Author: ammulder Date: Mon Nov 22 18:03:22 2004 New Revision: 106257 Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/DeploymentSupport.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/FileAuditLoginModule.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoGroupPrincipal.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoUserPrincipal.java geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/DeploymentSupportTest.java Removed: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileGroupPrincipal.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileUserPrincipal.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLGroupPrincipal.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLUserPrincipal.java Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java Log: Next round of security improvements - add login domains - consolidate principal classes - pull deployment methods out of realm into helper interface - add auditing login module - test & fix realms with multiple login modules - add flag to control whether server-side principals are returned to client - update all tests and plans with the new syntax
Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml?view=diff&rev=106257&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml&r1=106256&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml&r2=106257 ============================================================================== --- geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml (original) +++ geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml Mon Nov 22 18:03:22 2004 @@ -44,6 +44,7 @@ usersURI=var/security/demo_users.properties groupsURI=var/security/demo_groups.properties </attribute> + <attribute name="loginDomainName" type="java.lang.String">demo-properties-realm</attribute> </gbean> <gbean name="geronimo.security:type=SecurityRealm,realm=demo-properties-realm" Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml?view=diff&rev=106257&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r1=106256&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r2=106257 ============================================================================== --- geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml (original) +++ geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml Mon Nov 22 18:03:22 2004 @@ -108,6 +108,7 @@ usersURI=var/security/users.properties groupsURI=var/security/groups.properties </attribute> + <attribute name="loginDomainName" type="java.lang.String">geronimo-properties-realm</attribute> </gbean> <gbean name="geronimo.security:type=SecurityRealm,realm=geronimo-properties-realm" Modified: geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java?view=diff&rev=106257&p1=geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java&r1=106256&p2=geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java (original) +++ geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java Mon Nov 22 18:03:22 2004 @@ -20,10 +20,6 @@ import javax.resource.spi.ManagedConnectionFactory; import java.util.HashMap; import java.util.Map; -import java.util.Set; - -import org.apache.regexp.RE; - import org.apache.geronimo.common.GeronimoSecurityException; import org.apache.geronimo.gbean.GBeanInfo; import org.apache.geronimo.gbean.GBeanInfoBuilder; @@ -33,6 +29,7 @@ import org.apache.geronimo.security.jaas.JaasLoginModuleConfiguration; import org.apache.geronimo.security.jaas.LoginModuleControlFlag; import org.apache.geronimo.security.realm.SecurityRealm; +import org.apache.geronimo.security.realm.DeploymentSupport; /** * @@ -59,40 +56,29 @@ return realmName; } - public Set getGroupPrincipals() throws GeronimoSecurityException { - return null; + public boolean isRestrictPrincipalsToServer() { + return true; } - public Set getGroupPrincipals(RE regexExpression) throws GeronimoSecurityException { - return null; + public String[] getLoginDomains() { + return new String[]{realmName}; } - public Set getUserPrincipals() throws GeronimoSecurityException { + public DeploymentSupport getDeploymentSupport(String loginDomain) throws GeronimoSecurityException { return null; } - public Set getUserPrincipals(RE regexExpression) throws GeronimoSecurityException { - return null; - } - - public void refresh() throws GeronimoSecurityException { - } - public JaasLoginModuleConfiguration[] getAppConfigurationEntries() { Map options = new HashMap(); // TODO: This can be a bad thing, passing a reference to a realm to the login module // since the SerializableACE can be sent remotely options.put(REALM_INSTANCE, this); - JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(getRealmName(), PasswordCredentialLoginModule.class.getName(), - LoginModuleControlFlag.REQUISITE, options, true); + JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(PasswordCredentialLoginModule.class.getName(), + LoginModuleControlFlag.REQUISITE, options, true, getRealmName()); return new JaasLoginModuleConfiguration[]{config}; } - public boolean isLoginModuleLocal() { - return true; - } - public void setManagedConnectionFactory(ManagedConnectionFactory managedConnectionFactory) { this.managedConnectionFactory = managedConnectionFactory; } @@ -110,7 +96,7 @@ options.put("realm", realmName); options.put("kernel", kernel.getKernelName()); - return new JaasLoginModuleConfiguration(realmName, JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true); + return new JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true, realmName); } static { Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java?view=diff&rev=106257&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r1=106256&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java (original) +++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java Mon Nov 22 18:03:22 2004 @@ -412,11 +412,13 @@ JAASJettyPrincipal result = new JAASJettyPrincipal("default"); Subject defaultSubject = new Subject(); - RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(defaultPrincipal.getPrincipal(), defaultPrincipal.getRealmName()); + //todo: needs a proper login domain name to go with the realm name + RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(defaultPrincipal.getPrincipal(), defaultPrincipal.getRealmName(), defaultPrincipal.getRealmName()); if (realmPrincipal == null) { throw new GeronimoSecurityException("Unable to create realm principal"); } - PrimaryRealmPrincipal primaryRealmPrincipal = ConfigurationUtil.generatePrimaryRealmPrincipal(defaultPrincipal.getPrincipal(), defaultPrincipal.getRealmName()); + //todo: needs a proper login domain name to go with the realm name + PrimaryRealmPrincipal primaryRealmPrincipal = ConfigurationUtil.generatePrimaryRealmPrincipal(defaultPrincipal.getPrincipal(), defaultPrincipal.getRealmName(), defaultPrincipal.getRealmName()); if (primaryRealmPrincipal == null) { throw new GeronimoSecurityException("Unable to create primary realm principal"); } Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java?view=diff&rev=106257&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java&r1=106256&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java (original) +++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java Mon Nov 22 18:03:22 2004 @@ -341,8 +341,8 @@ Iterator principals = realm.getPrincipals().iterator(); while (principals.hasNext()) { Principal principal = (Principal) principals.next(); - - RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(principal, realm.getRealmName()); + //todo: The next line must use a login domain name, which I guess means that neds to go in the geronimo-jetty.xml + RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(principal, realm.getRealmName(), realm.getRealmName()); if (realmPrincipal == null) throw new GeronimoSecurityException("Unable to create realm principal"); principalSet.add(realmPrincipal); Modified: geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml?view=diff&rev=106257&p1=geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml&r1=106256&p2=geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml&r2=106257 ============================================================================== --- geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml (original) +++ geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml Mon Nov 22 18:03:22 2004 @@ -25,7 +25,7 @@ <context-priority-classloader>false</context-priority-classloader> <sec:security> <sec:default-principal realm-name="demo-properties-realm"> - <sec:principal class="org.apache.geronimo.security.realm.providers.PropertiesFileUserPrincipal" name="metro"/> + <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="metro"/> </sec:default-principal> </sec:security> </web-app> Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java&r1=106256&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java (original) +++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java Mon Nov 22 18:03:22 2004 @@ -128,6 +128,7 @@ options.setProperty("usersURI", "src/test-resources/data/users.properties"); options.setProperty("groupsURI", "src/test-resources/data/groups.properties"); propertiesLMGBean.setAttribute("options", options); + propertiesLMGBean.setAttribute("loginDomainName", "demo-properties-realm"); propertiesRealmGBean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm"); propertiesRealmName = new ObjectName("geronimo.security:type=SecurityRealm,realm=demo-properties-realm"); @@ -136,8 +137,8 @@ Properties config = new Properties(); config.setProperty("LoginModule.1.REQUIRED", propertiesLMName.getCanonicalName()); propertiesRealmGBean.setAttribute("loginModuleConfiguration", config); - propertiesRealmGBean.setAttribute("autoMapPrincipalClasses", "org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal"); - propertiesRealmGBean.setAttribute("defaultPrincipal", "metro=org.apache.geronimo.security.realm.providers.PropertiesFileUserPrincipal"); +// propertiesRealmGBean.setAttribute("autoMapPrincipalClasses", "demo-properties-realm=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"); + propertiesRealmGBean.setAttribute("defaultPrincipal", "metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"); start(serverInfoName, serverInfoGBean); start(propertiesLMName, propertiesLMGBean); Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r1=106256&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java (original) +++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Mon Nov 22 18:03:22 2004 @@ -55,7 +55,7 @@ DefaultPrincipal defaultPrincipal = new DefaultPrincipal(); defaultPrincipal.setRealmName("demo-properties-realm"); Principal principal = new Principal(); - principal.setClassName("org.apache.geronimo.security.realm.providers.PropertiesFileUserPrincipal"); + principal.setClassName("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"); principal.setPrincipalName("izumi"); defaultPrincipal.setPrincipal(principal); @@ -64,7 +64,7 @@ Role role = new Role(); role.setRoleName("content-administrator"); principal = new Principal(); - principal.setClassName("org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal"); + principal.setClassName("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"); principal.setPrincipalName("it"); Realm realm = new Realm(); realm.setRealmName("demo-properties-realm"); @@ -247,7 +247,7 @@ DefaultPrincipal defaultPrincipal = new DefaultPrincipal(); defaultPrincipal.setRealmName("demo-properties-realm"); Principal principal = new Principal(); - principal.setClassName("org.apache.geronimo.security.realm.providers.PropertiesFileUserPrincipal"); + principal.setClassName("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"); principal.setPrincipalName("izumi"); defaultPrincipal.setPrincipal(principal); @@ -256,7 +256,7 @@ Role role = new Role(); role.setRoleName("content-administrator"); principal = new Principal(); - principal.setClassName("org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal"); + principal.setClassName("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"); principal.setPrincipalName("it"); Realm realm = new Realm(); realm.setRealmName("demo-properties-realm"); Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java Mon Nov 22 18:03:22 2004 @@ -25,8 +25,8 @@ */ public class PrimaryRealmPrincipal extends RealmPrincipal { - public PrimaryRealmPrincipal(String realm, Principal principal) { - super(realm, principal); + public PrimaryRealmPrincipal(String loginDomain, Principal principal, String realmName) { + super(loginDomain, principal, realmName); } /** @@ -43,6 +43,6 @@ PrimaryRealmPrincipal realmPrincipal = (PrimaryRealmPrincipal) another; - return getRealm().equals(realmPrincipal.getRealm()) && getPrincipal().equals(realmPrincipal.getPrincipal()); + return getLoginDomain().equals(realmPrincipal.getLoginDomain()) && getPrincipal().equals(realmPrincipal.getPrincipal()); } } Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java Mon Nov 22 18:03:22 2004 @@ -19,6 +19,7 @@ import java.io.Serializable; import java.security.Principal; +import org.apache.geronimo.common.NullArgumentException; /** @@ -27,17 +28,18 @@ * @version $Rev$ $Date$ */ public class RealmPrincipal implements Principal, Serializable { - private final String realm; + private final String loginDomain; private final Principal principal; private transient String name = null; private transient long id; - public RealmPrincipal(String realm, Principal principal) { - if (realm == null) throw new IllegalArgumentException("realm == null"); - if (principal == null) throw new IllegalArgumentException("principal == null"); + public RealmPrincipal(String loginDomain, Principal principal, String realmName) { + if (loginDomain == null) throw new NullArgumentException("loginDomain"); + if (principal == null) throw new NullArgumentException("principal"); - this.realm = realm; + this.loginDomain = loginDomain; this.principal = principal; + //todo: ignoring realm name; we don't think we'll need it. } public long getId() { @@ -62,7 +64,7 @@ RealmPrincipal realmPrincipal = (RealmPrincipal) another; - return realm.equals(realmPrincipal.realm) && principal.equals(realmPrincipal.principal); + return loginDomain.equals(realmPrincipal.loginDomain) && principal.equals(realmPrincipal.principal); } /** @@ -92,7 +94,7 @@ if (name == null) { StringBuffer buffer = new StringBuffer(""); - buffer.append(realm); + buffer.append(loginDomain); buffer.append(":["); buffer.append(principal.getClass().getName()); buffer.append(':'); @@ -118,7 +120,7 @@ * * @return the realm that is associated with the principal. */ - public String getRealm() { - return realm; + public String getLoginDomain() { + return loginDomain; } } Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java Mon Nov 22 18:03:22 2004 @@ -129,12 +129,13 @@ realm.setRealmName(assistant.getSecurityRealm()); - for (Iterator principalClasses = autoMapAssistant.obtainRolePrincipalClasses().iterator(); principalClasses.hasNext();) { + //todo: the usage of the realm name in the next call instead of the login domain name is an error! + for (Iterator principalClasses = autoMapAssistant.obtainRolePrincipalClasses(realmName).iterator(); principalClasses.hasNext();) { Principal principal = new Principal(); - + //todo: Principal class needs to handle login domain as well principal.setClassName((String) principalClasses.next()); principal.setPrincipalName(roleName); - principal.setDesignatedRunAs(true); + principal.setDesignatedRunAs(false); realm.getPrincipals().add(principal); } Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java Mon Nov 22 18:03:22 2004 @@ -50,7 +50,7 @@ } public JaasLoginModuleConfiguration generateConfiguration() { - return new JaasLoginModuleConfiguration(applicationConfigName, module.getLoginModuleClass(), controlFlag, module.getOptions(), module.isServerSide()); + return new JaasLoginModuleConfiguration(module.getLoginModuleClass(), controlFlag, module.getOptions(), module.isServerSide(), applicationConfigName); } public static final GBeanInfo GBEAN_INFO; Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java Mon Nov 22 18:03:22 2004 @@ -92,7 +92,6 @@ if (sm != null) sm.checkPermission(SecurityService.CONFIGURE); ConfigurationEntryFactory factory = (ConfigurationEntryFactory) event.getMember(); - addConfiguration(factory); } @@ -108,6 +107,12 @@ private final void addConfiguration(ConfigurationEntryFactory factory) { JaasLoginModuleConfiguration config = factory.generateConfiguration(); + if(config.getLoginDomainName() == null) { + throw new IllegalArgumentException("A login module to be registered standalone must have a domain name!"); + } + if (entries.containsKey(factory.getConfigurationName())) { + throw new java.lang.IllegalArgumentException("ConfigurationEntry already registered"); + } AppConfigurationEntry ace = new AppConfigurationEntry(config.getLoginModuleClassName(), config.getFlag().getFlag(), config.getOptions()); entries.put(factory.getConfigurationName(), ace); Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java Mon Nov 22 18:03:22 2004 @@ -99,7 +99,11 @@ for (int i = 0; i < workers.length; i++) { workers[i].getModule().commit(); } - subject.getPrincipals().add(service.loginSucceeded(client)); + Principal[] principals = service.loginSucceeded(client); + for (int i = 0; i < principals.length; i++) { + Principal principal = principals[i]; + subject.getPrincipals().add(principal); + } return true; } @@ -111,6 +115,7 @@ } finally { service.loginFailed(client); } + clear(); return true; } @@ -122,9 +127,24 @@ } finally { service.logout(client); } + clear(); return true; } + private void clear() { + serverHost = null; + serverPort = 0; + realmName = null; + kernelName = null; + service = null; + handler = null; + subject = null; + processedPrincipals.clear(); + config = null; + client = null; + workers = null; + } + private JaasLoginServiceMBean connect() { if(serverHost != null && serverPort > 0) { return JaasLoginServiceRemotingClient.create(serverHost, serverPort); @@ -186,15 +206,11 @@ public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options) { this.handler = handler; - try { - callbacks = service.getServerLoginCallbacks(client, index); - } catch (LoginException e) { - throw new RuntimeException("Server unable to initialize login module", e); - } } public boolean login() throws LoginException { try { + callbacks = service.getServerLoginCallbacks(client, index); if(handler != null) { handler.handle(callbacks); } else if(callbacks != null && callbacks.length > 0) { Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java Mon Nov 22 18:03:22 2004 @@ -35,18 +35,21 @@ */ public class JaasLoginModuleConfiguration implements Serializable { private boolean serverSide; - private String name; + private String loginDomainName; private LoginModuleControlFlag flag; private String loginModuleName; private Map options; private transient LoginModule loginModule; - public JaasLoginModuleConfiguration(String name, String loginModuleName, LoginModuleControlFlag flag, Map options, boolean serverSide) { - this.name = name; + public JaasLoginModuleConfiguration(String loginModuleName, LoginModuleControlFlag flag, Map options, boolean serverSide, String loginDomainName) { this.serverSide = serverSide; this.flag = flag; this.loginModuleName = loginModuleName; this.options = options; + this.loginDomainName = loginDomainName; + } + public JaasLoginModuleConfiguration(String loginModuleName, LoginModuleControlFlag flag, Map options, boolean serverSide) { + this(loginModuleName, flag, options, serverSide, null); } public String getLoginModuleClassName() { @@ -76,8 +79,8 @@ return options; } - public String getName() { - return name; + public String getLoginDomainName() { + return loginDomainName; } /** @@ -94,6 +97,6 @@ } } - return new JaasLoginModuleConfiguration(name, loginModuleName, flag, other, serverSide); + return new JaasLoginModuleConfiguration(loginModuleName, flag, other, serverSide, loginDomainName); } } Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java Mon Nov 22 18:03:22 2004 @@ -26,6 +26,7 @@ import java.util.LinkedList; import java.util.List; import java.util.Map; +import java.util.ArrayList; import javax.crypto.Mac; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; @@ -153,13 +154,13 @@ * methods in this class. */ public JaasClientId connectToRealm(String realmName) { - for (Iterator it = realms.iterator(); it.hasNext();) { - SecurityRealm realm = (SecurityRealm) it.next(); - if(realm.getRealmName().equals(realmName)) { - return initializeClient(realm); - } + SecurityRealm realm = null; + realm = getRealm(realmName); + if(realm == null) { + throw new GeronimoSecurityException("No such realm ("+realmName+")"); + } else { + return initializeClient(realm); } - throw new GeronimoSecurityException("No such realm ("+realmName+")"); } /** @@ -198,6 +199,7 @@ JaasLoginModuleConfiguration config = context.getModules()[loginModuleIndex]; LoginModule module = config.getLoginModule(classLoader); //todo: properly handle shared state + context.getHandler().setExploring(); try { module.initialize(context.getSubject(), context.getHandler(), new HashMap(), config.getOptions()); } catch (Exception e) { @@ -251,7 +253,7 @@ if(loginModuleIndex < 0 || loginModuleIndex >= context.getModules().length || context.getModules()[loginModuleIndex].isServerSide()) { throw new LoginException("Invalid login module specified"); } - context.processPrincipals(clientLoginModulePrincipals); + context.processPrincipals(clientLoginModulePrincipals, context.getModules()[loginModuleIndex].getLoginDomainName()); } /** @@ -270,7 +272,7 @@ } JaasLoginModuleConfiguration module = context.getModules()[loginModuleIndex]; boolean result = module.getLoginModule(classLoader).commit(); - context.processPrincipals(); + context.processPrincipals(context.getModules()[loginModuleIndex].getLoginDomainName()); return result; } @@ -278,7 +280,7 @@ * Indicates that the overall login succeeded. All login modules that were * touched should have been logged in and committed before calling this. */ - public IdentificationPrincipal loginSucceeded(JaasClientId userIdentifier) throws LoginException { + public Principal[] loginSucceeded(JaasClientId userIdentifier) throws LoginException { JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier); if(context == null) { throw new ExpiredLoginModuleException(); @@ -289,7 +291,15 @@ SubjectId id = ContextManager.getSubjectId(subject); IdentificationPrincipal principal = new IdentificationPrincipal(id); subject.getPrincipals().add(principal); - return principal; + SecurityRealm realm = getRealm(context.getRealmName()); + if(realm.isRestrictPrincipalsToServer()) { + return new Principal[]{principal}; + } else { + List list = new ArrayList(); + list.addAll(context.getProcessedPrincipals()); + list.add(principal); + return (Principal[]) list.toArray(new Principal[list.size()]); + } } /** @@ -311,6 +321,11 @@ } ContextManager.unregisterSubject(context.getSubject()); activeLogins.remove(userIdentifier); + for (int i = 0; i < context.getModules().length; i++) { + if(context.getModules()[i].isServerSide()) { + context.getModules()[i].getLoginModule(classLoader).logout(); + } + } } /** @@ -330,6 +345,16 @@ JaasSecurityContext context = new JaasSecurityContext(realm.getRealmName(), modules); activeLogins.put(clientId, context); return clientId; + } + + private SecurityRealm getRealm(String realmName) { + for (Iterator it = realms.iterator(); it.hasNext();) { + SecurityRealm test = (SecurityRealm) it.next(); + if(test.getRealmName().equals(realmName)) { + return test; + } + } + return null; } /** Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java Mon Nov 22 18:03:22 2004 @@ -116,7 +116,7 @@ * Indicates that the overall login succeeded. All login modules that were * touched should have been logged in and committed before calling this. */ - public IdentificationPrincipal loginSucceeded(JaasClientId userIdentifier) throws LoginException; + public Principal[] loginSucceeded(JaasClientId userIdentifier) throws LoginException; /** * Indicates that the overall login failed, and the server should release Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java Mon Nov 22 18:03:22 2004 @@ -73,25 +73,34 @@ return handler; } - public void processPrincipals() { + public void processPrincipals(String loginDomainName) { List list = new LinkedList(); for (Iterator it = subject.getPrincipals().iterator(); it.hasNext();) { Principal p = (Principal) it.next(); - if(!processedPrincipals.contains(p)) { - list.add(ContextManager.registerPrincipal(new RealmPrincipal(realmName, p))); + if(!(p instanceof RealmPrincipal) && !processedPrincipals.contains(p)) { + list.add(ContextManager.registerPrincipal(new RealmPrincipal(loginDomainName, p, realmName))); processedPrincipals.add(p); } } subject.getPrincipals().addAll(list); } - public void processPrincipals(Principal[] principals) { + public void processPrincipals(Principal[] principals, String loginDomainName) { List list = new LinkedList(); for (int i = 0; i < principals.length; i++) { Principal p = principals[i]; list.add(p); - list.add(ContextManager.registerPrincipal(new RealmPrincipal(realmName, p))); + list.add(ContextManager.registerPrincipal(new RealmPrincipal(loginDomainName, p, realmName))); + processedPrincipals.add(p); } subject.getPrincipals().addAll(list); + } + + public Set getProcessedPrincipals() { + return processedPrincipals; + } + + public String getRealmName() { + return realmName; } } Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java Mon Nov 22 18:03:22 2004 @@ -30,6 +30,7 @@ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $ */ public class LoginModuleGBean { + private String loginDomainName; private String loginModuleClass; private Properties options; private String objectName; @@ -44,6 +45,14 @@ this.serverSide = serverSide; } + public String getLoginDomainName() { + return loginDomainName; + } + + public void setLoginDomainName(String loginDomainName) { + this.loginDomainName = loginDomainName; + } + public Properties getOptions() { return options; } @@ -72,6 +81,7 @@ infoFactory.addAttribute("loginModuleClass", String.class, true); infoFactory.addAttribute("objectName", String.class, false); infoFactory.addAttribute("serverSide", boolean.class, true); + infoFactory.addAttribute("loginDomainName", String.class, true); infoFactory.setConstructor(new String[]{"loginModuleClass","objectName","serverSide"}); GBEAN_INFO = infoFactory.getBeanInfo(); } Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java Mon Nov 22 18:03:22 2004 @@ -62,7 +62,7 @@ options.put("realm", realmName); options.put("kernel", kernel.getKernelName()); - return new JaasLoginModuleConfiguration(applicationConfigName, JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true); + return new JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true, applicationConfigName); } public static final GBeanInfo GBEAN_INFO; Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java Mon Nov 22 18:03:22 2004 @@ -52,5 +52,5 @@ * * @return a set of principal class names */ - public Set obtainRolePrincipalClasses(); + public Set obtainRolePrincipalClasses(String loginDomain); } Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/DeploymentSupport.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/DeploymentSupport.java?view=auto&rev=106257 ============================================================================== --- (empty file) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/DeploymentSupport.java Mon Nov 22 18:03:22 2004 @@ -0,0 +1,47 @@ +/** + * + * Copyright 2003-2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geronimo.security.realm; + +/** + * A helper class that lists principals available in a security realm in order + * to help populate deployment descriptors. This may or may not be provided + * for a specific security realm. A LoginModule may implement this interface, + * in which case the GenericSecurityRealm can take advantage of that [and the + * LoginModule should accept an initialize(null, null, null, options) call]. + * + * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $ + */ +public interface DeploymentSupport { + /** + * Gets the names of all principal classes that may be populated into + * a Subject. + */ + String[] getPrincipalClassNames(); + + /** + * Gets the names of all principal classes that should correspond to + * roles when automapping. This is a default, and may be overridden + * by specific values configured for the realm. + */ + String[] getAutoMapPrincipalClassNames(); + + /** + * Gets a list of all the principals of a particular type (identified by + * the principal class). These are available for manual role mapping. + */ + String[] getPrincipalsOfClass(String className); +} Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java Mon Nov 22 18:03:22 2004 @@ -26,9 +26,11 @@ import java.util.Map; import java.util.Properties; import java.util.Set; - -import org.apache.regexp.RE; - +import java.util.Collections; +import java.util.Iterator; +import javax.management.MalformedObjectNameException; +import javax.management.ObjectName; +import javax.security.auth.spi.LoginModule; import org.apache.geronimo.common.GeronimoSecurityException; import org.apache.geronimo.gbean.GBeanInfo; import org.apache.geronimo.gbean.GBeanInfoBuilder; @@ -86,8 +88,12 @@ private Kernel kernel; private ServerInfo serverInfo; private ClassLoader classLoader; - private String[] autoMapPrincipals; + private Map autoMapPrincipals = new HashMap(); private Principal defaultPrincipal; + private Properties deploymentSupport; + private Map deployment; + private String[] domains; + private boolean restrictPrincipalsToServer; public GenericSecurityRealm(String realmName, Kernel kernel, ServerInfo serverInfo, Properties loginModuleConfiguration, ClassLoader classLoader) throws MalformedObjectNameException { this.realmName = realmName; @@ -95,6 +101,7 @@ this.serverInfo = serverInfo; this.classLoader = classLoader; processConfiguration(loginModuleConfiguration); + initializeDeployment(); } public String getRealmName() { @@ -106,6 +113,33 @@ } /** + * Gets a helper that lists principals for the realm to help with + * generating deployment descriptors. May return null if the realm does + * not support these features. + */ + public DeploymentSupport getDeploymentSupport(String domain) throws GeronimoSecurityException { + return (DeploymentSupport) deployment.get(domain); + } + + /** + * Gets a list of the login domains that make up this security realm. A + * particular LoginModule represents 0 or 1 login domains, and a realm is + * composed of a number of login modules, so the realm may cover any + * number of login domains, though typically that number will be 1. + */ + public String[] getLoginDomains() { + return domains; + } + + public Properties getDeploymentSupport() { + return deploymentSupport; + } + + public void setDeploymentSupport(Properties deploymentSupport) { + this.deploymentSupport = deploymentSupport; + } + + /** * Provides the default principal to be used when an unauthenticated * subject uses a container. * @@ -121,10 +155,14 @@ * * @return a set of principal class names */ - public Set obtainRolePrincipalClasses() { + public Set obtainRolePrincipalClasses(String loginDomain) { + String[] list = (String[]) autoMapPrincipals.get(loginDomain); + if(list == null) { + return Collections.EMPTY_SET; + } Set set = new HashSet(); - for (int i = 0; i < autoMapPrincipals.length; i++) { - set.add(autoMapPrincipals[i]); + for (int i = 0; i < list.length; i++) { + set.add(list[i]); } return set; } @@ -141,44 +179,29 @@ } } - public void setAutoMapPrincipalClasses(String classes) { - if (classes != null) { - autoMapPrincipals = classes.split(","); - } else { - autoMapPrincipals = new String[0]; - } - } - - /** - * @deprecated Will be removed in favor of (some kind of realm editor object) in - * a future milestone release. - */ - public Set getGroupPrincipals() throws GeronimoSecurityException { - return null; //todo - } - /** - * @deprecated Will be removed in favor of (some kind of realm editor object) in - * a future milestone release. + * Should be of the form loginDomain=class,class,class... */ - public Set getGroupPrincipals(RE regexExpression) throws GeronimoSecurityException { - return null; //todo + public void setAutoMapPrincipalClasses(Properties props) { + for (Iterator it = props.keySet().iterator(); it.hasNext();) { + String key = (String) it.next(); + String value = props.getProperty(key); + autoMapPrincipals.put(key, value.split(",")); + } } /** - * @deprecated Will be removed in favor of (some kind of realm editor object) in - * a future milestone release. + * A GBean property. If set to true, the login service will not return + * principals generated by this realm to clients. If set to false (the + * default), the client will get a copy of all principals (except realm + * principals generated strictly for use within Geronimo). */ - public Set getUserPrincipals() throws GeronimoSecurityException { - return null; //todo + public boolean isRestrictPrincipalsToServer() { + return restrictPrincipalsToServer; } - /** - * @deprecated Will be removed in favor of (some kind of realm editor object) in - * a future milestone release. - */ - public Set getUserPrincipals(RE regexExpression) throws GeronimoSecurityException { - return null; //todo + public void setRestrictPrincipalsToServer(boolean restrictPrincipalsToServer) { + this.restrictPrincipalsToServer = restrictPrincipalsToServer; } public String getConfigurationName() { @@ -190,11 +213,12 @@ options.put("realm", realmName); options.put("kernel", kernel.getKernelName()); - return new JaasLoginModuleConfiguration(realmName, JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true); + return new JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true, realmName); } private void processConfiguration(Properties props) throws MalformedObjectNameException { int i = 1; + Set domains = new HashSet(); List list = new ArrayList(); LoginModuleControlFlagEditor editor = new LoginModuleControlFlagEditor(); while (true) { @@ -222,7 +246,14 @@ if (classLoader != null && !options.containsKey(CLASSLOADER_LM_OPTION)) { options.put(CLASSLOADER_LM_OPTION, classLoader); } - JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(module.getObjectName(), module.getLoginModuleClass(), flag, options, module.isServerSide()); + if(module.getLoginDomainName() != null) { + if(domains.contains(module.getLoginDomainName())) { + throw new IllegalStateException("Error in "+realmName+": one security realm cannot contain multiple login modules for the same login domain"); + } else { + domains.add(module.getLoginDomainName()); + } + } + JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(module.getLoginModuleClass(), flag, options, module.isServerSide(), module.getLoginDomainName()); list.add(config); ++i; found = true; @@ -233,9 +264,39 @@ break; } } + this.domains = (String[]) domains.toArray(new String[domains.size()]); config = (JaasLoginModuleConfiguration[]) list.toArray(new JaasLoginModuleConfiguration[list.size()]); } + private void initializeDeployment() { + deployment = new HashMap(); + for (int i = 0; i < config.length; i++) { + if(config[i].getLoginDomainName() == null) { + continue; + } + DeploymentSupport support = null; + if(deploymentSupport != null && deploymentSupport.containsKey(config[i].getLoginDomainName())) { + try { + //todo: how should this be configured? Should it be a GBean? + support = (DeploymentSupport) classLoader.loadClass(deploymentSupport.getProperty(config[i].getLoginDomainName())).newInstance(); + } catch (Exception e) { + throw new GeronimoSecurityException("Unable to load deployment support class '"+deploymentSupport.getProperty(config[i].getLoginDomainName())+"'", e); + } + } else if(config[i].getLoginModule(classLoader) instanceof DeploymentSupport) { + LoginModule module = config[i].getLoginModule(classLoader); + module.initialize(null, null, null, config[i].getOptions()); + support = (DeploymentSupport) module; + } + if(support != null) { + deployment.put(config[i].getLoginDomainName(), support); + String[] auto = support.getAutoMapPrincipalClassNames(); + if(auto != null) { + autoMapPrincipals.put(config[i].getLoginDomainName(), auto); + } + } + } + } + public static final GBeanInfo GBEAN_INFO; @@ -250,12 +311,15 @@ infoFactory.addAttribute("classLoader", ClassLoader.class, false); infoFactory.addAttribute("autoMapPrincipalClasses", String.class, true); infoFactory.addAttribute("defaultPrincipal", String.class, true); + infoFactory.addAttribute("deploymentSupport", Properties.class, true); + infoFactory.addAttribute("restrictPrincipalsToServer", boolean.class, true); infoFactory.addReference("ServerInfo", ServerInfo.class); infoFactory.addOperation("getAppConfigurationEntries", new Class[0]); infoFactory.addOperation("obtainDefaultPrincipal", new Class[0]); - infoFactory.addOperation("obtainRolePrincipalClasses", new Class[0]); + infoFactory.addOperation("obtainRolePrincipalClasses", new Class[]{String.class}); + infoFactory.addOperation("getDeploymentSupport", new Class[]{String.class}); infoFactory.setConstructor(new String[]{"realmName", "kernel", "ServerInfo", "loginModuleConfiguration", "classLoader"}); Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java Mon Nov 22 18:03:22 2004 @@ -30,34 +30,39 @@ * @version $Rev$ $Date$ */ public interface SecurityRealm { - static final String BASE_OBJECT_NAME = "geronimo.security:type=SecurityRealm"; + /** + * The name of the realm, which must be unique across all realms in the + * server. + */ public String getRealmName(); - public JaasLoginModuleConfiguration[] getAppConfigurationEntries(); - /** - * @deprecated Will be removed in favor of (some kind of realm editor object) in - * a future milestone release. + * Gets the JAAS configuration for this security realm. */ - public Set getGroupPrincipals() throws GeronimoSecurityException; + public JaasLoginModuleConfiguration[] getAppConfigurationEntries(); /** - * @deprecated Will be removed in favor of (some kind of realm editor object) in - * a future milestone release. + * If this attribute is true, the login service will not return + * principals generated by this realm to clients. If set to false (the + * default), the client will get a copy of all principals (except realm + * principals generated strictly for use within Geronimo). */ - public Set getGroupPrincipals(RE regexExpression) throws GeronimoSecurityException; + public boolean isRestrictPrincipalsToServer(); /** - * @deprecated Will be removed in favor of (some kind of realm editor object) in - * a future milestone release. + * Gets a list of the login domains that make up this security realm. A + * particular LoginModule represents 0 or 1 login domains, and a realm is + * composed of a number of login modules, so the realm may cover any + * number of login domains, though typically that number will be 1. */ - public Set getUserPrincipals() throws GeronimoSecurityException; + public String[] getLoginDomains(); /** - * @deprecated Will be removed in favor of (some kind of realm editor object) in - * a future milestone release. + * Gets a helper that lists principals for the realm to help with + * generating deployment descriptors. May return null if the realm does + * not support these features. */ - public Set getUserPrincipals(RE regexExpression) throws GeronimoSecurityException; + public DeploymentSupport getDeploymentSupport(String loginDomain) throws GeronimoSecurityException; } Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/FileAuditLoginModule.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/FileAuditLoginModule.java?view=auto&rev=106257 ============================================================================== --- (empty file) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/FileAuditLoginModule.java Mon Nov 22 18:03:22 2004 @@ -0,0 +1,118 @@ +/** + * + * Copyright 2003-2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geronimo.security.realm.providers; + +import java.util.Map; +import java.util.Date; +import java.io.File; +import java.io.FileOutputStream; +import java.io.PrintWriter; +import java.io.IOException; +import java.nio.channels.FileChannel; +import java.nio.channels.FileLock; +import java.text.DateFormat; +import java.text.SimpleDateFormat; +import javax.security.auth.spi.LoginModule; +import javax.security.auth.Subject; +import javax.security.auth.login.LoginException; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.Callback; +import org.apache.geronimo.system.serverinfo.ServerInfo; +import org.apache.geronimo.security.realm.GenericSecurityRealm; + +/** + * Writes audit records to a file for all authentication activity. Currently + * doesn't perform too well; perhaps the file management should be centralized + * and the IO objects kept open across many requests. It would also be nice + * to write in a more convenient XML format. + * + * This module does not write any Principals into the Subject. + * + * To enable this login module, set your primary login module to REQUIRED or + * OPTIONAL, and list this module after it (with any setting). + * + * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $ + */ +public class FileAuditLoginModule implements LoginModule { + public static final String LOG_FILE_OPTION = "file"; + private final static DateFormat DATE_FORMAT = new SimpleDateFormat("MM/dd/yyyy HH:mm:ss"); + private File logFile; + private CallbackHandler handler; + private String username; + + public void initialize(Subject subject, CallbackHandler callbackHandler, + Map sharedState, Map options) { + String name = (String) options.get(LOG_FILE_OPTION); + ServerInfo info = (ServerInfo) options.get(GenericSecurityRealm.SERVERINFO_LM_OPTION); + logFile = info.resolve(name); + handler = callbackHandler; + } + + public boolean login() throws LoginException { + NameCallback user = new NameCallback("User name:"); + Callback[] callbacks = new Callback[]{user}; + try { + handler.handle(callbacks); + } catch (Exception e) { + throw new LoginException("Unable to process callback: "+e); + } + if(callbacks.length != 1) { + throw new IllegalStateException("Number of callbacks changed by server!"); + } + user = (NameCallback) callbacks[0]; + username = user.getName(); + writeToFile("Authentication attempt"); + + return true; + } + + private synchronized void writeToFile(String action) { + Date date = new Date(); + try { + FileOutputStream out = new FileOutputStream(logFile, true); + FileChannel channel = out.getChannel(); + FileLock lock = channel.lock(0, Long.MAX_VALUE, false); + PrintWriter writer = new PrintWriter(out, false); + writer.println(DATE_FORMAT.format(date)+" - "+action+" - "+username); + writer.flush(); + writer.close(); + lock.release(); + } catch (IOException e) { + throw new RuntimeException("Unable to write to authentication log file", e); + } + } + + public boolean commit() throws LoginException { + writeToFile("Authentication succeeded"); + return true; + } + + public boolean abort() throws LoginException { + if(username != null) { //work around initial "fake" login + writeToFile("Authentication failed"); + username = null; + } + return true; + } + + public boolean logout() throws LoginException { + writeToFile("Explicit logout"); + username = null; + return true; + } +} Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoGroupPrincipal.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoGroupPrincipal.java?view=auto&rev=106257 ============================================================================== --- (empty file) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoGroupPrincipal.java Mon Nov 22 18:03:22 2004 @@ -0,0 +1,67 @@ +/** + * + * Copyright 2003-2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geronimo.security.realm.providers; + +import java.io.Serializable; +import java.security.Principal; + +/** + * A principal that represents a group for the login modules distributed + * with Geronimo. Custom login modules may use this if convenient or provide + * their own Principal implementations -- it doesn't matter. + * + * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $ + */ +public class GeronimoGroupPrincipal implements Principal, Serializable { + private final String name; + + public GeronimoGroupPrincipal(String name) { + this.name = name; + } + + /** + * Compares this principal to the specified object. Returns true + * if the object passed in is a GeronimoGroupPrincipal with the + * same name. + */ + public boolean equals(Object another) { + if (!(another instanceof GeronimoGroupPrincipal)) return false; + + return ((GeronimoGroupPrincipal) another).name.equals(name); + } + + /** + * Returns a string representation of this principal. + */ + public String toString() { + return name; + } + + /** + * Returns a hashcode for this principal. + */ + public int hashCode() { + return name.hashCode(); + } + + /** + * Returns the name of this principal. + */ + public String getName() { + return name; + } +} Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoUserPrincipal.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoUserPrincipal.java?view=auto&rev=106257 ============================================================================== --- (empty file) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoUserPrincipal.java Mon Nov 22 18:03:22 2004 @@ -0,0 +1,67 @@ +/** + * + * Copyright 2003-2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geronimo.security.realm.providers; + +import java.io.Serializable; +import java.security.Principal; + +/** + * A principal that represents a user for the login modules distributed + * with Geronimo. Custom login modules may use this if convenient or provide + * their own Principal implementations -- it doesn't matter. + * + * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $ + */ +public class GeronimoUserPrincipal implements Principal, Serializable { + private final String name; + + public GeronimoUserPrincipal(String name) { + this.name = name; + } + + /** + * Compares this principal to the specified object. Returns true + * if the object passed in is a GeronimoUserPrincipal with the + * same name. + */ + public boolean equals(Object another) { + if (!(another instanceof GeronimoUserPrincipal)) return false; + + return ((GeronimoUserPrincipal) another).name.equals(name); + } + + /** + * Returns a string representation of this principal. + */ + public String toString() { + return name; + } + + /** + * Returns a hashcode for this principal. + */ + public int hashCode() { + return name.hashCode(); + } + + /** + * Returns the name of this principal. + */ + public String getName() { + return name; + } +} Deleted: /geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileGroupPrincipal.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileGroupPrincipal.java?view=auto&rev=106256 ============================================================================== Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java Mon Nov 22 18:03:22 2004 @@ -26,6 +26,7 @@ import java.util.Map; import java.util.Properties; import java.util.Set; +import java.util.HashMap; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; @@ -39,6 +40,7 @@ import org.apache.geronimo.common.GeronimoSecurityException; import org.apache.geronimo.kernel.Kernel; import org.apache.geronimo.security.realm.GenericSecurityRealm; +import org.apache.geronimo.security.realm.DeploymentSupport; import org.apache.geronimo.system.serverinfo.ServerInfo; @@ -49,12 +51,12 @@ * * @version $Rev$ $Date$ */ -public class PropertiesFileLoginModule implements LoginModule { +public class PropertiesFileLoginModule implements LoginModule, DeploymentSupport { public final static String USERS_URI = "usersURI"; public final static String GROUPS_URI = "groupsURI"; private static Log log = LogFactory.getLog(PropertiesFileLoginModule.class); final Properties users = new Properties(); - final Properties groups = new Properties(); + final Map groups = new HashMap(); Subject subject; CallbackHandler handler; @@ -134,17 +136,17 @@ public boolean commit() throws LoginException { Set principals = subject.getPrincipals(); - principals.add(new PropertiesFileUserPrincipal(username)); + principals.add(new GeronimoUserPrincipal(username)); - Enumeration e = groups.keys(); - while (e.hasMoreElements()) { - String groupName = (String) e.nextElement(); + Iterator e = groups.keySet().iterator(); + while (e.hasNext()) { + String groupName = (String) e.next(); Set users = (Set) groups.get(groupName); Iterator iter = users.iterator(); while (iter.hasNext()) { String user = (String) iter.next(); if (username.equals(user)) { - principals.add(new PropertiesFileGroupPrincipal(groupName)); + principals.add(new GeronimoGroupPrincipal(groupName)); break; } } @@ -165,5 +167,38 @@ password = null; return true; + } + + /** + * Gets the names of all principal classes that may be populated into + * a Subject. + */ + public String[] getPrincipalClassNames() { + return new String[]{GeronimoUserPrincipal.class.getName(), GeronimoGroupPrincipal.class.getName()}; + } + + /** + * Gets the names of all principal classes that should correspond to + * roles when automapping. This is a default, and may be overridden + * by specific values configured for the realm. + */ + public String[] getAutoMapPrincipalClassNames() { + return new String[]{GeronimoGroupPrincipal.class.getName()}; + } + + /** + * Gets a list of all the principals of a particular type (identified by + * the principal class). These are available for manual role mapping. + */ + public String[] getPrincipalsOfClass(String className) { + Set s; + if(className.equals(GeronimoGroupPrincipal.class.getName())) { + s = groups.keySet(); + } else if(className.equals(GeronimoUserPrincipal.class.getName())) { + s = users.keySet(); + } else { + throw new IllegalArgumentException("No such principal class "+className); + } + return (String[]) s.toArray(new String[s.size()]); } } Deleted: /geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileUserPrincipal.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileUserPrincipal.java?view=auto&rev=106256 ============================================================================== Deleted: /geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLGroupPrincipal.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLGroupPrincipal.java?view=auto&rev=106256 ============================================================================== Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java Mon Nov 22 18:03:22 2004 @@ -130,7 +130,7 @@ String userName = result.getString(2); if (cbUsername.equals(userName)) { - groups.add(new SQLGroupPrincipal(groupName)); + groups.add(new GeronimoGroupPrincipal(groupName)); } } } finally { @@ -151,7 +151,7 @@ public boolean commit() throws LoginException { Set principals = subject.getPrincipals(); - principals.add(new SQLUserPrincipal(cbUsername)); + principals.add(new GeronimoUserPrincipal(cbUsername)); Iterator iter = groups.iterator(); while (iter.hasNext()) { principals.add(iter.next()); Deleted: /geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLUserPrincipal.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLUserPrincipal.java?view=auto&rev=106256 ============================================================================== Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java Mon Nov 22 18:03:22 2004 @@ -46,7 +46,7 @@ * @param realmName the security realm that the principal belongs go * @return a RealmPrincipal from a deployment description */ - public static RealmPrincipal generateRealmPrincipal(final Principal principal, final String realmName) { + public static RealmPrincipal generateRealmPrincipal(final Principal principal, final String loginDomain, final String realmName) { try { return (RealmPrincipal) AccessController.doPrivileged(new PrivilegedExceptionAction() { public Object run() throws Exception { @@ -55,10 +55,14 @@ Constructor constructor = clazz.getDeclaredConstructor(new Class[]{String.class}); p = (java.security.Principal) constructor.newInstance(new Object[]{principal.getPrincipalName()}); - return new RealmPrincipal(realmName, p); + return new RealmPrincipal(loginDomain, p, realmName); } }); } catch (PrivilegedActionException e) { + e.printStackTrace(); + if(e.getException() != null) { + e.getException().printStackTrace(); + } return null; } } @@ -69,7 +73,7 @@ * @param realmName the security realm that the principal belongs go * @return a RealmPrincipal from a deployment description */ - public static PrimaryRealmPrincipal generatePrimaryRealmPrincipal(final Principal principal, final String realmName) { + public static PrimaryRealmPrincipal generatePrimaryRealmPrincipal(final Principal principal, final String loginDomain, final String realmName) { try { return (PrimaryRealmPrincipal) AccessController.doPrivileged(new PrivilegedExceptionAction() { public Object run() throws Exception { @@ -78,10 +82,14 @@ Constructor constructor = clazz.getDeclaredConstructor(new Class[]{String.class}); p = (java.security.Principal) constructor.newInstance(new Object[]{principal.getPrincipalName()}); - return new PrimaryRealmPrincipal(realmName, p); + return new PrimaryRealmPrincipal(loginDomain, p, realmName); } }); } catch (PrivilegedActionException e) { + e.printStackTrace(); + if(e.getException() != null) { + e.getException().printStackTrace(); + } return null; } } Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java&r1=106256&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java (original) +++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java Mon Nov 22 18:03:22 2004 @@ -69,6 +69,7 @@ testLoginModule = new ObjectName("geronimo.security:type=LoginModule,name=TestModule"); gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.bridge.TestLoginModule"); gbean.setAttribute("serverSide", new Boolean(true)); + gbean.setAttribute("loginDomainName", "TestLoginDomain"); kernel.loadGBean(testLoginModule, gbean); gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm"); Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java&r1=106256&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java (original) +++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java Mon Nov 22 18:03:22 2004 @@ -56,15 +56,24 @@ protected ObjectName serverStub; public void test() throws Exception { + File log = new File("target/login-audit.log"); + if(log.exists()) { + log.delete(); + } + assertEquals("Audit file wasn't cleared", 0, log.length()); + + // First try with explicit configuration entry LoginContext context = new LoginContext("properties-client", new AbstractTest.UsernamePasswordCallback("alan", "starcraft")); context.login(); Subject subject = context.getSubject(); + Subject clientSubject = subject; assertTrue("expected non-null client subject", subject != null); Set set = subject.getPrincipals(IdentificationPrincipal.class); assertEquals("client subject should have one ID principal", set.size(), 1); IdentificationPrincipal idp = (IdentificationPrincipal)set.iterator().next(); + assertEquals(idp.getId(), idp.getId()); subject = ContextManager.getRegisteredSubject(idp.getId()); assertTrue("expected non-null server subject", subject != null); @@ -78,6 +87,9 @@ context.logout(); + assertNull(ContextManager.getRegisteredSubject(idp.getId())); + assertNull(ContextManager.getServerSideSubject(clientSubject)); + assertTrue("id of subject should be null", ContextManager.getSubjectId(subject) == null); // next try the automatic configuration entry @@ -86,6 +98,11 @@ context.login(); subject = context.getSubject(); assertTrue("expected non-null client subject", subject != null); + set = subject.getPrincipals(IdentificationPrincipal.class); + assertEquals("client subject should have one ID principal", set.size(), 1); + IdentificationPrincipal idp2 = (IdentificationPrincipal)set.iterator().next(); + assertNotSame(idp.getId(), idp2.getId()); + assertEquals(idp2.getId(), idp2.getId()); subject = ContextManager.getServerSideSubject(subject); assertTrue("expected non-null server subject", subject != null); @@ -100,6 +117,8 @@ context.logout(); assertTrue("id of subject should be null", ContextManager.getSubjectId(subject) == null); + + assertTrue("Audit file wasn't written to", log.length() > 0); } protected void setUp() throws Exception { @@ -146,12 +165,23 @@ props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toURI().toString()); props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toURI().toString()); gbean.setAttribute("options", props); + gbean.setAttribute("loginDomainName", "TestProperties"); + kernel.loadGBean(testCE, gbean); + + gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean"); + testCE = new ObjectName("geronimo.security:type=LoginModule,name=audit"); + gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.FileAuditLoginModule"); + gbean.setAttribute("serverSide", new Boolean(true)); + props = new Properties(); + props.put("file", "target/login-audit.log"); + gbean.setAttribute("options", props); kernel.loadGBean(testCE, gbean); gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm"); testRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=properties-realm"); gbean.setAttribute("realmName", "properties-realm"); props = new Properties(); + props.setProperty("LoginModule.2.OPTIONAL","geronimo.security:type=LoginModule,name=audit"); props.setProperty("LoginModule.1.REQUIRED","geronimo.security:type=LoginModule,name=properties"); gbean.setAttribute("loginModuleConfiguration", props); gbean.setReferencePatterns("ServerInfo", Collections.singleton(serverInfo)); Added: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/DeploymentSupportTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/DeploymentSupportTest.java?view=auto&rev=106257 ============================================================================== --- (empty file) +++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/DeploymentSupportTest.java Mon Nov 22 18:03:22 2004 @@ -0,0 +1,169 @@ +/** + * + * Copyright 2003-2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geronimo.security.jaas; + +import javax.management.ObjectName; +import javax.security.auth.Subject; +import javax.security.auth.login.LoginContext; +import java.io.File; +import java.util.Collections; +import java.util.Properties; +import java.util.Set; +import java.util.List; +import java.util.Arrays; + +import org.apache.geronimo.gbean.jmx.GBeanMBean; +import org.apache.geronimo.security.AbstractTest; +import org.apache.geronimo.security.ContextManager; +import org.apache.geronimo.security.IdentificationPrincipal; +import org.apache.geronimo.security.RealmPrincipal; +import org.apache.geronimo.security.realm.SecurityRealm; +import org.apache.geronimo.security.realm.DeploymentSupport; +import org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal; +import org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal; +import org.apache.geronimo.system.serverinfo.ServerInfo; +import org.apache.geronimo.kernel.jmx.MBeanProxyFactory; +import org.apache.geronimo.kernel.Kernel; + +/** + * Unit test for the DeploymentSupport features of security realms. + * + * @version $Rev: 105949 $ $Date: 2004-11-20 02:38:55 -0500 (Sat, 20 Nov 2004) $ + */ +public class DeploymentSupportTest extends AbstractTest { + + protected ObjectName serverInfo; + protected ObjectName loginConfiguration; + protected ObjectName clientLM; + protected ObjectName clientCE; + protected ObjectName testCE; + protected ObjectName testRealm; + + public void setUp() throws Exception { + super.setUp(); + + GBeanMBean gbean; + + gbean = new GBeanMBean(ServerInfo.GBEAN_INFO); + serverInfo = new ObjectName("geronimo.system:role=ServerInfo"); + gbean.setAttribute("baseDirectory", "."); + kernel.loadGBean(serverInfo, gbean); + kernel.startGBean(serverInfo); + + gbean = new GBeanMBean("org.apache.geronimo.security.jaas.GeronimoLoginConfiguration"); + loginConfiguration = new ObjectName("geronimo.security:type=LoginConfiguration"); + kernel.loadGBean(loginConfiguration, gbean); + + gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean"); + clientLM = new ObjectName("geronimo.security:type=LoginModule,name=properties-client"); + gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.jaas.JaasLoginCoordinator"); + gbean.setAttribute("serverSide", new Boolean(false)); + Properties props = new Properties(); + props.put("host", "localhost"); + props.put("port", "4242"); + props.put("realm", "properties-realm"); + gbean.setAttribute("options", props); + kernel.loadGBean(clientLM, gbean); + + gbean = new GBeanMBean("org.apache.geronimo.security.jaas.DirectConfigurationEntry"); + clientCE = new ObjectName("geronimo.security:type=ConfigurationEntry,jaasId=properties-client"); + gbean.setAttribute("applicationConfigName", "properties-client"); + gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED); + gbean.setReferencePatterns("Module", Collections.singleton(clientLM)); + kernel.loadGBean(clientCE, gbean); + + gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean"); + testCE = new ObjectName("geronimo.security:type=LoginModule,name=properties"); + gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule"); + gbean.setAttribute("serverSide", new Boolean(true)); + props = new Properties(); + props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toString()); + props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toString()); + gbean.setAttribute("options", props); + gbean.setAttribute("loginDomainName", "TestProperties"); + kernel.loadGBean(testCE, gbean); + + gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm"); + testRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=properties-realm"); + gbean.setAttribute("realmName", "properties-realm"); + props = new Properties(); + props.setProperty("LoginModule.1.REQUIRED","geronimo.security:type=LoginModule,name=properties"); + gbean.setAttribute("loginModuleConfiguration", props); + gbean.setReferencePatterns("ServerInfo", Collections.singleton(serverInfo)); + kernel.loadGBean(testRealm, gbean); + + kernel.startGBean(loginConfiguration); + kernel.startGBean(clientLM); + kernel.startGBean(clientCE); + kernel.startGBean(testCE); + kernel.startGBean(testRealm); + } + + public void tearDown() throws Exception { + kernel.stopGBean(testRealm); + kernel.stopGBean(testCE); + kernel.stopGBean(clientCE); + kernel.stopGBean(clientLM); + kernel.stopGBean(loginConfiguration); + kernel.stopGBean(serverInfo); + + kernel.unloadGBean(testCE); + kernel.unloadGBean(testRealm); + kernel.unloadGBean(clientCE); + kernel.unloadGBean(clientLM); + kernel.unloadGBean(loginConfiguration); + kernel.unloadGBean(serverInfo); + + super.tearDown(); + } + + public void testDeploymentSupport() throws Exception { + SecurityRealm realm = (SecurityRealm) MBeanProxyFactory.getProxy(SecurityRealm.class, kernel.getMBeanServer(), testRealm); + String[] domains = realm.getLoginDomains(); + assertEquals(1, domains.length); + DeploymentSupport deployment = realm.getDeploymentSupport(domains[0]); + assertNotNull(deployment); + String[] classes = deployment.getPrincipalClassNames(); + assertEquals(2, classes.length); + if(classes[0].equals(GeronimoUserPrincipal.class.getName())) { + assertEquals(GeronimoGroupPrincipal.class.getName(), classes[1]); + } else if(classes[1].equals(GeronimoUserPrincipal.class.getName())) { + assertEquals(GeronimoGroupPrincipal.class.getName(), classes[0]); + } else { + fail("Unexpected principal class names "+classes[0]+" / "+classes[1]); + } + String[] names = deployment.getPrincipalsOfClass(GeronimoUserPrincipal.class.getName()); + assertEquals(5, names.length); + List list = Arrays.asList(names); + assertTrue(list.contains("izumi")); + assertTrue(list.contains("alan")); + assertTrue(list.contains("george")); + assertTrue(list.contains("gracie")); + assertTrue(list.contains("metro")); + names = deployment.getPrincipalsOfClass(GeronimoGroupPrincipal.class.getName()); + assertEquals(5, names.length); + list = Arrays.asList(names); + assertTrue(list.contains("manager")); + assertTrue(list.contains("it")); + assertTrue(list.contains("pet")); + assertTrue(list.contains("dog")); + assertTrue(list.contains("cat")); + String[] map = deployment.getAutoMapPrincipalClassNames(); + assertEquals(1, map.length); + assertEquals(GeronimoGroupPrincipal.class.getName(), map[0]); + } +} Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java&r1=106256&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java (original) +++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java Mon Nov 22 18:03:22 2004 @@ -31,7 +31,13 @@ import org.apache.geronimo.security.ContextManager; import org.apache.geronimo.security.IdentificationPrincipal; import org.apache.geronimo.security.RealmPrincipal; +import org.apache.geronimo.security.realm.SecurityRealm; +import org.apache.geronimo.security.realm.DeploymentSupport; +import org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal; +import org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal; import org.apache.geronimo.system.serverinfo.ServerInfo; +import org.apache.geronimo.kernel.jmx.MBeanProxyFactory; +import org.apache.geronimo.kernel.Kernel; /** @@ -91,6 +97,7 @@ props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toURI().toString()); props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toURI().toString()); gbean.setAttribute("options", props); + gbean.setAttribute("loginDomainName", "TestProperties"); kernel.loadGBean(testCE, gbean); gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm"); @@ -133,18 +140,22 @@ context.login(); Subject subject = context.getSubject(); - assertTrue("expected non-null client subject", subject != null); - Set set = subject.getPrincipals(IdentificationPrincipal.class); - assertEquals("client subject should have one ID principal", set.size(), 1); - IdentificationPrincipal idp = (IdentificationPrincipal)set.iterator().next(); - subject = ContextManager.getRegisteredSubject(idp.getId()); - assertTrue("expected non-null server subject", subject != null); - assertTrue("server subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1); + assertTrue("expected non-null subject", subject != null); + assertTrue("subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1); IdentificationPrincipal remote = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next(); - assertTrue("server subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null); - assertTrue("server subject should have five principals", subject.getPrincipals().size() == 5); - assertTrue("server subject should have two realm principal", subject.getPrincipals(RealmPrincipal.class).size() == 2); + assertTrue("subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null); + assertEquals("subject should have three principals ("+subject.getPrincipals().size()+")", 3, subject.getPrincipals().size()); + assertEquals("subject should have no realm principals ("+subject.getPrincipals(RealmPrincipal.class).size()+")", 0, subject.getPrincipals(RealmPrincipal.class).size()); + + subject = ContextManager.getServerSideSubject(subject); + + assertTrue("expected non-null subject", subject != null); + assertTrue("subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1); + remote = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next(); + assertTrue("subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null); + assertEquals("subject should have five principals ("+subject.getPrincipals().size()+")", 5, subject.getPrincipals().size()); + assertEquals("subject should have two realm principals ("+subject.getPrincipals(RealmPrincipal.class).size()+")", 2, subject.getPrincipals(RealmPrincipal.class).size()); RealmPrincipal principal = (RealmPrincipal) subject.getPrincipals(RealmPrincipal.class).iterator().next(); assertTrue("id of principal should be non-zero", principal.getId() != 0); Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java&r1=106256&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java (original) +++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java Mon Nov 22 18:03:22 2004 @@ -93,6 +93,7 @@ props.put("userSelect", "SELECT UserName, Password FROM Users"); props.put("groupSelect", "SELECT GroupName, UserName FROM Groups"); gbean.setAttribute("options", props); + gbean.setAttribute("loginDomainName", "SQLDomain"); kernel.loadGBean(sqlModule, gbean); kernel.startGBean(sqlModule); Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java&r1=106256&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java (original) +++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java Mon Nov 22 18:03:22 2004 @@ -113,6 +113,7 @@ props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toURI().toString()); props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toURI().toString()); gbean.setAttribute("options", props); + gbean.setAttribute("loginDomainName", "PropertiesDomain"); kernel.loadGBean(testCE, gbean); gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm"); Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java&r1=106256&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java&r2=106257 ============================================================================== --- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java (original) +++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java Mon Nov 22 18:03:22 2004 @@ -285,6 +285,7 @@ props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toURI().toString()); props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toURI().toString()); gbean.setAttribute("options", props); + gbean.setAttribute("loginDomainName", "PropertiesDomain"); kernel.loadGBean(testCE, gbean); gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
