Author: djencks Date: Thu Dec 9 12:15:14 2004 New Revision: 111428 URL: http://svn.apache.org/viewcvs?view=rev&rev=111428 Log: merged in correct changes from 111365:111381 on jetty-deployer1 branch Modified: geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
Modified: geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java?view=diff&rev=111428&p1=geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r1=111427&p2=geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r2=111428 ============================================================================== --- geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java (original) +++ geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java Thu Dec 9 12:15:14 2004 @@ -24,6 +24,8 @@ import java.net.URI; import java.net.URISyntaxException; import java.net.URL; +import java.security.PermissionCollection; +import java.security.Permissions; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -44,6 +46,13 @@ import javax.security.jacc.WebUserDataPermission; import javax.transaction.UserTransaction; +import org.apache.xmlbeans.XmlException; +import org.apache.xmlbeans.XmlObject; +import org.mortbay.http.BasicAuthenticator; +import org.mortbay.http.ClientCertAuthenticator; +import org.mortbay.http.DigestAuthenticator; +import org.mortbay.jetty.servlet.FormAuthenticator; + import org.apache.geronimo.common.DeploymentException; import org.apache.geronimo.deployment.service.GBeanHelper; import org.apache.geronimo.deployment.util.DeploymentUtil; @@ -102,13 +111,6 @@ import org.apache.geronimo.xbeans.j2ee.WebAppType; import org.apache.geronimo.xbeans.j2ee.WebResourceCollectionType; import org.apache.geronimo.xbeans.j2ee.WelcomeFileListType; -import org.apache.xmlbeans.XmlException; -import org.apache.xmlbeans.XmlObject; -import org.mortbay.http.BasicAuthenticator; -import org.mortbay.http.ClientCertAuthenticator; -import org.mortbay.http.DigestAuthenticator; -import org.mortbay.http.SecurityConstraint; -import org.mortbay.jetty.servlet.FormAuthenticator; /** @@ -384,8 +386,6 @@ } webModuleData.setAttribute("policyContextID", policyContextID); buildSpecSecurityConfig(webApp, webModuleData, securityRoles); - //TODO figure out if we can avoid this. - buildLegacySecurityConstraints(webApp, webModuleData); } else { webModuleData = new GBeanData(webModuleName, JettyWebAppContext.GBEAN_INFO); @@ -839,8 +839,8 @@ } } - Set excludedPermissions = new HashSet(); - Set uncheckedPermissions = new HashSet(); + PermissionCollection excludedPermissions = new Permissions(); + PermissionCollection uncheckedPermissions = new Permissions(); Map rolePermissions = new HashMap(); Iterator iter = excludedPatterns.keySet().iterator(); @@ -934,71 +934,6 @@ webModuleData.setAttribute("excludedPermissions", excludedPermissions); webModuleData.setAttribute("uncheckedPermissions", uncheckedPermissions); webModuleData.setAttribute("rolePermissions", rolePermissions); - } - - private void buildLegacySecurityConstraints(WebAppType webApp, GBeanData webModuleData) throws DeploymentException { - //this is basically what jetty's XMLConfiguration does. I would hope we could come up with a better way. - Map urlToSecurityConstraintListMap = new HashMap(); - SecurityConstraintType[] securityConstraintArray = webApp.getSecurityConstraintArray(); - for (int i = 0; i < securityConstraintArray.length; i++) { - SecurityConstraintType securityConstraintType = securityConstraintArray[i]; - - SecurityConstraint scBase = new SecurityConstraint(); - if (securityConstraintType.isSetAuthConstraint()) { - scBase.setAuthenticate(true); - RoleNameType[] roleNameArray = securityConstraintType.getAuthConstraint().getRoleNameArray(); - for (int j = 0; j < roleNameArray.length; j++) { - RoleNameType roleNameType = roleNameArray[j]; - scBase.addRole(roleNameType.getStringValue().trim()); - } - } - if (securityConstraintType.isSetUserDataConstraint()) { - String guarantee = securityConstraintType.getUserDataConstraint().getTransportGuarantee().getStringValue().trim(); - if (guarantee == null || guarantee.length() == 0 || "NONE".equals(guarantee)) - scBase.setDataConstraint(SecurityConstraint.DC_NONE); - else if ("INTEGRAL".equals(guarantee)) - scBase.setDataConstraint(SecurityConstraint.DC_INTEGRAL); - else if ("CONFIDENTIAL".equals(guarantee)) - scBase.setDataConstraint(SecurityConstraint.DC_CONFIDENTIAL); - else { - //ToDO what do we do here? -// log.warn("Unknown user-data-constraint:" + guarantee); - scBase.setDataConstraint(SecurityConstraint.DC_CONFIDENTIAL); - } - } - WebResourceCollectionType[] webResourceCollectionArray = securityConstraintType.getWebResourceCollectionArray(); - for (int j = 0; j < webResourceCollectionArray.length; j++) { - WebResourceCollectionType webResourceCollectionType = webResourceCollectionArray[j]; - - String name = webResourceCollectionType.getWebResourceName().getStringValue().trim(); - SecurityConstraint sc = null; - try { - sc = (SecurityConstraint) scBase.clone(); - } catch (CloneNotSupportedException e) { - throw new DeploymentException("this should not have happened", e); - } - sc.setName(name); - HttpMethodType[] httpMethodArray = webResourceCollectionType.getHttpMethodArray(); - for (int k = 0; k < httpMethodArray.length; k++) { - HttpMethodType httpMethodType = httpMethodArray[k]; - sc.addMethod(httpMethodType.getStringValue().trim()); - } - UrlPatternType[] urlPatternArray = webResourceCollectionType.getUrlPatternArray(); - for (int k = 0; k < urlPatternArray.length; k++) { - UrlPatternType urlPatternType = urlPatternArray[k]; - String urlPattern = urlPatternType.getStringValue(); - List securityConstraints = (List) urlToSecurityConstraintListMap.get(urlPattern); - if (securityConstraints == null) { - securityConstraints = new ArrayList(); - urlToSecurityConstraintListMap.put(urlPattern, securityConstraints); - } - securityConstraints.add(sc); - } - } - } - - webModuleData.setAttribute("legacySecurityConstraintMap", urlToSecurityConstraintListMap); - } private static Set collectRoleNames(WebAppType webApp) { Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java?view=diff&rev=111428&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java&r1=111427&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java&r2=111428 ============================================================================== --- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java (original) +++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java Thu Dec 9 12:15:14 2004 @@ -198,7 +198,6 @@ setWAR(webAppRoot.toString()); - jettyContainer.addContext(this); Object context = enterContextScope(null, null); Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java?view=diff&rev=111428&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r1=111427&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r2=111428 ============================================================================== --- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java (original) +++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java Thu Dec 9 12:15:14 2004 @@ -18,18 +18,20 @@ package org.apache.geronimo.jetty; import java.io.IOException; -import java.net.MalformedURLException; import java.net.URI; import java.net.URL; import java.security.AccessControlContext; import java.security.AccessControlException; import java.security.Permission; +import java.security.PermissionCollection; +import java.security.Permissions; import java.security.Principal; import java.util.Collection; +import java.util.HashSet; import java.util.Iterator; -import java.util.List; import java.util.Map; import java.util.Set; +import java.util.Enumeration; import javax.management.MalformedObjectNameException; import javax.management.ObjectName; import javax.security.auth.Subject; @@ -42,6 +44,16 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.mortbay.http.Authenticator; +import org.mortbay.http.HttpException; +import org.mortbay.http.HttpRequest; +import org.mortbay.http.HttpResponse; +import org.mortbay.http.SecurityConstraint; +import org.mortbay.http.UserRealm; +import org.mortbay.jetty.servlet.FormAuthenticator; +import org.mortbay.jetty.servlet.ServletHolder; +import org.mortbay.jetty.servlet.ServletHttpRequest; + import org.apache.geronimo.common.GeronimoSecurityException; import org.apache.geronimo.gbean.GBeanInfo; import org.apache.geronimo.gbean.GBeanInfoBuilder; @@ -63,17 +75,6 @@ import org.apache.geronimo.transaction.OnlineUserTransaction; import org.apache.geronimo.transaction.TrackedConnectionAssociator; import org.apache.geronimo.transaction.context.TransactionContextManager; -import org.mortbay.http.Authenticator; -import org.mortbay.http.HttpException; -import org.mortbay.http.HttpRequest; -import org.mortbay.http.HttpResponse; -import org.mortbay.http.PathMap; -import org.mortbay.http.SecurityConstraint; -import org.mortbay.http.UserRealm; -import org.mortbay.jetty.servlet.FormAuthenticator; -import org.mortbay.jetty.servlet.ServletHolder; -import org.mortbay.jetty.servlet.ServletHttpRequest; -import org.mortbay.util.LazyList; /** @@ -95,15 +96,15 @@ private PolicyConfigurationFactory factory; private PolicyConfiguration policyConfiguration; - private final PathMap constraintMap = new PathMap(); - private String formLoginPath; private final Set securityRoles; - private final Set excludedPermissions; - private final Set uncheckedPermissions; + private final PermissionCollection excludedPermissions; + private final PermissionCollection uncheckedPermissions; private final Map rolePermissions; + PermissionCollection checked = new Permissions(); + private final SecurityContextBeforeAfter securityInterceptor; @@ -148,13 +149,10 @@ Security securityConfig, //from jettyxmlconfig Set securityRoles, - Set uncheckedPermissions, - Set excludedPermissions, + PermissionCollection uncheckedPermissions, + PermissionCollection excludedPermissions, Map rolePermissions, - //TODO remove - Map legacySecurityConstraintMap, - TransactionContextManager transactionContextManager, TrackedConnectionAssociator trackedConnectionAssociator, JettyContainer jettyContainer, @@ -209,16 +207,18 @@ contextLength = index; chain = securityInterceptor; - //TODO remove - for (Iterator entries = legacySecurityConstraintMap.entrySet().iterator(); entries.hasNext();) { - Map.Entry entry = (Map.Entry) entries.next(); - String urlPattern = (String) entry.getKey(); - List securityConstraints = (List) entry.getValue(); - for (Iterator constraints = securityConstraints.iterator(); constraints.hasNext();) { - SecurityConstraint securityConstraint = (SecurityConstraint) constraints.next(); - addSecurityConstraint(urlPattern, securityConstraint); + Set p = new HashSet(); + for (Iterator iterator = rolePermissions.entrySet().iterator(); iterator.hasNext();) { + Map.Entry entry = (Map.Entry) iterator.next(); + Set permissions = (Set) entry.getValue(); + for (Iterator iterator1 = permissions.iterator(); iterator1.hasNext();) { + Permission permission = (Permission) iterator1.next(); + p.add(permission); } - + } + for (Iterator iterator = p.iterator(); iterator.hasNext();) { + Permission permission = (Permission) iterator.next(); + checked.add(permission); } } @@ -236,31 +236,6 @@ policyConfiguration.commit(); } - - /** - * Keep our own copy of security constraints.<p/> - * <p/> - * We keep our own copy of security constraints because Jetty's copy is - * private. We use these constraints not for any authorization descitions - * but, to decide whether we should attempt to authenticate the request. - * - * @param pathSpec The path spec to which the secuiryt cosntraint applies - * @param sc the security constraint - * TODO Jetty to provide access to this map so we can remove this method - * @see org.mortbay.http.HttpContext#addSecurityConstraint(java.lang.String, org.mortbay.http.SecurityConstraint) - */ - public void addSecurityConstraint(String pathSpec, SecurityConstraint sc) { - super.addSecurityConstraint(pathSpec, sc); - - Object scs = constraintMap.get(pathSpec); - scs = LazyList.add(scs, sc); - constraintMap.put(pathSpec, scs); - - if (log.isDebugEnabled()) { - log.debug("added " + sc + " at " + pathSpec); - } - } - /** * Check the security constraints using JACC. * @@ -328,49 +303,11 @@ * e.g. login page. */ public Principal obtainUser(String pathInContext, HttpRequest request, HttpResponse response) throws HttpException, IOException { - List scss = constraintMap.getMatches(pathInContext); - String pattern = null; - boolean unauthenticated = false; - boolean forbidden = false; - - if (scss != null && scss.size() > 0) { - - // for each path match - // Add only constraints that have the correct method - // break if the matching pattern changes. This allows only - // constraints with matching pattern and method to be combined. - loop: - for (int m = 0; m < scss.size(); m++) { - Map.Entry entry = (Map.Entry) scss.get(m); - Object scs = entry.getValue(); - String p = (String) entry.getKey(); - for (int c = 0; c < LazyList.size(scs); c++) { - SecurityConstraint sc = (SecurityConstraint) LazyList.get(scs, c); - if (!sc.forMethod(request.getMethod())) continue; - - if (pattern != null && !pattern.equals(p)) break loop; - pattern = p; - - // Check the method applies - if (!sc.forMethod(request.getMethod())) continue; - - // Combine auth constraints. - if (sc.getAuthenticate()) { - if (!sc.isAnyRole()) { - List scr = sc.getRoles(); - if (scr == null || scr.size() == 0) { - forbidden = true; - break loop; - } - } - } else { - unauthenticated = true; - } - } - } - } else { - unauthenticated = true; - } + ServletHttpRequest servletHttpRequest = (ServletHttpRequest) request.getWrapper(); + WebResourcePermission resourcePermission = new WebResourcePermission(servletHttpRequest); + WebUserDataPermission dataPermission = new WebUserDataPermission(servletHttpRequest); + boolean unauthenticated = !(checked.implies(resourcePermission) || checked.implies(dataPermission)); + boolean forbidden = excludedPermissions.implies(resourcePermission) || excludedPermissions.implies(dataPermission); UserRealm realm = getRealm(); Authenticator authenticator = getAuthenticator(); @@ -414,7 +351,7 @@ /** * Generate the default principal from the security config. * - * @param securityConfig The Geronimo security configuration. + * @param securityConfig The Geronimo security configuration. * @param loginDomainName * @return the default principal */ @@ -553,21 +490,15 @@ private void configure() throws GeronimoSecurityException { try { - for (Iterator iterator = excludedPermissions.iterator(); iterator.hasNext();) { - Permission permission = (Permission) iterator.next(); - policyConfiguration.addToExcludedPolicy(permission); - } - for (Iterator iterator = uncheckedPermissions.iterator(); iterator.hasNext();) { - Permission permission = (Permission) iterator.next(); - policyConfiguration.addToUncheckedPolicy(permission); - } + policyConfiguration.addToExcludedPolicy(excludedPermissions); + policyConfiguration.addToUncheckedPolicy(uncheckedPermissions); for (Iterator iterator = rolePermissions.entrySet().iterator(); iterator.hasNext();) { Map.Entry entry = (Map.Entry) iterator.next(); String roleName = (String) entry.getKey(); Set permissions = (Set) entry.getValue(); for (Iterator iterator1 = permissions.iterator(); iterator1.hasNext();) { Permission permission = (Permission) iterator1.next(); - policyConfiguration.addToRole(roleName, permission); + policyConfiguration.addToRole(roleName, permission); } } } catch (PolicyContextException e) { @@ -587,11 +518,9 @@ infoBuilder.addAttribute("securityConfig", Security.class, true); infoBuilder.addAttribute("securityRoles", Set.class, true); - infoBuilder.addAttribute("uncheckedPermissions", Set.class, true); - infoBuilder.addAttribute("excludedPermissions", Set.class, true); + infoBuilder.addAttribute("uncheckedPermissions", PermissionCollection.class, true); + infoBuilder.addAttribute("excludedPermissions", PermissionCollection.class, true); infoBuilder.addAttribute("rolePermissions", Map.class, true); - //TODO remove - infoBuilder.addAttribute("legacySecurityConstraintMap", Map.class, true); infoBuilder.addAttribute("kernel", Kernel.class, false); @@ -627,8 +556,6 @@ "uncheckedPermissions", "excludedPermissions", "rolePermissions", - //TODO remove - "legacySecurityConstraintMap", "TransactionContextManager", "TrackedConnectionAssociator", Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?view=diff&rev=111428&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r1=111427&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r2=111428 ============================================================================== --- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java (original) +++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Thu Dec 9 12:15:14 2004 @@ -16,37 +16,39 @@ */ package org.apache.geronimo.jetty; -import java.util.Map; -import java.util.HashMap; +import java.io.File; +import java.net.URI; +import java.security.PermissionCollection; import java.util.Collections; -import java.util.Set; +import java.util.HashMap; import java.util.HashSet; +import java.util.Map; import java.util.Properties; -import java.net.URI; -import java.io.File; - +import java.util.Set; import javax.management.ObjectName; import junit.framework.TestCase; +import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator; import org.apache.geronimo.gbean.GBeanData; -import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory; import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContext; import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContextImpl; -import org.apache.geronimo.transaction.OnlineUserTransaction; -import org.apache.geronimo.transaction.manager.TransactionManagerImpl; -import org.apache.geronimo.transaction.context.TransactionContextManager; -import org.apache.geronimo.kernel.management.State; -import org.apache.geronimo.kernel.Kernel; +import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory; import org.apache.geronimo.jetty.connector.HTTPConnector; -import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator; +import org.apache.geronimo.kernel.Kernel; +import org.apache.geronimo.kernel.management.State; import org.apache.geronimo.security.SecurityServiceImpl; import org.apache.geronimo.security.deploy.Security; -import org.apache.geronimo.security.realm.GenericSecurityRealm; +import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration; import org.apache.geronimo.security.jaas.JaasLoginService; import org.apache.geronimo.security.jaas.LoginModuleGBean; +import org.apache.geronimo.security.realm.GenericSecurityRealm; import org.apache.geronimo.system.serverinfo.ServerInfo; +import org.apache.geronimo.transaction.OnlineUserTransaction; +import org.apache.geronimo.transaction.context.TransactionContextManager; +import org.apache.geronimo.transaction.manager.TransactionManagerImpl; import org.mortbay.jetty.servlet.FormAuthenticator; + /** * @version $Rev: $ $Date: $ */ @@ -65,6 +67,8 @@ private GBeanData tcm; private ClassLoader cl; private J2eeContext moduleContext = new J2eeContextImpl("jetty.test", "test", "null", "jettyTest", null, null); + private GBeanData loginConfigurationGBean; + protected ObjectName loginConfigurationName; private GBeanData securityServiceGBean; protected ObjectName securityServiceName; private ObjectName loginServiceName; @@ -76,8 +80,9 @@ private ObjectName serverInfoName; private GBeanData serverInfoGBean; - public void testDummy() throws Exception { } - + public void testDummy() throws Exception { + } + protected void setUpStaticContentServlet() throws Exception { GBeanData staticContentServletGBeanData = new GBeanData(JettyServletHolder.GBEAN_INFO); staticContentServletGBeanData.setAttribute("servletName", "default"); @@ -106,10 +111,9 @@ OnlineUserTransaction userTransaction = new OnlineUserTransaction(); app.setAttribute("userTransaction", userTransaction); //we have no classes or libs. - app.setAttribute("webClassPath", new URI[] {}); + app.setAttribute("webClassPath", new URI[]{}); app.setAttribute("contextPriorityClassLoader", Boolean.FALSE); app.setAttribute("configurationBaseUrl", new File("src/test-resources/deployables/").toURL()); -// app.setAttribute("configurationBaseUrl", Thread.currentThread().getContextClassLoader().getResource("deployables/")); app.setReferencePattern("TransactionContextManager", tcmName); app.setReferencePattern("TrackedConnectionAssociator", ctcName); app.setReferencePattern("JettyContainer", containerName); @@ -119,15 +123,15 @@ start(app); } - protected void setUpSecureAppContext(Security securityConfig, Set uncheckedPermissions, Set excludedPermissions, Map rolePermissions, Set securityRoles, Map legacySecurityConstraintMap) throws Exception { + protected void setUpSecureAppContext(Security securityConfig, PermissionCollection uncheckedPermissions, PermissionCollection excludedPermissions, Map rolePermissions, Set securityRoles) throws Exception { GBeanData app = new GBeanData(webModuleName, JettyWebAppJACCContext.GBEAN_INFO); - app.setAttribute("loginDomainName", "jaasTest"); + app.setAttribute("loginDomainName", "demo-properties-realm"); app.setAttribute("securityConfig", securityConfig); app.setAttribute("uncheckedPermissions", uncheckedPermissions); app.setAttribute("excludedPermissions", excludedPermissions); app.setAttribute("rolePermissions", rolePermissions); app.setAttribute("securityRoles", securityRoles); - app.setAttribute("legacySecurityConstraintMap", legacySecurityConstraintMap); + FormAuthenticator formAuthenticator = new FormAuthenticator(); formAuthenticator.setLoginPage("/auth/logon.html?param=test"); formAuthenticator.setErrorPage("/auth/logonError.html?param=test"); @@ -136,10 +140,11 @@ app.setAttribute("policyContextID", "TEST"); app.setAttribute("uri", URI.create("war3/")); app.setAttribute("componentContext", null); + OnlineUserTransaction userTransaction = new OnlineUserTransaction(); app.setAttribute("userTransaction", userTransaction); //we have no classes or libs. - app.setAttribute("webClassPath", new URI[] {}); + app.setAttribute("webClassPath", new URI[]{}); app.setAttribute("contextPriorityClassLoader", Boolean.FALSE); app.setAttribute("configurationBaseUrl", new File("src/test-resources/deployables/").toURL()); app.setReferencePattern("TransactionContextManager", tcmName); @@ -152,6 +157,14 @@ } protected void setUpSecurity() throws Exception { + + loginConfigurationName = new ObjectName("geronimo.security:type=LoginConfiguration"); + loginConfigurationGBean = new GBeanData(loginConfigurationName, GeronimoLoginConfiguration.getGBeanInfo()); + Set configurations = new HashSet(); + configurations.add(new ObjectName("geronimo.security:type=SecurityRealm,*")); + configurations.add(new ObjectName("geronimo.security:type=ConfigurationEntry,*")); + loginConfigurationGBean.setReferencePatterns("Configurations", configurations); + securityServiceName = new ObjectName("geronimo.security:type=SecurityService"); securityServiceGBean = new GBeanData(securityServiceName, SecurityServiceImpl.GBEAN_INFO); securityServiceGBean.setReferencePatterns("Realms", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*"))); @@ -166,17 +179,18 @@ loginServiceGBean.setAttribute("password", "secret"); serverInfoName = new ObjectName("geronimo.system:role=ServerInfo"); - serverInfoGBean = new GBeanData(serverInfoName, ServerInfo.GBEAN_INFO); - serverInfoGBean.setAttribute("baseDirectory", "."); + serverInfoGBean = new GBeanData(serverInfoName, ServerInfo.GBEAN_INFO); + serverInfoGBean.setAttribute("baseDirectory", "."); propertiesLMName = new ObjectName("geronimo.security:type=LoginModule,name=demo-properties-login"); propertiesLMGBean = new GBeanData(propertiesLMName, LoginModuleGBean.GBEAN_INFO); propertiesLMGBean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule"); propertiesLMGBean.setAttribute("serverSide", Boolean.TRUE); Properties options = new Properties(); - options.setProperty("usersURI", new File(new File("."), "src/test-resources/data/users.properties").toString()); - options.setProperty("groupsURI", new File(new File("."), "src/test-resources/data/groups.properties").toString()); + options.setProperty("usersURI", "src/test-resources/data/users.properties"); + options.setProperty("groupsURI", "src/test-resources/data/groups.properties"); propertiesLMGBean.setAttribute("options", options); + propertiesLMGBean.setAttribute("loginDomainName", "demo-properties-realm"); propertiesRealmName = new ObjectName("geronimo.security:type=SecurityRealm,realm=demo-properties-realm"); propertiesRealmGBean = new GBeanData(propertiesRealmName, GenericSecurityRealm.GBEAN_INFO); @@ -188,6 +202,7 @@ // propertiesRealmGBean.setAttribute("autoMapPrincipalClasses", "org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal"); propertiesRealmGBean.setAttribute("defaultPrincipal", "metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"); + start(loginConfigurationGBean); start(securityServiceGBean); start(loginServiceGBean); start(serverInfoGBean); @@ -202,12 +217,13 @@ stop(serverInfoName); stop(loginServiceName); stop(securityServiceName); + stop(loginConfigurationName); } private void start(GBeanData gbeanData) throws Exception { kernel.loadGBean(gbeanData, cl); kernel.startGBean(gbeanData.getName()); - if (((Integer)kernel.getAttribute(gbeanData.getName(), "state")).intValue() != State.RUNNING_INDEX ) { + if (((Integer) kernel.getAttribute(gbeanData.getName(), "state")).intValue() != State.RUNNING_INDEX) { fail("gbean not started: " + gbeanData.getName()); } } Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java?view=diff&rev=111428&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r1=111427&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r2=111428 ============================================================================== --- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java (original) +++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Thu Dec 9 12:15:14 2004 @@ -22,6 +22,8 @@ import java.io.InputStreamReader; import java.net.HttpURLConnection; import java.net.URL; +import java.security.PermissionCollection; +import java.security.Permissions; import java.util.HashMap; import java.util.HashSet; import java.util.Map; @@ -50,7 +52,7 @@ * * @throws Exception thrown if an error in the test occurs */ - public void xtestExplicitMapping() throws Exception { + public void testExplicitMapping() throws Exception { Security securityConfig = new Security(); securityConfig.setUseContextHandler(false); @@ -75,13 +77,24 @@ securityConfig.getRoleMappings().put(role.getRoleName(), role); - Set uncheckedPermissions = new HashSet(); - Set excludedPermissions = new HashSet(); + PermissionCollection uncheckedPermissions = new Permissions(); + + PermissionCollection excludedPermissions = new Permissions(); + excludedPermissions.add(new WebResourcePermission("/auth/login.html", "")); + excludedPermissions.add(new WebUserDataPermission("/auth/login.html", "")); + Map rolePermissions = new HashMap(); + Set permissions = new HashSet(); + permissions.add(new WebUserDataPermission("/protected/*", "")); + permissions.add(new WebResourcePermission("/protected/*", "")); + rolePermissions.put("content-administrator", permissions); + rolePermissions.put("auto-administrator", permissions); + Set securityRoles = new HashSet(); - Map legacySecurityConstraintMap = new HashMap(); + securityRoles.add("content-administrator"); + securityRoles.add("auto-administrator"); - startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap); + startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles); HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt";).openConnection(); connection.setInstanceFollowRedirects(false); @@ -153,7 +166,7 @@ * * @throws Exception thrown if an error in the test occurs */ - public void xtestAutoMapping() throws Exception { + public void testAutoMapping() throws Exception { Security securityConfig = new Security(); securityConfig.setUseContextHandler(false); @@ -171,27 +184,24 @@ kernel.getProxyManager().destroyProxy(securityService); } - String actions = "GET,POST,PUT,DELETE,HEAD,OPTIONS,TRACE"; - Set uncheckedPermissions = new HashSet(); - uncheckedPermissions.add(new WebUserDataPermission("/protected/*", actions)); - uncheckedPermissions.add(new WebResourcePermission("/:/protected/*:/auth/logon.html", actions)); - uncheckedPermissions.add(new WebUserDataPermission("/:/protected/*:/auth/logon.html", actions)); - Set excludedPermissions = new HashSet(); - excludedPermissions.add(new WebResourcePermission("/auth/login.html", actions)); - excludedPermissions.add(new WebUserDataPermission("/auth/login.html", actions)); + PermissionCollection uncheckedPermissions = new Permissions(); + + PermissionCollection excludedPermissions = new Permissions(); + excludedPermissions.add(new WebResourcePermission("/auth/login.html", "")); + excludedPermissions.add(new WebUserDataPermission("/auth/login.html", "")); + Map rolePermissions = new HashMap(); - WebResourcePermission permission = new WebResourcePermission("/protected/*", actions); - Set permissionSet = new HashSet(); - permissionSet.add(permission); - rolePermissions.put("content-administrator", permissionSet); - rolePermissions.put("auto-administrator", permissionSet); + Set permissions = new HashSet(); + permissions.add(new WebUserDataPermission("/protected/*", "")); + permissions.add(new WebResourcePermission("/protected/*", "")); + rolePermissions.put("content-administrator", permissions); + rolePermissions.put("auto-administrator", permissions); + Set securityRoles = new HashSet(); securityRoles.add("content-administrator"); securityRoles.add("auto-administrator"); - Map legacySecurityConstraintMap = new HashMap(); - - startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap); + startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles); HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt";).openConnection(); connection.setInstanceFollowRedirects(false); @@ -264,7 +274,7 @@ * * @throws Exception thrown if an error in the test occurs */ - public void xtestMixedMapping() throws Exception { + public void testMixedMapping() throws Exception { Security securityConfig = new Security(); securityConfig.setUseContextHandler(false); @@ -303,13 +313,24 @@ securityConfig.append(role); - Set uncheckedPermissions = new HashSet(); - Set excludedPermissions = new HashSet(); + PermissionCollection uncheckedPermissions = new Permissions(); + + PermissionCollection excludedPermissions = new Permissions(); + excludedPermissions.add(new WebResourcePermission("/auth/login.html", "")); + excludedPermissions.add(new WebUserDataPermission("/auth/login.html", "")); + Map rolePermissions = new HashMap(); + Set permissions = new HashSet(); + permissions.add(new WebUserDataPermission("/protected/*", "")); + permissions.add(new WebResourcePermission("/protected/*", "")); + rolePermissions.put("content-administrator", permissions); + rolePermissions.put("auto-administrator", permissions); + Set securityRoles = new HashSet(); - Map legacySecurityConstraintMap = new HashMap(); + securityRoles.add("content-administrator"); + securityRoles.add("auto-administrator"); - startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap); + startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles); HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt";).openConnection(); connection.setInstanceFollowRedirects(false); @@ -373,30 +394,9 @@ stopWebApp(); } - protected void startWebApp(Security securityConfig, Set uncheckedPermissions, Set excludedPermissions, Map rolePermissions, Set securityRoles, Map legacySecurityConstraintMap) throws Exception { - setUpSecureAppContext(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap); + protected void startWebApp(Security securityConfig, PermissionCollection uncheckedPermissions, PermissionCollection excludedPermissions, Map rolePermissions, Set securityRoles) throws Exception { + setUpSecureAppContext(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles); setUpStaticContentServlet(); -// GBeanMBean app = new GBeanMBean(JettyWebAppJACCContext.GBEAN_INFO); -// -// app.setAttribute("userRealmName", "Test JAAS Realm"); -// app.setAttribute("securityRealmName", "jaasTest"); -// app.setAttribute("uri", URI.create("war3/")); -// app.setAttribute("componentContext", null); -// OnlineUserTransaction userTransaction = new OnlineUserTransaction(); -// app.setAttribute("userTransaction", userTransaction); -// app.setAttribute("webClassPath", new URI[0]); -// app.setAttribute("contextPriorityClassLoader", Boolean.FALSE); -// app.setAttribute("configurationBaseUrl", Thread.currentThread().getContextClassLoader().getResource("deployables/")); -// app.setAttribute("securityConfig", securityConfig); -// app.setReferencePattern("SecurityService", securityServiceName); -// app.setAttribute("policyContextID", "TEST"); -// -// app.setAttribute("contextPath", "/test"); -// -// app.setReferencePattern("TransactionContextManager", tcmName); -// app.setReferencePattern("TrackedConnectionAssociator", tcaName); -// app.setReferencePatterns("JettyContainer", containerPatterns); -// // start(appName, app); }
