Author: adc
Date: Mon Feb 21 10:21:09 2005
New Revision: 154702
URL: http://svn.apache.org/viewcvs?view=rev&rev=154702
Log:
Broke out RoleMapper from the PolicyConfiguration heirarchy.
Added:
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/RoleMappingConfigurationImpl.java
Modified:
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/GeronimoPolicyConfiguration.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/GeronimoPolicyConfigurationFactory.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PolicyConfigurationGeneric.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PolicyContextHandlerHttpServletRequest.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PolicyContextHandlerSOAPMessage.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/RoleMappingConfiguration.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/RoleMappingConfigurationFactory.java
geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatGeronimoRealm.java
Modified:
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
URL:
http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java?view=diff&r1=154701&r2=154702
==============================================================================
---
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
(original)
+++
geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
Mon Feb 21 10:21:09 2005
@@ -49,6 +49,7 @@
import org.apache.geronimo.security.deploy.Role;
import org.apache.geronimo.security.deploy.Security;
import org.apache.geronimo.security.jacc.RoleMappingConfiguration;
+import org.apache.geronimo.security.jacc.RoleMappingConfigurationFactory;
import org.apache.geronimo.security.util.ConfigurationUtil;
import org.mortbay.http.Authenticator;
import org.mortbay.http.HttpException;
@@ -132,7 +133,8 @@
policyConfiguration = factory.getPolicyConfiguration(policyContextID,
true);
configure(uncheckedPermissions, excludedPermissions, rolePermissions);
- addRoleMappings(securityRoles, securityRealmName, securityConfig,
(RoleMappingConfiguration) policyConfiguration);
+ RoleMappingConfiguration roleMapper =
RoleMappingConfigurationFactory.getRoleMappingFactory().getRoleMappingConfiguration(policyContextID,
false);
+ addRoleMappings(securityRoles, securityRealmName, securityConfig,
roleMapper);
policyConfiguration.commit();
this.excludedPermissions = excludedPermissions;
Modified:
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/GeronimoPolicyConfiguration.java
URL:
http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/GeronimoPolicyConfiguration.java?view=diff&r1=154701&r2=154702
==============================================================================
---
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/GeronimoPolicyConfiguration.java
(original)
+++
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/GeronimoPolicyConfiguration.java
Mon Feb 21 10:21:09 2005
@@ -19,16 +19,16 @@
import java.security.Permission;
import java.security.ProtectionDomain;
+import javax.security.jacc.PolicyConfiguration;
/**
- *
* @version $Rev$ $Date$
*/
-public interface GeronimoPolicyConfiguration extends RoleMappingConfiguration {
+public interface GeronimoPolicyConfiguration extends PolicyConfiguration,
RoleMappingConfiguration {
+
public boolean implies(ProtectionDomain domain, Permission permission);
public void open(boolean remove);
-
}
Modified:
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/GeronimoPolicyConfigurationFactory.java
URL:
http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/GeronimoPolicyConfigurationFactory.java?view=diff&r1=154701&r2=154702
==============================================================================
---
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/GeronimoPolicyConfigurationFactory.java
(original)
+++
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/GeronimoPolicyConfigurationFactory.java
Mon Feb 21 10:21:09 2005
@@ -39,10 +39,13 @@
private Map configurations = new HashMap();
public GeronimoPolicyConfigurationFactory() {
- if (singleton != null) {
- log.warn("Singleton already assigned. There may be more than one
GeronimoPolicyConfigurationFactory being used.");
+ synchronized (GeronimoPolicyConfigurationFactory.class) {
+ if (singleton != null) {
+ log.error("Singleton already assigned. There may be more than
one GeronimoPolicyConfigurationFactory being used.");
+ throw new IllegalStateException("Singleton already assigned");
+ }
+ singleton = this;
}
- singleton = this;
}
public void setPolicyConfiguration(String contextID,
GeronimoPolicyConfiguration configuration) {
@@ -50,7 +53,7 @@
if (sm != null) sm.checkPermission(new
GeronimoSecurityPermission("setPolicyConfiguration"));
configurations.put(contextID, configuration);
-
+
log.trace("Set policy configuration " + contextID);
}
Modified:
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PolicyConfigurationGeneric.java
URL:
http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PolicyConfigurationGeneric.java?view=diff&r1=154701&r2=154702
==============================================================================
---
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PolicyConfigurationGeneric.java
(original)
+++
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PolicyConfigurationGeneric.java
Mon Feb 21 10:21:09 2005
@@ -171,18 +171,18 @@
public void linkConfiguration(javax.security.jacc.PolicyConfiguration
link) throws PolicyContextException {
if (state != OPEN) throw new UnsupportedOperationException("Not in an
open state");
- RoleMappingConfiguration configuration = (RoleMappingConfiguration)
link;
+ RoleMappingConfiguration roleMapper =
RoleMappingConfigurationFactory.getRoleMappingFactory().getRoleMappingConfiguration(link.getContextID(),
false);
Iterator principals = principalRoleMapping.keySet().iterator();
while (principals.hasNext()) {
Principal principal = (Principal) principals.next();
Iterator roles = ((HashSet)
principalRoleMapping.get(principal)).iterator();
while (roles.hasNext()) {
- configuration.addRoleMapping((String) roles.next(),
Collections.singletonList(principal));
+ roleMapper.addRoleMapping((String) roles.next(),
Collections.singletonList(principal));
}
}
- configuration.linkConfiguration(this);
+ link.linkConfiguration(this);
}
public void delete() throws PolicyContextException {
Modified:
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PolicyContextHandlerHttpServletRequest.java
URL:
http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PolicyContextHandlerHttpServletRequest.java?view=diff&r1=154701&r2=154702
==============================================================================
---
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PolicyContextHandlerHttpServletRequest.java
(original)
+++
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PolicyContextHandlerHttpServletRequest.java
Mon Feb 21 10:21:09 2005
@@ -22,7 +22,6 @@
/**
- *
* @version $Rev$ $Date$
*/
public class PolicyContextHandlerHttpServletRequest implements
PolicyContextHandler {
Modified:
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PolicyContextHandlerSOAPMessage.java
URL:
http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PolicyContextHandlerSOAPMessage.java?view=diff&r1=154701&r2=154702
==============================================================================
---
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PolicyContextHandlerSOAPMessage.java
(original)
+++
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PolicyContextHandlerSOAPMessage.java
Mon Feb 21 10:21:09 2005
@@ -22,7 +22,6 @@
/**
- *
* @version $Rev$ $Date$
*/
public class PolicyContextHandlerSOAPMessage implements PolicyContextHandler {
Modified:
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/RoleMappingConfiguration.java
URL:
http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/RoleMappingConfiguration.java?view=diff&r1=154701&r2=154702
==============================================================================
---
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/RoleMappingConfiguration.java
(original)
+++
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/RoleMappingConfiguration.java
Mon Feb 21 10:21:09 2005
@@ -18,8 +18,6 @@
package org.apache.geronimo.security.jacc;
import java.util.Collection;
-
-import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyContextException;
@@ -27,23 +25,25 @@
* <p>The methods of this interface are used by containers to create role
mappings in a <code>Policy</code> provider.
* An object that implements the <code>RoleMappingConfiguration</code>
interface provides the role mapping configuration
* interface for a corresponding policy context within the corresponding
Policy provider.</p>
- *
+ * <p/>
* <p>Geronimo will obtain an instance of this class by calling
- * <code>PolicyConfigurationFactory.getPolicyConfiguration</code>. If the
object that is returned <i>also</i>
+ * <code>RoleMappingConfigurationFactory.getRoleMappingConfiguration</code>.
If the object that is returned <i>also</i>
* implements <code>RoleMappingConfiguration</code>, Geronimo will call the
methods of that interface to provide role
* mappings to the <code>Policy</code> provider</p>
+ *
* @version $Rev$ $Date$
- * @see javax.security.jacc.PolicyConfiguration
- * @see
javax.security.jacc.PolicyConfigurationFactory#getPolicyConfiguration
+ * @see RoleMappingConfigurationFactory#getRoleMappingConfiguration
*/
-public interface RoleMappingConfiguration extends PolicyConfiguration {
+public interface RoleMappingConfiguration {
/**
* Add a mapping from a module's security roles to physical principals.
Mapping principals to the same role twice
* will cause a <code>PolicyContextException</code> to be thrown.
- * @param role The role that is to be mapped to a set of principals.
+ *
+ * @param role The role that is to be mapped to a set of principals.
* @param principals The set of principals that are to be mapped to to
role.
- * @throws javax.security.jacc.PolicyContextException if the mapping
principals to the same role twice occurs.
+ * @throws javax.security.jacc.PolicyContextException
+ * if the mapping principals to the same role twice occurs.
*/
public void addRoleMapping(String role, Collection principals) throws
PolicyContextException;
}
Modified:
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/RoleMappingConfigurationFactory.java
URL:
http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/RoleMappingConfigurationFactory.java?view=diff&r1=154701&r2=154702
==============================================================================
---
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/RoleMappingConfigurationFactory.java
(original)
+++
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/RoleMappingConfigurationFactory.java
Mon Feb 21 10:21:09 2005
@@ -17,13 +17,13 @@
package org.apache.geronimo.security.jacc;
-import org.apache.geronimo.security.GeronimoSecurityPermission;
-
-import javax.security.jacc.PolicyConfiguration;
-import javax.security.jacc.PolicyContextException;
import java.security.SecurityPermission;
import java.util.HashMap;
import java.util.Map;
+import javax.security.jacc.PolicyContextException;
+
+import org.apache.geronimo.security.GeronimoSecurityPermission;
+
public class RoleMappingConfigurationFactory {
@@ -58,12 +58,10 @@
if (configuration == null) {
GeronimoPolicyConfigurationFactory gpcf =
GeronimoPolicyConfigurationFactory.getSingleton();
- PolicyConfiguration policyConfiguration =
gpcf.getGeronimoPolicyConfiguration(contextID);
+ GeronimoPolicyConfiguration policyConfiguration =
gpcf.getGeronimoPolicyConfiguration(contextID);
- configuration = new RoleMappingConfiguration(policyConfiguration);
+ configuration = new
RoleMappingConfigurationImpl(policyConfiguration);
configurations.put(contextID, configuration);
- } else {
- configuration.open(remove);
}
return configuration;
Added:
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/RoleMappingConfigurationImpl.java
URL:
http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/RoleMappingConfigurationImpl.java?view=auto&rev=154702
==============================================================================
---
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/RoleMappingConfigurationImpl.java
(added)
+++
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/RoleMappingConfigurationImpl.java
Mon Feb 21 10:21:09 2005
@@ -0,0 +1,37 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.security.jacc;
+
+import java.util.Collection;
+import javax.security.jacc.PolicyContextException;
+
+
+/**
+ * @version $Revision: $ $Date: $
+ */
+public class RoleMappingConfigurationImpl implements RoleMappingConfiguration {
+
+ private final GeronimoPolicyConfiguration policyConfiguration;
+
+ RoleMappingConfigurationImpl(GeronimoPolicyConfiguration
policyConfiguration) {
+ this.policyConfiguration = policyConfiguration;
+ }
+
+ public void addRoleMapping(String role, Collection principals) throws
PolicyContextException {
+ policyConfiguration.addRoleMapping(role, principals);
+ }
+}
Modified:
geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatGeronimoRealm.java
URL:
http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatGeronimoRealm.java?view=diff&r1=154701&r2=154702
==============================================================================
---
geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatGeronimoRealm.java
(original)
+++
geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatGeronimoRealm.java
Mon Feb 21 10:21:09 2005
@@ -66,6 +66,7 @@
import org.apache.geronimo.security.deploy.Security;
import org.apache.geronimo.security.jacc.PolicyContextHandlerContainerSubject;
import org.apache.geronimo.security.jacc.RoleMappingConfiguration;
+import org.apache.geronimo.security.jacc.RoleMappingConfigurationFactory;
import org.apache.geronimo.security.util.ConfigurationUtil;
@@ -116,7 +117,8 @@
policyConfiguration = factory.getPolicyConfiguration(policyContextID,
true);
configure(uncheckedPermissions, excludedPermissions, rolePermissions);
- addRoleMappings(securityRoles, loginDomainName, securityConfig,
(RoleMappingConfiguration) policyConfiguration);
+ RoleMappingConfiguration roleMapper =
RoleMappingConfigurationFactory.getRoleMappingFactory().getRoleMappingConfiguration(policyContextID,
false);
+ addRoleMappings(securityRoles, loginDomainName, securityConfig,
roleMapper);
policyConfiguration.commit();
this.loginDomainName = loginDomainName;
