Author: jgallimore
Date: Mon Aug 22 20:35:23 2011
New Revision: 1160418
URL: http://svn.apache.org/viewvc?rev=1160418&view=rev
Log:
Add security and work contexts to connector support
Added:
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/ConnectorCallbackHandler.java
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityContextHandler.java
Modified:
openejb/trunk/openejb3/assembly/openejb-tomcat/openejb-tomcat-catalina/src/main/java/org/apache/openejb/tomcat/catalina/TomcatWebAppBuilder.java
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/Assembler.java
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/transaction/SimpleBootstrapContext.java
Modified:
openejb/trunk/openejb3/assembly/openejb-tomcat/openejb-tomcat-catalina/src/main/java/org/apache/openejb/tomcat/catalina/TomcatWebAppBuilder.java
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb3/assembly/openejb-tomcat/openejb-tomcat-catalina/src/main/java/org/apache/openejb/tomcat/catalina/TomcatWebAppBuilder.java?rev=1160418&r1=1160417&r2=1160418&view=diff
==============================================================================
---
openejb/trunk/openejb3/assembly/openejb-tomcat/openejb-tomcat-catalina/src/main/java/org/apache/openejb/tomcat/catalina/TomcatWebAppBuilder.java
(original)
+++
openejb/trunk/openejb3/assembly/openejb-tomcat/openejb-tomcat-catalina/src/main/java/org/apache/openejb/tomcat/catalina/TomcatWebAppBuilder.java
Mon Aug 22 20:35:23 2011
@@ -321,6 +321,8 @@ public class TomcatWebAppBuilder impleme
@Override
public void start(StandardContext standardContext) {
if (isIgnored(standardContext)) return;
+
+ CoreContainerSystem cs = getContainerSystem();
Assembler a = getAssembler();
if (a == null) {
@@ -346,6 +348,13 @@ public class TomcatWebAppBuilder impleme
}
}
}
+
+ if (appContext == null) {
+ String contextRoot = standardContext.getName();
+ if (contextRoot.startsWith("/")) {
+ contextRoot = contextRoot.replaceAll("^/+", "");
+ }
+ }
contextInfo.standardContext = standardContext;
@@ -355,6 +364,11 @@ public class TomcatWebAppBuilder impleme
for (WebAppInfo w : contextInfo.appInfo.webApps) {
if (("/" + w.contextRoot).equals(standardContext.getPath()) ||
isRootApplication(standardContext)) {
webAppInfo = w;
+
+ if (appContext == null) {
+ appContext =
cs.getAppContext(contextInfo.appInfo.appId);
+ }
+
break;
}
}
@@ -380,7 +394,7 @@ public class TomcatWebAppBuilder impleme
webContext.setClassLoader(standardContext.getLoader().getClassLoader());
webContext.getInjections().addAll(injections);
appContext.getWebContexts().add(webContext);
- getContainerSystem().addWebContext(webContext);
+ cs.addWebContext(webContext);
} catch (Exception e) {
logger.error("Error merging OpenEJB JNDI entries in to war " +
standardContext.getPath() + ": Exception: " + e.getMessage(), e);
}
Modified:
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/Assembler.java
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/Assembler.java?rev=1160418&r1=1160417&r2=1160418&view=diff
==============================================================================
---
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/Assembler.java
(original)
+++
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/Assembler.java
Mon Aug 22 20:35:23 2011
@@ -16,7 +16,59 @@
*/
package org.apache.openejb.assembler.classic;
+import java.io.File;
+import java.io.IOException;
+import java.lang.instrument.ClassFileTransformer;
+import java.lang.instrument.Instrumentation;
+import java.lang.management.ManagementFactory;
+import java.lang.reflect.Method;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Properties;
+import java.util.Set;
+import java.util.TreeMap;
+import java.util.concurrent.Executor;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ThreadFactory;
+import java.util.concurrent.atomic.AtomicInteger;
+
+import javax.management.InstanceNotFoundException;
+import javax.management.MBeanRegistrationException;
+import javax.management.MBeanServer;
+import javax.management.MalformedObjectNameException;
+import javax.management.ObjectName;
+import javax.naming.Binding;
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.naming.NameAlreadyBoundException;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.persistence.EntityManagerFactory;
+import javax.resource.spi.BootstrapContext;
+import javax.resource.spi.ConnectionManager;
+import javax.resource.spi.ManagedConnectionFactory;
+import javax.resource.spi.ResourceAdapter;
+import javax.resource.spi.ResourceAdapterInternalException;
+import javax.resource.spi.XATerminator;
+import javax.resource.spi.work.WorkManager;
+import javax.transaction.TransactionManager;
+import javax.transaction.TransactionSynchronizationRegistry;
+import javax.validation.ValidationException;
+import javax.validation.ValidatorFactory;
+
+import org.apache.geronimo.connector.GeronimoBootstrapContext;
import org.apache.geronimo.connector.work.GeronimoWorkManager;
+import org.apache.geronimo.connector.work.HintsContextHandler;
import org.apache.geronimo.connector.work.TransactionContextHandler;
import org.apache.geronimo.connector.work.WorkContextHandler;
import org.apache.geronimo.transaction.manager.GeronimoTransactionManager;
@@ -42,6 +94,7 @@ import org.apache.openejb.core.Transacti
import org.apache.openejb.core.WebContext;
import org.apache.openejb.core.ivm.naming.IvmContext;
import org.apache.openejb.core.ivm.naming.IvmJndiFactory;
+import org.apache.openejb.core.security.SecurityContextHandler;
import org.apache.openejb.core.timer.EjbTimerServiceImpl;
import org.apache.openejb.core.timer.NullEjbTimerServiceImpl;
import org.apache.openejb.core.timer.ScheduleData;
@@ -1345,7 +1398,19 @@ public class Assembler extends Assembler
if (transactionManager instanceof GeronimoTransactionManager) {
GeronimoTransactionManager geronimoTransactionManager =
(GeronimoTransactionManager) transactionManager;
TransactionContextHandler txWorkContextHandler = new
TransactionContextHandler(geronimoTransactionManager);
- workManager = new GeronimoWorkManager(threadPool, threadPool,
threadPool,
Collections.<WorkContextHandler>singletonList(txWorkContextHandler));
+
+ // use id as default realm name if realm is not specified in
service properties
+ String securityRealmName =
getStringProperty(serviceInfo.properties, "realm", serviceInfo.id);
+
+ SecurityContextHandler securityContextHandler = new
SecurityContextHandler(securityRealmName);
+ HintsContextHandler hintsContextHandler = new
HintsContextHandler();
+
+ Collection<WorkContextHandler> workContextHandlers = new
ArrayList<WorkContextHandler>();
+ workContextHandlers.add(txWorkContextHandler);
+ workContextHandlers.add(securityContextHandler);
+ workContextHandlers.add(hintsContextHandler);
+
+ workManager = new GeronimoWorkManager(threadPool, threadPool,
threadPool, workContextHandlers);
} else {
workManager = new SimpleWorkManager(threadPool);
}
@@ -1353,7 +1418,9 @@ public class Assembler extends Assembler
// BootstrapContext: wraps the WorkMananger and XATerminator
BootstrapContext bootstrapContext;
- if (transactionManager instanceof XATerminator) {
+ if (transactionManager instanceof GeronimoTransactionManager) {
+ bootstrapContext = new
GeronimoBootstrapContext((GeronimoWorkManager)workManager,
(GeronimoTransactionManager)transactionManager,
(GeronimoTransactionManager)transactionManager);
+ } else if (transactionManager instanceof XATerminator) {
bootstrapContext = new SimpleBootstrapContext(workManager,
(XATerminator) transactionManager);
} else {
bootstrapContext = new SimpleBootstrapContext(workManager);
@@ -1361,7 +1428,7 @@ public class Assembler extends Assembler
// start the resource adapter
try {
- logger.debug("createResource.startingResourceAdapter",
serviceInfo.id, service.getClass().getName());
+ logger.debug("createResource.startingResourceAdapter",
serviceInfo.id, service.getClass().getName());
resourceAdapter.start(bootstrapContext);
} catch (ResourceAdapterInternalException e) {
throw new OpenEJBException(e);
@@ -1423,7 +1490,7 @@ public class Assembler extends Assembler
}
private int getIntProperty(Properties properties, String propertyName, int
defaultValue) {
- String propertyValue = properties.getProperty(propertyName);
+ String propertyValue = getStringProperty(properties, propertyName,
Integer.toString(defaultValue));
if (propertyValue == null) {
return defaultValue;
}
@@ -1434,6 +1501,15 @@ public class Assembler extends Assembler
}
}
+ private String getStringProperty(Properties properties, String
propertyName, String defaultValue) {
+ String propertyValue = properties.getProperty(propertyName);
+ if (propertyValue == null) {
+ return defaultValue;
+ }
+
+ return propertyValue;
+ }
+
public void createConnectionManager(ConnectionManagerInfo serviceInfo)
throws OpenEJBException {
ObjectRecipe serviceRecipe = createRecipe(serviceInfo);
Added:
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/ConnectorCallbackHandler.java
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/ConnectorCallbackHandler.java?rev=1160418&view=auto
==============================================================================
---
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/ConnectorCallbackHandler.java
(added)
+++
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/ConnectorCallbackHandler.java
Mon Aug 22 20:35:23 2011
@@ -0,0 +1,85 @@
+package org.apache.openejb.core.security;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.CertStoreCallback;
+import javax.security.auth.message.callback.GroupPrincipalCallback;
+import javax.security.auth.message.callback.PasswordValidationCallback;
+import javax.security.auth.message.callback.PrivateKeyCallback;
+import javax.security.auth.message.callback.SecretKeyCallback;
+import javax.security.auth.message.callback.TrustStoreCallback;
+
+import org.apache.openejb.loader.SystemInstance;
+import org.apache.openejb.spi.SecurityService;
+
+/**
+ * Spec 16.4.1: must support CallerPrincipalCallback, GroupPrincipalCallback,
PasswordValidationCallback. Recommended to support CertStoreCallback,
PrivateKeyCallback, SecretKeyCallback, and TrustStoreCallback.
+ *
+ * @version $Rev: 925911 $ $Date: 2010-03-21 22:03:35 +0000 (Sun, 21 Mar 2010)
$
+ */
+public class ConnectorCallbackHandler implements CallbackHandler {
+
+ private Principal callerPrincipal;
+ private String[] groupsArray;
+ private final String securityRealmName;
+
+ public ConnectorCallbackHandler(String securityRealmName) {
+ this.securityRealmName = securityRealmName;
+ }
+
+ public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
+ for (Callback callback : callbacks) {
+ // jaspi to server communication
+ if (callback instanceof CallerPrincipalCallback) {
+ callerPrincipal = ((CallerPrincipalCallback)
callback).getPrincipal();
+ } else if (callback instanceof GroupPrincipalCallback) {
+ groupsArray = ((GroupPrincipalCallback)
callback).getGroups();
+ } else if (callback instanceof
PasswordValidationCallback) {
+ PasswordValidationCallback
passwordValidationCallback = (PasswordValidationCallback) callback;
+ Subject subject =
passwordValidationCallback.getSubject();
+ final String userName =
passwordValidationCallback.getUsername();
+ final char[] password =
passwordValidationCallback.getPassword();
+
+ SecurityService securityService =
SystemInstance.get().getComponent(SecurityService.class);
+ try {
+ Object loginObj =
securityService.login(securityRealmName, userName, password == null ? "" : new
String(password));
+ securityService.associate(loginObj);
+ callerPrincipal =
securityService.getCallerPrincipal();
+
passwordValidationCallback.setResult(true);
+ } catch (LoginException e) {
+
passwordValidationCallback.setResult(false);
+ }
+ }
+ // server to jaspi communication
+ // TODO implement these
+ else if (callback instanceof CertStoreCallback) {
+
+ } else if (callback instanceof PrivateKeyCallback) {
+
+ } else if (callback instanceof SecretKeyCallback) {
+
+ } else if (callback instanceof TrustStoreCallback) {
+
+ } else {
+ throw new
UnsupportedCallbackException(callback);
+ }
+ }
+ }
+
+ public Principal getCallerPrincipal() {
+ return callerPrincipal;
+ }
+
+ public List<String> getGroups() {
+ return groupsArray == null ? null : Arrays.asList(groupsArray);
+ }
+}
\ No newline at end of file
Added:
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityContextHandler.java
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityContextHandler.java?rev=1160418&view=auto
==============================================================================
---
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityContextHandler.java
(added)
+++
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityContextHandler.java
Mon Aug 22 20:35:23 2011
@@ -0,0 +1,50 @@
+package org.apache.openejb.core.security;
+
+import javax.resource.spi.work.SecurityContext;
+import javax.resource.spi.work.WorkCompletedException;
+import javax.resource.spi.work.WorkContext;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+
+import org.apache.geronimo.connector.work.WorkContextHandler;
+import org.apache.openejb.loader.SystemInstance;
+import org.apache.openejb.spi.SecurityService;
+
+public class SecurityContextHandler implements
WorkContextHandler<SecurityContext>{
+
+ private ConnectorCallbackHandler callbackHandler;
+ private final String securityRealmName;
+
+ public SecurityContextHandler(String securityRealmName) {
+ this.securityRealmName = securityRealmName;
+ }
+
+ public void before(SecurityContext securityContext) throws
WorkCompletedException {
+ if (securityContext != null) {
+ callbackHandler = new ConnectorCallbackHandler(securityRealmName);
+
+ Subject clientSubject = new Subject();
+ securityContext.setupSecurityContext(callbackHandler,
clientSubject, null);
+ }
+ }
+
+ public void after(SecurityContext securityContext) throws
WorkCompletedException {
+ SecurityService securityService =
SystemInstance.get().getComponent(SecurityService.class);
+ Object loginObj = securityService.disassociate();
+ if (loginObj != null) {
+ try {
+ securityService.logout(loginObj);
+ } catch (LoginException e) {
+ }
+ }
+ }
+
+ public boolean supports(Class<? extends WorkContext> clazz) {
+ return SecurityContext.class.isAssignableFrom(clazz);
+ }
+
+ public boolean required() {
+ return false;
+ }
+
+}
Modified:
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/transaction/SimpleBootstrapContext.java
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/transaction/SimpleBootstrapContext.java?rev=1160418&r1=1160417&r2=1160418&view=diff
==============================================================================
---
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/transaction/SimpleBootstrapContext.java
(original)
+++
openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/transaction/SimpleBootstrapContext.java
Mon Aug 22 20:35:23 2011
@@ -24,6 +24,8 @@ import javax.resource.spi.work.WorkConte
import javax.resource.spi.work.WorkManager;
import javax.transaction.TransactionSynchronizationRegistry;
+import org.apache.geronimo.connector.work.GeronimoWorkManager;
+
public class SimpleBootstrapContext implements BootstrapContext {
private final WorkManager workManager;
private final XATerminator xaTerminator;
@@ -58,8 +60,12 @@ public class SimpleBootstrapContext impl
return null;
}
- public boolean isContextSupported(Class<? extends WorkContext> arg0) {
- // TODO: add work context support
+ public boolean isContextSupported(Class<? extends WorkContext> cls) {
+ if (workManager instanceof GeronimoWorkManager) {
+ GeronimoWorkManager geronimoWorkManager = (GeronimoWorkManager)
workManager;
+ return geronimoWorkManager.isContextSupported(cls);
+ }
+
return false;
}
}
