Author: adc Date: Sun Nov 21 12:06:12 2004 New Revision: 106110 Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryFactory.java Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java Log: Replace the static registration with GeronimoLoginConfiguration with an IOC assignment of each security realm to the GLC
http://nagoya.apache.org/jira/browse/GERONIMO-489 Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml?view=diff&rev=106110&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r1=106109&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r2=106110 ============================================================================== --- geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml (original) +++ geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml Sun Nov 21 12:06:12 2004 @@ -127,7 +127,12 @@ </gbean> <!-- Register GeronimoLoginConfiguration as the LoginConfiguration handler --> - <gbean name="geronimo.security:type=LoginConfiguration" class="org.apache.geronimo.security.jaas.GeronimoLoginConfiguration"/> + <gbean name="geronimo.security:type=LoginConfiguration" class="org.apache.geronimo.security.jaas.GeronimoLoginConfiguration"> + <references name="Configurations"> + <pattern>geronimo.security:type=SecurityRealm,*</pattern> + <pattern>geronimo.security:type=ConfigurationEntry,*</pattern> + </references> + </gbean> <gbean name="geronimo.security:type=SecurityService" class="org.apache.geronimo.security.SecurityService"> <attribute name="policyConfigurationFactory" type="java.lang.String">org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory</attribute> Modified: geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java?view=diff&rev=106110&p1=geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java&r1=106109&p2=geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java&r2=106110 ============================================================================== --- geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java (original) +++ geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java Sun Nov 21 12:06:12 2004 @@ -17,19 +17,22 @@ package org.apache.geronimo.connector.outbound.security; +import javax.resource.spi.ManagedConnectionFactory; import java.util.HashMap; import java.util.Map; import java.util.Set; -import javax.resource.spi.ManagedConnectionFactory; +import org.apache.regexp.RE; +import org.apache.geronimo.common.GeronimoSecurityException; import org.apache.geronimo.gbean.GBeanInfo; import org.apache.geronimo.gbean.GBeanInfoBuilder; -import org.apache.geronimo.common.GeronimoSecurityException; -import org.apache.geronimo.security.realm.SecurityRealm; +import org.apache.geronimo.kernel.Kernel; +import org.apache.geronimo.security.jaas.ConfigurationEntryFactory; +import org.apache.geronimo.security.jaas.JaasLoginCoordinator; import org.apache.geronimo.security.jaas.JaasLoginModuleConfiguration; import org.apache.geronimo.security.jaas.LoginModuleControlFlag; -import org.apache.regexp.RE; +import org.apache.geronimo.security.realm.SecurityRealm; /** * @@ -37,16 +40,18 @@ * @version $Rev$ $Date$ * * */ -public class PasswordCredentialRealm implements SecurityRealm, ManagedConnectionFactoryListener { +public class PasswordCredentialRealm implements SecurityRealm, ConfigurationEntryFactory, ManagedConnectionFactoryListener { private static final GBeanInfo GBEAN_INFO; ManagedConnectionFactory managedConnectionFactory; - String realmName; + private final Kernel kernel; + private final String realmName; static final String REALM_INSTANCE = "org.apache.connector.outbound.security.PasswordCredentialRealm"; - public PasswordCredentialRealm(String realmName) { + public PasswordCredentialRealm(Kernel kernel, String realmName) { + this.kernel = kernel; this.realmName = realmName; } @@ -54,10 +59,6 @@ return realmName; } - public void setRealmName(String realmName) { - this.realmName = realmName; - } - public Set getGroupPrincipals() throws GeronimoSecurityException { return null; } @@ -100,16 +101,32 @@ return managedConnectionFactory; } + public String getConfigurationName() { + return realmName; + } + + public JaasLoginModuleConfiguration generateConfiguration() { + Map options = new HashMap(); + options.put("realm", realmName); + options.put("kernel", kernel.getKernelName()); + + return new JaasLoginModuleConfiguration(realmName, JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true); + } + static { GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(PasswordCredentialRealm.class); + infoFactory.addInterface(ManagedConnectionFactoryListener.class); + infoFactory.addInterface(ConfigurationEntryFactory.class); + infoFactory.addAttribute("kernel", Kernel.class, false); infoFactory.addAttribute("realmName", String.class, true); - infoFactory.setConstructor(new String[]{"realmName"}); + + infoFactory.setConstructor(new String[]{"kernel", "realmName"}); + GBEAN_INFO = infoFactory.getBeanInfo(); } public static GBeanInfo getGBeanInfo() { return GBEAN_INFO; } - } Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryFactory.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryFactory.java?view=auto&rev=106110 ============================================================================== --- (empty file) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryFactory.java Sun Nov 21 12:06:12 2004 @@ -0,0 +1,45 @@ +/** + * + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geronimo.security.jaas; + +/** + * A factory interface used by <code>GeronimoLoginConfiguration</code> to obtain + * <code>JaasLoginModuleConfiguration</code>s from GBean configuration entries. + * + * @version $Rev: $ $Date: $ + * @see GeronimoLoginConfiguration + * @see DirectConfigurationEntry + * @see ServerRealmConfigurationEntry + */ +public interface ConfigurationEntryFactory { + + /** + * Used to obtain the configuration name to be associated with the generated + * <code>JaasLoginModuleConfiguration</code>. + * + * @return the configuration name + */ + public String getConfigurationName(); + + /** + * Generate a <code>JaasLoginModuleConfiguration</code> + * + * @return a <code>JaasLoginModuleConfiguration</code> + */ + public JaasLoginModuleConfiguration generateConfiguration(); + +} Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java?view=diff&rev=106110&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java&r1=106109&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java&r2=106110 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java Sun Nov 21 12:06:12 2004 @@ -18,8 +18,7 @@ import org.apache.geronimo.gbean.GBeanInfo; import org.apache.geronimo.gbean.GBeanInfoBuilder; -import org.apache.geronimo.gbean.GBeanLifecycle; -import org.apache.geronimo.gbean.WaitingException; + /** * Exposes a LoginModule directly to JAAS clients, without any particular @@ -29,13 +28,15 @@ * * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $ */ -public class DirectConfigurationEntry implements GBeanLifecycle { - private String applicationConfigName; - private LoginModuleControlFlag controlFlag; - private LoginModuleGBean module; +public class DirectConfigurationEntry implements ConfigurationEntryFactory { + private final String applicationConfigName; + private final LoginModuleControlFlag controlFlag; + private final LoginModuleGBean module; public DirectConfigurationEntry() { - // just for use by GBean infrastructure + this.applicationConfigName = null; + this.controlFlag = null; + this.module = null; } public DirectConfigurationEntry(String applicationConfigName, LoginModuleControlFlag controlFlag, LoginModuleGBean module) { @@ -44,21 +45,19 @@ this.module = module; } - public void doStart() throws WaitingException, Exception { - GeronimoLoginConfiguration.register(new JaasLoginModuleConfiguration(applicationConfigName, module.getLoginModuleClass(), controlFlag, module.getOptions(), module.isServerSide())); - } - - public void doStop() throws WaitingException, Exception { - GeronimoLoginConfiguration.unRegister(applicationConfigName); + public String getConfigurationName() { + return applicationConfigName; } - public void doFail() { + public JaasLoginModuleConfiguration generateConfiguration() { + return new JaasLoginModuleConfiguration(applicationConfigName, module.getLoginModuleClass(), controlFlag, module.getOptions(), module.isServerSide()); } public static final GBeanInfo GBEAN_INFO; static { GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(DirectConfigurationEntry.class); + infoFactory.addInterface(ConfigurationEntryFactory.class); infoFactory.addAttribute("applicationConfigName", String.class, true); infoFactory.addAttribute("controlFlag", LoginModuleControlFlag.class, true); Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java?view=diff&rev=106110&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java&r1=106109&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java&r2=106110 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java Sun Nov 21 12:06:12 2004 @@ -17,20 +17,25 @@ package org.apache.geronimo.security.jaas; -import java.util.Hashtable; -import java.util.Map; -import java.util.HashMap; -import java.util.Properties; import javax.security.auth.login.AppConfigurationEntry; import javax.security.auth.login.Configuration; +import java.util.Collection; +import java.util.Collections; +import java.util.Hashtable; +import java.util.Iterator; +import java.util.Map; + +import org.apache.commons.logging.LogFactory; +import org.apache.commons.logging.Log; import org.apache.geronimo.gbean.GBeanInfo; import org.apache.geronimo.gbean.GBeanInfoBuilder; import org.apache.geronimo.gbean.GBeanLifecycle; +import org.apache.geronimo.gbean.ReferenceCollection; +import org.apache.geronimo.gbean.ReferenceCollectionEvent; +import org.apache.geronimo.gbean.ReferenceCollectionListener; import org.apache.geronimo.gbean.WaitingException; import org.apache.geronimo.security.SecurityService; -import org.apache.geronimo.security.realm.SecurityRealm; -import org.apache.geronimo.kernel.Kernel; /** @@ -42,14 +47,33 @@ * * @version $Rev$ $Date$ */ -public class GeronimoLoginConfiguration extends Configuration implements GBeanLifecycle { +public class GeronimoLoginConfiguration extends Configuration implements GBeanLifecycle, ReferenceCollectionListener { + private final Log log = LogFactory.getLog(GeronimoLoginConfiguration.class); private static Map entries = new Hashtable(); private Configuration oldConfiguration; - private static Kernel kernel; //todo: this restricts you to one Kernel per JVM + private Collection configurations = Collections.EMPTY_SET; + - public GeronimoLoginConfiguration(Kernel kernel) { - this.kernel = kernel; + public Collection getConfigurations() { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) sm.checkPermission(SecurityService.CONFIGURE); + + return configurations; + } + + public void setConfigurations(Collection configurations) { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) sm.checkPermission(SecurityService.CONFIGURE); + + ReferenceCollection ref = (ReferenceCollection) configurations; + ref.addReferenceCollectionListener(this); + + this.configurations = configurations; + + for (Iterator iter = configurations.iterator(); iter.hasNext();) { + addConfiguration((ConfigurationEntryFactory) iter.next()); + } } public AppConfigurationEntry[] getAppConfigurationEntry(String name) { @@ -57,55 +81,37 @@ if (entry == null) return null; -// if(!entry.getOptions().containsKey("kernel")) { -// entry.getOptions().put("kernel", kernel.getKernelName()); -// } - return new AppConfigurationEntry[]{entry}; } public void refresh() { } - /** - * Registers a single Geronimo LoginModule - */ - public static void register(JaasLoginModuleConfiguration entry) { + public void memberAdded(ReferenceCollectionEvent event) { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(SecurityService.CONFIGURE); - if (entries.containsKey(entry.getName())) throw new java.lang.IllegalArgumentException("ConfigurationEntry already registered"); - - entries.put(entry.getName(), getAppConfigurationEntry(entry)); - } + ConfigurationEntryFactory factory = (ConfigurationEntryFactory) event.getMember(); - private static AppConfigurationEntry getAppConfigurationEntry(JaasLoginModuleConfiguration config) { - return new AppConfigurationEntry(config.getLoginModuleClassName(), config.getFlag().getFlag(), config.getOptions()); + addConfiguration(factory); } - /** - * Registers a wrapper configuration that will hit a Geronimo security - * realm under the covers. - */ - public static void register(SecurityRealm realm) { + public void memberRemoved(ReferenceCollectionEvent event) { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(SecurityService.CONFIGURE); - if (entries.containsKey(realm.getRealmName())) throw new java.lang.IllegalArgumentException("ConfigurationEntry already registered"); - Map options = new HashMap(); - options.put("realm", realm.getRealmName()); - if(kernel != null) { - options.put("kernel", kernel.getKernelName()); - } + ConfigurationEntryFactory factory = (ConfigurationEntryFactory) event.getMember(); - entries.put(realm.getRealmName(), new AppConfigurationEntry("org.apache.geronimo.security.jaas.JaasLoginCoordinator", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options)); + entries.remove(factory.getConfigurationName()); + log.info("Removed ACE " + factory.getConfigurationName()); } - public static void unRegister(String name) { - SecurityManager sm = System.getSecurityManager(); - if (sm != null) sm.checkPermission(SecurityService.CONFIGURE); + private final void addConfiguration(ConfigurationEntryFactory factory) { + JaasLoginModuleConfiguration config = factory.generateConfiguration(); + AppConfigurationEntry ace = new AppConfigurationEntry(config.getLoginModuleClassName(), config.getFlag().getFlag(), config.getOptions()); - entries.remove(name); + entries.put(factory.getConfigurationName(), ace); + log.info("Added ACE " + factory.getConfigurationName()); } public void doStart() throws WaitingException, Exception { @@ -115,14 +121,17 @@ oldConfiguration = null; } Configuration.setConfiguration(this); + log.info("Installed Geronimo login configuration"); } public void doStop() throws WaitingException, Exception { Configuration.setConfiguration(oldConfiguration); + log.info("Uninstalled Geronimo login configuration"); } public void doFail() { Configuration.setConfiguration(oldConfiguration); + log.info("Uninstalled Geronimo login configuration"); } public static GBeanInfo getGBeanInfo() { @@ -133,8 +142,9 @@ static { GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(GeronimoLoginConfiguration.class.getName()); - infoFactory.addAttribute("kernel", Kernel.class, false); - infoFactory.setConstructor(new String[]{"kernel"}); + infoFactory.addReference("Configurations", ConfigurationEntryFactory.class); + GBEAN_INFO = infoFactory.getBeanInfo(); } + } Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java?view=diff&rev=106110&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java&r1=106109&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java&r2=106110 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java Sun Nov 21 12:06:12 2004 @@ -19,10 +19,9 @@ import java.util.Properties; import org.apache.geronimo.gbean.GBeanInfo; import org.apache.geronimo.gbean.GBeanInfoBuilder; -import org.apache.geronimo.gbean.GBeanLifecycle; -import org.apache.geronimo.gbean.WaitingException; import org.apache.geronimo.kernel.Kernel; + /** * Creates a LoginModule configuration that will connect a server-side * component to a security realm. The same thing could be done with a @@ -31,13 +30,15 @@ * * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $ */ -public class ServerRealmConfigurationEntry implements GBeanLifecycle { - private String applicationConfigName; - private String realmName; - private Kernel kernel; +public class ServerRealmConfigurationEntry implements ConfigurationEntryFactory { + private final String applicationConfigName; + private final String realmName; + private final Kernel kernel; public ServerRealmConfigurationEntry() { - // just for use by GBean infrastructure + this.applicationConfigName = null; + this.realmName = null; + this.kernel = null; } public ServerRealmConfigurationEntry(String applicationConfigName, String realmName, Kernel kernel) { @@ -52,25 +53,23 @@ this.kernel = kernel; } - public void doStart() throws WaitingException, Exception { + public String getConfigurationName() { + return applicationConfigName; + } + + public JaasLoginModuleConfiguration generateConfiguration() { Properties options = new Properties(); options.put("realm", realmName); options.put("kernel", kernel.getKernelName()); - JaasLoginModuleConfiguration entry = new JaasLoginModuleConfiguration(applicationConfigName, JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true); - GeronimoLoginConfiguration.register(entry); - } - public void doStop() throws WaitingException, Exception { - GeronimoLoginConfiguration.unRegister(applicationConfigName); - } - - public void doFail() { + return new JaasLoginModuleConfiguration(applicationConfigName, JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true); } public static final GBeanInfo GBEAN_INFO; static { GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(ServerRealmConfigurationEntry.class); + infoFactory.addInterface(ConfigurationEntryFactory.class); infoFactory.addAttribute("applicationConfigName", String.class, true); infoFactory.addAttribute("realmName", String.class, true); infoFactory.addAttribute("kernel", Kernel.class, false); @@ -82,4 +81,5 @@ public static GBeanInfo getGBeanInfo() { return GBEAN_INFO; } + } Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java?view=diff&rev=106110&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java&r1=106109&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java&r2=106110 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java Sun Nov 21 12:06:12 2004 @@ -16,6 +16,8 @@ */ package org.apache.geronimo.security.realm; +import javax.management.MalformedObjectNameException; +import javax.management.ObjectName; import java.util.ArrayList; import java.util.Enumeration; import java.util.HashMap; @@ -24,30 +26,30 @@ import java.util.Map; import java.util.Properties; import java.util.Set; -import javax.management.MalformedObjectNameException; -import javax.management.ObjectName; + +import org.apache.regexp.RE; + import org.apache.geronimo.common.GeronimoSecurityException; import org.apache.geronimo.gbean.GBeanInfo; import org.apache.geronimo.gbean.GBeanInfoBuilder; -import org.apache.geronimo.gbean.GBeanLifecycle; -import org.apache.geronimo.gbean.WaitingException; import org.apache.geronimo.kernel.Kernel; import org.apache.geronimo.kernel.jmx.MBeanProxyFactory; import org.apache.geronimo.security.deploy.Principal; -import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration; +import org.apache.geronimo.security.jaas.ConfigurationEntryFactory; +import org.apache.geronimo.security.jaas.JaasLoginCoordinator; import org.apache.geronimo.security.jaas.JaasLoginModuleConfiguration; import org.apache.geronimo.security.jaas.LoginModuleControlFlag; import org.apache.geronimo.security.jaas.LoginModuleControlFlagEditor; import org.apache.geronimo.security.jaas.LoginModuleGBean; import org.apache.geronimo.system.serverinfo.ServerInfo; -import org.apache.regexp.RE; + /** * A security realm that can be configured for one or more login modules. It * can handle a combination of client-side and server-side login modules for * the case of remote clients, and it can auto-role-mapping for its login * modules (though you must configure it for that). - * + * <p/> * To configure the list of LoginModules, set the loginModuleConfiguration * to a Properties object with syntax like this: * <pre> @@ -59,7 +61,7 @@ * configuration. Each LoginModuleGBean has the configuration options for its * login module, and knows whether it should run on the client side or server * side. - * + * <p/> * This realm populates a number of special login module options for the * benefit of Geronimo login modules (though some of them are only available to * server-side login modules, marked as not Serializable below): @@ -74,11 +76,12 @@ * * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $ */ -public class GenericSecurityRealm implements SecurityRealm, GBeanLifecycle, AutoMapAssistant { - public final static String KERNEL_LM_OPTION="org.apache.geronimo.security.realm.GenericSecurityRealm.KERNEL"; - public final static String SERVERINFO_LM_OPTION="org.apache.geronimo.security.realm.GenericSecurityRealm.SERVERINFO"; - public final static String CLASSLOADER_LM_OPTION="org.apache.geronimo.security.realm.GenericSecurityRealm.CLASSLOADER"; - private String name; +public class GenericSecurityRealm implements SecurityRealm, ConfigurationEntryFactory, AutoMapAssistant { + + public final static String KERNEL_LM_OPTION = "org.apache.geronimo.security.realm.GenericSecurityRealm.KERNEL"; + public final static String SERVERINFO_LM_OPTION = "org.apache.geronimo.security.realm.GenericSecurityRealm.SERVERINFO"; + public final static String CLASSLOADER_LM_OPTION = "org.apache.geronimo.security.realm.GenericSecurityRealm.CLASSLOADER"; + private String realmName; private JaasLoginModuleConfiguration[] config; private Kernel kernel; private ServerInfo serverInfo; @@ -87,26 +90,15 @@ private Principal defaultPrincipal; public GenericSecurityRealm(String realmName, Kernel kernel, ServerInfo serverInfo, Properties loginModuleConfiguration, ClassLoader classLoader) throws MalformedObjectNameException { - this.name = realmName; + this.realmName = realmName; this.kernel = kernel; this.serverInfo = serverInfo; this.classLoader = classLoader; processConfiguration(loginModuleConfiguration); } - public void doStart() throws WaitingException, Exception { - GeronimoLoginConfiguration.register(this); - } - - public void doStop() throws WaitingException, Exception { - GeronimoLoginConfiguration.unRegister(name); - } - - public void doFail() { - } - public String getRealmName() { - return name; + return realmName; } public JaasLoginModuleConfiguration[] getAppConfigurationEntries() { @@ -138,9 +130,9 @@ } public void setDefaultPrincipal(String code) { - if(code != null) { - String[] parts=code.split("="); - if(parts.length != 2) { + if (code != null) { + String[] parts = code.split("="); + if (parts.length != 2) { throw new IllegalArgumentException("Default Principal should have the form 'name=class'"); } defaultPrincipal = new Principal(); @@ -150,7 +142,7 @@ } public void setAutoMapPrincipalClasses(String classes) { - if(classes != null) { + if (classes != null) { autoMapPrincipals = classes.split(","); } else { autoMapPrincipals = new String[0]; @@ -189,33 +181,45 @@ return null; //todo } + public String getConfigurationName() { + return realmName; + } + + public JaasLoginModuleConfiguration generateConfiguration() { + Map options = new HashMap(); + options.put("realm", realmName); + options.put("kernel", kernel.getKernelName()); + + return new JaasLoginModuleConfiguration(realmName, JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true); + } + private void processConfiguration(Properties props) throws MalformedObjectNameException { int i = 1; List list = new ArrayList(); LoginModuleControlFlagEditor editor = new LoginModuleControlFlagEditor(); - while(true) { + while (true) { boolean found = false; - String prefix = "LoginModule."+i+"."; + String prefix = "LoginModule." + i + "."; for (Enumeration en = props.propertyNames(); en.hasMoreElements();) { String key = (String) en.nextElement(); - if(key.startsWith(prefix)) { + if (key.startsWith(prefix)) { String flagName = key.substring(prefix.length()).toUpperCase(); editor.setAsText(flagName); LoginModuleControlFlag flag = (LoginModuleControlFlag) editor.getValue(); LoginModuleGBean module = (LoginModuleGBean) MBeanProxyFactory.getProxy(LoginModuleGBean.class, kernel.getMBeanServer(), new ObjectName(props.getProperty(key))); Map options = module.getOptions(); - if(options != null) { + if (options != null) { options = new HashMap(options); } else { options = new HashMap(); } - if(kernel != null && !options.containsKey(KERNEL_LM_OPTION)) { + if (kernel != null && !options.containsKey(KERNEL_LM_OPTION)) { options.put(KERNEL_LM_OPTION, kernel.getKernelName()); } - if(serverInfo != null && !options.containsKey(SERVERINFO_LM_OPTION)) { + if (serverInfo != null && !options.containsKey(SERVERINFO_LM_OPTION)) { options.put(SERVERINFO_LM_OPTION, serverInfo); } - if(classLoader != null && !options.containsKey(CLASSLOADER_LM_OPTION)) { + if (classLoader != null && !options.containsKey(CLASSLOADER_LM_OPTION)) { options.put(CLASSLOADER_LM_OPTION, classLoader); } JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(module.getObjectName(), module.getLoginModuleClass(), flag, options, module.isServerSide()); @@ -225,7 +229,7 @@ break; } } - if(!found) { + if (!found) { break; } } @@ -239,6 +243,7 @@ GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(GenericSecurityRealm.class); infoFactory.addInterface(SecurityRealm.class); + infoFactory.addInterface(ConfigurationEntryFactory.class); infoFactory.addAttribute("realmName", String.class, true); infoFactory.addAttribute("kernel", Kernel.class, false); infoFactory.addAttribute("loginModuleConfiguration", Properties.class, true); @@ -252,7 +257,7 @@ infoFactory.addOperation("obtainDefaultPrincipal", new Class[0]); infoFactory.addOperation("obtainRolePrincipalClasses", new Class[0]); - infoFactory.setConstructor(new String[]{"realmName","kernel","ServerInfo","loginModuleConfiguration","classLoader"}); + infoFactory.setConstructor(new String[]{"realmName", "kernel", "ServerInfo", "loginModuleConfiguration", "classLoader"}); GBEAN_INFO = infoFactory.getBeanInfo(); } @@ -260,4 +265,5 @@ public static GBeanInfo getGBeanInfo() { return GBEAN_INFO; } + } Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java?view=diff&rev=106110&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java&r1=106109&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java&r2=106110 ============================================================================== --- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java (original) +++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java Sun Nov 21 12:06:12 2004 @@ -23,6 +23,7 @@ import java.io.File; import java.net.URI; import java.util.Collections; +import java.util.HashSet; import java.util.Properties; import java.util.Set; @@ -117,6 +118,10 @@ gbean = new GBeanMBean("org.apache.geronimo.security.jaas.GeronimoLoginConfiguration"); loginConfiguration = new ObjectName("geronimo.security:type=LoginConfiguration"); + Set configurations = new HashSet(); + configurations.add(new ObjectName("geronimo.security:type=SecurityRealm,*")); + configurations.add(new ObjectName("geronimo.security:type=ConfigurationEntry,*")); + gbean.setReferencePatterns("Configurations", configurations); kernel.loadGBean(loginConfiguration, gbean); gbean = new GBeanMBean("org.apache.geronimo.security.jaas.JaasLoginService"); Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java?view=diff&rev=106110&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java&r1=106109&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java&r2=106110 ============================================================================== --- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java (original) +++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java Sun Nov 21 12:06:12 2004 @@ -23,6 +23,8 @@ import javax.security.auth.login.LoginException; import java.util.Properties; import java.util.Collections; +import java.util.Set; +import java.util.HashSet; import org.apache.geronimo.gbean.jmx.GBeanMBean; import org.apache.geronimo.security.AbstractTest; @@ -56,6 +58,10 @@ GBeanMBean gbean = new GBeanMBean("org.apache.geronimo.security.jaas.GeronimoLoginConfiguration"); loginConfiguration = new ObjectName("geronimo.security:type=LoginConfiguration"); + Set configurations = new HashSet(); + configurations.add(new ObjectName("geronimo.security:type=SecurityRealm,*")); + configurations.add(new ObjectName("geronimo.security:type=ConfigurationEntry,*")); + gbean.setReferencePatterns("Configurations", configurations); kernel.loadGBean(loginConfiguration, gbean); gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean"); Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java?view=diff&rev=106110&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java&r1=106109&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java&r2=106110 ============================================================================== --- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java (original) +++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java Sun Nov 21 12:06:12 2004 @@ -22,6 +22,7 @@ import javax.security.auth.login.LoginContext; import java.io.File; import java.util.Collections; +import java.util.HashSet; import java.util.Properties; import java.util.Set; @@ -58,6 +59,10 @@ gbean = new GBeanMBean("org.apache.geronimo.security.jaas.GeronimoLoginConfiguration"); loginConfiguration = new ObjectName("geronimo.security:type=LoginConfiguration"); + Set configurations = new HashSet(); + configurations.add(new ObjectName("geronimo.security:type=SecurityRealm,*")); + configurations.add(new ObjectName("geronimo.security:type=ConfigurationEntry,*")); + gbean.setReferencePatterns("Configurations", configurations); kernel.loadGBean(loginConfiguration, gbean); gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean"); Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java?view=diff&rev=106110&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java&r1=106109&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java&r2=106110 ============================================================================== --- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java (original) +++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java Sun Nov 21 12:06:12 2004 @@ -21,19 +21,19 @@ import javax.security.auth.Subject; import javax.security.auth.login.LoginContext; import java.io.File; +import java.net.URI; import java.util.Collections; +import java.util.HashSet; import java.util.Properties; import java.util.Set; -import java.net.URI; import org.apache.geronimo.gbean.jmx.GBeanMBean; +import org.apache.geronimo.kernel.Kernel; import org.apache.geronimo.security.AbstractTest; import org.apache.geronimo.security.ContextManager; import org.apache.geronimo.security.IdentificationPrincipal; import org.apache.geronimo.security.RealmPrincipal; -import org.apache.geronimo.security.bridge.TestLoginModule; import org.apache.geronimo.system.serverinfo.ServerInfo; -import org.apache.geronimo.kernel.Kernel; /** @@ -99,6 +99,10 @@ gbean = new GBeanMBean("org.apache.geronimo.security.jaas.GeronimoLoginConfiguration"); loginConfiguration = new ObjectName("geronimo.security:type=LoginConfiguration"); + Set configurations = new HashSet(); + configurations.add(new ObjectName("geronimo.security:type=SecurityRealm,*")); + configurations.add(new ObjectName("geronimo.security:type=ConfigurationEntry,*")); + gbean.setReferencePatterns("Configurations", configurations); kernel.loadGBean(loginConfiguration, gbean); gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
