="loginDomainName" type="java.lang.String">geronimo-properties-realm</attribute>
</gbean>
<gbean name="geronimo.security:type=SecurityRealm,realm=geronimo-properties-realm"
Modified: geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java?view=diff&rev=106257&p1=geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java&r1=106256&p2=geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java (original)
+++ geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java Mon Nov 22 18:03:22 2004
@@ -20,10 +20,6 @@
import javax.resource.spi.ManagedConnectionFactory;
import java.util.HashMap;
import java.util.Map;
-import java.util.Set;
-
-import org.apache.regexp.RE;
-
import org.apache.geronimo.common.GeronimoSecurityException;
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
@@ -33,6 +29,7 @@
import org.apache.geronimo.security.jaas.JaasLoginModuleConfiguration;
import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
import org.apache.geronimo.security.realm.SecurityRealm;
+import org.apache.geronimo.security.realm.DeploymentSupport;
/**
*
@@ -59,40 +56,29 @@
return realmName;
}
- public Set getGroupPrincipals() throws GeronimoSecurityException {
- return null;
+ public boolean isRestrictPrincipalsToServer() {
+ return true;
}
- public Set getGroupPrincipals(RE regexExpression) throws GeronimoSecurityException {
- return null;
+ public String[] getLoginDomains() {
+ return new String[]{realmName};
}
- public Set getUserPrincipals() throws GeronimoSecurityException {
+ public DeploymentSupport getDeploymentSupport(String loginDomain) throws GeronimoSecurityException {
return null;
}
- public Set getUserPrincipals(RE regexExpression) throws GeronimoSecurityException {
- return null;
- }
-
- public void refresh() throws GeronimoSecurityException {
- }
-
public JaasLoginModuleConfiguration[] getAppConfigurationEntries() {
Map options = new HashMap();
// TODO: This can be a bad thing, passing a reference to a realm to the login module
// since the SerializableACE can be sent remotely
options.put(REALM_INSTANCE, this);
- JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(getRealmName(), PasswordCredentialLoginModule.class.getName(),
- LoginModuleControlFlag.REQUISITE, options, true);
+ JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(PasswordCredentialLoginModule.class.getName(),
+ LoginModuleControlFlag.REQUISITE, options, true, getRealmName());
return new JaasLoginModuleConfiguration[]{config};
}
- public boolean isLoginModuleLocal() {
- return true;
- }
-
public void setManagedConnectionFactory(ManagedConnectionFactory managedConnectionFactory) {
this.managedConnectionFactory = managedConnectionFactory;
}
@@ -110,7 +96,7 @@
options.put("realm", realmName);
options.put("kernel", kernel.getKernelName());
- return new JaasLoginModuleConfiguration(realmName, JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true);
+ return new JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true, realmName);
}
static {
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java?view=diff&rev=106257&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r1=106256&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java Mon Nov 22 18:03:22 2004
@@ -412,11 +412,13 @@
JAASJettyPrincipal result = new JAASJettyPrincipal("default");
Subject defaultSubject = new Subject();
- RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(defaultPrincipal.getPrincipal(), defaultPrincipal.getRealmName());
+ //todo: needs a proper login domain name to go with the realm name
+ RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(defaultPrincipal.getPrincipal(), defaultPrincipal.getRealmName(), defaultPrincipal.getRealmName());
if (realmPrincipal == null) {
throw new GeronimoSecurityException("Unable to create realm principal");
}
- PrimaryRealmPrincipal primaryRealmPrincipal = ConfigurationUtil.generatePrimaryRealmPrincipal(defaultPrincipal.getPrincipal(), defaultPrincipal.getRealmName());
+ //todo: needs a proper login domain name to go with the realm name
+ PrimaryRealmPrincipal primaryRealmPrincipal = ConfigurationUtil.generatePrimaryRealmPrincipal(defaultPrincipal.getPrincipal(), defaultPrincipal.getRealmName(), defaultPrincipal.getRealmName());
if (primaryRealmPrincipal == null) {
throw new GeronimoSecurityException("Unable to create primary realm principal");
}
Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java?view=diff&rev=106257&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java&r1=106256&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java Mon Nov 22 18:03:22 2004
@@ -341,8 +341,8 @@
Iterator principals = realm.getPrincipals().iterator();
while (principals.hasNext()) {
Principal principal = (Principal) principals.next();
-
- RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(principal, realm.getRealmName());
+ //todo: The next line must use a login domain name, which I guess means that neds to go in the geronimo-jetty.xml
+ RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(principal, realm.getRealmName(), realm.getRealmName());
if (realmPrincipal == null) throw new GeronimoSecurityException("Unable to create realm principal");
principalSet.add(realmPrincipal);
Modified: geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml?view=diff&rev=106257&p1=geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml&r1=106256&p2=geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml&r2=106257
==============================================================================
--- geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml (original)
+++ geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml Mon Nov 22 18:03:22 2004
@@ -25,7 +25,7 @@
<context-priority-classloader>false</context-priority-classloader>
<sec:security>
<sec:default-principal realm-name="demo-properties-realm">
- <sec:principal class="org.apache.geronimo.security.realm.providers.PropertiesFileUserPrincipal" name="metro"/>
+ <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="metro"/>
</sec:default-principal>
</sec:security>
</web-app>
Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java&r1=106256&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java (original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java Mon Nov 22 18:03:22 2004
@@ -128,6 +128,7 @@
options.setProperty("usersURI", "src/test-resources/data/users.properties");
options.setProperty("groupsURI", "src/test-resources/data/groups.properties");
propertiesLMGBean.setAttribute("options", options);
+ propertiesLMGBean.setAttribute("loginDomainName", "demo-properties-realm");
propertiesRealmGBean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
propertiesRealmName = new ObjectName("geronimo.security:type=SecurityRealm,realm=demo-properties-realm");
@@ -136,8 +137,8 @@
Properties config = new Properties();
config.setProperty("LoginModule.1.REQUIRED", propertiesLMName.getCanonicalName());
propertiesRealmGBean.setAttribute("loginModuleConfiguration", config);
- propertiesRealmGBean.setAttribute("autoMapPrincipalClasses", "org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal");
- propertiesRealmGBean.setAttribute("defaultPrincipal", "metro=org.apache.geronimo.security.realm.providers.PropertiesFileUserPrincipal");
+// propertiesRealmGBean.setAttribute("autoMapPrincipalClasses", "demo-properties-realm=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
+ propertiesRealmGBean.setAttribute("defaultPrincipal", "metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
start(serverInfoName, serverInfoGBean);
start(propertiesLMName, propertiesLMGBean);
Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r1=106256&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java (original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Mon Nov 22 18:03:22 2004
@@ -55,7 +55,7 @@
DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
defaultPrincipal.setRealmName("demo-properties-realm");
Principal principal = new Principal();
- principal.setClassName("org.apache.geronimo.security.realm.providers.PropertiesFileUserPrincipal");
+ principal.setClassName("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
principal.setPrincipalName("izumi");
defaultPrincipal.setPrincipal(principal);
@@ -64,7 +64,7 @@
Role role = new Role();
role.setRoleName("content-administrator");
principal = new Principal();
- principal.setClassName("org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal");
+ principal.setClassName("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
principal.setPrincipalName("it");
Realm realm = new Realm();
realm.setRealmName("demo-properties-realm");
@@ -247,7 +247,7 @@
DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
defaultPrincipal.setRealmName("demo-properties-realm");
Principal principal = new Principal();
- principal.setClassName("org.apache.geronimo.security.realm.providers.PropertiesFileUserPrincipal");
+ principal.setClassName("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
principal.setPrincipalName("izumi");
defaultPrincipal.setPrincipal(principal);
@@ -256,7 +256,7 @@
Role role = new Role();
role.setRoleName("content-administrator");
principal = new Principal();
- principal.setClassName("org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal");
+ principal.setClassName("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
principal.setPrincipalName("it");
Realm realm = new Realm();
realm.setRealmName("demo-properties-realm");
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java Mon Nov 22 18:03:22 2004
@@ -25,8 +25,8 @@
*/
public class PrimaryRealmPrincipal extends RealmPrincipal {
- public PrimaryRealmPrincipal(String realm, Principal principal) {
- super(realm, principal);
+ public PrimaryRealmPrincipal(String loginDomain, Principal principal, String realmName) {
+ super(loginDomain, principal, realmName);
}
/**
@@ -43,6 +43,6 @@
PrimaryRealmPrincipal realmPrincipal = (PrimaryRealmPrincipal) another;
- return getRealm().equals(realmPrincipal.getRealm()) && getPrincipal().equals(realmPrincipal.getPrincipal());
+ return getLoginDomain().equals(realmPrincipal.getLoginDomain()) && getPrincipal().equals(realmPrincipal.getPrincipal());
}
}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java Mon Nov 22 18:03:22 2004
@@ -19,6 +19,7 @@
import java.io.Serializable;
import java.security.Principal;
+import org.apache.geronimo.common.NullArgumentException;
/**
@@ -27,17 +28,18 @@
* @version $Rev$ $Date$
*/
public class RealmPrincipal implements Principal, Serializable {
- private final String realm;
+ private final String loginDomain;
private final Principal principal;
private transient String name = null;
private transient long id;
- public RealmPrincipal(String realm, Principal principal) {
- if (realm == null) throw new IllegalArgumentException("realm == null");
- if (principal == null) throw new IllegalArgumentException("principal == null");
+ public RealmPrincipal(String loginDomain, Principal principal, String realmName) {
+ if (loginDomain == null) throw new NullArgumentException("loginDomain");
+ if (principal == null) throw new NullArgumentException("principal");
- this.realm = realm;
+ this.loginDomain = loginDomain;
this.principal = principal;
+ //todo: ignoring realm name; we don't think we'll need it.
}
public long getId() {
@@ -62,7 +64,7 @@
RealmPrincipal realmPrincipal = (RealmPrincipal) another;
- return realm.equals(realmPrincipal.realm) && principal.equals(realmPrincipal.principal);
+ return loginDomain.equals(realmPrincipal.loginDomain) && principal.equals(realmPrincipal.principal);
}
/**
@@ -92,7 +94,7 @@
if (name == null) {
StringBuffer buffer = new StringBuffer("");
- buffer.append(realm);
+ buffer.append(loginDomain);
buffer.append(":[");
buffer.append(principal.getClass().getName());
buffer.append(':');
@@ -118,7 +120,7 @@
*
* @return the realm that is associated with the principal.
*/
- public String getRealm() {
- return realm;
+ public String getLoginDomain() {
+ return loginDomain;
}
}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java Mon Nov 22 18:03:22 2004
@@ -129,12 +129,13 @@
realm.setRealmName(assistant.getSecurityRealm());
- for (Iterator principalClasses = autoMapAssistant.obtainRolePrincipalClasses().iterator(); principalClasses.hasNext();) {
+ //todo: the usage of the realm name in the next call instead of the login domain name is an error!
+ for (Iterator principalClasses = autoMapAssistant.obtainRolePrincipalClasses(realmName).iterator(); principalClasses.hasNext();) {
Principal principal = new Principal();
-
+ //todo: Principal class needs to handle login domain as well
principal.setClassName((String) principalClasses.next());
principal.setPrincipalName(roleName);
- principal.setDesignatedRunAs(true);
+ principal.setDesignatedRunAs(false);
realm.getPrincipals().add(principal);
}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java Mon Nov 22 18:03:22 2004
@@ -50,7 +50,7 @@
}
public JaasLoginModuleConfiguration generateConfiguration() {
- return new JaasLoginModuleConfiguration(applicationConfigName, module.getLoginModuleClass(), controlFlag, module.getOptions(), module.isServerSide());
+ return new JaasLoginModuleConfiguration(module.getLoginModuleClass(), controlFlag, module.getOptions(), module.isServerSide(), applicationConfigName);
}
public static final GBeanInfo GBEAN_INFO;
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java Mon Nov 22 18:03:22 2004
@@ -92,7 +92,6 @@
if (sm != null) sm.checkPermission(SecurityService.CONFIGURE);
ConfigurationEntryFactory factory = (ConfigurationEntryFactory) event.getMember();
-
addConfiguration(factory);
}
@@ -108,6 +107,12 @@
private final void addConfiguration(ConfigurationEntryFactory factory) {
JaasLoginModuleConfiguration config = factory.generateConfiguration();
+ if(config.getLoginDomainName() == null) {
+ throw new IllegalArgumentException("A login module to be registered standalone must have a domain name!");
+ }
+ if (entries.containsKey(factory.getConfigurationName())) {
+ throw new java.lang.IllegalArgumentException("ConfigurationEntry already registered");
+ }
AppConfigurationEntry ace = new AppConfigurationEntry(config.getLoginModuleClassName(), config.getFlag().getFlag(), config.getOptions());
entries.put(factory.getConfigurationName(), ace);
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java Mon Nov 22 18:03:22 2004
@@ -99,7 +99,11 @@
for (int i = 0; i < workers.length; i++) {
workers[i].getModule().commit();
}
- subject.getPrincipals().add(service.loginSucceeded(client));
+ Principal[] principals = service.loginSucceeded(client);
+ for (int i = 0; i < principals.length; i++) {
+ Principal principal = principals[i];
+ subject.getPrincipals().add(principal);
+ }
return true;
}
@@ -111,6 +115,7 @@
} finally {
service.loginFailed(client);
}
+ clear();
return true;
}
@@ -122,9 +127,24 @@
} finally {
service.logout(client);
}
+ clear();
return true;
}
+ private void clear() {
+ serverHost = null;
+ serverPort = 0;
+ realmName = null;
+ kernelName = null;
+ service = null;
+ handler = null;
+ subject = null;
+ processedPrincipals.clear();
+ config = null;
+ client = null;
+ workers = null;
+ }
+
private JaasLoginServiceMBean connect() {
if(serverHost != null && serverPort > 0) {
return JaasLoginServiceRemotingClient.create(serverHost, serverPort);
@@ -186,15 +206,11 @@
public void initialize(Subject subject, CallbackHandler handler,
Map sharedState, Map options) {
this.handler = handler;
- try {
- callbacks = service.getServerLoginCallbacks(client, index);
- } catch (LoginException e) {
- throw new RuntimeException("Server unable to initialize login module", e);
- }
}
public boolean login() throws LoginException {
try {
+ callbacks = service.getServerLoginCallbacks(client, index);
if(handler != null) {
handler.handle(callbacks);
} else if(callbacks != null && callbacks.length > 0) {
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java Mon Nov 22 18:03:22 2004
@@ -35,18 +35,21 @@
*/
public class JaasLoginModuleConfiguration implements Serializable {
private boolean serverSide;
- private String name;
+ private String loginDomainName;
private LoginModuleControlFlag flag;
private String loginModuleName;
private Map options;
private transient LoginModule loginModule;
- public JaasLoginModuleConfiguration(String name, String loginModuleName, LoginModuleControlFlag flag, Map options, boolean serverSide) {
- this.name = name;
+ public JaasLoginModuleConfiguration(String loginModuleName, LoginModuleControlFlag flag, Map options, boolean serverSide, String loginDomainName) {
this.serverSide = serverSide;
this.flag = flag;
this.loginModuleName = loginModuleName;
this.options = options;
+ this.loginDomainName = loginDomainName;
+ }
+ public JaasLoginModuleConfiguration(String loginModuleName, LoginModuleControlFlag flag, Map options, boolean serverSide) {
+ this(loginModuleName, flag, options, serverSide, null);
}
public String getLoginModuleClassName() {
@@ -76,8 +79,8 @@
return options;
}
- public String getName() {
- return name;
+ public String getLoginDomainName() {
+ return loginDomainName;
}
/**
@@ -94,6 +97,6 @@
}
}
- return new JaasLoginModuleConfiguration(name, loginModuleName, flag, other, serverSide);
+ return new JaasLoginModuleConfiguration(loginModuleName, flag, other, serverSide, loginDomainName);
}
}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java Mon Nov 22 18:03:22 2004
@@ -26,6 +26,7 @@
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
+import java.util.ArrayList;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
@@ -153,13 +154,13 @@
* methods in this class.
*/
public JaasClientId connectToRealm(String realmName) {
- for (Iterator it = realms.iterator(); it.hasNext();) {
- SecurityRealm realm = (SecurityRealm) it.next();
- if(realm.getRealmName().equals(realmName)) {
- return initializeClient(realm);
- }
+ SecurityRealm realm = null;
+ realm = getRealm(realmName);
+ if(realm == null) {
+ throw new GeronimoSecurityException("No such realm ("+realmName+")");
+ } else {
+ return initializeClient(realm);
}
- throw new GeronimoSecurityException("No such realm ("+realmName+")");
}
/**
@@ -198,6 +199,7 @@
JaasLoginModuleConfiguration config = context.getModules()[loginModuleIndex];
LoginModule module = config.getLoginModule(classLoader);
//todo: properly handle shared state
+ context.getHandler().setExploring();
try {
module.initialize(context.getSubject(), context.getHandler(), new HashMap(), config.getOptions());
} catch (Exception e) {
@@ -251,7 +253,7 @@
if(loginModuleIndex < 0 || loginModuleIndex >= context.getModules().length || context.getModules()[loginModuleIndex].isServerSide()) {
throw new LoginException("Invalid login module specified");
}
- context.processPrincipals(clientLoginModulePrincipals);
+ context.processPrincipals(clientLoginModulePrincipals, context.getModules()[loginModuleIndex].getLoginDomainName());
}
/**
@@ -270,7 +272,7 @@
}
JaasLoginModuleConfiguration module = context.getModules()[loginModuleIndex];
boolean result = module.getLoginModule(classLoader).commit();
- context.processPrincipals();
+ context.processPrincipals(context.getModules()[loginModuleIndex].getLoginDomainName());
return result;
}
@@ -278,7 +280,7 @@
* Indicates that the overall login succeeded. All login modules that were
* touched should have been logged in and committed before calling this.
*/
- public IdentificationPrincipal loginSucceeded(JaasClientId userIdentifier) throws LoginException {
+ public Principal[] loginSucceeded(JaasClientId userIdentifier) throws LoginException {
JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
if(context == null) {
throw new ExpiredLoginModuleException();
@@ -289,7 +291,15 @@
SubjectId id = ContextManager.getSubjectId(subject);
IdentificationPrincipal principal = new IdentificationPrincipal(id);
subject.getPrincipals().add(principal);
- return principal;
+ SecurityRealm realm = getRealm(context.getRealmName());
+ if(realm.isRestrictPrincipalsToServer()) {
+ return new Principal[]{principal};
+ } else {
+ List list = new ArrayList();
+ list.addAll(context.getProcessedPrincipals());
+ list.add(principal);
+ return (Principal[]) list.toArray(new Principal[list.size()]);
+ }
}
/**
@@ -311,6 +321,11 @@
}
ContextManager.unregisterSubject(context.getSubject());
activeLogins.remove(userIdentifier);
+ for (int i = 0; i < context.getModules().length; i++) {
+ if(context.getModules()[i].isServerSide()) {
+ context.getModules()[i].getLoginModule(classLoader).logout();
+ }
+ }
}
/**
@@ -330,6 +345,16 @@
JaasSecurityContext context = new JaasSecurityContext(realm.getRealmName(), modules);
activeLogins.put(clientId, context);
return clientId;
+ }
+
+ private SecurityRealm getRealm(String realmName) {
+ for (Iterator it = realms.iterator(); it.hasNext();) {
+ SecurityRealm test = (SecurityRealm) it.next();
+ if(test.getRealmName().equals(realmName)) {
+ return test;
+ }
+ }
+ return null;
}
/**
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java Mon Nov 22 18:03:22 2004
@@ -116,7 +116,7 @@
* Indicates that the overall login succeeded. All login modules that were
* touched should have been logged in and committed before calling this.
*/
- public IdentificationPrincipal loginSucceeded(JaasClientId userIdentifier) throws LoginException;
+ public Principal[] loginSucceeded(JaasClientId userIdentifier) throws LoginException;
/**
* Indicates that the overall login failed, and the server should release
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java Mon Nov 22 18:03:22 2004
@@ -73,25 +73,34 @@
return handler;
}
- public void processPrincipals() {
+ public void processPrincipals(String loginDomainName) {
List list = new LinkedList();
for (Iterator it = subject.getPrincipals().iterator(); it.hasNext();) {
Principal p = (Principal) it.next();
- if(!processedPrincipals.contains(p)) {
- list.add(ContextManager.registerPrincipal(new RealmPrincipal(realmName, p)));
+ if(!(p instanceof RealmPrincipal) && !processedPrincipals.contains(p)) {
+ list.add(ContextManager.registerPrincipal(new RealmPrincipal(loginDomainName, p, realmName)));
processedPrincipals.add(p);
}
}
subject.getPrincipals().addAll(list);
}
- public void processPrincipals(Principal[] principals) {
+ public void processPrincipals(Principal[] principals, String loginDomainName) {
List list = new LinkedList();
for (int i = 0; i < principals.length; i++) {
Principal p = principals[i];
list.add(p);
- list.add(ContextManager.registerPrincipal(new RealmPrincipal(realmName, p)));
+ list.add(ContextManager.registerPrincipal(new RealmPrincipal(loginDomainName, p, realmName)));
+ processedPrincipals.add(p);
}
subject.getPrincipals().addAll(list);
+ }
+
+ public Set getProcessedPrincipals() {
+ return processedPrincipals;
+ }
+
+ public String getRealmName() {
+ return realmName;
}
}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java Mon Nov 22 18:03:22 2004
@@ -30,6 +30,7 @@
* @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
*/
public class LoginModuleGBean {
+ private String loginDomainName;
private String loginModuleClass;
private Properties options;
private String objectName;
@@ -44,6 +45,14 @@
this.serverSide = serverSide;
}
+ public String getLoginDomainName() {
+ return loginDomainName;
+ }
+
+ public void setLoginDomainName(String loginDomainName) {
+ this.loginDomainName = loginDomainName;
+ }
+
public Properties getOptions() {
return options;
}
@@ -72,6 +81,7 @@
infoFactory.addAttribute("loginModuleClass", String.class, true);
infoFactory.addAttribute("objectName", String.class, false);
infoFactory.addAttribute("serverSide", boolean.class, true);
+ infoFactory.addAttribute("loginDomainName", String.class, true);
infoFactory.setConstructor(new String[]{"loginModuleClass","objectName","serverSide"});
GBEAN_INFO = infoFactory.getBeanInfo();
}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java Mon Nov 22 18:03:22 2004
@@ -62,7 +62,7 @@
options.put("realm", realmName);
options.put("kernel", kernel.getKernelName());
- return new JaasLoginModuleConfiguration(applicationConfigName, JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true);
+ return new JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true, applicationConfigName);
}
public static final GBeanInfo GBEAN_INFO;
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java Mon Nov 22 18:03:22 2004
@@ -52,5 +52,5 @@
*
* @return a set of principal class names
*/
- public Set obtainRolePrincipalClasses();
+ public Set obtainRolePrincipalClasses(String loginDomain);
}
Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/DeploymentSupport.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/DeploymentSupport.java?view=auto&rev=106257
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/DeploymentSupport.java Mon Nov 22 18:03:22 2004
@@ -0,0 +1,47 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.security.realm;
+
+/**
+ * A helper class that lists principals available in a security realm in order
+ * to help populate deployment descriptors. This may or may not be provided
+ * for a specific security realm. A LoginModule may implement this interface,
+ * in which case the GenericSecurityRealm can take advantage of that [and the
+ * LoginModule should accept an initialize(null, null, null, options) call].
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public interface DeploymentSupport {
+ /**
+ * Gets the names of all principal classes that may be populated into
+ * a Subject.
+ */
+ String[] getPrincipalClassNames();
+
+ /**
+ * Gets the names of all principal classes that should correspond to
+ * roles when automapping. This is a default, and may be overridden
+ * by specific values configured for the realm.
+ */
+ String[] getAutoMapPrincipalClassNames();
+
+ /**
+ * Gets a list of all the principals of a particular type (identified by
+ * the principal class). These are available for manual role mapping.
+ */
+ String[] getPrincipalsOfClass(String className);
+}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java Mon Nov 22 18:03:22 2004
@@ -26,9 +26,11 @@
import java.util.Map;
import java.util.Properties;
import java.util.Set;
-
-import org.apache.regexp.RE;
-
+import java.util.Collections;
+import java.util.Iterator;
+import javax.management.MalformedObjectNameException;
+import javax.management.ObjectName;
+import javax.security.auth.spi.LoginModule;
import org.apache.geronimo.common.GeronimoSecurityException;
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
@@ -86,8 +88,12 @@
private Kernel kernel;
private ServerInfo serverInfo;
private ClassLoader classLoader;
- private String[] autoMapPrincipals;
+ private Map autoMapPrincipals = new HashMap();
private Principal defaultPrincipal;
+ private Properties deploymentSupport;
+ private Map deployment;
+ private String[] domains;
+ private boolean restrictPrincipalsToServer;
public GenericSecurityRealm(String realmName, Kernel kernel, ServerInfo serverInfo, Properties loginModuleConfiguration, ClassLoader classLoader) throws MalformedObjectNameException {
this.realmName = realmName;
@@ -95,6 +101,7 @@
this.serverInfo = serverInfo;
this.classLoader = classLoader;
processConfiguration(loginModuleConfiguration);
+ initializeDeployment();
}
public String getRealmName() {
@@ -106,6 +113,33 @@
}
/**
+ * Gets a helper that lists principals for the realm to help with
+ * generating deployment descriptors. May return null if the realm does
+ * not support these features.
+ */
+ public DeploymentSupport getDeploymentSupport(String domain) throws GeronimoSecurityException {
+ return (DeploymentSupport) deployment.get(domain);
+ }
+
+ /**
+ * Gets a list of the login domains that make up this security realm. A
+ * particular LoginModule represents 0 or 1 login domains, and a realm is
+ * composed of a number of login modules, so the realm may cover any
+ * number of login domains, though typically that number will be 1.
+ */
+ public String[] getLoginDomains() {
+ return domains;
+ }
+
+ public Properties getDeploymentSupport() {
+ return deploymentSupport;
+ }
+
+ public void setDeploymentSupport(Properties deploymentSupport) {
+ this.deploymentSupport = deploymentSupport;
+ }
+
+ /**
* Provides the default principal to be used when an unauthenticated
* subject uses a container.
*
@@ -121,10 +155,14 @@
*
* @return a set of principal class names
*/
- public Set obtainRolePrincipalClasses() {
+ public Set obtainRolePrincipalClasses(String loginDomain) {
+ String[] list = (String[]) autoMapPrincipals.get(loginDomain);
+ if(list == null) {
+ return Collections.EMPTY_SET;
+ }
Set set = new HashSet();
- for (int i = 0; i < autoMapPrincipals.length; i++) {
- set.add(autoMapPrincipals[i]);
+ for (int i = 0; i < list.length; i++) {
+ set.add(list[i]);
}
return set;
}
@@ -141,44 +179,29 @@
}
}
- public void setAutoMapPrincipalClasses(String classes) {
- if (classes != null) {
- autoMapPrincipals = classes.split(",");
- } else {
- autoMapPrincipals = new String[0];
- }
- }
-
- /**
- * @deprecated Will be removed in favor of (some kind of realm editor object) in
- * a future milestone release.
- */
- public Set getGroupPrincipals() throws GeronimoSecurityException {
- return null; //todo
- }
-
/**
- * @deprecated Will be removed in favor of (some kind of realm editor object) in
- * a future milestone release.
+ * Should be of the form loginDomain=class,class,class...
*/
- public Set getGroupPrincipals(RE regexExpression) throws GeronimoSecurityException {
- return null; //todo
+ public void setAutoMapPrincipalClasses(Properties props) {
+ for (Iterator it = props.keySet().iterator(); it.hasNext();) {
+ String key = (String) it.next();
+ String value = props.getProperty(key);
+ autoMapPrincipals.put(key, value.split(","));
+ }
}
/**
- * @deprecated Will be removed in favor of (some kind of realm editor object) in
- * a future milestone release.
+ * A GBean property. If set to true, the login service will not return
+ * principals generated by this realm to clients. If set to false (the
+ * default), the client will get a copy of all principals (except realm
+ * principals generated strictly for use within Geronimo).
*/
- public Set getUserPrincipals() throws GeronimoSecurityException {
- return null; //todo
+ public boolean isRestrictPrincipalsToServer() {
+ return restrictPrincipalsToServer;
}
- /**
- * @deprecated Will be removed in favor of (some kind of realm editor object) in
- * a future milestone release.
- */
- public Set getUserPrincipals(RE regexExpression) throws GeronimoSecurityException {
- return null; //todo
+ public void setRestrictPrincipalsToServer(boolean restrictPrincipalsToServer) {
+ this.restrictPrincipalsToServer = restrictPrincipalsToServer;
}
public String getConfigurationName() {
@@ -190,11 +213,12 @@
options.put("realm", realmName);
options.put("kernel", kernel.getKernelName());
- return new JaasLoginModuleConfiguration(realmName, JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true);
+ return new JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true, realmName);
}
private void processConfiguration(Properties props) throws MalformedObjectNameException {
int i = 1;
+ Set domains = new HashSet();
List list = new ArrayList();
LoginModuleControlFlagEditor editor = new LoginModuleControlFlagEditor();
while (true) {
@@ -222,7 +246,14 @@
if (classLoader != null && !options.containsKey(CLASSLOADER_LM_OPTION)) {
options.put(CLASSLOADER_LM_OPTION, classLoader);
}
- JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(module.getObjectName(), module.getLoginModuleClass(), flag, options, module.isServerSide());
+ if(module.getLoginDomainName() != null) {
+ if(domains.contains(module.getLoginDomainName())) {
+ throw new IllegalStateException("Error in "+realmName+": one security realm cannot contain multiple login modules for the same login domain");
+ } else {
+ domains.add(module.getLoginDomainName());
+ }
+ }
+ JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(module.getLoginModuleClass(), flag, options, module.isServerSide(), module.getLoginDomainName());
list.add(config);
++i;
found = true;
@@ -233,9 +264,39 @@
break;
}
}
+ this.domains = (String[]) domains.toArray(new String[domains.size()]);
config = (JaasLoginModuleConfiguration[]) list.toArray(new JaasLoginModuleConfiguration[list.size()]);
}
+ private void initializeDeployment() {
+ deployment = new HashMap();
+ for (int i = 0; i < config.length; i++) {
+ if(config[i].getLoginDomainName() == null) {
+ continue;
+ }
+ DeploymentSupport support = null;
+ if(deploymentSupport != null && deploymentSupport.containsKey(config[i].getLoginDomainName())) {
+ try {
+ //todo: how should this be configured? Should it be a GBean?
+ support = (DeploymentSupport) classLoader.loadClass(deploymentSupport.getProperty(config[i].getLoginDomainName())).newInstance();
+ } catch (Exception e) {
+ throw new GeronimoSecurityException("Unable to load deployment support class '"+deploymentSupport.getProperty(config[i].getLoginDomainName())+"'", e);
+ }
+ } else if(config[i].getLoginModule(classLoader) instanceof DeploymentSupport) {
+ LoginModule module = config[i].getLoginModule(classLoader);
+ module.initialize(null, null, null, config[i].getOptions());
+ support = (DeploymentSupport) module;
+ }
+ if(support != null) {
+ deployment.put(config[i].getLoginDomainName(), support);
+ String[] auto = support.getAutoMapPrincipalClassNames();
+ if(auto != null) {
+ autoMapPrincipals.put(config[i].getLoginDomainName(), auto);
+ }
+ }
+ }
+ }
+
public static final GBeanInfo GBEAN_INFO;
@@ -250,12 +311,15 @@
infoFactory.addAttribute("classLoader", ClassLoader.class, false);
infoFactory.addAttribute("autoMapPrincipalClasses", String.class, true);
infoFactory.addAttribute("defaultPrincipal", String.class, true);
+ infoFactory.addAttribute("deploymentSupport", Properties.class, true);
+ infoFactory.addAttribute("restrictPrincipalsToServer", boolean.class, true);
infoFactory.addReference("ServerInfo", ServerInfo.class);
infoFactory.addOperation("getAppConfigurationEntries", new Class[0]);
infoFactory.addOperation("obtainDefaultPrincipal", new Class[0]);
- infoFactory.addOperation("obtainRolePrincipalClasses", new Class[0]);
+ infoFactory.addOperation("obtainRolePrincipalClasses", new Class[]{String.class});
+ infoFactory.addOperation("getDeploymentSupport", new Class[]{String.class});
infoFactory.setConstructor(new String[]{"realmName", "kernel", "ServerInfo", "loginModuleConfiguration", "classLoader"});
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java Mon Nov 22 18:03:22 2004
@@ -30,34 +30,39 @@
* @version $Rev$ $Date$
*/
public interface SecurityRealm {
-
static final String BASE_OBJECT_NAME = "geronimo.security:type=SecurityRealm";
+ /**
+ * The name of the realm, which must be unique across all realms in the
+ * server.
+ */
public String getRealmName();
- public JaasLoginModuleConfiguration[] getAppConfigurationEntries();
-
/**
- * @deprecated Will be removed in favor of (some kind of realm editor object) in
- * a future milestone release.
+ * Gets the JAAS configuration for this security realm.
*/
- public Set getGroupPrincipals() throws GeronimoSecurityException;
+ public JaasLoginModuleConfiguration[] getAppConfigurationEntries();
/**
- * @deprecated Will be removed in favor of (some kind of realm editor object) in
- * a future milestone release.
+ * If this attribute is true, the login service will not return
+ * principals generated by this realm to clients. If set to false (the
+ * default), the client will get a copy of all principals (except realm
+ * principals generated strictly for use within Geronimo).
*/
- public Set getGroupPrincipals(RE regexExpression) throws GeronimoSecurityException;
+ public boolean isRestrictPrincipalsToServer();
/**
- * @deprecated Will be removed in favor of (some kind of realm editor object) in
- * a future milestone release.
+ * Gets a list of the login domains that make up this security realm. A
+ * particular LoginModule represents 0 or 1 login domains, and a realm is
+ * composed of a number of login modules, so the realm may cover any
+ * number of login domains, though typically that number will be 1.
*/
- public Set getUserPrincipals() throws GeronimoSecurityException;
+ public String[] getLoginDomains();
/**
- * @deprecated Will be removed in favor of (some kind of realm editor object) in
- * a future milestone release.
+ * Gets a helper that lists principals for the realm to help with
+ * generating deployment descriptors. May return null if the realm does
+ * not support these features.
*/
- public Set getUserPrincipals(RE regexExpression) throws GeronimoSecurityException;
+ public DeploymentSupport getDeploymentSupport(String loginDomain) throws GeronimoSecurityException;
}
Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/FileAuditLoginModule.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/FileAuditLoginModule.java?view=auto&rev=106257
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/FileAuditLoginModule.java Mon Nov 22 18:03:22 2004
@@ -0,0 +1,118 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.security.realm.providers;
+
+import java.util.Map;
+import java.util.Date;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.PrintWriter;
+import java.io.IOException;
+import java.nio.channels.FileChannel;
+import java.nio.channels.FileLock;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import javax.security.auth.spi.LoginModule;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.Callback;
+import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.security.realm.GenericSecurityRealm;
+
+/**
+ * Writes audit records to a file for all authentication activity. Currently
+ * doesn't perform too well; perhaps the file management should be centralized
+ * and the IO objects kept open across many requests. It would also be nice
+ * to write in a more convenient XML format.
+ *
+ * This module does not write any Principals into the Subject.
+ *
+ * To enable this login module, set your primary login module to REQUIRED or
+ * OPTIONAL, and list this module after it (with any setting).
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public class FileAuditLoginModule implements LoginModule {
+ public static final String LOG_FILE_OPTION = "file";
+ private final static DateFormat DATE_FORMAT = new SimpleDateFormat("MM/dd/yyyy HH:mm:ss");
+ private File logFile;
+ private CallbackHandler handler;
+ private String username;
+
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map sharedState, Map options) {
+ String name = (String) options.get(LOG_FILE_OPTION);
+ ServerInfo info = (ServerInfo) options.get(GenericSecurityRealm.SERVERINFO_LM_OPTION);
+ logFile = info.resolve(name);
+ handler = callbackHandler;
+ }
+
+ public boolean login() throws LoginException {
+ NameCallback user = new NameCallback("User name:");
+ Callback[] callbacks = new Callback[]{user};
+ try {
+ handler.handle(callbacks);
+ } catch (Exception e) {
+ throw new LoginException("Unable to process callback: "+e);
+ }
+ if(callbacks.length != 1) {
+ throw new IllegalStateException("Number of callbacks changed by server!");
+ }
+ user = (NameCallback) callbacks[0];
+ username = user.getName();
+ writeToFile("Authentication attempt");
+
+ return true;
+ }
+
+ private synchronized void writeToFile(String action) {
+ Date date = new Date();
+ try {
+ FileOutputStream out = new FileOutputStream(logFile, true);
+ FileChannel channel = out.getChannel();
+ FileLock lock = channel.lock(0, Long.MAX_VALUE, false);
+ PrintWriter writer = new PrintWriter(out, false);
+ writer.println(DATE_FORMAT.format(date)+" - "+action+" - "+username);
+ writer.flush();
+ writer.close();
+ lock.release();
+ } catch (IOException e) {
+ throw new RuntimeException("Unable to write to authentication log file", e);
+ }
+ }
+
+ public boolean commit() throws LoginException {
+ writeToFile("Authentication succeeded");
+ return true;
+ }
+
+ public boolean abort() throws LoginException {
+ if(username != null) { //work around initial "fake" login
+ writeToFile("Authentication failed");
+ username = null;
+ }
+ return true;
+ }
+
+ public boolean logout() throws LoginException {
+ writeToFile("Explicit logout");
+ username = null;
+ return true;
+ }
+}
Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoGroupPrincipal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoGroupPrincipal.java?view=auto&rev=106257
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoGroupPrincipal.java Mon Nov 22 18:03:22 2004
@@ -0,0 +1,67 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.security.realm.providers;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+/**
+ * A principal that represents a group for the login modules distributed
+ * with Geronimo. Custom login modules may use this if convenient or provide
+ * their own Principal implementations -- it doesn't matter.
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public class GeronimoGroupPrincipal implements Principal, Serializable {
+ private final String name;
+
+ public GeronimoGroupPrincipal(String name) {
+ this.name = name;
+ }
+
+ /**
+ * Compares this principal to the specified object. Returns true
+ * if the object passed in is a GeronimoGroupPrincipal with the
+ * same name.
+ */
+ public boolean equals(Object another) {
+ if (!(another instanceof GeronimoGroupPrincipal)) return false;
+
+ return ((GeronimoGroupPrincipal) another).name.equals(name);
+ }
+
+ /**
+ * Returns a string representation of this principal.
+ */
+ public String toString() {
+ return name;
+ }
+
+ /**
+ * Returns a hashcode for this principal.
+ */
+ public int hashCode() {
+ return name.hashCode();
+ }
+
+ /**
+ * Returns the name of this principal.
+ */
+ public String getName() {
+ return name;
+ }
+}
Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoUserPrincipal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoUserPrincipal.java?view=auto&rev=106257
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoUserPrincipal.java Mon Nov 22 18:03:22 2004
@@ -0,0 +1,67 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.security.realm.providers;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+/**
+ * A principal that represents a user for the login modules distributed
+ * with Geronimo. Custom login modules may use this if convenient or provide
+ * their own Principal implementations -- it doesn't matter.
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public class GeronimoUserPrincipal implements Principal, Serializable {
+ private final String name;
+
+ public GeronimoUserPrincipal(String name) {
+ this.name = name;
+ }
+
+ /**
+ * Compares this principal to the specified object. Returns true
+ * if the object passed in is a GeronimoUserPrincipal with the
+ * same name.
+ */
+ public boolean equals(Object another) {
+ if (!(another instanceof GeronimoUserPrincipal)) return false;
+
+ return ((GeronimoUserPrincipal) another).name.equals(name);
+ }
+
+ /**
+ * Returns a string representation of this principal.
+ */
+ public String toString() {
+ return name;
+ }
+
+ /**
+ * Returns a hashcode for this principal.
+ */
+ public int hashCode() {
+ return name.hashCode();
+ }
+
+ /**
+ * Returns the name of this principal.
+ */
+ public String getName() {
+ return name;
+ }
+}
Deleted: /geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileGroupPrincipal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileGroupPrincipal.java?view=auto&rev=106256
==============================================================================
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java Mon Nov 22 18:03:22 2004
@@ -26,6 +26,7 @@
import java.util.Map;
import java.util.Properties;
import java.util.Set;
+import java.util.HashMap;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -39,6 +40,7 @@
import org.apache.geronimo.common.GeronimoSecurityException;
import org.apache.geronimo.kernel.Kernel;
import org.apache.geronimo.security.realm.GenericSecurityRealm;
+import org.apache.geronimo.security.realm.DeploymentSupport;
import org.apache.geronimo.system.serverinfo.ServerInfo;
@@ -49,12 +51,12 @@
*
* @version $Rev$ $Date$
*/
-public class PropertiesFileLoginModule implements LoginModule {
+public class PropertiesFileLoginModule implements LoginModule, DeploymentSupport {
public final static String USERS_URI = "usersURI";
public final static String GROUPS_URI = "groupsURI";
private static Log log = LogFactory.getLog(PropertiesFileLoginModule.class);
final Properties users = new Properties();
- final Properties groups = new Properties();
+ final Map groups = new HashMap();
Subject subject;
CallbackHandler handler;
@@ -134,17 +136,17 @@
public boolean commit() throws LoginException {
Set principals = subject.getPrincipals();
- principals.add(new PropertiesFileUserPrincipal(username));
+ principals.add(new GeronimoUserPrincipal(username));
- Enumeration e = groups.keys();
- while (e.hasMoreElements()) {
- String groupName = (String) e.nextElement();
+ Iterator e = groups.keySet().iterator();
+ while (e.hasNext()) {
+ String groupName = (String) e.next();
Set users = (Set) groups.get(groupName);
Iterator iter = users.iterator();
while (iter.hasNext()) {
String user = (String) iter.next();
if (username.equals(user)) {
- principals.add(new PropertiesFileGroupPrincipal(groupName));
+ principals.add(new GeronimoGroupPrincipal(groupName));
break;
}
}
@@ -165,5 +167,38 @@
password = null;
return true;
+ }
+
+ /**
+ * Gets the names of all principal classes that may be populated into
+ * a Subject.
+ */
+ public String[] getPrincipalClassNames() {
+ return new String[]{GeronimoUserPrincipal.class.getName(), GeronimoGroupPrincipal.class.getName()};
+ }
+
+ /**
+ * Gets the names of all principal classes that should correspond to
+ * roles when automapping. This is a default, and may be overridden
+ * by specific values configured for the realm.
+ */
+ public String[] getAutoMapPrincipalClassNames() {
+ return new String[]{GeronimoGroupPrincipal.class.getName()};
+ }
+
+ /**
+ * Gets a list of all the principals of a particular type (identified by
+ * the principal class). These are available for manual role mapping.
+ */
+ public String[] getPrincipalsOfClass(String className) {
+ Set s;
+ if(className.equals(GeronimoGroupPrincipal.class.getName())) {
+ s = groups.keySet();
+ } else if(className.equals(GeronimoUserPrincipal.class.getName())) {
+ s = users.keySet();
+ } else {
+ throw new IllegalArgumentException("No such principal class "+className);
+ }
+ return (String[]) s.toArray(new String[s.size()]);
}
}
Deleted: /geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileUserPrincipal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileUserPrincipal.java?view=auto&rev=106256
==============================================================================
Deleted: /geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLGroupPrincipal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLGroupPrincipal.java?view=auto&rev=106256
==============================================================================
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java Mon Nov 22 18:03:22 2004
@@ -130,7 +130,7 @@
String userName = result.getString(2);
if (cbUsername.equals(userName)) {
- groups.add(new SQLGroupPrincipal(groupName));
+ groups.add(new GeronimoGroupPrincipal(groupName));
}
}
} finally {
@@ -151,7 +151,7 @@
public boolean commit() throws LoginException {
Set principals = subject.getPrincipals();
- principals.add(new SQLUserPrincipal(cbUsername));
+ principals.add(new GeronimoUserPrincipal(cbUsername));
Iterator iter = groups.iterator();
while (iter.hasNext()) {
principals.add(iter.next());
Deleted: /geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLUserPrincipal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLUserPrincipal.java?view=auto&rev=106256
==============================================================================
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java Mon Nov 22 18:03:22 2004
@@ -46,7 +46,7 @@
* @param realmName the security realm that the principal belongs go
* @return a RealmPrincipal from a deployment description
*/
- public static RealmPrincipal generateRealmPrincipal(final Principal principal, final String realmName) {
+ public static RealmPrincipal generateRealmPrincipal(final Principal principal, final String loginDomain, final String realmName) {
try {
return (RealmPrincipal) AccessController.doPrivileged(new PrivilegedExceptionAction() {
public Object run() throws Exception {
@@ -55,10 +55,14 @@
Constructor constructor = clazz.getDeclaredConstructor(new Class[]{String.class});
p = (java.security.Principal) constructor.newInstance(new Object[]{principal.getPrincipalName()});
- return new RealmPrincipal(realmName, p);
+ return new RealmPrincipal(loginDomain, p, realmName);
}
});
} catch (PrivilegedActionException e) {
+ e.printStackTrace();
+ if(e.getException() != null) {
+ e.getException().printStackTrace();
+ }
return null;
}
}
@@ -69,7 +73,7 @@
* @param realmName the security realm that the principal belongs go
* @return a RealmPrincipal from a deployment description
*/
- public static PrimaryRealmPrincipal generatePrimaryRealmPrincipal(final Principal principal, final String realmName) {
+ public static PrimaryRealmPrincipal generatePrimaryRealmPrincipal(final Principal principal, final String loginDomain, final String realmName) {
try {
return (PrimaryRealmPrincipal) AccessController.doPrivileged(new PrivilegedExceptionAction() {
public Object run() throws Exception {
@@ -78,10 +82,14 @@
Constructor constructor = clazz.getDeclaredConstructor(new Class[]{String.class});
p = (java.security.Principal) constructor.newInstance(new Object[]{principal.getPrincipalName()});
- return new PrimaryRealmPrincipal(realmName, p);
+ return new PrimaryRealmPrincipal(loginDomain, p, realmName);
}
});
} catch (PrivilegedActionException e) {
+ e.printStackTrace();
+ if(e.getException() != null) {
+ e.getException().printStackTrace();
+ }
return null;
}
}
Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java&r1=106256&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java (original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java Mon Nov 22 18:03:22 2004
@@ -69,6 +69,7 @@
testLoginModule = new ObjectName("geronimo.security:type=LoginModule,name=TestModule");
gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.bridge.TestLoginModule");
gbean.setAttribute("serverSide", new Boolean(true));
+ gbean.setAttribute("loginDomainName", "TestLoginDomain");
kernel.loadGBean(testLoginModule, gbean);
gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java&r1=106256&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java (original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java Mon Nov 22 18:03:22 2004
@@ -56,15 +56,24 @@
protected ObjectName serverStub;
public void test() throws Exception {
+ File log = new File("target/login-audit.log");
+ if(log.exists()) {
+ log.delete();
+ }
+ assertEquals("Audit file wasn't cleared", 0, log.length());
+
+
// First try with explicit configuration entry
LoginContext context = new LoginContext("properties-client", new AbstractTest.UsernamePasswordCallback("alan", "starcraft"));
context.login();
Subject subject = context.getSubject();
+ Subject clientSubject = subject;
assertTrue("expected non-null client subject", subject != null);
Set set = subject.getPrincipals(IdentificationPrincipal.class);
assertEquals("client subject should have one ID principal", set.size(), 1);
IdentificationPrincipal idp = (IdentificationPrincipal)set.iterator().next();
+ assertEquals(idp.getId(), idp.getId());
subject = ContextManager.getRegisteredSubject(idp.getId());
assertTrue("expected non-null server subject", subject != null);
@@ -78,6 +87,9 @@
context.logout();
+ assertNull(ContextManager.getRegisteredSubject(idp.getId()));
+ assertNull(ContextManager.getServerSideSubject(clientSubject));
+
assertTrue("id of subject should be null", ContextManager.getSubjectId(subject) == null);
// next try the automatic configuration entry
@@ -86,6 +98,11 @@
context.login();
subject = context.getSubject();
assertTrue("expected non-null client subject", subject != null);
+ set = subject.getPrincipals(IdentificationPrincipal.class);
+ assertEquals("client subject should have one ID principal", set.size(), 1);
+ IdentificationPrincipal idp2 = (IdentificationPrincipal)set.iterator().next();
+ assertNotSame(idp.getId(), idp2.getId());
+ assertEquals(idp2.getId(), idp2.getId());
subject = ContextManager.getServerSideSubject(subject);
assertTrue("expected non-null server subject", subject != null);
@@ -100,6 +117,8 @@
context.logout();
assertTrue("id of subject should be null", ContextManager.getSubjectId(subject) == null);
+
+ assertTrue("Audit file wasn't written to", log.length() > 0);
}
protected void setUp() throws Exception {
@@ -146,12 +165,23 @@
props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toURI().toString());
props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toURI().toString());
gbean.setAttribute("options", props);
+ gbean.setAttribute("loginDomainName", "TestProperties");
+ kernel.loadGBean(testCE, gbean);
+
+ gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
+ testCE = new ObjectName("geronimo.security:type=LoginModule,name=audit");
+ gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.FileAuditLoginModule");
+ gbean.setAttribute("serverSide", new Boolean(true));
+ props = new Properties();
+ props.put("file", "target/login-audit.log");
+ gbean.setAttribute("options", props);
kernel.loadGBean(testCE, gbean);
gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
testRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=properties-realm");
gbean.setAttribute("realmName", "properties-realm");
props = new Properties();
+ props.setProperty("LoginModule.2.OPTIONAL","geronimo.security:type=LoginModule,name=audit");
props.setProperty("LoginModule.1.REQUIRED","geronimo.security:type=LoginModule,name=properties");
gbean.setAttribute("loginModuleConfiguration", props);
gbean.setReferencePatterns("ServerInfo", Collections.singleton(serverInfo));
Added: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/DeploymentSupportTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/DeploymentSupportTest.java?view=auto&rev=106257
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/DeploymentSupportTest.java Mon Nov 22 18:03:22 2004
@@ -0,0 +1,169 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.security.jaas;
+
+import javax.management.ObjectName;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+import java.io.File;
+import java.util.Collections;
+import java.util.Properties;
+import java.util.Set;
+import java.util.List;
+import java.util.Arrays;
+
+import org.apache.geronimo.gbean.jmx.GBeanMBean;
+import org.apache.geronimo.security.AbstractTest;
+import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.IdentificationPrincipal;
+import org.apache.geronimo.security.RealmPrincipal;
+import org.apache.geronimo.security.realm.SecurityRealm;
+import org.apache.geronimo.security.realm.DeploymentSupport;
+import org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal;
+import org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal;
+import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.kernel.jmx.MBeanProxyFactory;
+import org.apache.geronimo.kernel.Kernel;
+
+/**
+ * Unit test for the DeploymentSupport features of security realms.
+ *
+ * @version $Rev: 105949 $ $Date: 2004-11-20 02:38:55 -0500 (Sat, 20 Nov 2004) $
+ */
+public class DeploymentSupportTest extends AbstractTest {
+
+ protected ObjectName serverInfo;
+ protected ObjectName loginConfiguration;
+ protected ObjectName clientLM;
+ protected ObjectName clientCE;
+ protected ObjectName testCE;
+ protected ObjectName testRealm;
+
+ public void setUp() throws Exception {
+ super.setUp();
+
+ GBeanMBean gbean;
+
+ gbean = new GBeanMBean(ServerInfo.GBEAN_INFO);
+ serverInfo = new ObjectName("geronimo.system:role=ServerInfo");
+ gbean.setAttribute("baseDirectory", ".");
+ kernel.loadGBean(serverInfo, gbean);
+ kernel.startGBean(serverInfo);
+
+ gbean = new GBeanMBean("org.apache.geronimo.security.jaas.GeronimoLoginConfiguration");
+ loginConfiguration = new ObjectName("geronimo.security:type=LoginConfiguration");
+ kernel.loadGBean(loginConfiguration, gbean);
+
+ gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
+ clientLM = new ObjectName("geronimo.security:type=LoginModule,name=properties-client");
+ gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.jaas.JaasLoginCoordinator");
+ gbean.setAttribute("serverSide", new Boolean(false));
+ Properties props = new Properties();
+ props.put("host", "localhost");
+ props.put("port", "4242");
+ props.put("realm", "properties-realm");
+ gbean.setAttribute("options", props);
+ kernel.loadGBean(clientLM, gbean);
+
+ gbean = new GBeanMBean("org.apache.geronimo.security.jaas.DirectConfigurationEntry");
+ clientCE = new ObjectName("geronimo.security:type=ConfigurationEntry,jaasId=properties-client");
+ gbean.setAttribute("applicationConfigName", "properties-client");
+ gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED);
+ gbean.setReferencePatterns("Module", Collections.singleton(clientLM));
+ kernel.loadGBean(clientCE, gbean);
+
+ gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
+ testCE = new ObjectName("geronimo.security:type=LoginModule,name=properties");
+ gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule");
+ gbean.setAttribute("serverSide", new Boolean(true));
+ props = new Properties();
+ props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toString());
+ props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toString());
+ gbean.setAttribute("options", props);
+ gbean.setAttribute("loginDomainName", "TestProperties");
+ kernel.loadGBean(testCE, gbean);
+
+ gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
+ testRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=properties-realm");
+ gbean.setAttribute("realmName", "properties-realm");
+ props = new Properties();
+ props.setProperty("LoginModule.1.REQUIRED","geronimo.security:type=LoginModule,name=properties");
+ gbean.setAttribute("loginModuleConfiguration", props);
+ gbean.setReferencePatterns("ServerInfo", Collections.singleton(serverInfo));
+ kernel.loadGBean(testRealm, gbean);
+
+ kernel.startGBean(loginConfiguration);
+ kernel.startGBean(clientLM);
+ kernel.startGBean(clientCE);
+ kernel.startGBean(testCE);
+ kernel.startGBean(testRealm);
+ }
+
+ public void tearDown() throws Exception {
+ kernel.stopGBean(testRealm);
+ kernel.stopGBean(testCE);
+ kernel.stopGBean(clientCE);
+ kernel.stopGBean(clientLM);
+ kernel.stopGBean(loginConfiguration);
+ kernel.stopGBean(serverInfo);
+
+ kernel.unloadGBean(testCE);
+ kernel.unloadGBean(testRealm);
+ kernel.unloadGBean(clientCE);
+ kernel.unloadGBean(clientLM);
+ kernel.unloadGBean(loginConfiguration);
+ kernel.unloadGBean(serverInfo);
+
+ super.tearDown();
+ }
+
+ public void testDeploymentSupport() throws Exception {
+ SecurityRealm realm = (SecurityRealm) MBeanProxyFactory.getProxy(SecurityRealm.class, kernel.getMBeanServer(), testRealm);
+ String[] domains = realm.getLoginDomains();
+ assertEquals(1, domains.length);
+ DeploymentSupport deployment = realm.getDeploymentSupport(domains[0]);
+ assertNotNull(deployment);
+ String[] classes = deployment.getPrincipalClassNames();
+ assertEquals(2, classes.length);
+ if(classes[0].equals(GeronimoUserPrincipal.class.getName())) {
+ assertEquals(GeronimoGroupPrincipal.class.getName(), classes[1]);
+ } else if(classes[1].equals(GeronimoUserPrincipal.class.getName())) {
+ assertEquals(GeronimoGroupPrincipal.class.getName(), classes[0]);
+ } else {
+ fail("Unexpected principal class names "+classes[0]+" / "+classes[1]);
+ }
+ String[] names = deployment.getPrincipalsOfClass(GeronimoUserPrincipal.class.getName());
+ assertEquals(5, names.length);
+ List list = Arrays.asList(names);
+ assertTrue(list.contains("izumi"));
+ assertTrue(list.contains("alan"));
+ assertTrue(list.contains("george"));
+ assertTrue(list.contains("gracie"));
+ assertTrue(list.contains("metro"));
+ names = deployment.getPrincipalsOfClass(GeronimoGroupPrincipal.class.getName());
+ assertEquals(5, names.length);
+ list = Arrays.asList(names);
+ assertTrue(list.contains("manager"));
+ assertTrue(list.contains("it"));
+ assertTrue(list.contains("pet"));
+ assertTrue(list.contains("dog"));
+ assertTrue(list.contains("cat"));
+ String[] map = deployment.getAutoMapPrincipalClassNames();
+ assertEquals(1, map.length);
+ assertEquals(GeronimoGroupPrincipal.class.getName(), map[0]);
+ }
+}
Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java&r1=106256&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java (original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java Mon Nov 22 18:03:22 2004
@@ -31,7 +31,13 @@
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.security.IdentificationPrincipal;
import org.apache.geronimo.security.RealmPrincipal;
+import org.apache.geronimo.security.realm.SecurityRealm;
+import org.apache.geronimo.security.realm.DeploymentSupport;
+import org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal;
+import org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal;
import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.kernel.jmx.MBeanProxyFactory;
+import org.apache.geronimo.kernel.Kernel;
/**
@@ -91,6 +97,7 @@
props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toURI().toString());
props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toURI().toString());
gbean.setAttribute("options", props);
+ gbean.setAttribute("loginDomainName", "TestProperties");
kernel.loadGBean(testCE, gbean);
gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
@@ -133,18 +140,22 @@
context.login();
Subject subject = context.getSubject();
- assertTrue("expected non-null client subject", subject != null);
- Set set = subject.getPrincipals(IdentificationPrincipal.class);
- assertEquals("client subject should have one ID principal", set.size(), 1);
- IdentificationPrincipal idp = (IdentificationPrincipal)set.iterator().next();
- subject = ContextManager.getRegisteredSubject(idp.getId());
- assertTrue("expected non-null server subject", subject != null);
- assertTrue("server subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1);
+ assertTrue("expected non-null subject", subject != null);
+ assertTrue("subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1);
IdentificationPrincipal remote = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
- assertTrue("server subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null);
- assertTrue("server subject should have five principals", subject.getPrincipals().size() == 5);
- assertTrue("server subject should have two realm principal", subject.getPrincipals(RealmPrincipal.class).size() == 2);
+ assertTrue("subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null);
+ assertEquals("subject should have three principals ("+subject.getPrincipals().size()+")", 3, subject.getPrincipals().size());
+ assertEquals("subject should have no realm principals ("+subject.getPrincipals(RealmPrincipal.class).size()+")", 0, subject.getPrincipals(RealmPrincipal.class).size());
+
+ subject = ContextManager.getServerSideSubject(subject);
+
+ assertTrue("expected non-null subject", subject != null);
+ assertTrue("subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1);
+ remote = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
+ assertTrue("subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null);
+ assertEquals("subject should have five principals ("+subject.getPrincipals().size()+")", 5, subject.getPrincipals().size());
+ assertEquals("subject should have two realm principals ("+subject.getPrincipals(RealmPrincipal.class).size()+")", 2, subject.getPrincipals(RealmPrincipal.class).size());
RealmPrincipal principal = (RealmPrincipal) subject.getPrincipals(RealmPrincipal.class).iterator().next();
assertTrue("id of principal should be non-zero", principal.getId() != 0);
Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java&r1=106256&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java (original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java Mon Nov 22 18:03:22 2004
@@ -93,6 +93,7 @@
props.put("userSelect", "SELECT UserName, Password FROM Users");
props.put("groupSelect", "SELECT GroupName, UserName FROM Groups");
gbean.setAttribute("options", props);
+ gbean.setAttribute("loginDomainName", "SQLDomain");
kernel.loadGBean(sqlModule, gbean);
kernel.startGBean(sqlModule);
Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java&r1=106256&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java (original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java Mon Nov 22 18:03:22 2004
@@ -113,6 +113,7 @@
props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toURI().toString());
props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toURI().toString());
gbean.setAttribute("options", props);
+ gbean.setAttribute("loginDomainName", "PropertiesDomain");
kernel.loadGBean(testCE, gbean);
gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java&r1=106256&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java (original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java Mon Nov 22 18:03:22 2004
@@ -285,6 +285,7 @@
props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toURI().toString());
props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toURI().toString());
gbean.setAttribute("options", props);
+ gbean.setAttribute("loginDomainName", "PropertiesDomain");
kernel.loadGBean(testCE, gbean);
gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");