Author: djencks Date: Wed Dec 22 00:19:52 2004 New Revision: 123061 URL: http://svn.apache.org/viewcvs?view=rev&rev=123061 Log: Move all role auto mapping to deploy time, and make more of it work. There are still problems: DeploymentSupport is ignored, loginDomainName is the wrong name, and handling of GSR gbeans deployed in a war is unsatisfactory. This also changes the naming convention for GSR's from realm=name to name=name Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/MapOfSets.java Removed: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityService.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/AutoMapAssistant.java Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/AbstractWebServiceTest.java geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/preconditions/DynamicEJBDeploymentTest.java geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java geronimo/trunk/modules/security-builder/project.xml geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Principal.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/AbstractUserPasswordBridgeTest.java geronimo/trunk/modules/service-builder/src/java/org/apache/geronimo/deployment/service/GBeanHelper.java geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml?view=diff&rev=123061&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml&r1=123060&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml&r2=123061 ============================================================================== --- geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml (original) +++ geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml Wed Dec 22 00:19:52 2004 @@ -160,10 +160,8 @@ <reference name="AppClientConfigBuilder">geronimo.deployer:role=ModuleBuilder,type=AppClient,config=org/apache/geronimo/J2EEDeployer</reference> </gbean> - <!--can this SecurityService actually do anything in this configuration???--> <gbean name="geronimo.deployer:type=SecurityService" class="org.apache.geronimo.security.SecurityServiceImpl"> <attribute name="policyConfigurationFactory" type="java.lang.String">org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory</attribute> - <reference name="Mappers">geronimo.security:type=SecurityRealm,*</reference> </gbean> <gbean name="geronimo.deployer:role=ModuleBuilder,type=Web,config=org/apache/geronimo/J2EEDeployer" class="org.apache.geronimo.jetty.deployment.JettyModuleBuilder"> @@ -171,7 +169,6 @@ <attribute name="defaultSessionTimeoutSeconds">1800</attribute> <attribute name="defaultWelcomeFiles">index.html,index.htm,index.jsp</attribute> <attribute name="jettyContainerObjectName">geronimo.server:type=WebContainer,container=Jetty</attribute> - <reference name="SecurityService">geronimo.deployer:type=SecurityService</reference> <attribute name="defaultServlets">geronimo.deployer:role=DefaultServlet,config=org/apache/geronimo/J2EEDeployer,*</attribute> </gbean> Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml?view=diff&rev=123061&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml&r1=123060&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml&r2=123061 ============================================================================== --- geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml (original) +++ geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml Wed Dec 22 00:19:52 2004 @@ -94,7 +94,6 @@ <attribute name="defaultSessionTimeoutSeconds">1800</attribute> <attribute name="defaultWelcomeFiles">index.html,index.htm,index.jsp</attribute> <attribute name="jettyContainerObjectName">geronimo.server:type=WebContainer,container=Jetty</attribute> - <reference name="SecurityService">geronimo.security:type=SecurityService</reference> <attribute name="defaultServlets">geronimo.deployer:role=DefaultServlet,config=org/apache/geronimo/RuntimeDeployer,*</attribute> </gbean> Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml?view=diff&rev=123061&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml&r1=123060&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml&r2=123061 ============================================================================== --- geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml (original) +++ geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml Wed Dec 22 00:19:52 2004 @@ -34,22 +34,22 @@ <gbean name="geronimo.security:type=LoginModule,name=demo-properties-login" class="org.apache.geronimo.security.jaas.LoginModuleGBean"> - <attribute name="loginModuleClass" type="java.lang.String">org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</attribute> - <attribute name="serverSide" type="boolean">true</attribute> - <attribute name="options" type="java.util.Properties"> + <attribute name="loginModuleClass">org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</attribute> + <attribute name="serverSide">true</attribute> + <attribute name="options"> usersURI=var/security/demo_users.properties groupsURI=var/security/demo_groups.properties </attribute> - <attribute name="loginDomainName" type="java.lang.String">demo-properties-realm</attribute> + <attribute name="loginDomainName">demo-properties-realm</attribute> </gbean> - <gbean name="geronimo.security:type=SecurityRealm,realm=demo-properties-realm" + <gbean name="geronimo.security:type=SecurityRealm,name=demo-properties-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm"> - <attribute name="realmName" type="java.lang.String">demo-properties-realm</attribute> - <attribute name="loginModuleConfiguration" type="java.util.Properties"> + <attribute name="realmName">demo-properties-realm</attribute> + <attribute name="loginModuleConfiguration"> LoginModule.1.REQUIRED=geronimo.security:type=LoginModule,name=demo-properties-login </attribute> - <attribute name="autoMapPrincipalClasses" type="java.lang.String">org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal</attribute> + <attribute name="autoMapPrincipalClasses">demo-properties-realm=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal</attribute> <reference name="ServerInfo">geronimo.system:role=ServerInfo</reference> </gbean> Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml?view=diff&rev=123061&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r1=123060&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r2=123061 ============================================================================== --- geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml (original) +++ geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml Wed Dec 22 00:19:52 2004 @@ -122,29 +122,29 @@ <!-- Default security realm using properties files --> <gbean name="geronimo.security:type=LoginModule,name=properties-login" class="org.apache.geronimo.security.jaas.LoginModuleGBean"> - <attribute name="loginModuleClass" type="java.lang.String">org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</attribute> - <attribute name="serverSide" type="boolean">true</attribute> - <attribute name="options" type="java.util.Properties"> + <attribute name="loginModuleClass">org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</attribute> + <attribute name="serverSide">true</attribute> + <attribute name="options"> usersURI=var/security/users.properties groupsURI=var/security/groups.properties </attribute> <attribute name="loginDomainName" type="java.lang.String">geronimo-properties-realm</attribute> </gbean> - <gbean name="geronimo.security:type=SecurityRealm,realm=geronimo-properties-realm" + <gbean name="geronimo.security:type=SecurityRealm,name=geronimo-properties-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm"> - <attribute name="realmName" type="java.lang.String">geronimo-properties-realm</attribute> - <attribute name="loginModuleConfiguration" type="java.util.Properties"> + <attribute name="realmName">geronimo-properties-realm</attribute> + <attribute name="loginModuleConfiguration"> LoginModule.1.REQUIRED=geronimo.security:type=LoginModule,name=properties-login </attribute> <reference name="ServerInfo">geronimo.system:role=ServerInfo</reference> - <attribute name="autoMapPrincipalClasses" type="java.lang.String">org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal</attribute> + <attribute name="autoMapPrincipalClasses">geronimo-properties-realm=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal</attribute> </gbean> <gbean name="geronimo.security:type=ConfigurationEntry,jaasId=JMX" class="org.apache.geronimo.security.jaas.ServerRealmConfigurationEntry"> - <attribute name="applicationConfigName" type="java.lang.String">JMX</attribute> - <attribute name="realmName" type="java.lang.String">geronimo-properties-realm</attribute> + <attribute name="applicationConfigName">JMX</attribute> + <attribute name="realmName">geronimo-properties-realm</attribute> </gbean> <!-- Register GeronimoLoginConfiguration as the LoginConfiguration handler --> @@ -156,51 +156,50 @@ </gbean> <gbean name="geronimo.security:type=SecurityService" class="org.apache.geronimo.security.SecurityServiceImpl"> - <attribute name="policyConfigurationFactory" type="java.lang.String">org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory</attribute> - <reference name="Mappers">geronimo.security:type=SecurityRealm,*</reference> + <attribute name="policyConfigurationFactory">org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory</attribute> </gbean> <gbean name="geronimo.security:type=JaasLoginService" class="org.apache.geronimo.security.jaas.JaasLoginService"> <reference name="Realms">geronimo.security:type=SecurityRealm,*</reference> <!-- <attribute name="reclaimPeriod" type="long">100000</attribute>--> - <attribute name="algorithm" type="java.lang.String">HmacSHA1</attribute> - <attribute name="password" type="java.lang.String">secret</attribute> + <attribute name="algorithm">HmacSHA1</attribute> + <attribute name="password">secret</attribute> </gbean> <gbean name="geronimo.server:type=ThreadPool,name=DefaultThreadPool" class="org.apache.geronimo.pool.ThreadPool"> - <attribute name="keepAliveTime" type="long">5000</attribute> - <attribute name="poolSize" type="int">10</attribute> - <attribute name="poolName" type="java.lang.String">DefaultThreadPool</attribute> + <attribute name="keepAliveTime">5000</attribute> + <attribute name="poolSize">10</attribute> + <attribute name="poolName">DefaultThreadPool</attribute> </gbean> <gbean name="geronimo.server:type=ConnectionTracker" class="org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator"> </gbean> <gbean name="geronimo.server:J2EEServer=geronimo,j2eeType=JCAWorkManager,name=DefaultWorkManager" class="org.apache.geronimo.connector.work.GeronimoWorkManager"> - <attribute name="syncMaximumPoolSize" type="int">10</attribute> - <attribute name="startMaximumPoolSize" type="int">10</attribute> - <attribute name="scheduledMaximumPoolSize" type="int">10</attribute> + <attribute name="syncMaximumPoolSize">10</attribute> + <attribute name="startMaximumPoolSize">10</attribute> + <attribute name="scheduledMaximumPoolSize">10</attribute> <reference name="TransactionContextManager">geronimo.server:type=TransactionContextManager</reference> </gbean> <gbean name="geronimo.server:type=HOWLTransactionLog" class="org.apache.geronimo.transaction.log.HOWLLog"> - <attribute name="bufferClassName" type="java.lang.String">org.objectweb.howl.log.BlockLogBuffer</attribute> - <attribute name="bufferSizeKBytes" type="int">32</attribute> - <attribute name="checksumEnabled" type="boolean">true</attribute> - <attribute name="flushSleepTimeMilliseconds" type="int">50</attribute> - <attribute name="logFileDir" type="java.lang.String">var/txlog</attribute> - <attribute name="logFileExt" type="java.lang.String">log</attribute> - <attribute name="logFileName" type="java.lang.String">howl</attribute> - <attribute name="maxBlocksPerFile" type="int">-1</attribute> - <attribute name="maxBuffers" type="int">0</attribute> - <attribute name="maxLogFiles" type="int">2</attribute> - <attribute name="minBuffers" type="int">4</attribute> - <attribute name="threadsWaitingForceThreshold" type="int">-1</attribute> + <attribute name="bufferClassName">org.objectweb.howl.log.BlockLogBuffer</attribute> + <attribute name="bufferSizeKBytes">32</attribute> + <attribute name="checksumEnabled">true</attribute> + <attribute name="flushSleepTimeMilliseconds">50</attribute> + <attribute name="logFileDir">var/txlog</attribute> + <attribute name="logFileExt">log</attribute> + <attribute name="logFileName">howl</attribute> + <attribute name="maxBlocksPerFile">-1</attribute> + <attribute name="maxBuffers">0</attribute> + <attribute name="maxLogFiles">2</attribute> + <attribute name="minBuffers">4</attribute> + <attribute name="threadsWaitingForceThreshold">-1</attribute> <reference name="serverInfo">geronimo.system:role=ServerInfo</reference> </gbean> <gbean name="geronimo.server:type=TransactionManager" class="org.apache.geronimo.transaction.manager.TransactionManagerImpl"> - <attribute name="defaultTransactionTimeoutSeconds" type="int">300</attribute> + <attribute name="defaultTransactionTimeoutSeconds">300</attribute> <reference name="TransactionLog">geronimo.server:type=HOWLTransactionLog</reference> <references name="ResourceManagers"> <pattern>geronimo.server:j2eeType=JCAManagedConnectionFactory,*</pattern> @@ -225,7 +224,7 @@ </gbean> <gbean name="geronimo.server:type=WebConnector,container=Jetty,port=8080" class="org.apache.geronimo.jetty.connector.HTTPConnector"> - <attribute name="port" type="int">8080</attribute> + <attribute name="port">8080</attribute> <reference name="JettyContainer">geronimo.server:type=WebContainer,container=Jetty</reference> <!-- <attribute name="MaxConnections" type="int">10</attribute>--> <!-- <attribute name="MaxIdleTime" type="int">10</attribute>--> @@ -243,13 +242,13 @@ <!-- EJB Protocol --> <gbean name="openejb:type=SocketService,name=EJB" class="org.openejb.server.SimpleSocketService"> - <attribute name="serviceClassName" type="java.lang.String">org.openejb.server.ejbd.EjbServer</attribute> - <attribute name="onlyFrom" type="java.net.InetAddress[]">127.0.0.1</attribute> + <attribute name="serviceClassName">org.openejb.server.ejbd.EjbServer</attribute> + <attribute name="onlyFrom">127.0.0.1</attribute> <reference name="ContainerIndex">openejb:type=ContainerIndex</reference> </gbean> <gbean name="openejb:type=ServiceDaemon,name=EJB" class="org.openejb.server.ServiceDaemon"> - <attribute name="port" type="int">4201</attribute> - <attribute name="inetAddress" type="java.net.InetAddress">127.0.0.1</attribute> + <attribute name="port">4201</attribute> + <attribute name="inetAddress">127.0.0.1</attribute> <reference name="SocketService">openejb:type=SocketService,name=EJB</reference> </gbean> @@ -262,8 +261,8 @@ <!-- JMX Remoting --> <gbean name="geronimo.server:role=JMXService,name=localhost" class="org.apache.geronimo.jmxremoting.JMXConnector"> - <attribute name="URL" type="java.lang.String">service:jmx:rmi://localhost/jndi/rmi:/JMXConnector</attribute> - <attribute name="applicationConfigName" type="java.lang.String">JMX</attribute> + <attribute name="URL">service:jmx:rmi://localhost/jndi/rmi:/JMXConnector</attribute> + <attribute name="applicationConfigName">JMX</attribute> </gbean> </configuration> Modified: geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/AbstractWebServiceTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/AbstractWebServiceTest.java?view=diff&rev=123061&p1=geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/AbstractWebServiceTest.java&r1=123060&p2=geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/AbstractWebServiceTest.java&r2=123061 ============================================================================== --- geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/AbstractWebServiceTest.java (original) +++ geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/AbstractWebServiceTest.java Wed Dec 22 00:19:52 2004 @@ -127,7 +127,7 @@ // // kernel.loadGBean(AxisGeronimoConstants.EAR_CONF_BUILDER_NAME,moduleBuilder); // - OpenEJBModuleBuilder moduleBuilder = new OpenEJBModuleBuilder(null, defaultParentId, null); + OpenEJBModuleBuilder moduleBuilder = new OpenEJBModuleBuilder(defaultParentId, null, kernel); EARConfigBuilder earConfigBuilder = new EARConfigBuilder(defaultParentId, Modified: geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/preconditions/DynamicEJBDeploymentTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/preconditions/DynamicEJBDeploymentTest.java?view=diff&rev=123061&p1=geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/preconditions/DynamicEJBDeploymentTest.java&r1=123060&p2=geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/preconditions/DynamicEJBDeploymentTest.java&r2=123061 ============================================================================== --- geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/preconditions/DynamicEJBDeploymentTest.java (original) +++ geronimo/trunk/modules/axis/src/test/org/apache/geronimo/axis/preconditions/DynamicEJBDeploymentTest.java Wed Dec 22 00:19:52 2004 @@ -72,7 +72,7 @@ File jarFile = new File(outDir , "echo-jar/echo-ewsimpl.jar"); URI defaultParentId = new URI("org/apache/geronimo/Server"); - OpenEJBModuleBuilder moduleBuilder = new OpenEJBModuleBuilder(null, defaultParentId, null); + OpenEJBModuleBuilder moduleBuilder = new OpenEJBModuleBuilder(defaultParentId, null, kernel); EARConfigBuilder earConfigBuilder = Modified: geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java?view=diff&rev=123061&p1=geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r1=123060&p2=geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r2=123061 ============================================================================== --- geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java (original) +++ geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java Wed Dec 22 00:19:52 2004 @@ -69,11 +69,10 @@ import org.apache.geronimo.naming.deployment.GBeanResourceEnvironmentBuilder; import org.apache.geronimo.naming.java.ReadOnlyContext; import org.apache.geronimo.schema.SchemaConversionUtils; -import org.apache.geronimo.security.SecurityService; import org.apache.geronimo.security.deploy.Security; -import org.apache.geronimo.security.deploy.AutoMapAssistant; import org.apache.geronimo.security.deployment.SecurityBuilder; import org.apache.geronimo.security.util.URLPattern; +import org.apache.geronimo.security.realm.GenericSecurityRealm; import org.apache.geronimo.transaction.OnlineUserTransaction; import org.apache.geronimo.xbeans.geronimo.jetty.JettyDependencyType; import org.apache.geronimo.xbeans.geronimo.jetty.JettyGbeanType; @@ -121,7 +120,6 @@ private final ObjectName defaultServlets; private final ObjectName defaultFilters; private final ObjectName defaultFilterMappings; - private final SecurityService securityService; private final List defaultWelcomeFiles; private final Integer defaultSessionTimeoutSeconds; @@ -135,12 +133,10 @@ ObjectName defaultServlets, ObjectName defaultFilters, ObjectName defaultFilterMappings, - SecurityService securityService, Kernel kernel) { this.defaultParentId = defaultParentId; this.defaultSessionTimeoutSeconds = (defaultSessionTimeoutSeconds == null) ? new Integer(30 * 60) : defaultSessionTimeoutSeconds; this.jettyContainerObjectName = jettyContainerObjectName; - this.securityService = securityService; this.defaultServlets = defaultServlets; this.defaultFilters = defaultFilters; this.defaultFilterMappings = defaultFilterMappings; @@ -349,11 +345,16 @@ contextPriorityClassLoader = Boolean.valueOf(jettyWebApp.getContextPriorityClassloader()).booleanValue(); } ClassLoader webClassLoader = new JettyClassLoader(webClassPathURLs, cl, contextPriorityClassLoader); - + Map localSecurityRealms = new HashMap(); if (jettyWebApp != null) { JettyGbeanType[] gbeans = jettyWebApp.getGbeanArray(); for (int i = 0; i < gbeans.length; i++) { - GBeanHelper.addGbean(new JettyGBeanAdapter(gbeans[i]), webClassLoader, earContext); + GBeanData gBeanData = GBeanHelper.getGBeanData(new JettyGBeanAdapter(gbeans[i]), webClassLoader); + earContext.addGBean(gBeanData); + String className = gBeanData.getGBeanInfo().getClassName(); + if (GenericSecurityRealm.class.getName().equals(className)) { + localSecurityRealms.put(gBeanData.getAttribute("realmName"), gBeanData); + } } } @@ -369,27 +370,16 @@ GBeanData webModuleData = new GBeanData(webModuleName, JettyWebAppContext.GBEAN_INFO); try { - Set securityRoles = new HashSet(); + Set securityRoles = collectRoleNames(webApp); if (jettyWebApp.isSetLoginDomainName()) { - Security security = SecurityBuilder.buildSecurityConfig(jettyWebApp.getSecurity(), collectRoleNames(webApp)); - security.autoGenerate(securityService); - webModuleData.setAttribute("loginDomainName", jettyWebApp.getLoginDomainName().trim()); + String loginDomainName = jettyWebApp.getLoginDomainName().trim(); + Security security = SecurityBuilder.buildSecurityConfig(Collections.singleton(loginDomainName), jettyWebApp.getSecurity(), securityRoles, localSecurityRealms, kernel); + webModuleData.setAttribute("loginDomainName", loginDomainName); webModuleData.setAttribute("securityConfig", security); String policyContextID = webModuleName.getCanonicalName(); webModuleData.setAttribute("policyContextID", policyContextID); buildSpecSecurityConfig(webApp, webModuleData, securityRoles); - AutoMapAssistant assistant = security.getAssistant(); - if (assistant != null) { - String realmName = assistant.getSecurityRealm(); - ObjectName securityRealmName = null; - try { - securityRealmName = NameFactory.getSecurityRealmName(realmName); - } catch (MalformedObjectNameException e) { - throw new DeploymentException("Could not construct security realm name", e); - } - webModuleData.setReferencePattern("SecurityRealm", securityRealmName); - } } webModuleData.setAttribute("uri", URI.create(module.getTargetPath() + "/")); @@ -762,11 +752,6 @@ Set allSet = new HashSet(); // == allMap.values() Map allMap = new HashMap(); //uncheckedPatterns union excludedPatterns union rolesPatterns. - SecurityRoleType[] securityRoleArray = webApp.getSecurityRoleArray(); - for (int i = 0; i < securityRoleArray.length; i++) { - SecurityRoleType securityRoleType = securityRoleArray[i]; - securityRoles.add(securityRoleType.getRoleName().getStringValue().trim()); - } webModuleData.setAttribute("securityRoles", securityRoles); SecurityConstraintType[] securityConstraintArray = webApp.getSecurityConstraintArray(); @@ -942,7 +927,7 @@ SecurityRoleType[] securityRoles = webApp.getSecurityRoleArray(); for (int i = 0; i < securityRoles.length; i++) { - roleNames.add(securityRoles[i].getRoleName().getStringValue()); + roleNames.add(securityRoles[i].getRoleName().getStringValue().trim()); } return roleNames; @@ -1067,7 +1052,6 @@ infoBuilder.addAttribute("defaultServlets", ObjectName.class, true); infoBuilder.addAttribute("defaultFilters", ObjectName.class, true); infoBuilder.addAttribute("defaultFilterMappings", ObjectName.class, true); - infoBuilder.addReference("SecurityService", SecurityService.class); infoBuilder.addAttribute("kernel", Kernel.class, false); infoBuilder.addInterface(ModuleBuilder.class); @@ -1079,7 +1063,6 @@ "defaultServlets", "defaultFilters", "defaultFilterMappings", - "SecurityService", "kernel"}); GBEAN_INFO = infoBuilder.getBeanInfo(); } Modified: geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java?view=diff&rev=123061&p1=geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java&r1=123060&p2=geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java&r2=123061 ============================================================================== --- geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java (original) +++ geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java Wed Dec 22 00:19:52 2004 @@ -184,9 +184,10 @@ kernel = new Kernel("test.kernel"); kernel.boot(); ObjectName defaultServlets = ObjectName.getInstance("test:name=test,type=none,*"); - SecurityServiceImpl securityService = new SecurityServiceImpl("org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory", null); + //install the policy configuration factory + SecurityServiceImpl securityService = new SecurityServiceImpl("org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory"); - builder = new JettyModuleBuilder(new URI("null"), new Integer(1800), Collections.EMPTY_LIST, containerName, defaultServlets, null, null, securityService, kernel); + builder = new JettyModuleBuilder(new URI("null"), new Integer(1800), Collections.EMPTY_LIST, containerName, defaultServlets, null, null, kernel); container = new GBeanData(containerName, JettyContainerImpl.GBEAN_INFO); Modified: geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java?view=diff&rev=123061&p1=geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java&r1=123060&p2=geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java&r2=123061 ============================================================================== --- geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java (original) +++ geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java Wed Dec 22 00:19:52 2004 @@ -14,7 +14,7 @@ */ public class PlanParsingTest extends TestCase { ObjectName jettyContainerObjectName = JMXUtil.getObjectName("test:type=JettyContainer"); - private JettyModuleBuilder builder = new JettyModuleBuilder(null, new Integer(1800), null, jettyContainerObjectName, null, null, null, null, null); + private JettyModuleBuilder builder = new JettyModuleBuilder(null, new Integer(1800), null, jettyContainerObjectName, null, null, null, null); private File basedir = new File(System.getProperty("basedir", ".")); public void testResourceRef() throws Exception { Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java?view=diff&rev=123061&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java&r1=123060&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java&r2=123061 ============================================================================== --- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java (original) +++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java Wed Dec 22 00:19:52 2004 @@ -125,8 +125,7 @@ TransactionContextManager transactionContextManager, TrackedConnectionAssociator trackedConnectionAssociator, - JettyContainer jettyContainer, - AutoMapAssistant assistant) throws Exception, IllegalAccessException, InstantiationException, ClassNotFoundException { + JettyContainer jettyContainer) throws Exception, IllegalAccessException, InstantiationException, ClassNotFoundException { assert uri != null; assert componentContext != null; @@ -185,7 +184,7 @@ //set the JAASJettyRealm as our realm. JAASJettyRealm realm = new JAASJettyRealm(realmName, loginDomainName); setRealm(realm); - this.securityInterceptor = new SecurityContextBeforeAfter(interceptor, index++, index++, policyContextID, securityConfig, loginDomainName, assistant, authenticator, securityRoles, uncheckedPermissions, excludedPermissions, rolePermissions, realm); + this.securityInterceptor = new SecurityContextBeforeAfter(interceptor, index++, index++, policyContextID, securityConfig, loginDomainName, authenticator, securityRoles, uncheckedPermissions, excludedPermissions, rolePermissions, realm); interceptor = securityInterceptor; } else { securityInterceptor = null; @@ -412,8 +411,6 @@ infoBuilder.addAttribute("excludedPermissions", PermissionCollection.class, true); infoBuilder.addAttribute("rolePermissions", Map.class, true); - infoBuilder.addReference("SecurityRealm", AutoMapAssistant.class); - infoBuilder.setConstructor(new String[]{ "uri", "componentContext", @@ -449,8 +446,7 @@ "TransactionContextManager", "TrackedConnectionAssociator", - "JettyContainer", - "SecurityRealm", + "JettyContainer" }); GBEAN_INFO = infoBuilder.getBeanInfo(); Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java?view=diff&rev=123061&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java&r1=123060&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java&r2=123061 ============================================================================== --- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java (original) +++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java Wed Dec 22 00:19:52 2004 @@ -49,7 +49,6 @@ import org.apache.geronimo.security.deploy.Role; import org.apache.geronimo.security.deploy.Security; import org.apache.geronimo.security.jacc.RoleMappingConfiguration; -import org.apache.geronimo.security.realm.AutoMapAssistant; import org.apache.geronimo.security.util.ConfigurationUtil; import org.mortbay.http.Authenticator; import org.mortbay.http.HttpException; @@ -89,7 +88,6 @@ String policyContextID, Security securityConfig, String loginDomainName, - AutoMapAssistant assistant, Authenticator authenticator, Set securityRoles, PermissionCollection uncheckedPermissions, @@ -101,7 +99,7 @@ this.webAppContextIndex = webAppContextIndex; this.policyContextID = policyContextID; - this.defaultPrincipal = generateDefaultPrincipal(securityConfig, loginDomainName, assistant); + this.defaultPrincipal = generateDefaultPrincipal(securityConfig, loginDomainName); if (authenticator instanceof FormAuthenticator) { String formLoginPath = ((FormAuthenticator) authenticator).getLoginPage(); @@ -333,24 +331,13 @@ * @param loginDomainName * @return the default principal */ - protected JAASJettyPrincipal generateDefaultPrincipal(Security securityConfig, String loginDomainName, AutoMapAssistant assistant) throws GeronimoSecurityException { + protected JAASJettyPrincipal generateDefaultPrincipal(Security securityConfig, String loginDomainName) throws GeronimoSecurityException { DefaultPrincipal defaultPrincipal = securityConfig.getDefaultPrincipal(); if (defaultPrincipal == null) { - if (assistant != null) { - org.apache.geronimo.security.deploy.Principal principal = assistant.obtainDefaultPrincipal(); - defaultPrincipal = new DefaultPrincipal(); - defaultPrincipal.setPrincipal(principal); - defaultPrincipal.setRealmName(assistant.getRealmName()); - } - + throw new GeronimoSecurityException("Unable to generate default principal"); } - if (defaultPrincipal == null) throw new GeronimoSecurityException("Unable to generate default principal"); - - return generateDefaultPrincipal(securityConfig, defaultPrincipal, loginDomainName); - } - - protected JAASJettyPrincipal generateDefaultPrincipal(Security securityConfig, DefaultPrincipal defaultPrincipal, String loginDomainName) throws GeronimoSecurityException { + JAASJettyPrincipal result = new JAASJettyPrincipal("default"); Subject defaultSubject = new Subject(); Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?view=diff&rev=123061&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r1=123060&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r2=123061 ============================================================================== --- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java (original) +++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Wed Dec 22 00:19:52 2004 @@ -39,6 +39,8 @@ import org.apache.geronimo.kernel.management.State; import org.apache.geronimo.security.SecurityServiceImpl; import org.apache.geronimo.security.deploy.Security; +import org.apache.geronimo.security.deploy.MapOfSets; +import org.apache.geronimo.security.deploy.Principal; import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration; import org.apache.geronimo.security.jaas.JaasLoginService; import org.apache.geronimo.security.jaas.LoginModuleGBean; @@ -76,10 +78,11 @@ private GBeanData loginServiceGBean; protected GBeanData propertiesLMGBean; protected ObjectName propertiesLMName; - private ObjectName propertiesRealmName; + protected ObjectName propertiesRealmName; private GBeanData propertiesRealmGBean; private ObjectName serverInfoName; private GBeanData serverInfoGBean; + protected final static String securityRealmName = "demo-properties-realm"; public void testDummy() throws Exception { } @@ -151,7 +154,6 @@ app.setReferencePattern("TransactionContextManager", tcmName); app.setReferencePattern("TrackedConnectionAssociator", ctcName); app.setReferencePattern("JettyContainer", containerName); - app.setReferencePattern("SecurityRealm", propertiesRealmName); app.setAttribute("contextPath", "/test"); @@ -169,12 +171,11 @@ securityServiceName = new ObjectName("geronimo.security:type=SecurityService"); securityServiceGBean = new GBeanData(securityServiceName, SecurityServiceImpl.GBEAN_INFO); - securityServiceGBean.setReferencePatterns("Mappers", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*"))); securityServiceGBean.setAttribute("policyConfigurationFactory", "org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory"); loginServiceName = new ObjectName("geronimo.security:type=JaasLoginService"); loginServiceGBean = new GBeanData(loginServiceName, JaasLoginService.GBEAN_INFO); - loginServiceGBean.setReferencePatterns("Realms", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*"))); + loginServiceGBean.setReferencePattern("Realms", new ObjectName("geronimo.security:type=SecurityRealm,*")); // loginServiceGBean.setAttribute("reclaimPeriod", new Long(1000 * 1000)); loginServiceGBean.setAttribute("algorithm", "HmacSHA1"); loginServiceGBean.setAttribute("password", "secret"); @@ -195,13 +196,17 @@ propertiesRealmName = new ObjectName("geronimo.security:type=SecurityRealm,realm=demo-properties-realm"); propertiesRealmGBean = new GBeanData(propertiesRealmName, GenericSecurityRealm.GBEAN_INFO); - propertiesRealmGBean.setReferencePatterns("ServerInfo", Collections.singleton(serverInfoName)); + propertiesRealmGBean.setReferencePattern("ServerInfo", serverInfoName); propertiesRealmGBean.setAttribute("realmName", "demo-properties-realm"); Properties config = new Properties(); config.setProperty("LoginModule.1.REQUIRED", propertiesLMName.getCanonicalName()); propertiesRealmGBean.setAttribute("loginModuleConfiguration", config); -// propertiesRealmGBean.setAttribute("autoMapPrincipalClasses", "org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal"); - propertiesRealmGBean.setAttribute("defaultPrincipal", "metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"); + MapOfSets.MapOfSetsEditor mapEditor = new MapOfSets.MapOfSetsEditor(); + mapEditor.setAsText(securityRealmName + "=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"); + propertiesRealmGBean.setAttribute("autoMapPrincipalClasses", mapEditor.getValue()); + Principal.PrincipalEditor principalEditor = new Principal.PrincipalEditor(); + principalEditor.setAsText("metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"); + propertiesRealmGBean.setAttribute("defaultPrincipal", principalEditor.getValue()); start(loginConfigurationGBean); start(securityServiceGBean); Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java?view=diff&rev=123061&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r1=123060&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r2=123061 ============================================================================== --- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java (original) +++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Wed Dec 22 00:19:52 2004 @@ -24,6 +24,7 @@ import java.net.URL; import java.security.PermissionCollection; import java.security.Permissions; +import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.Map; @@ -31,8 +32,6 @@ import javax.security.jacc.WebResourcePermission; import javax.security.jacc.WebUserDataPermission; -import org.apache.geronimo.security.SecurityService; -import org.apache.geronimo.security.deploy.AutoMapAssistant; import org.apache.geronimo.security.deploy.DefaultPrincipal; import org.apache.geronimo.security.deploy.Principal; import org.apache.geronimo.security.deploy.Realm; @@ -47,6 +46,8 @@ */ public class SecurityTest extends AbstractWebModuleTest { + private final static Set autoMapPrincipalClasses = Collections.singleton("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"); + /** * Test the explicit map feature. Only Alan should be able to log in. * @@ -170,19 +171,17 @@ Security securityConfig = new Security(); securityConfig.setUseContextHandler(false); - AutoMapAssistant assistant = new AutoMapAssistant(); - assistant.setSecurityRealm("demo-properties-realm"); - securityConfig.setAssistant(assistant); - securityConfig.getRoleNames().add("content-administrator"); securityConfig.getRoleNames().add("auto-administrator"); - SecurityService securityService = (SecurityService) kernel.getProxyManager().createProxy(securityServiceName, SecurityService.class); - try { - securityConfig.autoGenerate(securityService); - } finally { - kernel.getProxyManager().destroyProxy(securityService); - } + securityConfig.autoGenerate(securityRealmName, securityRealmName, autoMapPrincipalClasses); + + //cribbed from SecurityBuilder + Principal principal = (Principal) kernel.getAttribute(propertiesRealmName, "defaultPrincipal"); + DefaultPrincipal defaultPrincipal = new DefaultPrincipal(); + defaultPrincipal.setPrincipal(principal); + defaultPrincipal.setRealmName(securityRealmName); + securityConfig.setDefaultPrincipal(defaultPrincipal); PermissionCollection uncheckedPermissions = new Permissions(); @@ -278,22 +277,13 @@ Security securityConfig = new Security(); securityConfig.setUseContextHandler(false); - AutoMapAssistant assistant = new AutoMapAssistant(); - assistant.setSecurityRealm("demo-properties-realm"); - securityConfig.setAssistant(assistant); - securityConfig.getRoleNames().add("content-administrator"); securityConfig.getRoleNames().add("auto-administrator"); - SecurityService securityService = (SecurityService) kernel.getProxyManager().createProxy(securityServiceName, SecurityService.class); - try { - securityConfig.autoGenerate(securityService); - } finally { - kernel.getProxyManager().destroyProxy(securityService); - } + securityConfig.autoGenerate(securityRealmName, securityRealmName, autoMapPrincipalClasses); DefaultPrincipal defaultPrincipal = new DefaultPrincipal(); - defaultPrincipal.setRealmName("demo-properties-realm"); + defaultPrincipal.setRealmName(securityRealmName); Principal principal = new Principal(); principal.setClassName("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"); principal.setPrincipalName("izumi"); Modified: geronimo/trunk/modules/security-builder/project.xml Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security-builder/project.xml?view=diff&rev=123061&p1=geronimo/trunk/modules/security-builder/project.xml&r1=123060&p2=geronimo/trunk/modules/security-builder/project.xml&r2=123061 ============================================================================== --- geronimo/trunk/modules/security-builder/project.xml (original) +++ geronimo/trunk/modules/security-builder/project.xml Wed Dec 22 00:19:52 2004 @@ -71,6 +71,30 @@ </properties> </dependency> + <dependency> + <groupId>geronimo</groupId> + <artifactId>geronimo-common</artifactId> + <version>${pom.currentVersion}</version> + </dependency> + + <dependency> + <groupId>geronimo</groupId> + <artifactId>geronimo-j2ee</artifactId> + <version>${pom.currentVersion}</version> + </dependency> + + <dependency> + <groupId>geronimo</groupId> + <artifactId>geronimo-kernel</artifactId> + <version>${pom.currentVersion}</version> + </dependency> + + <dependency> + <groupId>mx4j</groupId> + <artifactId>mx4j</artifactId> + <version>${mx4j_version}</version> + </dependency> + </dependencies> Modified: geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java?view=diff&rev=123061&p1=geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java&r1=123060&p2=geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java&r2=123061 ============================================================================== --- geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java (original) +++ geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java Wed Dec 22 00:19:52 2004 @@ -16,9 +16,19 @@ */ package org.apache.geronimo.security.deployment; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Map; import java.util.Set; +import javax.management.MalformedObjectNameException; +import javax.management.ObjectName; -import org.apache.geronimo.security.deploy.AutoMapAssistant; +import org.apache.geronimo.common.DeploymentException; +import org.apache.geronimo.gbean.GBeanData; +import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory; +import org.apache.geronimo.kernel.GBeanNotFoundException; +import org.apache.geronimo.kernel.Kernel; +import org.apache.geronimo.kernel.NoSuchAttributeException; import org.apache.geronimo.security.deploy.DefaultPrincipal; import org.apache.geronimo.security.deploy.Principal; import org.apache.geronimo.security.deploy.Realm; @@ -39,66 +49,135 @@ */ public class SecurityBuilder { - public static Security buildSecurityConfig(GerSecurityType securityType, Set roleNames) { + public static Security buildSecurityConfig(Set loginDomainNames, GerSecurityType securityType, Set roleNames, Map localSecurityRealms, Kernel kernel) throws MalformedObjectNameException, DeploymentException { Security security = null; - if (securityType != null) { - security = new Security(); + if (securityType == null) { + return null; + } + security = new Security(); - security.setDoAsCurrentCaller(securityType.getDoasCurrentCaller()); - security.setUseContextHandler(securityType.getUseContextHandler()); - security.setDefaultRole(securityType.getDefaultRole()); + security.setDoAsCurrentCaller(securityType.getDoasCurrentCaller()); + security.setUseContextHandler(securityType.getUseContextHandler()); + if (securityType.isSetDefaultRole()) { + security.setDefaultRole(securityType.getDefaultRole().trim()); + } - GerDefaultPrincipalType defaultPrincipalType = securityType.getDefaultPrincipal(); - DefaultPrincipal defaultPrincipal = new DefaultPrincipal(); + GerRoleMappingsType roleMappingsType = securityType.getRoleMappings(); + Set allRealms = new HashSet(); + if (roleMappingsType != null) { + for (int i = 0; i < roleMappingsType.sizeOfRoleArray(); i++) { + GerRoleType roleType = roleMappingsType.getRoleArray(i); + Role role = new Role(); + + String roleName = roleType.getRoleName().trim(); + role.setRoleName(roleName); + + for (int j = 0; j < roleType.sizeOfRealmArray(); j++) { + GerRealmType realmType = roleType.getRealmArray(j); + String realmName = realmType.getRealmName().trim(); + allRealms.add(realmName); + Realm realm = new Realm(); - defaultPrincipal.setRealmName(defaultPrincipalType.getRealmName()); - defaultPrincipal.setPrincipal(buildPrincipal(defaultPrincipalType.getPrincipal())); + realm.setRealmName(realmName); - security.setDefaultPrincipal(defaultPrincipal); + for (int k = 0; k < realmType.sizeOfPrincipalArray(); k++) { + realm.getPrincipals().add(buildPrincipal(realmType.getPrincipalArray(k))); + } - GerRoleMappingsType roleMappingsType = securityType.getRoleMappings(); - if (roleMappingsType != null) { - for (int i = 0; i < roleMappingsType.sizeOfRoleArray(); i++) { - GerRoleType roleType = roleMappingsType.getRoleArray(i); - Role role = new Role(); + role.getRealms().put(realmName, realm); + } - role.setRoleName(roleType.getRoleName()); + security.getRoleMappings().put(roleName, role); + } + } - for (int j = 0; j < roleType.sizeOfRealmArray(); j++) { - GerRealmType realmType = roleType.getRealmArray(j); - Realm realm = new Realm(); + GerAutoMapRolesType autoMapRolesType = securityType.getAutoMapRoles(); + String autoMapRealmName = null; + Set autoMapClassOverrides = null; + if (autoMapRolesType != null) { + + autoMapRealmName = autoMapRolesType.getSecurityRealm().trim(); + + GerClassOverrideType[] classOverrideArray = autoMapRolesType.getClassOverrideArray(); + if (classOverrideArray.length > 0) { + autoMapClassOverrides = new HashSet(); + } + for (int i = 0; i < classOverrideArray.length; i++) { + autoMapClassOverrides.add(classOverrideArray[i].getClass1().trim()); + } - realm.setRealmName(realmType.getRealmName()); + } - for (int k = 0; k < realmType.sizeOfPrincipalArray(); k++) { - realm.getPrincipals().add(buildPrincipal(realmType.getPrincipalArray(k))); - } + security.getRoleNames().addAll(roleNames); - role.getRealms().put(realm.getRealmName(), realm); - } + DefaultPrincipal defaultPrincipal = new DefaultPrincipal(); + if (securityType.isSetDefaultPrincipal()) { + GerDefaultPrincipalType defaultPrincipalType = securityType.getDefaultPrincipal(); + + defaultPrincipal.setRealmName(defaultPrincipalType.getRealmName().trim()); + defaultPrincipal.setPrincipal(buildPrincipal(defaultPrincipalType.getPrincipal())); - security.getRoleMappings().put(role.getRoleName(), role); + } else { + if (autoMapRealmName == null) { + throw new DeploymentException("No default principal configured, and no automap realm specific for default principal source"); + } + Principal principal; + GBeanData realmData = (GBeanData) localSecurityRealms.get(autoMapRealmName); + if (realmData != null) { + principal = (Principal) realmData.getAttribute("defaultPrincipal"); + } else { + ObjectName realmObjectName = NameFactory.getSecurityRealmName(autoMapRealmName); + + try { + principal = (Principal) kernel.getAttribute(realmObjectName, "defaultPrincipal"); + } catch (GBeanNotFoundException e) { + throw new DeploymentException("No realm with supplied name: " + autoMapRealmName, e); + } catch (NoSuchAttributeException e) { + throw new DeploymentException("Realm " + autoMapRealmName + " is not able to supply default principal", e); + } catch (Exception e) { + throw new DeploymentException("Could not retrieve attribute autoMapPrincipalClasses from realm with supplied name: " + autoMapRealmName, e); } } + defaultPrincipal = new DefaultPrincipal(); + defaultPrincipal.setPrincipal(principal); + defaultPrincipal.setRealmName(autoMapRealmName); - GerAutoMapRolesType autoMapRolesType = securityType.getAutoMapRoles(); - if (autoMapRolesType != null) { - AutoMapAssistant assistant = new AutoMapAssistant(); - - assistant.setSecurityRealm(autoMapRolesType.getSecurityRealm()); - - GerClassOverrideType[] classOverrideArray = autoMapRolesType.getClassOverrideArray(); - for (int i = 0; i < classOverrideArray.length; i++) { - assistant.getClassOverrides().add(classOverrideArray[i].getClass1()); - } + } + security.setDefaultPrincipal(defaultPrincipal); - security.setAssistant(assistant); + for (Iterator realmNames = allRealms.iterator(); realmNames.hasNext();) { + String realmName = (String) realmNames.next(); + + Map autoMapPrincipalClassesMap; + GBeanData realmData = (GBeanData) localSecurityRealms.get(realmName); + if (realmData != null) { + autoMapPrincipalClassesMap = (Map) realmData.getAttribute("autoMapPrincipalClasses"); + } else { + ObjectName realmObjectName = NameFactory.getSecurityRealmName(realmName); + try { + autoMapPrincipalClassesMap = (Map) kernel.getAttribute(realmObjectName, "autoMapPrincipalClasses"); + + } catch (GBeanNotFoundException e) { + throw new DeploymentException("No realm with supplied name: " + realmName, e); + } catch (NoSuchAttributeException e) { + //its not an automapper + break; + } catch (Exception e) { + throw new DeploymentException("Could not retrieve attribute autoMapPrincipalClasses from realm with supplied name: " + realmName, e); + } } + for (Iterator iterator = loginDomainNames.iterator(); iterator.hasNext();) { + String loginDomainName = (String) iterator.next(); + Set autoMapPrincipalClasses; + if (realmName.equals(autoMapRealmName)) { + autoMapPrincipalClasses = autoMapClassOverrides; + } + autoMapPrincipalClasses = (Set) autoMapPrincipalClassesMap.get(loginDomainName); - security.getRoleNames().addAll(roleNames); + security.autoGenerate(loginDomainName, realmName, autoMapPrincipalClasses); + } } - return security; } Deleted: /geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityService.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityService.java?view=auto&rev=123060 ============================================================================== Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java?view=diff&rev=123061&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java&r1=123060&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java&r2=123061 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java Wed Dec 22 00:19:52 2004 @@ -45,19 +45,17 @@ * * @version $Rev$ $Date$ */ -public class SecurityServiceImpl implements SecurityService { +public class SecurityServiceImpl { - private final Log log = LogFactory.getLog(SecurityService.class); + private final Log log = LogFactory.getLog(SecurityServiceImpl.class); - private final ConcurrentHashMap mappersMap = new ConcurrentHashMap(); /** * Permissions that protect access to sensitive security information */ public static final GeronimoSecurityPermission CONFIGURE = new GeronimoSecurityPermission("configure"); - public SecurityServiceImpl(String policyConfigurationFactory, - Collection mappers) throws PolicyContextException, ClassNotFoundException { + public SecurityServiceImpl(String policyConfigurationFactory) throws PolicyContextException, ClassNotFoundException { /** * @see "JSR 115 4.6.1" Container Subject Policy Context Handler */ @@ -71,43 +69,9 @@ PolicyConfigurationFactory factory = PolicyConfigurationFactory.getPolicyConfigurationFactory(); GeronimoPolicyConfigurationFactory geronimoPolicyConfigurationFactory = (GeronimoPolicyConfigurationFactory) factory; Policy.setPolicy(new GeronimoPolicy(geronimoPolicyConfigurationFactory)); - if (mappers != null) { - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(CONFIGURE); - } - ((ReferenceCollection) mappers).addReferenceCollectionListener(new ReferenceCollectionListener() { - - public void memberAdded(ReferenceCollectionEvent event) { - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(CONFIGURE); - } - AutoMapAssistant assistant = (AutoMapAssistant) event.getMember(); - mappersMap.put(assistant.getRealmName(), assistant); - } - - public void memberRemoved(ReferenceCollectionEvent event) { - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(CONFIGURE); - } - AutoMapAssistant assistant = (AutoMapAssistant) event.getMember(); - mappersMap.remove(assistant.getRealmName()); - } - }); - for (Iterator iterator = mappers.iterator(); iterator.hasNext();) { - AutoMapAssistant assistant = (AutoMapAssistant) iterator.next(); - mappersMap.put(assistant.getRealmName(), assistant); - } - } log.info("Security service started"); } - public AutoMapAssistant getMapper(String name) { - return (AutoMapAssistant) mappersMap.get(name); - } - public static final GBeanInfo GBEAN_INFO; @@ -116,10 +80,8 @@ infoFactory.addAttribute("policyConfigurationFactory", String.class, true); - infoFactory.addReference("Mappers", AutoMapAssistant.class); - infoFactory.addOperation("getMapper", new Class[]{String.class}); - infoFactory.setConstructor(new String[]{"policyConfigurationFactory", "Mappers"}); + infoFactory.setConstructor(new String[]{"policyConfigurationFactory"}); GBEAN_INFO = infoFactory.getBeanInfo(); } Deleted: /geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/AutoMapAssistant.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/AutoMapAssistant.java?view=auto&rev=123060 ============================================================================== Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/MapOfSets.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/MapOfSets.java?view=auto&rev=123061 ============================================================================== --- (empty file) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/MapOfSets.java Wed Dec 22 00:19:52 2004 @@ -0,0 +1,100 @@ +/** + * + * Copyright 2003-2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geronimo.security.deploy; + +import java.beans.PropertyEditorManager; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.util.Arrays; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Map; +import java.util.Properties; +import java.util.Set; + +import org.apache.geronimo.common.propertyeditor.PropertyEditorException; +import org.apache.geronimo.common.propertyeditor.TextPropertyEditorSupport; + +/** + * @version $Rev: $ $Date: $ + */ +public class MapOfSets extends HashMap { + + public MapOfSets() { + super(); + } + + public MapOfSets(int size) { + super(size); + } + + public MapOfSets(Map map) { + super(map); + } + + static { + PropertyEditorManager.registerEditor(MapOfSets.class, MapOfSetsEditor.class); + } + + public static class MapOfSetsEditor extends TextPropertyEditorSupport { + + public void setAsText(String text) { + if (text != null) { + try { + ByteArrayInputStream is = new ByteArrayInputStream(text.getBytes()); + Properties p = new Properties(); + p.load(is); + + Map result = new MapOfSets(p.size()); + for (Iterator iterator = p.entrySet().iterator(); iterator.hasNext();) { + Map.Entry entry = (Map.Entry) iterator.next(); + Set values = new HashSet(Arrays.asList(((String) entry.getValue()).split(","))); + result.put(entry.getKey(), values); + } + setValue(result); + } catch (IOException e) { + throw new PropertyEditorException(e); + } + } else { + setValue(null); + } + } + + public String getAsText() { + Map map = (Map) getValue(); + if (map == null) { + return null; + } + StringBuffer text = new StringBuffer(); + for (Iterator iterator = map.entrySet().iterator(); iterator.hasNext();) { + Map.Entry entry = (Map.Entry) iterator.next(); + text.append(entry.getKey()).append("="); + Set values = (Set) entry.getValue(); + for (Iterator iterator1 = values.iterator(); iterator1.hasNext();) { + String value = (String) iterator1.next(); + text.append(value); + if (iterator1.hasNext()) { + text.append(","); + } + } + } + return text.toString(); + } + + } +} Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Principal.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Principal.java?view=diff&rev=123061&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Principal.java&r1=123060&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Principal.java&r2=123061 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Principal.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Principal.java Wed Dec 22 00:19:52 2004 @@ -17,12 +17,21 @@ package org.apache.geronimo.security.deploy; import java.io.Serializable; +import java.beans.PropertyEditorManager; + +import org.apache.geronimo.common.propertyeditor.TextPropertyEditorSupport; +import org.apache.geronimo.common.propertyeditor.PropertyEditorException; /** * @version $Rev$ $Date$ */ public class Principal implements Serializable { + + static { + PropertyEditorManager.registerEditor(Principal.class, PrincipalEditor.class); + } + private String className; private String principalName; private boolean designatedRunAs; @@ -49,5 +58,31 @@ public void setDesignatedRunAs(boolean designatedRunAs) { this.designatedRunAs = designatedRunAs; + } + + public static class PrincipalEditor extends TextPropertyEditorSupport { + + public void setAsText(String text) { + if (text != null) { + String[] parts = text.split("="); + if (parts.length != 2) { + throw new PropertyEditorException("Principal should have the form 'name=class'"); + } + Principal principal = new Principal(); + principal.setPrincipalName(parts[0]); + principal.setClassName(parts[1]); + setValue(principal); + } else { + setValue(null); + } + } + + public String getAsText() { + Principal principal = (Principal) getValue(); + if (principal == null) { + return null; + } + return new StringBuffer(principal.getPrincipalName()).append("=").append(principal.getClassName()).toString(); + } } } Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java?view=diff&rev=123061&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java&r1=123060&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java&r2=123061 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java Wed Dec 22 00:19:52 2004 @@ -23,8 +23,6 @@ import java.util.Map; import java.util.Set; -import org.apache.geronimo.security.SecurityService; - /** * @version $Rev$ $Date$ @@ -37,7 +35,6 @@ private DefaultPrincipal defaultPrincipal; private Map roleMappings = new HashMap(); private Set roleNames = new HashSet(); - private AutoMapAssistant assistant; public Security() { } @@ -82,14 +79,6 @@ return roleNames; } - public AutoMapAssistant getAssistant() { - return assistant; - } - - public void setAssistant(AutoMapAssistant assistant) { - this.assistant = assistant; - } - public void append(Role role) { if (roleMappings.containsKey(role.getRoleName())) { Role existing = (Role) roleMappings.get(role.getRoleName()); @@ -106,16 +95,8 @@ * <p/> * NOTE: This method should be called during deployment. * - * @param securityService used to obtain the configured auto map assistant. */ - public void autoGenerate(SecurityService securityService) { - if (securityService == null) return; - if (assistant == null) return; - - String realmName = assistant.getSecurityRealm(); - org.apache.geronimo.security.realm.AutoMapAssistant autoMapAssistant = securityService.getMapper(realmName); - if (autoMapAssistant == null) return; - + public void autoGenerate(String loginDomainName, String realmName, Set principalClasseSet) { /** * Append roles */ @@ -127,10 +108,9 @@ Realm realm = new Realm(); - realm.setRealmName(assistant.getSecurityRealm()); + realm.setRealmName(realmName); - //todo: the usage of the realm name in the next call instead of the login domain name is an error! - for (Iterator principalClasses = autoMapAssistant.obtainRolePrincipalClasses(realmName).iterator(); principalClasses.hasNext();) { + for (Iterator principalClasses = principalClasseSet.iterator(); principalClasses.hasNext();) { Principal principal = new Principal(); //todo: Principal class needs to handle login domain as well principal.setClassName((String) principalClasses.next()); @@ -144,14 +124,5 @@ append(role); } - /** - * Add default principal - */ - if (defaultPrincipal != null) return; - - defaultPrincipal = new DefaultPrincipal(); - - defaultPrincipal.setPrincipal(autoMapAssistant.obtainDefaultPrincipal()); - defaultPrincipal.setRealmName(realmName); } } Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java?view=diff&rev=123061&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java&r1=123060&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java&r2=123061 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java Wed Dec 22 00:19:52 2004 @@ -16,8 +16,7 @@ */ package org.apache.geronimo.security.realm; -import java.util.Set; - +import org.apache.geronimo.security.deploy.MapOfSets; import org.apache.geronimo.security.deploy.Principal; @@ -44,13 +43,13 @@ * * @return the default principal */ - public Principal obtainDefaultPrincipal(); + public Principal getDefaultPrincipal(); /** * Provides a set of principal class names to be used when automatically * mapping principals to roles. * - * @return a set of principal class names + * @return a map of logindomain name to set of principal class names */ - public Set obtainRolePrincipalClasses(String loginDomain); + public MapOfSets getAutoMapPrincipalClasses(); } Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java?view=diff&rev=123061&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java&r1=123060&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java&r2=123061 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java Wed Dec 22 00:19:52 2004 @@ -17,11 +17,10 @@ package org.apache.geronimo.security.realm; import java.util.ArrayList; -import java.util.Collections; +import java.util.Arrays; import java.util.Enumeration; import java.util.HashMap; import java.util.HashSet; -import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Properties; @@ -35,6 +34,7 @@ import org.apache.geronimo.gbean.GBeanInfoBuilder; import org.apache.geronimo.kernel.Kernel; import org.apache.geronimo.kernel.proxy.ProxyManager; +import org.apache.geronimo.security.deploy.MapOfSets; import org.apache.geronimo.security.deploy.Principal; import org.apache.geronimo.security.jaas.ConfigurationEntryFactory; import org.apache.geronimo.security.jaas.JaasLoginCoordinator; @@ -82,25 +82,42 @@ public final static String KERNEL_LM_OPTION = "org.apache.geronimo.security.realm.GenericSecurityRealm.KERNEL"; public final static String SERVERINFO_LM_OPTION = "org.apache.geronimo.security.realm.GenericSecurityRealm.SERVERINFO"; public final static String CLASSLOADER_LM_OPTION = "org.apache.geronimo.security.realm.GenericSecurityRealm.CLASSLOADER"; - private String realmName; + private final String realmName; private JaasLoginModuleConfiguration[] config; - private Kernel kernel; - private ServerInfo serverInfo; - private ClassLoader classLoader; - private Map autoMapPrincipals = new HashMap(); - private Principal defaultPrincipal; - private Properties deploymentSupport; + private final Kernel kernel; + private final ServerInfo serverInfo; + private final ClassLoader classLoader; + + private final MapOfSets autoMapPrincipalClasses; + private final Principal defaultPrincipal; + private Map deployment; private String[] domains; private boolean restrictPrincipalsToServer; - public GenericSecurityRealm(String realmName, Kernel kernel, ServerInfo serverInfo, Properties loginModuleConfiguration, ClassLoader classLoader) throws MalformedObjectNameException { + public GenericSecurityRealm(String realmName, + Properties loginModuleConfiguration, + boolean restrictPrincipalsToServer, + Principal defaultPrincipal, + MapOfSets autoMapPrincipalClasses, + Properties deploymentSupport, + ServerInfo serverInfo, + ClassLoader classLoader, + Kernel kernel) throws MalformedObjectNameException { this.realmName = realmName; this.kernel = kernel; this.serverInfo = serverInfo; this.classLoader = classLoader; + this.restrictPrincipalsToServer = restrictPrincipalsToServer; + this.defaultPrincipal = defaultPrincipal; + if (autoMapPrincipalClasses != null) { + this.autoMapPrincipalClasses = autoMapPrincipalClasses; + } else { + this.autoMapPrincipalClasses = new MapOfSets(); + } + processConfiguration(loginModuleConfiguration); - initializeDeployment(); + initializeDeployment(deploymentSupport); } public String getRealmName() { @@ -130,13 +147,6 @@ return domains; } - public Properties getDeploymentSupport() { - return deploymentSupport; - } - - public void setDeploymentSupport(Properties deploymentSupport) { - this.deploymentSupport = deploymentSupport; - } /** * Provides the default principal to be used when an unauthenticated @@ -144,49 +154,12 @@ * * @return the default principal */ - public Principal obtainDefaultPrincipal() { + public Principal getDefaultPrincipal() { return defaultPrincipal; } - /** - * Provides a set of principal class names to be used when automatically - * mapping principals to roles. - * - * @return a set of principal class names - */ - public Set obtainRolePrincipalClasses(String loginDomain) { - String[] list = (String[]) autoMapPrincipals.get(loginDomain); - if(list == null) { - return Collections.EMPTY_SET; - } - Set set = new HashSet(); - for (int i = 0; i < list.length; i++) { - set.add(list[i]); - } - return set; - } - - public void setDefaultPrincipal(String code) { - if (code != null) { - String[] parts = code.split("="); - if (parts.length != 2) { - throw new IllegalArgumentException("Default Principal should have the form 'name=class'"); - } - defaultPrincipal = new Principal(); - defaultPrincipal.setPrincipalName(parts[0]); - defaultPrincipal.setClassName(parts[1]); - } - } - - /** - * Should be of the form loginDomain=class,class,class... - */ - public void setAutoMapPrincipalClasses(Properties props) { - for (Iterator it = props.keySet().iterator(); it.hasNext();) { - String key = (String) it.next(); - String value = props.getProperty(key); - autoMapPrincipals.put(key, value.split(",")); - } + public MapOfSets getAutoMapPrincipalClasses() { + return autoMapPrincipalClasses; } /** @@ -199,10 +172,6 @@ return restrictPrincipalsToServer; } - public void setRestrictPrincipalsToServer(boolean restrictPrincipalsToServer) { - this.restrictPrincipalsToServer = restrictPrincipalsToServer; - } - public String getConfigurationName() { return realmName; } @@ -273,7 +242,7 @@ config = (JaasLoginModuleConfiguration[]) list.toArray(new JaasLoginModuleConfiguration[list.size()]); } - private void initializeDeployment() { + private void initializeDeployment(Properties deploymentSupport) { deployment = new HashMap(); for (int i = 0; i < config.length; i++) { if(config[i].getLoginDomainName() == null) { @@ -296,7 +265,7 @@ deployment.put(config[i].getLoginDomainName(), support); String[] auto = support.getAutoMapPrincipalClassNames(); if(auto != null) { - autoMapPrincipals.put(config[i].getLoginDomainName(), auto); + autoMapPrincipalClasses.put(config[i].getLoginDomainName(), new HashSet(Arrays.asList(auto))); } } } @@ -314,19 +283,25 @@ infoFactory.addAttribute("kernel", Kernel.class, false); infoFactory.addAttribute("loginModuleConfiguration", Properties.class, true); infoFactory.addAttribute("classLoader", ClassLoader.class, false); - infoFactory.addAttribute("autoMapPrincipalClasses", String.class, true); - infoFactory.addAttribute("defaultPrincipal", String.class, true); + infoFactory.addAttribute("autoMapPrincipalClasses", MapOfSets.class, true); + infoFactory.addAttribute("defaultPrincipal", Principal.class, true); infoFactory.addAttribute("deploymentSupport", Properties.class, true); infoFactory.addAttribute("restrictPrincipalsToServer", boolean.class, true); infoFactory.addReference("ServerInfo", ServerInfo.class); infoFactory.addOperation("getAppConfigurationEntries", new Class[0]); - infoFactory.addOperation("obtainDefaultPrincipal", new Class[0]); - infoFactory.addOperation("obtainRolePrincipalClasses", new Class[]{String.class}); infoFactory.addOperation("getDeploymentSupport", new Class[]{String.class}); - infoFactory.setConstructor(new String[]{"realmName", "kernel", "ServerInfo", "loginModuleConfiguration", "classLoader"}); + infoFactory.setConstructor(new String[]{"realmName", + "loginModuleConfiguration", + "restrictPrincipalsToServer", + "defaultPrincipal", + "autoMapPrincipalClasses", + "deploymentSupport", + "ServerInfo", + "classLoader", + "kernel"}); GBEAN_INFO = infoFactory.getBeanInfo(); } Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/AbstractUserPasswordBridgeTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/AbstractUserPasswordBridgeTest.java?view=diff&rev=123061&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/AbstractUserPasswordBridgeTest.java&r1=123060&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/AbstractUserPasswordBridgeTest.java&r2=123061 ============================================================================== --- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/AbstractUserPasswordBridgeTest.java (original) +++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/AbstractUserPasswordBridgeTest.java Wed Dec 22 00:19:52 2004 @@ -20,7 +20,6 @@ import javax.security.auth.Subject; import org.apache.geronimo.security.AbstractTest; -import org.apache.geronimo.security.SecurityService; import org.apache.geronimo.security.realm.providers.GeronimoPasswordCredential; @@ -28,7 +27,6 @@ * @version $Rev$ $Date$ */ public abstract class AbstractUserPasswordBridgeTest extends AbstractTest { - private SecurityService securityService; protected final static String USER = "testuser"; protected final static String PASSWORD = "testpassword"; Modified: geronimo/trunk/modules/service-builder/src/java/org/apache/geronimo/deployment/service/GBeanHelper.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/service-builder/src/java/org/apache/geronimo/deployment/service/GBeanHelper.java?view=diff&rev=123061&p1=geronimo/trunk/modules/service-builder/src/java/org/apache/geronimo/deployment/service/GBeanHelper.java&r1=123060&p2=geronimo/trunk/modules/service-builder/src/java/org/apache/geronimo/deployment/service/GBeanHelper.java&r2=123061 ============================================================================== --- geronimo/trunk/modules/service-builder/src/java/org/apache/geronimo/deployment/service/GBeanHelper.java (original) +++ geronimo/trunk/modules/service-builder/src/java/org/apache/geronimo/deployment/service/GBeanHelper.java Wed Dec 22 00:19:52 2004 @@ -19,6 +19,7 @@ import org.apache.geronimo.common.DeploymentException; import org.apache.geronimo.deployment.DeploymentContext; +import org.apache.geronimo.gbean.GBeanData; /** * @@ -28,6 +29,12 @@ * */ public class GBeanHelper { public static void addGbean(GBeanAdapter gbean, ClassLoader cl, DeploymentContext context) throws DeploymentException { + GBeanData gBeanData = getGBeanData(gbean, cl); + + context.addGBean(gBeanData); + } + + public static GBeanData getGBeanData(GBeanAdapter gbean, ClassLoader cl) throws DeploymentException { GBeanBuilder builder = new GBeanBuilder(gbean.getName(), cl, gbean.getClass1()); // set up attributes @@ -45,6 +52,7 @@ builder.setReference(gbean.getReferencesName(j), gbean.getReferencesPatternArray(j)); } - context.addGBean(builder.getGBeanData()); + GBeanData gBeanData = builder.getGBeanData(); + return gBeanData; } } Modified: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java?view=diff&rev=123061&p1=geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java&r1=123060&p2=geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java&r2=123061 ============================================================================== --- geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java (original) +++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java Wed Dec 22 00:19:52 2004 @@ -36,6 +36,8 @@ import org.apache.geronimo.kernel.Kernel; import org.apache.geronimo.kernel.management.State; import org.apache.geronimo.security.SecurityServiceImpl; +import org.apache.geronimo.security.deploy.MapOfSets; +import org.apache.geronimo.security.deploy.Principal; import org.apache.geronimo.security.jaas.JaasLoginService; import org.apache.geronimo.security.jaas.LoginModuleGBean; import org.apache.geronimo.security.realm.GenericSecurityRealm; @@ -48,6 +50,9 @@ * @version $Rev: 111239 $ $Date: 2004-12-08 02:29:11 -0700 (Wed, 08 Dec 2004) $ */ public class AbstractWebModuleTest extends TestCase { + + protected static final String securityRealmName = "demo-properties-realm"; + protected Kernel kernel; private GBeanData container; @@ -154,7 +159,6 @@ protected void setUpSecurity() throws Exception { securityServiceName = new ObjectName("geronimo.security:type=SecurityService"); securityServiceGBean = new GBeanData(securityServiceName, SecurityServiceImpl.GBEAN_INFO); - securityServiceGBean.setReferencePatterns("Mappers", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*"))); securityServiceGBean.setAttribute("policyConfigurationFactory", "org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory"); loginServiceName = new ObjectName("geronimo.security:type=JaasLoginService"); @@ -173,18 +177,21 @@ options.setProperty("usersURI", "src/test-resources/data/users.properties"); options.setProperty("groupsURI", "src/test-resources/data/groups.properties"); propertiesLMGBean.setAttribute("options", options); - propertiesLMGBean.setAttribute("loginDomainName", "demo-properties-realm"); + propertiesLMGBean.setAttribute("loginDomainName", securityRealmName); propertiesRealmName = new ObjectName("geronimo.security:type=SecurityRealm,realm=demo-properties-realm"); propertiesRealmGBean = new GBeanData(propertiesRealmName, GenericSecurityRealm.GBEAN_INFO); propertiesRealmGBean.setReferencePatterns("ServerInfo", Collections.singleton(serverInfoName)); - propertiesRealmGBean.setAttribute("realmName", "demo-properties-realm"); + propertiesRealmGBean.setAttribute("realmName", securityRealmName); Properties config = new Properties(); config.setProperty("LoginModule.1.REQUIRED", propertiesLMName.getCanonicalName()); propertiesRealmGBean.setAttribute("loginModuleConfiguration", config); - // propertiesRealmGBean.setAttribute("autoMapPrincipalClasses", - // "org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal"); - propertiesRealmGBean.setAttribute("defaultPrincipal", "metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"); + MapOfSets.MapOfSetsEditor mapEditor = new MapOfSets.MapOfSetsEditor(); + mapEditor.setAsText(securityRealmName + "=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"); + propertiesRealmGBean.setAttribute("autoMapPrincipalClasses", mapEditor.getValue()); + Principal.PrincipalEditor principalEditor = new Principal.PrincipalEditor(); + principalEditor.setAsText("metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"); + propertiesRealmGBean.setAttribute("defaultPrincipal", principalEditor.getValue()); start(securityServiceGBean); start(loginServiceGBean);
