Author: adc Date: Thu Jan 6 12:10:40 2005 New Revision: 124430 URL: http://svn.apache.org/viewcvs?view=rev&rev=124430 Log: Removal of old automapping code in preparation for mapping service. Removed: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/DeploymentSupport.java geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/DeploymentSupportTest.java Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java geronimo/trunk/modules/jetty-builder/src/test-resources/plans/plan1.xml geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java geronimo/trunk/modules/security-builder/src/schema/geronimo-security.xsd geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/SecurityTest.java
Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml?view=diff&rev=124430&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml&r1=124429&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml&r2=124430 ============================================================================== --- geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml (original) +++ geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml Thu Jan 6 12:10:40 2005 @@ -49,7 +49,6 @@ <attribute name="loginModuleConfiguration"> LoginModule.1.REQUIRED=geronimo.security:type=LoginModule,name=demo-properties-login </attribute> - <attribute name="autoMapPrincipalClasses">demo-properties-realm=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal</attribute> <reference name="ServerInfo">geronimo.system:role=ServerInfo</reference> </gbean> Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml?view=diff&rev=124430&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r1=124429&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r2=124430 ============================================================================== --- geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml (original) +++ geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml Thu Jan 6 12:10:40 2005 @@ -138,7 +138,6 @@ LoginModule.1.REQUIRED=geronimo.security:type=LoginModule,name=properties-login </attribute> <reference name="ServerInfo">geronimo.system:role=ServerInfo</reference> - <attribute name="autoMapPrincipalClasses">geronimo-properties-realm=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal</attribute> </gbean> <gbean name="geronimo.security:type=ConfigurationEntry,jaasId=JMX" Modified: geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java?view=diff&rev=124430&p1=geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java&r1=124429&p2=geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java&r2=124430 ============================================================================== --- geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java (original) +++ geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java Thu Jan 6 12:10:40 2005 @@ -20,7 +20,7 @@ import javax.resource.spi.ManagedConnectionFactory; import java.util.HashMap; import java.util.Map; -import org.apache.geronimo.common.GeronimoSecurityException; + import org.apache.geronimo.gbean.GBeanInfo; import org.apache.geronimo.gbean.GBeanInfoBuilder; import org.apache.geronimo.kernel.Kernel; @@ -29,14 +29,11 @@ import org.apache.geronimo.security.jaas.JaasLoginModuleConfiguration; import org.apache.geronimo.security.jaas.LoginModuleControlFlag; import org.apache.geronimo.security.realm.SecurityRealm; -import org.apache.geronimo.security.realm.DeploymentSupport; + /** - * - * * @version $Rev$ $Date$ - * - * */ + */ public class PasswordCredentialRealm implements SecurityRealm, ConfigurationEntryFactory, ManagedConnectionFactoryListener { private static final GBeanInfo GBEAN_INFO; @@ -64,10 +61,6 @@ return new String[]{realmName}; } - public DeploymentSupport getDeploymentSupport(String loginDomain) throws GeronimoSecurityException { - return null; - } - public JaasLoginModuleConfiguration[] getAppConfigurationEntries() { Map options = new HashMap(); @@ -75,7 +68,7 @@ // since the SerializableACE can be sent remotely options.put(REALM_INSTANCE, this); JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(PasswordCredentialLoginModule.class.getName(), - LoginModuleControlFlag.REQUISITE, options, true, getRealmName()); + LoginModuleControlFlag.REQUISITE, options, true, getRealmName()); return new JaasLoginModuleConfiguration[]{config}; } Modified: geronimo/trunk/modules/jetty-builder/src/test-resources/plans/plan1.xml Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty-builder/src/test-resources/plans/plan1.xml?view=diff&rev=124430&p1=geronimo/trunk/modules/jetty-builder/src/test-resources/plans/plan1.xml&r1=124429&p2=geronimo/trunk/modules/jetty-builder/src/test-resources/plans/plan1.xml&r2=124430 ============================================================================== --- geronimo/trunk/modules/jetty-builder/src/test-resources/plans/plan1.xml (original) +++ geronimo/trunk/modules/jetty-builder/src/test-resources/plans/plan1.xml Thu Jan 6 12:10:40 2005 @@ -4,9 +4,7 @@ parentId="org/apache/geronimo/DefaultDatabase"> <context-priority-classloader>false</context-priority-classloader> <login-domain-name>foo</login-domain-name> - <security> - <auto-map-roles security-realm="foo"/> - </security> + <security/> <resource-ref> <ref-name>jdbc/DB1</ref-name> <target-name>DefaultDatabase</target-name> Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java?view=diff&rev=124430&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java&r1=124429&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java&r2=124430 ============================================================================== --- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java (original) +++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java Thu Jan 6 12:10:40 2005 @@ -56,7 +56,6 @@ import org.apache.geronimo.transaction.TrackedConnectionAssociator; import org.apache.geronimo.transaction.context.TransactionContextManager; import org.apache.geronimo.security.deploy.Security; -import org.apache.geronimo.security.realm.AutoMapAssistant; /** Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?view=diff&rev=124430&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r1=124429&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r2=124430 ============================================================================== --- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java (original) +++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Thu Jan 6 12:10:40 2005 @@ -39,7 +39,6 @@ import org.apache.geronimo.kernel.management.State; import org.apache.geronimo.security.SecurityServiceImpl; import org.apache.geronimo.security.deploy.Security; -import org.apache.geronimo.security.deploy.MapOfSets; import org.apache.geronimo.security.deploy.Principal; import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration; import org.apache.geronimo.security.jaas.JaasLoginService; @@ -201,9 +200,6 @@ Properties config = new Properties(); config.setProperty("LoginModule.1.REQUIRED", propertiesLMName.getCanonicalName()); propertiesRealmGBean.setAttribute("loginModuleConfiguration", config); - MapOfSets.MapOfSetsEditor mapEditor = new MapOfSets.MapOfSetsEditor(); - mapEditor.setAsText(securityRealmName + "=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"); - propertiesRealmGBean.setAttribute("autoMapPrincipalClasses", mapEditor.getValue()); Principal.PrincipalEditor principalEditor = new Principal.PrincipalEditor(); principalEditor.setAsText("metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"); propertiesRealmGBean.setAttribute("defaultPrincipal", principalEditor.getValue()); Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java?view=diff&rev=124430&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r1=124429&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r2=124430 ============================================================================== --- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java (original) +++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Thu Jan 6 12:10:40 2005 @@ -17,6 +17,8 @@ package org.apache.geronimo.jetty; +import javax.security.jacc.WebResourcePermission; +import javax.security.jacc.WebUserDataPermission; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStreamReader; @@ -24,13 +26,10 @@ import java.net.URL; import java.security.PermissionCollection; import java.security.Permissions; -import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; -import javax.security.jacc.WebResourcePermission; -import javax.security.jacc.WebUserDataPermission; import org.apache.geronimo.security.deploy.DefaultPrincipal; import org.apache.geronimo.security.deploy.Principal; @@ -46,8 +45,6 @@ */ public class SecurityTest extends AbstractWebModuleTest { - private final static Set autoMapPrincipalClasses = Collections.singleton("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"); - /** * Test the explicit map feature. Only Alan should be able to log in. * @@ -157,228 +154,6 @@ } assertEquals(HttpURLConnection.HTTP_FORBIDDEN, connection.getResponseCode()); - connection.disconnect(); - - stopWebApp(); - } - - /** - * Test the auto map feature. Only Izumi should be able to log in. - * - * @throws Exception thrown if an error in the test occurs - */ - public void testAutoMapping() throws Exception { - Security securityConfig = new Security(); - securityConfig.setUseContextHandler(false); - - securityConfig.getRoleNames().add("content-administrator"); - securityConfig.getRoleNames().add("auto-administrator"); - - securityConfig.autoGenerate(securityRealmName, securityRealmName, autoMapPrincipalClasses); - - //cribbed from SecurityBuilder - Principal principal = (Principal) kernel.getAttribute(propertiesRealmName, "defaultPrincipal"); - DefaultPrincipal defaultPrincipal = new DefaultPrincipal(); - defaultPrincipal.setPrincipal(principal); - defaultPrincipal.setRealmName(securityRealmName); - securityConfig.setDefaultPrincipal(defaultPrincipal); - - PermissionCollection uncheckedPermissions = new Permissions(); - - PermissionCollection excludedPermissions = new Permissions(); - excludedPermissions.add(new WebResourcePermission("/auth/login.html", "")); - excludedPermissions.add(new WebUserDataPermission("/auth/login.html", "")); - - Map rolePermissions = new HashMap(); - Set permissions = new HashSet(); - permissions.add(new WebUserDataPermission("/protected/*", "")); - permissions.add(new WebResourcePermission("/protected/*", "")); - rolePermissions.put("content-administrator", permissions); - rolePermissions.put("auto-administrator", permissions); - - Set securityRoles = new HashSet(); - securityRoles.add("content-administrator"); - securityRoles.add("auto-administrator"); - - startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles); - - HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt";).openConnection(); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode()); - - String cookie = connection.getHeaderField("Set-Cookie"); - cookie = cookie.substring(0, cookie.lastIndexOf(';')); - String location = connection.getHeaderField("Location"); - - connection = (HttpURLConnection) new URL(location).openConnection(); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode()); - - location = location.substring(0, location.lastIndexOf('/')) + "/j_security_check?j_username=izumi&j_password=violin"; - - connection = (HttpURLConnection) new URL(location).openConnection(); - connection.setRequestMethod("POST"); - connection.setRequestProperty("Cookie", cookie); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode()); - - connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt";).openConnection(); - connection.setRequestProperty("Cookie", cookie); - connection.setInstanceFollowRedirects(false); - BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream())); - - assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode()); - assertEquals("Hello World", reader.readLine()); - connection.disconnect(); - - - connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt";).openConnection(); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode()); - - cookie = connection.getHeaderField("Set-Cookie"); - cookie = cookie.substring(0, cookie.lastIndexOf(';')); - location = connection.getHeaderField("Location"); - - connection = (HttpURLConnection) new URL(location).openConnection(); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode()); - - location = location.substring(0, location.lastIndexOf('/')) + "/j_security_check?j_username=alan&j_password=starcraft"; - - connection = (HttpURLConnection) new URL(location).openConnection(); - connection.setRequestMethod("POST"); - connection.setRequestProperty("Cookie", cookie); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode()); - - try { - connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt";).openConnection(); - connection.setRequestProperty("Cookie", cookie); - connection.setInstanceFollowRedirects(false); - reader = new BufferedReader(new InputStreamReader(connection.getInputStream())); - - fail("Should throw an IOException for HTTP 403 response"); - } catch (IOException e) { - } - - assertEquals(HttpURLConnection.HTTP_FORBIDDEN, connection.getResponseCode()); - connection.disconnect(); - stopWebApp(); - } - - /** - * Mixed the auto map and the standard explicit map. Both Alan and Izumi - * should be able to login. - * - * @throws Exception thrown if an error in the test occurs - */ - public void testMixedMapping() throws Exception { - Security securityConfig = new Security(); - securityConfig.setUseContextHandler(false); - - securityConfig.getRoleNames().add("content-administrator"); - securityConfig.getRoleNames().add("auto-administrator"); - - securityConfig.autoGenerate(securityRealmName, securityRealmName, autoMapPrincipalClasses); - - DefaultPrincipal defaultPrincipal = new DefaultPrincipal(); - defaultPrincipal.setRealmName(securityRealmName); - Principal principal = new Principal(); - principal.setClassName("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"); - principal.setPrincipalName("izumi"); - defaultPrincipal.setPrincipal(principal); - - securityConfig.setDefaultPrincipal(defaultPrincipal); - - Role role = new Role(); - role.setRoleName("content-administrator"); - principal = new Principal(); - principal.setClassName("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"); - principal.setPrincipalName("it"); - Realm realm = new Realm(); - realm.setRealmName("demo-properties-realm"); - realm.getPrincipals().add(principal); - role.getRealms().put(realm.getRealmName(), realm); - - securityConfig.append(role); - - PermissionCollection uncheckedPermissions = new Permissions(); - - PermissionCollection excludedPermissions = new Permissions(); - excludedPermissions.add(new WebResourcePermission("/auth/login.html", "")); - excludedPermissions.add(new WebUserDataPermission("/auth/login.html", "")); - - Map rolePermissions = new HashMap(); - Set permissions = new HashSet(); - permissions.add(new WebUserDataPermission("/protected/*", "")); - permissions.add(new WebResourcePermission("/protected/*", "")); - rolePermissions.put("content-administrator", permissions); - rolePermissions.put("auto-administrator", permissions); - - Set securityRoles = new HashSet(); - securityRoles.add("content-administrator"); - securityRoles.add("auto-administrator"); - - startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles); - - HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt";).openConnection(); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode()); - - String cookie = connection.getHeaderField("Set-Cookie"); - cookie = cookie.substring(0, cookie.lastIndexOf(';')); - String location = connection.getHeaderField("Location"); - - connection = (HttpURLConnection) new URL(location).openConnection(); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode()); - - location = location.substring(0, location.lastIndexOf('/')) + "/j_security_check?j_username=izumi&j_password=violin"; - - connection = (HttpURLConnection) new URL(location).openConnection(); - connection.setRequestMethod("POST"); - connection.setRequestProperty("Cookie", cookie); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode()); - - connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt";).openConnection(); - connection.setRequestProperty("Cookie", cookie); - connection.setInstanceFollowRedirects(false); - BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream())); - - assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode()); - assertEquals("Hello World", reader.readLine()); - connection.disconnect(); - - - connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt";).openConnection(); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode()); - - cookie = connection.getHeaderField("Set-Cookie"); - cookie = cookie.substring(0, cookie.lastIndexOf(';')); - location = connection.getHeaderField("Location"); - - connection = (HttpURLConnection) new URL(location).openConnection(); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode()); - - location = location.substring(0, location.lastIndexOf('/')) + "/j_security_check?j_username=alan&j_password=starcraft"; - - connection = (HttpURLConnection) new URL(location).openConnection(); - connection.setRequestMethod("POST"); - connection.setRequestProperty("Cookie", cookie); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode()); - - connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt";).openConnection(); - connection.setRequestProperty("Cookie", cookie); - connection.setInstanceFollowRedirects(false); - reader = new BufferedReader(new InputStreamReader(connection.getInputStream())); - - assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode()); - assertEquals("Hello World", reader.readLine()); connection.disconnect(); stopWebApp(); Modified: geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java?view=diff&rev=124430&p1=geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java&r1=124429&p2=geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java&r2=124430 ============================================================================== --- geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java (original) +++ geronimo/trunk/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java Thu Jan 6 12:10:40 2005 @@ -17,25 +17,16 @@ package org.apache.geronimo.security.deployment; import java.util.HashSet; -import java.util.Iterator; import java.util.Map; import java.util.Set; -import javax.management.MalformedObjectNameException; -import javax.management.ObjectName; import org.apache.geronimo.common.DeploymentException; -import org.apache.geronimo.gbean.GBeanData; -import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory; -import org.apache.geronimo.kernel.GBeanNotFoundException; import org.apache.geronimo.kernel.Kernel; -import org.apache.geronimo.kernel.NoSuchAttributeException; import org.apache.geronimo.security.deploy.DefaultPrincipal; import org.apache.geronimo.security.deploy.Principal; import org.apache.geronimo.security.deploy.Realm; import org.apache.geronimo.security.deploy.Role; import org.apache.geronimo.security.deploy.Security; -import org.apache.geronimo.xbeans.geronimo.security.GerAutoMapRolesType; -import org.apache.geronimo.xbeans.geronimo.security.GerClassOverrideType; import org.apache.geronimo.xbeans.geronimo.security.GerDefaultPrincipalType; import org.apache.geronimo.xbeans.geronimo.security.GerPrincipalType; import org.apache.geronimo.xbeans.geronimo.security.GerRealmType; @@ -49,7 +40,7 @@ */ public class SecurityBuilder { - public static Security buildSecurityConfig(Set loginDomainNames, GerSecurityType securityType, Set roleNames, Map localSecurityRealms, Kernel kernel) throws MalformedObjectNameException, DeploymentException { + public static Security buildSecurityConfig(Set loginDomainNames, GerSecurityType securityType, Set roleNames, Map localSecurityRealms, Kernel kernel) throws DeploymentException { Security security = null; if (securityType == null) { @@ -92,23 +83,6 @@ } } - GerAutoMapRolesType autoMapRolesType = securityType.getAutoMapRoles(); - String autoMapRealmName = null; - Set autoMapClassOverrides = null; - if (autoMapRolesType != null) { - - autoMapRealmName = autoMapRolesType.getSecurityRealm().trim(); - - GerClassOverrideType[] classOverrideArray = autoMapRolesType.getClassOverrideArray(); - if (classOverrideArray.length > 0) { - autoMapClassOverrides = new HashSet(); - } - for (int i = 0; i < classOverrideArray.length; i++) { - autoMapClassOverrides.add(classOverrideArray[i].getClass1().trim()); - } - - } - security.getRoleNames().addAll(roleNames); DefaultPrincipal defaultPrincipal = new DefaultPrincipal(); @@ -119,65 +93,10 @@ defaultPrincipal.setPrincipal(buildPrincipal(defaultPrincipalType.getPrincipal())); } else { - if (autoMapRealmName == null) { - throw new DeploymentException("No default principal configured, and no automap realm specific for default principal source"); - } - Principal principal; - GBeanData realmData = (GBeanData) localSecurityRealms.get(autoMapRealmName); - if (realmData != null) { - principal = (Principal) realmData.getAttribute("defaultPrincipal"); - } else { - ObjectName realmObjectName = NameFactory.getSecurityRealmName(autoMapRealmName); - - try { - principal = (Principal) kernel.getAttribute(realmObjectName, "defaultPrincipal"); - } catch (GBeanNotFoundException e) { - throw new DeploymentException("No realm with supplied name: " + autoMapRealmName, e); - } catch (NoSuchAttributeException e) { - throw new DeploymentException("Realm " + autoMapRealmName + " is not able to supply default principal", e); - } catch (Exception e) { - throw new DeploymentException("Could not retrieve attribute autoMapPrincipalClasses from realm with supplied name: " + autoMapRealmName, e); - } - } - defaultPrincipal = new DefaultPrincipal(); - defaultPrincipal.setPrincipal(principal); - defaultPrincipal.setRealmName(autoMapRealmName); - + throw new DeploymentException("No default principal configured"); } security.setDefaultPrincipal(defaultPrincipal); - for (Iterator realmNames = allRealms.iterator(); realmNames.hasNext();) { - String realmName = (String) realmNames.next(); - - Map autoMapPrincipalClassesMap; - GBeanData realmData = (GBeanData) localSecurityRealms.get(realmName); - if (realmData != null) { - autoMapPrincipalClassesMap = (Map) realmData.getAttribute("autoMapPrincipalClasses"); - } else { - ObjectName realmObjectName = NameFactory.getSecurityRealmName(realmName); - try { - autoMapPrincipalClassesMap = (Map) kernel.getAttribute(realmObjectName, "autoMapPrincipalClasses"); - - } catch (GBeanNotFoundException e) { - throw new DeploymentException("No realm with supplied name: " + realmName, e); - } catch (NoSuchAttributeException e) { - //its not an automapper - break; - } catch (Exception e) { - throw new DeploymentException("Could not retrieve attribute autoMapPrincipalClasses from realm with supplied name: " + realmName, e); - } - } - for (Iterator iterator = loginDomainNames.iterator(); iterator.hasNext();) { - String loginDomainName = (String) iterator.next(); - Set autoMapPrincipalClasses; - if (realmName.equals(autoMapRealmName)) { - autoMapPrincipalClasses = autoMapClassOverrides; - } - autoMapPrincipalClasses = (Set) autoMapPrincipalClassesMap.get(loginDomainName); - - security.autoGenerate(loginDomainName, realmName, autoMapPrincipalClasses); - } - } return security; } Modified: geronimo/trunk/modules/security-builder/src/schema/geronimo-security.xsd Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security-builder/src/schema/geronimo-security.xsd?view=diff&rev=124430&p1=geronimo/trunk/modules/security-builder/src/schema/geronimo-security.xsd&r1=124429&p2=geronimo/trunk/modules/security-builder/src/schema/geronimo-security.xsd&r2=124430 ============================================================================== --- geronimo/trunk/modules/security-builder/src/schema/geronimo-security.xsd (original) +++ geronimo/trunk/modules/security-builder/src/schema/geronimo-security.xsd Thu Jan 6 12:10:40 2005 @@ -40,7 +40,6 @@ </xsd:annotation> <xsd:sequence> <xsd:element name="description" type="j2ee:descriptionType" minOccurs="0" maxOccurs="unbounded"/> - <xsd:element name="auto-map-roles" type="geronimo:auto-map-rolesType" minOccurs="0"/> <xsd:element name="default-principal" type="geronimo:default-principalType" minOccurs="0"/> <xsd:element name="role-mappings" type="geronimo:role-mappingsType" minOccurs="0"/> </xsd:sequence> @@ -112,25 +111,6 @@ </xsd:documentation> </xsd:annotation> </xsd:attribute> - </xsd:complexType> - <xsd:complexType name="auto-map-rolesType"> - <xsd:sequence> - <xsd:element name="description" type="j2ee:descriptionType" minOccurs="0" maxOccurs="unbounded"/> - <xsd:element name="class-override" type="geronimo:class-overrideType" minOccurs="0" maxOccurs="unbounded"/> - </xsd:sequence> - <xsd:attribute name="security-realm" type="xsd:string" use="required"/> - </xsd:complexType> - <xsd:complexType name="class-overrideType"> - <xsd:annotation> - <xsd:documentation> - Class overrides allow a deployer to specify a different set of - principal classes to be used in the auto mapping of roles. - </xsd:documentation> - </xsd:annotation> - <xsd:sequence> - <xsd:element name="description" type="j2ee:descriptionType" minOccurs="0" maxOccurs="unbounded"/> - </xsd:sequence> - <xsd:attribute name="class" type="xsd:string" use="required"/> </xsd:complexType> </xsd:schema> Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java?view=diff&rev=124430&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java&r1=124429&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java&r2=124430 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java Thu Jan 6 12:10:40 2005 @@ -17,26 +17,20 @@ package org.apache.geronimo.security; -import java.security.Policy; -import java.util.Collection; -import java.util.Iterator; import javax.security.jacc.PolicyConfigurationFactory; import javax.security.jacc.PolicyContextException; +import java.security.Policy; -import EDU.oswego.cs.dl.util.concurrent.ConcurrentHashMap; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; + import org.apache.geronimo.gbean.GBeanInfo; import org.apache.geronimo.gbean.GBeanInfoBuilder; -import org.apache.geronimo.gbean.ReferenceCollection; -import org.apache.geronimo.gbean.ReferenceCollectionEvent; -import org.apache.geronimo.gbean.ReferenceCollectionListener; import org.apache.geronimo.security.jacc.GeronimoPolicy; import org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory; import org.apache.geronimo.security.jacc.PolicyContextHandlerContainerSubject; import org.apache.geronimo.security.jacc.PolicyContextHandlerHttpServletRequest; import org.apache.geronimo.security.jacc.PolicyContextHandlerSOAPMessage; -import org.apache.geronimo.security.realm.AutoMapAssistant; import org.apache.geronimo.security.util.ConfigurationUtil; Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java?view=diff&rev=124430&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java&r1=124429&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java&r2=124430 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java Thu Jan 6 12:10:40 2005 @@ -89,40 +89,4 @@ roleMappings.put(role.getRoleName(), role); } } - - /** - * Automatically generate role mappings and add them to the existing role mappings. - * <p/> - * NOTE: This method should be called during deployment. - * - */ - public void autoGenerate(String loginDomainName, String realmName, Set principalClasseSet) { - /** - * Append roles - */ - for (Iterator iter = roleNames.iterator(); iter.hasNext();) { - String roleName = (String) iter.next(); - Role role = new Role(); - - role.setRoleName(roleName); - - Realm realm = new Realm(); - - realm.setRealmName(realmName); - - for (Iterator principalClasses = principalClasseSet.iterator(); principalClasses.hasNext();) { - Principal principal = new Principal(); - //todo: Principal class needs to handle login domain as well - principal.setClassName((String) principalClasses.next()); - principal.setPrincipalName(roleName); - principal.setDesignatedRunAs(false); - - realm.getPrincipals().add(principal); - } - role.append(realm); - - append(role); - } - - } } Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java?view=diff&rev=124430&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java&r1=124429&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java&r2=124430 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java Thu Jan 6 12:10:40 2005 @@ -88,7 +88,7 @@ workers = new LoginModuleConfiguration[config.length]; for (int i = 0; i < workers.length; i++) { LoginModule wrapper; - if(config[i].isServerSide()) { + if(config[i].isServerSide()) { wrapper = new ServerLoginModule(i); } else { LoginModule source = config[i].getLoginModule(JaasLoginCoordinator.class.getClassLoader()); Deleted: /geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/DeploymentSupport.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/DeploymentSupport.java?view=auto&rev=124429 ============================================================================== Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java?view=diff&rev=124430&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java&r1=124429&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java&r2=124430 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java Thu Jan 6 12:10:40 2005 @@ -16,8 +16,9 @@ */ package org.apache.geronimo.security.realm; +import javax.management.MalformedObjectNameException; +import javax.management.ObjectName; import java.util.ArrayList; -import java.util.Arrays; import java.util.Enumeration; import java.util.HashMap; import java.util.HashSet; @@ -25,16 +26,11 @@ import java.util.Map; import java.util.Properties; import java.util.Set; -import javax.management.MalformedObjectNameException; -import javax.management.ObjectName; -import javax.security.auth.spi.LoginModule; -import org.apache.geronimo.common.GeronimoSecurityException; import org.apache.geronimo.gbean.GBeanInfo; import org.apache.geronimo.gbean.GBeanInfoBuilder; import org.apache.geronimo.kernel.Kernel; import org.apache.geronimo.kernel.proxy.ProxyManager; -import org.apache.geronimo.security.deploy.MapOfSets; import org.apache.geronimo.security.deploy.Principal; import org.apache.geronimo.security.jaas.ConfigurationEntryFactory; import org.apache.geronimo.security.jaas.JaasLoginCoordinator; @@ -77,7 +73,7 @@ * * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $ */ -public class GenericSecurityRealm implements SecurityRealm, ConfigurationEntryFactory, AutoMapAssistant { +public class GenericSecurityRealm implements SecurityRealm, ConfigurationEntryFactory { public final static String KERNEL_LM_OPTION = "org.apache.geronimo.security.realm.GenericSecurityRealm.KERNEL"; public final static String SERVERINFO_LM_OPTION = "org.apache.geronimo.security.realm.GenericSecurityRealm.SERVERINFO"; @@ -88,10 +84,8 @@ private final ServerInfo serverInfo; private final ClassLoader classLoader; - private final MapOfSets autoMapPrincipalClasses; private final Principal defaultPrincipal; - private Map deployment; private String[] domains; private boolean restrictPrincipalsToServer; @@ -99,8 +93,6 @@ Properties loginModuleConfiguration, boolean restrictPrincipalsToServer, Principal defaultPrincipal, - MapOfSets autoMapPrincipalClasses, - Properties deploymentSupport, ServerInfo serverInfo, ClassLoader classLoader, Kernel kernel) throws MalformedObjectNameException { @@ -110,14 +102,8 @@ this.classLoader = classLoader; this.restrictPrincipalsToServer = restrictPrincipalsToServer; this.defaultPrincipal = defaultPrincipal; - if (autoMapPrincipalClasses != null) { - this.autoMapPrincipalClasses = autoMapPrincipalClasses; - } else { - this.autoMapPrincipalClasses = new MapOfSets(); - } processConfiguration(loginModuleConfiguration); - initializeDeployment(deploymentSupport); } public String getRealmName() { @@ -129,15 +115,6 @@ } /** - * Gets a helper that lists principals for the realm to help with - * generating deployment descriptors. May return null if the realm does - * not support these features. - */ - public DeploymentSupport getDeploymentSupport(String domain) throws GeronimoSecurityException { - return (DeploymentSupport) deployment.get(domain); - } - - /** * Gets a list of the login domains that make up this security realm. A * particular LoginModule represents 0 or 1 login domains, and a realm is * composed of a number of login modules, so the realm may cover any @@ -158,10 +135,6 @@ return defaultPrincipal; } - public MapOfSets getAutoMapPrincipalClasses() { - return autoMapPrincipalClasses; - } - /** * A GBean property. If set to true, the login service will not return * principals generated by this realm to clients. If set to false (the @@ -217,9 +190,9 @@ if (classLoader != null && !options.containsKey(CLASSLOADER_LM_OPTION)) { options.put(CLASSLOADER_LM_OPTION, classLoader); } - if(module.getLoginDomainName() != null) { - if(domains.contains(module.getLoginDomainName())) { - throw new IllegalStateException("Error in "+realmName+": one security realm cannot contain multiple login modules for the same login domain"); + if (module.getLoginDomainName() != null) { + if (domains.contains(module.getLoginDomainName())) { + throw new IllegalStateException("Error in " + realmName + ": one security realm cannot contain multiple login modules for the same login domain"); } else { domains.add(module.getLoginDomainName()); } @@ -242,35 +215,6 @@ config = (JaasLoginModuleConfiguration[]) list.toArray(new JaasLoginModuleConfiguration[list.size()]); } - private void initializeDeployment(Properties deploymentSupport) { - deployment = new HashMap(); - for (int i = 0; i < config.length; i++) { - if(config[i].getLoginDomainName() == null) { - continue; - } - DeploymentSupport support = null; - if(deploymentSupport != null && deploymentSupport.containsKey(config[i].getLoginDomainName())) { - try { - //todo: how should this be configured? Should it be a GBean? - support = (DeploymentSupport) classLoader.loadClass(deploymentSupport.getProperty(config[i].getLoginDomainName())).newInstance(); - } catch (Exception e) { - throw new GeronimoSecurityException("Unable to load deployment support class '"+deploymentSupport.getProperty(config[i].getLoginDomainName())+"'", e); - } - } else if(config[i].getLoginModule(classLoader) instanceof DeploymentSupport) { - LoginModule module = config[i].getLoginModule(classLoader); - module.initialize(null, null, null, config[i].getOptions()); - support = (DeploymentSupport) module; - } - if(support != null) { - deployment.put(config[i].getLoginDomainName(), support); - String[] auto = support.getAutoMapPrincipalClassNames(); - if(auto != null) { - autoMapPrincipalClasses.put(config[i].getLoginDomainName(), new HashSet(Arrays.asList(auto))); - } - } - } - } - public static final GBeanInfo GBEAN_INFO; @@ -283,7 +227,6 @@ infoFactory.addAttribute("kernel", Kernel.class, false); infoFactory.addAttribute("loginModuleConfiguration", Properties.class, true); infoFactory.addAttribute("classLoader", ClassLoader.class, false); - infoFactory.addAttribute("autoMapPrincipalClasses", MapOfSets.class, true); infoFactory.addAttribute("defaultPrincipal", Principal.class, true); infoFactory.addAttribute("deploymentSupport", Properties.class, true); infoFactory.addAttribute("restrictPrincipalsToServer", boolean.class, true); @@ -291,14 +234,11 @@ infoFactory.addReference("ServerInfo", ServerInfo.class); infoFactory.addOperation("getAppConfigurationEntries", new Class[0]); - infoFactory.addOperation("getDeploymentSupport", new Class[]{String.class}); infoFactory.setConstructor(new String[]{"realmName", "loginModuleConfiguration", "restrictPrincipalsToServer", "defaultPrincipal", - "autoMapPrincipalClasses", - "deploymentSupport", "ServerInfo", "classLoader", "kernel"}); Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java?view=diff&rev=124430&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java&r1=124429&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java&r2=124430 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java Thu Jan 6 12:10:40 2005 @@ -17,19 +17,14 @@ package org.apache.geronimo.security.realm; -import javax.security.auth.login.AppConfigurationEntry; - -import java.util.Set; - -import org.apache.geronimo.common.GeronimoSecurityException; import org.apache.geronimo.security.jaas.JaasLoginModuleConfiguration; -import org.apache.regexp.RE; /** * @version $Rev$ $Date$ */ public interface SecurityRealm { + static final String BASE_OBJECT_NAME = "geronimo.security:type=SecurityRealm"; /** @@ -59,10 +54,4 @@ */ public String[] getLoginDomains(); - /** - * Gets a helper that lists principals for the realm to help with - * generating deployment descriptors. May return null if the realm does - * not support these features. - */ - public DeploymentSupport getDeploymentSupport(String loginDomain) throws GeronimoSecurityException; } Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java?view=diff&rev=124430&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java&r1=124429&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java&r2=124430 ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java Thu Jan 6 12:10:40 2005 @@ -40,7 +40,6 @@ import org.apache.geronimo.common.GeronimoSecurityException; import org.apache.geronimo.kernel.Kernel; import org.apache.geronimo.security.realm.GenericSecurityRealm; -import org.apache.geronimo.security.realm.DeploymentSupport; import org.apache.geronimo.system.serverinfo.ServerInfo; @@ -51,7 +50,7 @@ * * @version $Rev$ $Date$ */ -public class PropertiesFileLoginModule implements LoginModule, DeploymentSupport { +public class PropertiesFileLoginModule implements LoginModule { public final static String USERS_URI = "usersURI"; public final static String GROUPS_URI = "groupsURI"; private static Log log = LogFactory.getLog(PropertiesFileLoginModule.class); @@ -178,15 +177,6 @@ */ public String[] getPrincipalClassNames() { return new String[]{GeronimoUserPrincipal.class.getName(), GeronimoGroupPrincipal.class.getName()}; - } - - /** - * Gets the names of all principal classes that should correspond to - * roles when automapping. This is a default, and may be overridden - * by specific values configured for the realm. - */ - public String[] getAutoMapPrincipalClassNames() { - return new String[]{GeronimoGroupPrincipal.class.getName()}; } /** Deleted: /geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/DeploymentSupportTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/DeploymentSupportTest.java?view=auto&rev=124429 ============================================================================== Modified: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java?view=diff&rev=124430&p1=geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java&r1=124429&p2=geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java&r2=124430 ============================================================================== --- geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java (original) +++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java Thu Jan 6 12:10:40 2005 @@ -186,9 +186,6 @@ Properties config = new Properties(); config.setProperty("LoginModule.1.REQUIRED", propertiesLMName.getCanonicalName()); propertiesRealmGBean.setAttribute("loginModuleConfiguration", config); - MapOfSets.MapOfSetsEditor mapEditor = new MapOfSets.MapOfSetsEditor(); - mapEditor.setAsText(securityRealmName + "=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"); - propertiesRealmGBean.setAttribute("autoMapPrincipalClasses", mapEditor.getValue()); Principal.PrincipalEditor principalEditor = new Principal.PrincipalEditor(); principalEditor.setAsText("metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"); propertiesRealmGBean.setAttribute("defaultPrincipal", principalEditor.getValue()); Modified: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/SecurityTest.java Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/SecurityTest.java?view=diff&rev=124430&p1=geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/SecurityTest.java&r1=124429&p2=geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/SecurityTest.java&r2=124430 ============================================================================== --- geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/SecurityTest.java (original) +++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/SecurityTest.java Thu Jan 6 12:10:40 2005 @@ -140,117 +140,6 @@ */ /** - * Test the auto map feature. Only Izumi should be able to log in. - * - * @throws Exception thrown if an error in the test occurs - */ - /* - public void xtestAutoMapping() throws Exception { - Security securityConfig = new Security(); - securityConfig.setUseContextHandler(false); - - AutoMapAssistant assistant = new AutoMapAssistant(); - assistant.setSecurityRealm("demo-properties-realm"); - securityConfig.setAssistant(assistant); - - securityConfig.getRoleNames().add("content-administrator"); - securityConfig.getRoleNames().add("auto-administrator"); - - SecurityService securityService = (SecurityService) kernel.getProxyManager().createProxy(securityServiceName, SecurityService.class); - try { - securityConfig.autoGenerate(securityService); - } finally { - kernel.getProxyManager().destroyProxy(securityService); - } - - String actions = "GET,POST,PUT,DELETE,HEAD,OPTIONS,TRACE"; - Set uncheckedPermissions = new HashSet(); - uncheckedPermissions.add(new WebUserDataPermission("/protected/*", actions)); - uncheckedPermissions.add(new WebResourcePermission("/:/protected/*:/auth/logon.html", actions)); - uncheckedPermissions.add(new WebUserDataPermission("/:/protected/*:/auth/logon.html", actions)); - Set excludedPermissions = new HashSet(); - excludedPermissions.add(new WebResourcePermission("/auth/login.html", actions)); - excludedPermissions.add(new WebUserDataPermission("/auth/login.html", actions)); - Map rolePermissions = new HashMap(); - WebResourcePermission permission = new WebResourcePermission("/protected/*", actions); - Set permissionSet = new HashSet(); - permissionSet.add(permission); - rolePermissions.put("content-administrator", permissionSet); - rolePermissions.put("auto-administrator", permissionSet); - Set securityRoles = new HashSet(); - securityRoles.add("content-administrator"); - securityRoles.add("auto-administrator"); - - Map legacySecurityConstraintMap = new HashMap(); - - startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap); - - HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:8080/test/protected/hello.txt";).openConnection(); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode()); - - String cookie = connection.getHeaderField("Set-Cookie"); - cookie = cookie.substring(0, cookie.lastIndexOf(';')); - String location = connection.getHeaderField("Location"); - - connection = (HttpURLConnection) new URL(location).openConnection(); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode()); - - location = location.substring(0, location.lastIndexOf('/')) + "/j_security_check?j_username=izumi&j_password=violin"; - - connection = (HttpURLConnection) new URL(location).openConnection(); - connection.setRequestMethod("POST"); - connection.setRequestProperty("Cookie", cookie); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode()); - - connection = (HttpURLConnection) new URL("http://localhost:8080/test/protected/hello.txt";).openConnection(); - connection.setRequestProperty("Cookie", cookie); - connection.setInstanceFollowRedirects(false); - BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream())); - - assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode()); - assertEquals("Hello World", reader.readLine()); - connection.disconnect(); - - - connection = (HttpURLConnection) new URL("http://localhost:8080/test/protected/hello.txt";).openConnection(); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode()); - - cookie = connection.getHeaderField("Set-Cookie"); - cookie = cookie.substring(0, cookie.lastIndexOf(';')); - location = connection.getHeaderField("Location"); - - connection = (HttpURLConnection) new URL(location).openConnection(); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode()); - - location = location.substring(0, location.lastIndexOf('/')) + "/j_security_check?j_username=alan&j_password=starcraft"; - - connection = (HttpURLConnection) new URL(location).openConnection(); - connection.setRequestMethod("POST"); - connection.setRequestProperty("Cookie", cookie); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode()); - - try { - connection = (HttpURLConnection) new URL("http://localhost:8080/test/protected/hello.txt";).openConnection(); - connection.setRequestProperty("Cookie", cookie); - connection.setInstanceFollowRedirects(false); - reader = new BufferedReader(new InputStreamReader(connection.getInputStream())); - - fail("Should throw an IOException for HTTP 403 response"); - } catch (IOException e) { - } - - assertEquals(HttpURLConnection.HTTP_FORBIDDEN, connection.getResponseCode()); - connection.disconnect(); - stopWebApp(); - } - */ - /** * Mixed the auto map and the standard explicit map. Both Alan and Izumi * should be able to login. * @@ -476,66 +365,6 @@ assertEquals("<!-- Not Authorized -->", reader.readLine()); reader.close(); - connection.disconnect(); - - stopWebApp(); - } - - public void testAutoMapping() throws Exception { - - SecurityConstraint[] constraints = new SecurityConstraint[2]; - - SecurityConstraint sc = new SecurityConstraint(); - sc.setAuthConstraint(true); - sc.addAuthRole("content-administrator"); - sc.addAuthRole("auto-administrator"); - SecurityCollection coll = new SecurityCollection("Admin Role"); - coll.addPattern("/protected/*"); - sc.addCollection(coll); - constraints[0] = sc; - - sc = new SecurityConstraint(); - sc.setAuthConstraint(false); - coll = new SecurityCollection("NO ACCESS"); - coll.addPattern("/auth/logon.html"); - sc.addCollection(coll); - constraints[1] = sc; - - String[] securityRoles = new String[2]; - securityRoles[0] = "content-administrator"; - securityRoles[1] = "auto-administrator"; - - startWebApp(constraints, securityRoles); - - //Begin the test - HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:8080/securetest/protected/hello.txt";).openConnection(); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode()); - - //Be sure we have been given the login page - BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream())); - assertEquals("<!-- Login Page -->", reader.readLine()); - reader.close(); - - String cookie = connection.getHeaderField("Set-Cookie"); - cookie = cookie.substring(0, cookie.lastIndexOf(';')); - String location = connection.getHeaderField("Location"); - - location = "http://localhost:8080/securetest/protected/j_security_check?j_username=izumi&j_password=violin";; - - connection = (HttpURLConnection) new URL(location).openConnection(); - connection.setRequestMethod("POST"); - connection.setRequestProperty("Cookie", cookie); - connection.setInstanceFollowRedirects(false); - assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode()); - - connection = (HttpURLConnection) new URL("http://localhost:8080/securetest/protected/hello.txt";).openConnection(); - connection.setRequestProperty("Cookie", cookie); - connection.setInstanceFollowRedirects(false); - reader = new BufferedReader(new InputStreamReader(connection.getInputStream())); - - assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode()); - assertEquals("Hello World", reader.readLine()); connection.disconnect(); stopWebApp();
