Author: adc
Date: Fri Nov 12 13:25:29 2004
New Revision: 57542
Modified:
geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java
geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityService.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Role.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
Log:
Intermediate checkin
http://nagoya.apache.org/jira/browse/GERONIMO-454
Modified:
geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
==============================================================================
---
geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
(original)
+++
geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
Fri Nov 12 13:25:29 2004
@@ -17,6 +17,9 @@
package org.apache.geronimo.jetty.deployment;
+import javax.management.MalformedObjectNameException;
+import javax.management.ObjectName;
+import javax.transaction.UserTransaction;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
@@ -25,12 +28,14 @@
import java.net.URISyntaxException;
import java.net.URL;
import java.util.Enumeration;
+import java.util.HashSet;
import java.util.LinkedList;
+import java.util.Set;
import java.util.jar.JarFile;
import java.util.zip.ZipEntry;
-import javax.management.MalformedObjectNameException;
-import javax.management.ObjectName;
-import javax.transaction.UserTransaction;
+
+import org.apache.xmlbeans.XmlException;
+import org.apache.xmlbeans.XmlObject;
import org.apache.geronimo.deployment.DeploymentException;
import org.apache.geronimo.deployment.service.GBeanHelper;
@@ -61,13 +66,12 @@
import org.apache.geronimo.xbeans.geronimo.jetty.JettyWebAppType;
import org.apache.geronimo.xbeans.j2ee.FilterMappingType;
import org.apache.geronimo.xbeans.j2ee.SecurityConstraintType;
+import org.apache.geronimo.xbeans.j2ee.SecurityRoleType;
import org.apache.geronimo.xbeans.j2ee.ServletMappingType;
import org.apache.geronimo.xbeans.j2ee.UrlPatternType;
import org.apache.geronimo.xbeans.j2ee.WebAppDocument;
import org.apache.geronimo.xbeans.j2ee.WebAppType;
import org.apache.geronimo.xbeans.j2ee.WebResourceCollectionType;
-import org.apache.xmlbeans.XmlException;
-import org.apache.xmlbeans.XmlObject;
/**
@@ -296,7 +300,7 @@
UserTransaction userTransaction = new OnlineUserTransaction();
ReadOnlyContext compContext = buildComponentContext(earContext,
webModule, webApp, jettyWebApp, userTransaction, webClassLoader);
- Security security =
SecurityBuilder.buildSecurityConfig(jettyWebApp.getSecurity());
+ Security security =
SecurityBuilder.buildSecurityConfig(jettyWebApp.getSecurity(),
collectRoleNames(webApp));
GBeanMBean gbean;
try {
@@ -334,6 +338,17 @@
}
earContext.addGBean(webModuleName, gbean);
return null;
+ }
+
+ private static Set collectRoleNames(WebAppType webApp) {
+ Set roleNames = new HashSet();
+
+ SecurityRoleType[] securityRoles = webApp.getSecurityRoleArray();
+ for (int i=0; i<securityRoles.length; i++) {
+ roleNames.add(securityRoles[i].getRoleName().getStringValue());
+ }
+
+ return roleNames;
}
private static URI[] getWebClassPath(EARContext earContext, WebModule
webModule) {
Modified:
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
==============================================================================
---
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
(original)
+++
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
Fri Nov 12 13:25:29 2004
@@ -51,6 +51,7 @@
import org.apache.geronimo.security.PrimaryRealmPrincipal;
import org.apache.geronimo.security.RealmPrincipal;
import org.apache.geronimo.security.SubjectId;
+import org.apache.geronimo.security.SecurityService;
import org.apache.geronimo.security.realm.SecurityRealm;
import org.apache.geronimo.security.deploy.DefaultPrincipal;
import org.apache.geronimo.security.deploy.Security;
@@ -86,6 +87,7 @@
private final Kernel kernel;
private final String policyContextID;
private final Security securityConfig;
+ private SecurityService securityService;
private final JAASJettyPrincipal defaultPrincipal;
private PolicyConfigurationFactory factory;
@@ -156,6 +158,14 @@
return securityConfig;
}
+ public SecurityService getSecurityService() {
+ return securityService;
+ }
+
+ public void setSecurityService(SecurityService securityService) {
+ this.securityService = securityService;
+ }
+
public Subject getRoleDesignate(String roleName) {
return (Subject) roleDesignates.get(roleName);
}
@@ -537,6 +547,7 @@
infoFactory.addAttribute("kernel", Kernel.class, false);
infoFactory.addAttribute("policyContextID", String.class, true);
infoFactory.addAttribute("securityConfig", Security.class, true);
+ infoFactory.addReference("SecurityService", SecurityService.class);
infoFactory.setConstructor(new String[]{
"kernel",
Modified:
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java
==============================================================================
---
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java
(original)
+++
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java
Fri Nov 12 13:25:29 2004
@@ -383,7 +383,7 @@
JettyWebAppJACCContext context = (JettyWebAppJACCContext)
getWebApplicationContext();
- Iterator rollMappings = security.getRoleMappings().iterator();
+ Iterator rollMappings = security.getRoleMappings().values().iterator();
while (rollMappings.hasNext()) {
Role role = (Role) rollMappings.next();
String roleName = role.getRoleName();
@@ -393,7 +393,7 @@
Subject roleDesignate = new Subject();
- Iterator realms = role.getRealms().iterator();
+ Iterator realms = role.getRealms().values().iterator();
while (realms.hasNext()) {
Realm realm = (Realm) realms.next();
Modified:
geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
==============================================================================
---
geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
(original)
+++
geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
Fri Nov 12 13:25:29 2004
@@ -61,9 +61,9 @@
Realm realm = new Realm();
realm.setRealmName("demo-properties-realm");
realm.getPrincipals().add(principal);
- role.getRealms().add(realm);
+ role.getRealms().put(realm.getRealmName(), realm);
- securityConfig.getRoleMappings().add(role);
+ securityConfig.getRoleMappings().put(role.getRoleName(), role);
startWebApp(securityConfig);
@@ -110,6 +110,7 @@
app.setAttribute("contextPriorityClassLoader", Boolean.FALSE);
app.setAttribute("configurationBaseUrl",
Thread.currentThread().getContextClassLoader().getResource("deployables/"));
app.setAttribute("securityConfig", securityConfig);
+ app.setReferencePattern("SecurityService", securityServiceName);
app.setAttribute("policyContextID", "TEST");
app.setAttribute("contextPath", "/test");
Modified:
geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java
==============================================================================
---
geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java
(original)
+++
geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java
Fri Nov 12 13:25:29 2004
@@ -16,6 +16,8 @@
*/
package org.apache.geronimo.security.deployment;
+import java.util.Set;
+
import org.apache.geronimo.security.deploy.AutoMapAssistant;
import org.apache.geronimo.security.deploy.DefaultPrincipal;
import org.apache.geronimo.security.deploy.Principal;
@@ -37,7 +39,7 @@
*/
public class SecurityBuilder {
- public static Security buildSecurityConfig(GerSecurityType securityType) {
+ public static Security buildSecurityConfig(GerSecurityType securityType,
Set roleNames) {
Security security = null;
if (securityType != null) {
@@ -73,10 +75,10 @@
realm.getPrincipals().add(buildPrincipal(realmType.getPrincipalArray(k)));
}
- role.getRealms().add(realm);
+ role.getRealms().put(realm.getRealmName(), realm);
}
- security.getRoleMappings().add(role);
+ security.getRoleMappings().put(role.getRoleName(), role);
}
}
@@ -93,6 +95,8 @@
security.setAssistant(assistant);
}
+
+ security.getRoleNames().addAll(roleNames);
}
return security;
@@ -107,5 +111,4 @@
return principal;
}
-
}
Modified:
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityService.java
==============================================================================
---
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityService.java
(original)
+++
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityService.java
Fri Nov 12 13:25:29 2004
@@ -19,6 +19,7 @@
import java.util.Collection;
import java.util.Collections;
+import java.util.Iterator;
import java.security.Policy;
import javax.management.ObjectName;
import javax.security.jacc.PolicyContextException;
@@ -123,6 +124,15 @@
this.moduleConfigurations = moduleConfigurations;
}
+ public SecurityRealm getRealm(String name) {
+ for (Iterator iter = realms.iterator(); iter.hasNext();) {
+ SecurityRealm realm = (SecurityRealm) iter.next();
+ if (name.equals(realm.getRealmName())) {
+ return realm;
+ }
+ }
+ return null;
+ }
public void doStart() throws WaitingException, Exception {
PolicyConfigurationFactory factory =
PolicyConfigurationFactory.getPolicyConfigurationFactory();
@@ -148,6 +158,7 @@
infoFactory.addReference("Realms", SecurityRealm.class);
infoFactory.addReference("ModuleConfigurations",
ModuleConfiguration.class);
+ infoFactory.addOperation("getRealm", new Class[]{String.class});
infoFactory.setConstructor(new String[]{"policyConfigurationFactory"});
Modified:
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Role.java
==============================================================================
---
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Role.java
(original)
+++
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Role.java
Fri Nov 12 13:25:29 2004
@@ -17,8 +17,8 @@
package org.apache.geronimo.security.deploy;
import java.io.Serializable;
-import java.util.HashSet;
-import java.util.Set;
+import java.util.HashMap;
+import java.util.Map;
/**
@@ -27,7 +27,7 @@
public class Role implements Serializable {
private String roleName;
- private Set realms = new HashSet();
+ private Map realms = new HashMap();
public String getRoleName() {
return roleName;
@@ -37,7 +37,16 @@
this.roleName = roleName;
}
- public Set getRealms() {
+ public Map getRealms() {
return realms;
+ }
+
+ public void append(Realm realm) {
+ if (realms.containsKey(realm.getRealmName())) {
+ Realm existing = (Realm) realms.get(realm.getRealmName());
+ existing.getPrincipals().addAll(realm.getPrincipals());
+ } else {
+ realms.put(realm.getRealmName(), realm);
+ }
}
}
Modified:
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
==============================================================================
---
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
(original)
+++
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
Fri Nov 12 13:25:29 2004
@@ -17,9 +17,15 @@
package org.apache.geronimo.security.deploy;
import java.io.Serializable;
+import java.util.HashMap;
import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
import java.util.Set;
+import org.apache.geronimo.security.SecurityService;
+import org.apache.geronimo.security.realm.SecurityRealm;
+
/**
* @version $Rev$ $Date$
@@ -30,9 +36,13 @@
private boolean useContextHandler;
private String defaultRole;
private DefaultPrincipal defaultPrincipal;
- private Set roleMappings = new HashSet();
+ private Map roleMappings = new HashMap();
+ private Set roleNames = new HashSet();
private AutoMapAssistant assistant;
+ public Security() {
+ }
+
public boolean isDoAsCurrentCaller() {
return doAsCurrentCaller;
}
@@ -65,15 +75,77 @@
this.defaultPrincipal = defaultPrincipal;
}
- public Set getRoleMappings() {
+ public Map getRoleMappings() {
return roleMappings;
}
+ public Set getRoleNames() {
+ return roleNames;
+ }
+
public AutoMapAssistant getAssistant() {
return assistant;
}
public void setAssistant(AutoMapAssistant assistant) {
this.assistant = assistant;
+ }
+
+ public void append(Role role) {
+ if (roleMappings.containsKey(role.getRoleName())) {
+ Role existing = (Role) roleMappings.get(role.getRoleName());
+ for (Iterator iter = role.getRealms().keySet().iterator();
iter.hasNext();) {
+ existing.append((Realm) iter.next());
+ }
+ } else {
+ roleMappings.put(role.getRoleName(), role);
+ }
+ }
+
+ public void autoGenerate(SecurityService secyrityService) {
+ if (secyrityService == null) return;
+ if (assistant == null) return;
+
+ String realmName = assistant.getSecurityRealm();
+ SecurityRealm securityRealm = secyrityService.getRealm(realmName);
+ if (securityRealm == null || !(securityRealm instanceof
AutoMapAssistant)) return;
+ org.apache.geronimo.security.realm.AutoMapAssistant autoMapAssistant =
(org.apache.geronimo.security.realm.AutoMapAssistant) securityRealm;
+
+ /**
+ * Append roles
+ */
+ for (Iterator iter = roleNames.iterator(); iter.hasNext();) {
+ String roleName = (String) iter.next();
+ Role role = new Role();
+
+ role.setRoleName(roleName);
+
+ Realm realm = new Realm();
+
+ realm.setRealmName(assistant.getSecurityRealm());
+
+ for (Iterator principalClasses =
autoMapAssistant.obtainRolePrincipalClasses().iterator();
principalClasses.hasNext();) {
+ Principal principal = new Principal();
+
+ principal.setClassName((String) principalClasses.next());
+ principal.setPrincipalName(roleName);
+ principal.setDesignatedRunAs(true);
+
+ realm.getPrincipals().add(principal);
+ }
+ role.append(realm);
+
+ append(role);
+ }
+
+ /**
+ * Add default principal
+ */
+ if (defaultPrincipal != null) return;
+
+ defaultPrincipal = new DefaultPrincipal();
+
+
defaultPrincipal.setPrincipal(autoMapAssistant.obtainDefaultPrincipal());
+ defaultPrincipal.setRealmName(realmName);
}
}
