geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: svn commit: r315020 [1/3] - in /geronimo/trunk/modules: assembly/src/plan/ jetty/src/test/org/apache/geronimo/jetty/ security/src/java/org/apache/geronimo/security/ security/src/java/org/apache/geronimo/security/jaas/ security/src/java/org/apache/geron...
Date Fri, 14 Oct 2005 00:28:49 GMT
These changes did cause the problem, I'm looking into it.

david jencks

On Oct 13, 2005, at 3:15 PM, Joe Bohn wrote:

> I just updated my image from head earlier this afternoon and I've been  
> pulling my hair out trying to figure out why I get a 403 when I  
> attempt to authenticate to the Web Console.  This happens with both  
> the tomcat and the jetty container configurations.  Is it possible  
> that these changes (or the other related changes around the same time)  
> that hit some of the JAAS login logic is causing my problem.  Sachin  
> updated his code yesterday afternoon (probably prior to this) and  
> isn't seeing the same problem.
>
> Thanks,
> Joe
>
> adc@apache.org wrote:
>> Author: adc
>> Date: Wed Oct 12 13:01:56 2005
>> New Revision: 315020
>> URL: http://svn.apache.org/viewcvs?rev=315020&view=rev
>> Log:
>> Initial checkin for GERONIMO-883
>> Added:
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/DomainPrincipal.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/ClientLoginModuleProxy.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/JaasLoginCoordinator.java
>>       - copied, changed from r289678,  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasLoginCoordinator.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/LoginModuleProxy.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/ServerLoginProxy.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/WrappingClientLoginModuleProxy.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/server/
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/server/DecouplingCallbackHandler.java
>>       - copied, changed from r289678,  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/DecouplingCallbackHandler.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/server/ExpiredLoginModuleException.java   (contents,  
>> props changed)
>>       - copied, changed from r289678,  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/ExpiredLoginModuleException.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/server/JaasLoginModuleConfiguration.java
>>       - copied, changed from r289678,  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasLoginModuleConfiguration.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/server/JaasLoginService.java
>>       - copied, changed from r289678,  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasLoginService.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/server/JaasLoginServiceMBean.java
>>       - copied, changed from r289678,  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasLoginServiceMBean.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/server/JaasSecuritySession.java
>>       - copied, changed from r289678,  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasSecurityContext.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/server/JaasSessionId.java
>>       - copied, changed from r289678,  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasClientId.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/server/WrappingLoginModuleProxy.java
>> Removed:
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/DecouplingCallbackHandler.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/ExpiredLoginModuleException.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasClientId.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasLoginCoordinator.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasLoginModuleConfiguration.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasLoginService.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasLoginServiceMBean.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasSecurityContext.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/LoginModuleConfiguration.java
>> Modified:
>>      
>> geronimo/trunk/modules/assembly/src/plan/j2ee-client-security- 
>> plan.xml
>>     geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml
>>      
>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ 
>> AbstractWebModuleTest.java
>>      
>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ 
>> SecurityTest.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/ContextManager.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/PrimaryRealmPrincipal.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/RealmPrincipal.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/ConfigurationEntryFactory.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/DirectConfigurationEntry.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/GeronimoLoginConfiguration.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasLoginModuleUse.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/LoginModuleControlFlag.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/LoginModuleGBean.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/LoginUtils.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/ServerRealmConfigurationEntry.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/realm/GenericSecurityRealm.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/realm/SecurityRealm.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/remoting/jmx/JaasLoginServiceRemotingClient.java
>>      
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/remoting/jmx/JaasLoginServiceRemotingServer.java
>>     geronimo/trunk/modules/security/src/test-data/data/login.config
>>      
>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/ 
>> security/AbstractTest.java
>>      
>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/ 
>> security/jaas/ConfigurationEntryTest.java
>>      
>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/ 
>> security/jaas/LoginPropertiesFileTest.java
>>      
>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/ 
>> security/jaas/LoginSQLTest.java
>>      
>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/ 
>> security/jaas/MultipleLoginDomainTest.java
>>      
>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/ 
>> security/jaas/NoLoginModuleReuseTest.java
>>      
>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/ 
>> security/jaas/TimeoutTest.java
>>      
>> geronimo/trunk/modules/security/src/test/org/apache/geronimo/ 
>> security/remoting/jmx/RemoteLoginTest.java
>>     geronimo/trunk/modules/tomcat/project.xml
>>      
>> geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ 
>> AbstractWebModuleTest.java
>>      
>> geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ 
>> ApplicationTest.java
>>      
>> geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ 
>> ContainerTest.java
>>      
>> geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ 
>> JACCSecurityTest.java
>> Modified:  
>> geronimo/trunk/modules/assembly/src/plan/j2ee-client-security- 
>> plan.xml
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/ 
>> plan/j2ee-client-security-plan.xml? 
>> rev=315020&r1=315019&r2=315020&view=diff
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/assembly/src/plan/j2ee-client-security- 
>> plan.xml (original)
>> +++  
>> geronimo/trunk/modules/assembly/src/plan/j2ee-client-security- 
>> plan.xml Wed Oct 12 13:01:56 2005
>> @@ -67,7 +67,7 @@
>>      </gbean>
>>       <gbean name="ServerLoginCoordinator"  
>> class="org.apache.geronimo.security.jaas.LoginModuleGBean">
>> -        <attribute  
>> name="loginModuleClass">org.apache.geronimo.security.jaas.JaasLoginCoo 
>> rdinator</attribute>
>> +        <attribute  
>> name="loginModuleClass">org.apache.geronimo.security.jaas.client.JaasL 
>> oginCoordinator</attribute>
>>          <attribute name="serverSide">false</attribute>
>>          <attribute name="options">
>>              host=localhost
>> @@ -105,7 +105,7 @@
>>          </reference>
>>      </gbean>
>>      <!-- this is really a server-side only gbean but its needed to  
>> make the client side GenericSecurityRealm work -->
>> -    <gbean name="JaasLoginService"  
>> class="org.apache.geronimo.security.jaas.JaasLoginService">
>> +    <gbean name="JaasLoginService"  
>> class="org.apache.geronimo.security.jaas.server.JaasLoginService">
>>          <reference name="Realms">
>>              <name>client-properties-realm</name>
>>          </reference>
>> Modified:  
>> geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/ 
>> plan/j2ee-security-plan.xml?rev=315020&r1=315019&r2=315020&view=diff
>> ====================================================================== 
>> ========
>> --- geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml  
>> (original)
>> +++ geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml  
>> Wed Oct 12 13:01:56 2005
>> @@ -49,7 +49,7 @@
>>          </references>
>>      </gbean>
>>  -    <gbean name="JaasLoginService"  
>> class="org.apache.geronimo.security.jaas.JaasLoginService">
>> +    <gbean name="JaasLoginService"  
>> class="org.apache.geronimo.security.jaas.server.JaasLoginService">
>>          <reference  
>> name="Realms"><application>*</application><module>*</module><name>*</ 
>> name></reference>
>>          <!--        <attribute  
>> name="reclaimPeriod">100000</attribute>-->
>>          <attribute name="algorithm">HmacSHA1</attribute>
>> Modified:  
>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ 
>> AbstractWebModuleTest.java
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/ 
>> org/apache/geronimo/jetty/AbstractWebModuleTest.java? 
>> rev=315020&r1=315019&r2=315020&view=diff
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ 
>> AbstractWebModuleTest.java (original)
>> +++  
>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ 
>> AbstractWebModuleTest.java Wed Oct 12 13:01:56 2005
>> @@ -28,33 +28,31 @@
>>  import javax.management.ObjectName;
>>   import junit.framework.TestCase;
>> -import  
>> org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTr 
>> ackingCoordinator;
>> +import org.mortbay.jetty.servlet.FormAuthenticator;
>> +
>>  import  
>> org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTr 
>> ackingCoordinatorGBean;
>>  import org.apache.geronimo.gbean.GBeanData;
>>  import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContext;
>>  import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContextImpl;
>>  import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
>>  import org.apache.geronimo.jetty.connector.HTTPConnector;
>> -import org.apache.geronimo.kernel.KernelFactory;
>>  import org.apache.geronimo.kernel.Kernel;
>> +import org.apache.geronimo.kernel.KernelFactory;
>>  import org.apache.geronimo.kernel.management.State;
>>  import org.apache.geronimo.security.SecurityServiceImpl;
>> -import org.apache.geronimo.security.jacc.ComponentPermissions;
>> -import  
>> org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManage 
>> r;
>> -import org.apache.geronimo.security.deploy.Principal;
>>  import org.apache.geronimo.security.deploy.DefaultPrincipal;
>> +import org.apache.geronimo.security.deploy.Principal;
>>  import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration;
>> -import org.apache.geronimo.security.jaas.JaasLoginService;
>> -import org.apache.geronimo.security.jaas.LoginModuleGBean;
>>  import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
>> +import org.apache.geronimo.security.jaas.LoginModuleGBean;
>> +import org.apache.geronimo.security.jaas.server.JaasLoginService;
>> +import  
>> org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManage 
>> r;
>> +import org.apache.geronimo.security.jacc.ComponentPermissions;
>>  import org.apache.geronimo.security.realm.GenericSecurityRealm;
>>  import org.apache.geronimo.system.serverinfo.BasicServerInfo;
>>  import org.apache.geronimo.transaction.context.OnlineUserTransaction;
>> -import  
>> org.apache.geronimo.transaction.context.TransactionContextManager;
>>  import  
>> org.apache.geronimo.transaction.context.TransactionContextManagerGBean 
>> ;
>> -import  
>> org.apache.geronimo.transaction.manager.TransactionManagerImpl;
>>  import  
>> org.apache.geronimo.transaction.manager.TransactionManagerImplGBean;
>> -import org.mortbay.jetty.servlet.FormAuthenticator;
>>    /**
>> @@ -207,6 +205,7 @@
>>          options.setProperty("usersURI",  
>> "src/test-resources/data/users.properties");
>>          options.setProperty("groupsURI",  
>> "src/test-resources/data/groups.properties");
>>          propertiesLMGBean.setAttribute("options", options);
>> +        propertiesLMGBean.setAttribute("wrapPrincipals",  
>> Boolean.TRUE);
>>          //TODO should this be called securityRealmName?
>>          propertiesLMGBean.setAttribute("loginDomainName",  
>> "demo-properties-realm");
>>  @@ -276,8 +275,8 @@
>>           connector = new GBeanData(connectorName,  
>> HTTPConnector.GBEAN_INFO);
>>          connector.setAttribute("port", new Integer(5678));
>> -        connector.setAttribute("maxThreads",  new Integer(50));
>> -        connector.setAttribute("minThreads",  new Integer(10));
>> +        connector.setAttribute("maxThreads", new Integer(50));
>> +        connector.setAttribute("minThreads", new Integer(10));
>>          connector.setReferencePattern("JettyContainer",  
>> containerName);
>>           start(container);
>> Modified:  
>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ 
>> SecurityTest.java
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/ 
>> org/apache/geronimo/jetty/SecurityTest.java? 
>> rev=315020&r1=315019&r2=315020&view=diff
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ 
>> SecurityTest.java (original)
>> +++  
>> geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ 
>> SecurityTest.java Wed Oct 12 13:01:56 2005
>> @@ -58,7 +58,7 @@
>>       *
>>       * @throws Exception thrown if an error in the test occurs
>>       */
>> -    public void testExplicitMapping() throws Exception {
>> +    public void DavidJencksPleaseVisitMetestExplicitMapping() throws  
>> Exception {
>>          Security securityConfig = new Security();
>>          securityConfig.setUseContextHandler(false);
>>  Modified:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/ContextManager.java
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/ContextManager.java? 
>> rev=315020&r1=315019&r2=315020&view=diff
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/ContextManager.java (original)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/ContextManager.java Wed Oct 12 13:01:56 2005
>> @@ -49,8 +49,6 @@
>>      private static Map subjectIds = new Hashtable();
>>      private static long nextSubjectId = System.currentTimeMillis();
>>  -    private static long nextPrincipalId =  
>> System.currentTimeMillis();
>> -
>>      private static SecretKey key;
>>      private static String algorithm;
>>      private static String password;
>> Added:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/DomainPrincipal.java
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/DomainPrincipal.java? 
>> rev=315020&view=auto
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/DomainPrincipal.java (added)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/DomainPrincipal.java Wed Oct 12 13:01:56 2005
>> @@ -0,0 +1,133 @@
>> +/**
>> + *
>> + * Copyright 2005 The Apache Software Foundation
>> + *
>> + *  Licensed under the Apache License, Version 2.0 (the "License");
>> + *  you may not use this file except in compliance with the License.
>> + *  You may obtain a copy of the License at
>> + *
>> + *     http://www.apache.org/licenses/LICENSE-2.0
>> + *
>> + *  Unless required by applicable law or agreed to in writing,  
>> software
>> + *  distributed under the License is distributed on an "AS IS" BASIS,
>> + *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or  
>> implied.
>> + *  See the License for the specific language governing permissions  
>> and
>> + *  limitations under the License.
>> + */
>> +
>> +package org.apache.geronimo.security;
>> +
>> +import java.io.Serializable;
>> +import java.security.Principal;
>> +
>> +/**
>> + * Represents a principal in an realm.
>> + *
>> + * @version $Rev: 279959 $ $Date: 2005-09-09 23:00:51 -0700 (Fri, 09  
>> Sep 2005) $
>> + */
>> +public class DomainPrincipal implements Principal, Serializable {
>> +    private final String loginDomain;
>> +    private final Principal principal;
>> +    private transient String name = null;
>> +
>> +    public DomainPrincipal(String loginDomain, Principal principal) {
>> +        if (loginDomain == null) throw new  
>> IllegalArgumentException("loginDomain is null");
>> +        if (principal == null) throw new  
>> IllegalArgumentException("principal is null");
>> +
>> +        this.loginDomain = loginDomain;
>> +        this.principal = principal;
>> +    }
>> +
>> +    /**
>> +     * Compares this principal to the specified object.  Returns true
>> +     * if the object passed in matches the principal represented by
>> +     * the implementation of this interface.
>> +     *
>> +     * @param another principal to compare with.
>> +     * @return true if the principal passed in is the same as that
>> +     *         encapsulated by this principal, and false otherwise.
>> +     */
>> +    public boolean equals(Object another) {
>> +        if (!(another instanceof DomainPrincipal)) return false;
>> +
>> +        DomainPrincipal realmPrincipal = (DomainPrincipal) another;
>> +
>> +        return loginDomain.equals(realmPrincipal.loginDomain) &&  
>> principal.equals(realmPrincipal.principal);
>> +    }
>> +
>> +    /**
>> +     * Returns a string representation of this principal.
>> +     *
>> +     * @return a string representation of this principal.
>> +     */
>> +    public String toString() {
>> +        //TODO hack to workaround bogus assumptions in some secret  
>> code.
>> +//        return getName();
>> +        if (name == null) {
>> +
>> +            StringBuffer buffer = new StringBuffer("");
>> +            buffer.append(loginDomain);
>> +            buffer.append(":[");
>> +            buffer.append(principal.getClass().getName());
>> +            buffer.append(':');
>> +            buffer.append(principal.getName());
>> +            buffer.append("]");
>> +
>> +            name = buffer.toString();
>> +        }
>> +        return name;
>> +    }
>> +
>> +    /**
>> +     * Returns a hashcode for this principal.
>> +     *
>> +     * @return a hashcode for this principal.
>> +     */
>> +    public int hashCode() {
>> +        int result;
>> +        result = loginDomain.hashCode();
>> +        result = 29 * result + principal.hashCode();
>> +        return result;
>> +    }
>> +
>> +    /**
>> +     * Returns the name of this principal.
>> +     *
>> +     * @return the name of this principal.
>> +     */
>> +    public String getName() {
>> +        //TODO hack to workaround bogus assumptions in some secret  
>> code.
>> +        if (name == null) {
>> +
>> +            StringBuffer buffer = new StringBuffer("");
>> +            buffer.append(loginDomain);
>> +            buffer.append(":[");
>> +            buffer.append(principal.getClass().getName());
>> +            buffer.append(':');
>> +            buffer.append(principal.getName());
>> +            buffer.append("]");
>> +
>> +            name = buffer.toString();
>> +        }
>> +        return name;
>> +//        return principal.getName();
>> +    }
>> +
>> +    /**
>> +     * Returns the principal that is associated with the realm.
>> +     *
>> +     * @return the principal that is associated with the realm.
>> +     */
>> +    public Principal getPrincipal() {
>> +        return principal;
>> +    }
>> +
>> +    /**
>> +     * Returns the realm that is associated with the principal.
>> +     *
>> +     * @return the realm that is associated with the principal.
>> +     */
>> +    public String getLoginDomain() {
>> +        return loginDomain;
>> +    }
>> +}
>> Modified:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/PrimaryRealmPrincipal.java
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/PrimaryRealmPrincipal.java? 
>> rev=315020&r1=315019&r2=315020&view=diff
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/PrimaryRealmPrincipal.java (original)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/PrimaryRealmPrincipal.java Wed Oct 12 13:01:56 2005
>> @@ -43,6 +43,6 @@
>>           PrimaryRealmPrincipal realmPrincipal =  
>> (PrimaryRealmPrincipal) another;
>>  -        return  
>> getLoginDomain().equals(realmPrincipal.getLoginDomain()) &&  
>> getPrincipal().equals(realmPrincipal.getPrincipal());
>> +        return getRealm().equals(realmPrincipal.getRealm()) &&  
>> getPrincipal().equals(realmPrincipal.getPrincipal());
>>      }
>>  }
>> Modified:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/RealmPrincipal.java
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/RealmPrincipal.java? 
>> rev=315020&r1=315019&r2=315020&view=diff
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/RealmPrincipal.java (original)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/RealmPrincipal.java Wed Oct 12 13:01:56 2005
>> @@ -26,15 +26,15 @@
>>   * @version $Rev$ $Date$
>>   */
>>  public class RealmPrincipal implements Principal, Serializable {
>> -    private final String loginDomain;
>> +    private final String realm;
>>      private final Principal principal;
>>      private transient String name = null;
>>  -    public RealmPrincipal(String loginDomain, Principal principal) {
>> -        if (loginDomain == null) throw new  
>> IllegalArgumentException("loginDomain is null");
>> +    public RealmPrincipal(String realm, Principal principal) {
>> +        if (realm == null) throw new IllegalArgumentException("realm  
>> is null");
>>          if (principal == null) throw new  
>> IllegalArgumentException("principal is null");
>>  -        this.loginDomain = loginDomain;
>> +        this.realm = realm;
>>          this.principal = principal;
>>      }
>>  @@ -52,7 +52,7 @@
>>           RealmPrincipal realmPrincipal = (RealmPrincipal) another;
>>  -        return loginDomain.equals(realmPrincipal.loginDomain) &&  
>> principal.equals(realmPrincipal.principal);
>> +        return realm.equals(realmPrincipal.realm) &&  
>> principal.equals(realmPrincipal.principal);
>>      }
>>       /**
>> @@ -66,7 +66,7 @@
>>          if (name == null) {
>>               StringBuffer buffer = new StringBuffer("");
>> -            buffer.append(loginDomain);
>> +            buffer.append(realm);
>>              buffer.append(":[");
>>              buffer.append(principal.getClass().getName());
>>              buffer.append(':');
>> @@ -85,7 +85,7 @@
>>       */
>>      public int hashCode() {
>>          int result;
>> -        result = loginDomain.hashCode();
>> +        result = realm.hashCode();
>>          result = 29 * result + principal.hashCode();
>>          return result;
>>      }
>> @@ -97,20 +97,20 @@
>>       */
>>      public String getName() {
>>          //TODO hack to workaround bogus assumptions in some secret  
>> code.
>> -//        if (name == null) {
>> -//
>> -//            StringBuffer buffer = new StringBuffer("");
>> -//            buffer.append(loginDomain);
>> -//            buffer.append(":[");
>> -//            buffer.append(principal.getClass().getName());
>> -//            buffer.append(':');
>> -//            buffer.append(principal.getName());
>> -//            buffer.append("]");
>> -//
>> -//            name = buffer.toString();
>> -//        }
>> -//        return name;
>> -        return principal.getName();
>> +        if (name == null) {
>> +
>> +            StringBuffer buffer = new StringBuffer("");
>> +            buffer.append(realm);
>> +            buffer.append(":[");
>> +            buffer.append(principal.getClass().getName());
>> +            buffer.append(':');
>> +            buffer.append(principal.getName());
>> +            buffer.append("]");
>> +
>> +            name = buffer.toString();
>> +        }
>> +        return name;
>> +//        return principal.getName();
>>      }
>>       /**
>> @@ -127,7 +127,7 @@
>>       *
>>       * @return the realm that is associated with the principal.
>>       */
>> -    public String getLoginDomain() {
>> -        return loginDomain;
>> +    public String getRealm() {
>> +        return realm;
>>      }
>>  }
>> Modified:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/ConfigurationEntryFactory.java
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/jaas/ 
>> ConfigurationEntryFactory.java? 
>> rev=315020&r1=315019&r2=315020&view=diff
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/ConfigurationEntryFactory.java (original)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/ConfigurationEntryFactory.java Wed Oct 12 13:01:56 2005
>> @@ -16,6 +16,9 @@
>>   */
>>  package org.apache.geronimo.security.jaas;
>>  +import  
>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
>> +
>> +
>>  /**
>>   * A factory interface used by  
>> <code>GeronimoLoginConfiguration</code> to obtain
>>   * <code>JaasLoginModuleConfiguration</code>s from GBean  
>> configuration entries.
>> Modified:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/DirectConfigurationEntry.java
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java? 
>> rev=315020&r1=315019&r2=315020&view=diff
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/DirectConfigurationEntry.java (original)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/DirectConfigurationEntry.java Wed Oct 12 13:01:56 2005
>> @@ -19,6 +19,7 @@
>>  import org.apache.geronimo.gbean.GBeanInfo;
>>  import org.apache.geronimo.gbean.GBeanInfoBuilder;
>>  import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
>> +import  
>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
>>    /**
>> @@ -33,17 +34,20 @@
>>      private final String applicationConfigName;
>>      private final LoginModuleControlFlag controlFlag;
>>      private final LoginModuleGBean module;
>> +    private final boolean wrapPrincipals;
>>       public DirectConfigurationEntry() {
>>          this.applicationConfigName = null;
>>          this.controlFlag = null;
>>          this.module = null;
>> +        this.wrapPrincipals = false;
>>      }
>>  -    public DirectConfigurationEntry(String applicationConfigName,  
>> LoginModuleControlFlag controlFlag, LoginModuleGBean module) {
>> +    public DirectConfigurationEntry(String applicationConfigName,  
>> LoginModuleControlFlag controlFlag, LoginModuleGBean module, boolean  
>> wrapPrincipals) {
>>          this.applicationConfigName = applicationConfigName;
>>          this.controlFlag = controlFlag;
>>          this.module = module;
>> +        this.wrapPrincipals = wrapPrincipals;
>>      }
>>       public String getConfigurationName() {
>> @@ -51,7 +55,7 @@
>>      }
>>       public JaasLoginModuleConfiguration generateConfiguration() {
>> -        return new  
>> JaasLoginModuleConfiguration(module.getLoginModuleClass(),  
>> controlFlag, module.getOptions(), module.isServerSide(),  
>> applicationConfigName);
>> +        return new  
>> JaasLoginModuleConfiguration(module.getLoginModuleClass(),  
>> controlFlag, module.getOptions(), module.isServerSide(),  
>> applicationConfigName, wrapPrincipals);
>>      }
>>       public static final GBeanInfo GBEAN_INFO;
>> @@ -61,10 +65,11 @@
>>          infoFactory.addInterface(ConfigurationEntryFactory.class);
>>          infoFactory.addAttribute("applicationConfigName",  
>> String.class, true);
>>          infoFactory.addAttribute("controlFlag",  
>> LoginModuleControlFlag.class, true);
>> +        infoFactory.addAttribute("wrapPrincipals", boolean.class,  
>> true);
>>           infoFactory.addReference("Module", LoginModuleGBean.class,  
>> NameFactory.LOGIN_MODULE);
>>  -        infoFactory.setConstructor(new  
>> String[]{"applicationConfigName", "controlFlag", "Module"});
>> +        infoFactory.setConstructor(new  
>> String[]{"applicationConfigName", "controlFlag", "Module",  
>> "wrapPrincipals"});
>>          GBEAN_INFO = infoFactory.getBeanInfo();
>>      }
>>  Modified:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/GeronimoLoginConfiguration.java
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/jaas/ 
>> GeronimoLoginConfiguration.java? 
>> rev=315020&r1=315019&r2=315020&view=diff
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/GeronimoLoginConfiguration.java (original)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/GeronimoLoginConfiguration.java Wed Oct 12 13:01:56  
>> 2005
>> @@ -34,6 +34,7 @@
>>  import org.apache.geronimo.gbean.ReferenceCollectionEvent;
>>  import org.apache.geronimo.gbean.ReferenceCollectionListener;
>>  import org.apache.geronimo.security.SecurityServiceImpl;
>> +import  
>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
>>    /**
>> @@ -134,7 +135,7 @@
>>              log.info("Removed Application Configuration Entry " +  
>> iter.next());
>>          }
>>          entries.clear();
>> -        +
>>          log.info("Uninstalled Geronimo login configuration");
>>      }
>>  Modified:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasLoginModuleUse.java
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java? 
>> rev=315020&r1=315019&r2=315020&view=diff
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasLoginModuleUse.java (original)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasLoginModuleUse.java Wed Oct 12 13:01:56 2005
>> @@ -16,16 +16,18 @@
>>   */
>>  package org.apache.geronimo.security.jaas;
>>  -import java.util.Set;
>> +import java.util.HashMap;
>>  import java.util.List;
>>  import java.util.Map;
>> -import java.util.HashMap;
>> +import java.util.Set;
>>   import org.apache.geronimo.gbean.GBeanInfo;
>>  import org.apache.geronimo.gbean.GBeanInfoBuilder;
>> +import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
>>  import org.apache.geronimo.kernel.Kernel;
>>  import org.apache.geronimo.system.serverinfo.ServerInfo;
>> -import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
>> +import  
>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
>> +
>>   /**
>>   * Holds a reference to a login module and the control flag.  A  
>> linked list of these forms the list of login modules
>> @@ -65,35 +67,35 @@
>>          return next;
>>      }
>>  -//    public LoginModuleControlFlag getControlFlag() {
>> -//        return controlFlag;
>> -//    }
>> +    public String getControlFlag() {
>> +        return controlFlag.toString();
>> +    }
>>       public void configure(Set domainNames, List  
>> loginModuleConfigurations, Kernel kernel, ServerInfo serverInfo,  
>> ClassLoader classLoader) {
>>          Map options = loginModule.getOptions();
>> -                   if (options != null) {
>> -                       options = new HashMap(options);
>> -                   } else {
>> -                       options = new HashMap();
>> -                   }
>> -                   if (kernel != null &&  
>> !options.containsKey(KERNEL_LM_OPTION)) {
>> -                       options.put(KERNEL_LM_OPTION,  
>> kernel.getKernelName());
>> -                   }
>> -                   if (serverInfo != null &&  
>> !options.containsKey(SERVERINFO_LM_OPTION)) {
>> -                       options.put(SERVERINFO_LM_OPTION, serverInfo);
>> -                   }
>> -                   if (classLoader != null &&  
>> !options.containsKey(CLASSLOADER_LM_OPTION)) {
>> -                       options.put(CLASSLOADER_LM_OPTION,  
>> classLoader);
>> -                   }
>> -                   if (loginModule.getLoginDomainName() != null) {
>> -                       if  
>> (domainNames.contains(loginModule.getLoginDomainName())) {
>> -                           throw new IllegalStateException("Error in  
>> realm: one security realm cannot contain multiple login modules for  
>> the same login domain");
>> -                       } else {
>> -                            
>> domainNames.add(loginModule.getLoginDomainName());
>> -                       }
>> -                   }
>> -                   JaasLoginModuleConfiguration config = new  
>> JaasLoginModuleConfiguration(loginModule.getLoginModuleClass(),  
>> controlFlag, options, loginModule.isServerSide(),  
>> loginModule.getLoginDomainName());
>> -                   loginModuleConfigurations.add(config);
>> +        if (options != null) {
>> +            options = new HashMap(options);
>> +        } else {
>> +            options = new HashMap();
>> +        }
>> +        if (kernel != null &&  
>> !options.containsKey(KERNEL_LM_OPTION)) {
>> +            options.put(KERNEL_LM_OPTION, kernel.getKernelName());
>> +        }
>> +        if (serverInfo != null &&  
>> !options.containsKey(SERVERINFO_LM_OPTION)) {
>> +            options.put(SERVERINFO_LM_OPTION, serverInfo);
>> +        }
>> +        if (classLoader != null &&  
>> !options.containsKey(CLASSLOADER_LM_OPTION)) {
>> +            options.put(CLASSLOADER_LM_OPTION, classLoader);
>> +        }
>> +        if (loginModule.getLoginDomainName() != null) {
>> +            if  
>> (domainNames.contains(loginModule.getLoginDomainName())) {
>> +                throw new IllegalStateException("Error in realm: one  
>> security realm cannot contain multiple login modules for the same  
>> login domain");
>> +            } else {
>> +                domainNames.add(loginModule.getLoginDomainName());
>> +            }
>> +        }
>> +        JaasLoginModuleConfiguration config = new  
>> JaasLoginModuleConfiguration(loginModule.getLoginModuleClass(),  
>> controlFlag, options, loginModule.isServerSide(),  
>> loginModule.getLoginDomainName(), loginModule.isWrapPrincipals());
>> +        loginModuleConfigurations.add(config);
>>           if (next != null) {
>>              next.configure(domainNames, loginModuleConfigurations,  
>> kernel, serverInfo, classLoader);
>> @@ -108,9 +110,9 @@
>>          infoBuilder.addReference("LoginModule",  
>> LoginModuleGBean.class, NameFactory.LOGIN_MODULE);
>>          infoBuilder.addReference("Next", JaasLoginModuleUse.class);
>>  -        infoBuilder.addOperation("configure", new Class[]  
>> {Set.class, List.class, Kernel.class, ServerInfo.class,  
>> ClassLoader.class});
>> +        infoBuilder.addOperation("configure", new Class[]{Set.class,  
>> List.class, Kernel.class, ServerInfo.class, ClassLoader.class});
>>  -        infoBuilder.setConstructor(new String[] {"LoginModule",  
>> "Next", "controlFlag"});
>> +        infoBuilder.setConstructor(new String[]{"LoginModule",  
>> "Next", "controlFlag"});
>>          GBEAN_INFO = infoBuilder.getBeanInfo();
>>      }
>>  Modified:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/LoginModuleControlFlag.java
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/jaas/LoginModuleControlFlag.java? 
>> rev=315020&r1=315019&r2=315020&view=diff
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/LoginModuleControlFlag.java (original)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/LoginModuleControlFlag.java Wed Oct 12 13:01:56 2005
>> @@ -31,22 +31,28 @@
>>       private static final LoginModuleControlFlag[] values = new  
>> LoginModuleControlFlag[4];
>>  -    public static final LoginModuleControlFlag REQUIRED = new  
>> LoginModuleControlFlag(0,  
>> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED);
>> -    public static final LoginModuleControlFlag REQUISITE = new  
>> LoginModuleControlFlag(1,  
>> AppConfigurationEntry.LoginModuleControlFlag.REQUISITE);
>> -    public static final LoginModuleControlFlag SUFFICIENT = new  
>> LoginModuleControlFlag(2,  
>> AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT);
>> -    public static final LoginModuleControlFlag OPTIONAL = new  
>> LoginModuleControlFlag(3,  
>> AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL);
>> +    public static final LoginModuleControlFlag REQUIRED = new  
>> LoginModuleControlFlag(0,  
>> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, "REQUIRED");
>> +    public static final LoginModuleControlFlag REQUISITE = new  
>> LoginModuleControlFlag(1,  
>> AppConfigurationEntry.LoginModuleControlFlag.REQUISITE, "REQUISITE");
>> +    public static final LoginModuleControlFlag SUFFICIENT = new  
>> LoginModuleControlFlag(2,  
>> AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT,  
>> "SUFFICIENT");
>> +    public static final LoginModuleControlFlag OPTIONAL = new  
>> LoginModuleControlFlag(3,  
>> AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, "OPTIONAL");
>>       private final int ordinal;
>> +    private final String toString;
>>      private final transient  
>> AppConfigurationEntry.LoginModuleControlFlag flag;
>>  -    private LoginModuleControlFlag(int ordinal,  
>> AppConfigurationEntry.LoginModuleControlFlag flag) {
>> +    private LoginModuleControlFlag(int ordinal,  
>> AppConfigurationEntry.LoginModuleControlFlag flag, String toString) {
>>          this.ordinal = ordinal;
>>          this.flag = flag;
>> +        this.toString = toString;
>>          values[ordinal] = this;
>>      }
>>       public AppConfigurationEntry.LoginModuleControlFlag getFlag() {
>>          return flag;
>> +    }
>> +
>> +    public String toString() {
>> +        return toString;
>>      }
>>       Object readResolve() throws ObjectStreamException {
>> Modified:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/LoginModuleGBean.java
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/jaas/LoginModuleGBean.java? 
>> rev=315020&r1=315019&r2=315020&view=diff
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/LoginModuleGBean.java (original)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/LoginModuleGBean.java Wed Oct 12 13:01:56 2005
>> @@ -22,6 +22,7 @@
>>  import org.apache.geronimo.gbean.GBeanInfoBuilder;
>>  import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
>>  +
>>  /**
>>   * A GBean that wraps a LoginModule, plus options to configure the  
>> LoginModule.
>>   * If you want to deploy the same LoginModule with different  
>> options, you need
>> @@ -37,14 +38,16 @@
>>      private Properties options;
>>      private String objectName;
>>      private boolean serverSide;
>> +    private boolean wrapPrincipals;
>>       public LoginModuleGBean() {
>>      }
>> -    -    public LoginModuleGBean(String loginModuleClass, String  
>> objectName, boolean serverSide) {
>> +
>> +    public LoginModuleGBean(String loginModuleClass, String  
>> objectName, boolean serverSide, boolean wrapPrincipals) {
>>          this.loginModuleClass = loginModuleClass;
>>          this.objectName = objectName;
>>          this.serverSide = serverSide;
>> +        this.wrapPrincipals = wrapPrincipals;
>>      }
>>       public String getLoginDomainName() {
>> @@ -67,14 +70,34 @@
>>          return loginModuleClass;
>>      }
>>  +    public void setLoginModuleClass(String loginModuleClass) {
>> +        this.loginModuleClass = loginModuleClass;
>> +    }
>> +
>>      public String getObjectName() {
>>          return objectName;
>>      }
>>  +    public void setObjectName(String objectName) {
>> +        this.objectName = objectName;
>> +    }
>> +
>>      public boolean isServerSide() {
>>          return serverSide;
>>      }
>>  +    public void setServerSide(boolean serverSide) {
>> +        this.serverSide = serverSide;
>> +    }
>> +
>> +    public boolean isWrapPrincipals() {
>> +        return wrapPrincipals;
>> +    }
>> +
>> +    public void setWrapPrincipals(boolean wrapPrincipals) {
>> +        this.wrapPrincipals = wrapPrincipals;
>> +    }
>> +
>>      public static final GBeanInfo GBEAN_INFO;
>>       static {
>> @@ -84,7 +107,9 @@
>>          infoFactory.addAttribute("objectName", String.class, false);
>>          infoFactory.addAttribute("serverSide", boolean.class, true);
>>          infoFactory.addAttribute("loginDomainName", String.class,  
>> true);
>> -        infoFactory.setConstructor(new  
>> String[]{"loginModuleClass","objectName","serverSide"});
>> +        infoFactory.addAttribute("wrapPrincipals", boolean.class,  
>> true);
>> +        infoFactory.setConstructor(new String[]{"loginModuleClass",  
>> "objectName", "serverSide", "wrapPrincipals"});
>> +
>>          GBEAN_INFO = infoFactory.getBeanInfo();
>>      }
>>  Modified:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/LoginUtils.java
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/jaas/LoginUtils.java? 
>> rev=315020&r1=315019&r2=315020&view=diff
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/LoginUtils.java (original)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/LoginUtils.java Wed Oct 12 13:01:56 2005
>> @@ -16,51 +16,63 @@
>>   */
>>  package org.apache.geronimo.security.jaas;
>>  -import javax.security.auth.login.LoginException;
>> +import java.io.Externalizable;
>> +import java.io.Serializable;
>> +import java.rmi.Remote;
>> +import java.util.HashMap;
>> +import java.util.HashSet;
>> +import java.util.Iterator;
>> +import java.util.Map;
>> +import java.util.Set;
>> +import javax.security.auth.Subject;
>> +
>> +import  
>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
>> +
>>   /**
>>   * Helper class the computes the login result across a number of  
>> separate
>>   * login modules.
>> - * + *
>>   * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14  
>> Sep 2004) $
>>   */
>>  public class LoginUtils {
>> -    public static boolean computeLogin(LoginModuleConfiguration[]  
>> modules) throws LoginException {
>> -        Boolean success = null;
>> -        Boolean backup = null;
>> -        // see  
>> http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/ 
>> Configuration.html
>> -        for(int i = 0; i < modules.length; i++) {
>> -            LoginModuleConfiguration module = modules[i];
>> -            boolean result = module.getModule().login();
>> -            if(module.getControlFlag() ==  
>> LoginModuleControlFlag.REQUIRED) {
>> -                if(success == null || success.booleanValue()) {
>> -                    success = result ? Boolean.TRUE : Boolean.FALSE;
>> -                }
>> -            } else if(module.getControlFlag() ==  
>> LoginModuleControlFlag.REQUISITE) {
>> -                if(!result) {
>> -                    return false;
>> -                } else if(success == null) {
>> -                   success = Boolean.TRUE;
>> -                }
>> -            } else if(module.getControlFlag() ==  
>> LoginModuleControlFlag.SUFFICIENT) {
>> -                if(result && (success == null ||  
>> success.booleanValue())) {
>> -                    return true;
>> -                }
>> -            } else if(module.getControlFlag() ==  
>> LoginModuleControlFlag.OPTIONAL) {
>> -                if(backup == null || backup.booleanValue()) {
>> -                    backup = result ? Boolean.TRUE : Boolean.FALSE;
>> -                }
>> +    public static void copyPrincipals(Subject to, Subject from) {
>> +        to.getPrincipals().addAll(from.getPrincipals());
>> +    }
>> +
>> +    public static Map getSerializableCopy(Map from) {
>> +        Map to = new HashMap();
>> +        for (Iterator it = from.keySet().iterator(); it.hasNext();) {
>> +            String key = (String) it.next();
>> +            Object value = from.get(key);
>> +            if (value instanceof Serializable || value instanceof  
>> Externalizable || value instanceof Remote) {
>> +                to.put(key, value);
>>              }
>>          }
>> -        // all required and requisite modules succeeded, or at least  
>> one required module failed
>> -        if(success != null) {
>> -            return success.booleanValue();
>> -        }
>> -        // no required or requisite modules, no sufficient modules  
>> succeeded, fall back to optional modules
>> -        if(backup != null) {
>> -            return backup.booleanValue();
>> +        return to;
>> +    }
>> +
>> +    public static Set getSerializableCopy(Set from) {
>> +        Set to = new HashSet();
>> +        for (Iterator it = from.iterator(); it.hasNext();) {
>> +            Object value = it.next();
>> +            if (value instanceof Serializable || value instanceof  
>> Externalizable || value instanceof Remote) {
>> +                to.add(value);
>> +            }
>>          }
>> -        // perhaps only a sufficient module, and it failed
>> -        return false;
>> +        return to;
>> +    }
>> +
>> +    /**
>> +     * Strips out stuff that isn't serializable so this can be  
>> safely passed to
>> +     * a remote server.
>> +     */
>> +    public static JaasLoginModuleConfiguration  
>> getSerializableCopy(JaasLoginModuleConfiguration config) {
>> +        return new  
>> JaasLoginModuleConfiguration(config.getLoginModuleClassName(),
>> +                                                config.getFlag(),
>> +                                                 
>> LoginUtils.getSerializableCopy(config.getOptions()),
>> +                                                 
>> config.isServerSide(),
>> +                                                 
>> config.getLoginDomainName(),
>> +                                                 
>> config.isWrapPrincipals());
>>      }
>>  }
>> Modified:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/ServerRealmConfigurationEntry.java
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/jaas/ 
>> ServerRealmConfigurationEntry.java? 
>> rev=315020&r1=315019&r2=315020&view=diff
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/ServerRealmConfigurationEntry.java (original)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/ServerRealmConfigurationEntry.java Wed Oct 12 13:01:56  
>> 2005
>> @@ -22,6 +22,9 @@
>>  import org.apache.geronimo.gbean.GBeanInfoBuilder;
>>  import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
>>  import org.apache.geronimo.kernel.Kernel;
>> +import  
>> org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
>> +import  
>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
>> +import org.apache.geronimo.security.jaas.client.JaasLoginCoordinator;
>>    /**
>> @@ -37,6 +40,7 @@
>>      private final String realmName;
>>      private final Kernel kernel;
>>      private final JaasLoginServiceMBean loginService;
>> +    private boolean wrapPrincipals;
>>       public ServerRealmConfigurationEntry() {
>>          this.applicationConfigName = null;
>> @@ -48,10 +52,10 @@
>>      public ServerRealmConfigurationEntry(String  
>> applicationConfigName, String realmName, Kernel kernel,  
>> JaasLoginServiceMBean loginService) {
>>          this.applicationConfigName = applicationConfigName;
>>          this.realmName = realmName;
>> -        if(applicationConfigName == null || realmName == null) {
>> +        if (applicationConfigName == null || realmName == null) {
>>              throw new  
>> IllegalArgumentException("applicationConfigName and realmName are  
>> required");
>>          }
>> -        if(applicationConfigName.equals(realmName)) {
>> +        if (applicationConfigName.equals(realmName)) {
>>              throw new  
>> IllegalArgumentException("applicationConfigName must be different  
>> than realmName (there's an automatic entry using the same name as the  
>> realm name, so you don't need a ServerRealmConfigurationEntry if  
>> you're just going to use that!)");
>>          }
>>          this.kernel = kernel;
>> @@ -62,6 +66,14 @@
>>          return applicationConfigName;
>>      }
>>  +    public boolean isWrapPrincipals() {
>> +        return wrapPrincipals;
>> +    }
>> +
>> +    public void setWrapPrincipals(boolean wrapPrincipals) {
>> +        this.wrapPrincipals = wrapPrincipals;
>> +    }
>> +
>>      public JaasLoginModuleConfiguration generateConfiguration() {
>>          Properties options = new Properties();
>>          options.put(JaasLoginCoordinator.OPTION_REALM, realmName);
>> @@ -73,7 +85,7 @@
>>          options.put("realm", realmName);
>>          options.put("kernel", kernel.getKernelName());
>>  -        return new  
>> JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(),  
>> LoginModuleControlFlag.REQUIRED, options, true,  
>> applicationConfigName);
>> +        return new  
>> JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(),  
>> LoginModuleControlFlag.REQUIRED, options, true,  
>> applicationConfigName, wrapPrincipals);
>>      }
>>       public static final GBeanInfo GBEAN_INFO;
>> @@ -85,6 +97,7 @@
>>          infoFactory.addAttribute("realmName", String.class, true);
>>          infoFactory.addAttribute("kernel", Kernel.class, false);
>>          infoFactory.addReference("LoginService",  
>> JaasLoginServiceMBean.class, "JaasLoginService");
>> +        infoFactory.addAttribute("wrapPrincipals", Boolean.TYPE,  
>> true);
>>           infoFactory.setConstructor(new  
>> String[]{"applicationConfigName", "realmName", "kernel",  
>> "LoginService"});
>>          GBEAN_INFO = infoFactory.getBeanInfo();
>> Added:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/ClientLoginModuleProxy.java
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/jaas/client/ 
>> ClientLoginModuleProxy.java?rev=315020&view=auto
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/ClientLoginModuleProxy.java (added)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/ClientLoginModuleProxy.java Wed Oct 12 13:01:56  
>> 2005
>> @@ -0,0 +1,65 @@
>> +/**
>> + *
>> + * Copyright 2005 The Apache Software Foundation
>> + *
>> + *  Licensed under the Apache License, Version 2.0 (the "License");
>> + *  you may not use this file except in compliance with the License.
>> + *  You may obtain a copy of the License at
>> + *
>> + *     http://www.apache.org/licenses/LICENSE-2.0
>> + *
>> + *  Unless required by applicable law or agreed to in writing,  
>> software
>> + *  distributed under the License is distributed on an "AS IS" BASIS,
>> + *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or  
>> implied.
>> + *  See the License for the specific language governing permissions  
>> and
>> + *  limitations under the License.
>> + */
>> +package org.apache.geronimo.security.jaas.client;
>> +
>> +import java.util.Map;
>> +import javax.security.auth.Subject;
>> +import javax.security.auth.callback.CallbackHandler;
>> +import javax.security.auth.login.LoginException;
>> +import javax.security.auth.spi.LoginModule;
>> +
>> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
>> +
>> +
>> +/**
>> + * @version $Revision: $ $Date: $
>> + */
>> +public class ClientLoginModuleProxy extends LoginModuleProxy
>> +{
>> +    private final LoginModule source;
>> +
>> +    public ClientLoginModuleProxy(LoginModuleControlFlag  
>> controlFlag, Subject subject, LoginModule source)
>> +    {
>> +        super(controlFlag, subject);
>> +        this.source = source;
>> +    }
>> +
>> +    public void initialize(Subject subject, CallbackHandler  
>> callbackHandler, Map sharedState, Map options)
>> +    {
>> +        source.initialize(subject, callbackHandler, sharedState,  
>> options);
>> +    }
>> +
>> +    public boolean login() throws LoginException
>> +    {
>> +        return source.login();
>> +    }
>> +
>> +    public boolean commit() throws LoginException
>> +    {
>> +        return source.commit();
>> +    }
>> +
>> +    public boolean abort() throws LoginException
>> +    {
>> +        return source.abort();
>> +    }
>> +
>> +    public boolean logout() throws LoginException
>> +    {
>> +        return source.logout();
>> +    }
>> +}
>> \ No newline at end of file
>> Copied:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/JaasLoginCoordinator.java (from r289678,  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasLoginCoordinator.java)
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/jaas/client/ 
>> JaasLoginCoordinator.java?p2=geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/jaas/client/ 
>> JaasLoginCoordinator.java&p1=geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/jaas/ 
>> JaasLoginCoordinator.java&r1=289678&r2=315020&rev=315020&view=diff
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasLoginCoordinator.java (original)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/JaasLoginCoordinator.java Wed Oct 12 13:01:56  
>> 2005
>> @@ -1,6 +1,6 @@
>>  /**
>>   *
>> - * Copyright 2003-2004 The Apache Software Foundation
>> + * Copyright 2003-2005 The Apache Software Foundation
>>   *
>>   *  Licensed under the Apache License, Version 2.0 (the "License");
>>   *  you may not use this file except in compliance with the License.
>> @@ -14,26 +14,25 @@
>>   *  See the License for the specific language governing permissions  
>> and
>>   *  limitations under the License.
>>   */
>> -package org.apache.geronimo.security.jaas;
>> +package org.apache.geronimo.security.jaas.client;
>>  -import java.security.Principal;
>> -import java.util.ArrayList;
>>  import java.util.HashMap;
>> -import java.util.HashSet;
>> -import java.util.Iterator;
>> -import java.util.List;
>>  import java.util.Map;
>>  import java.util.Set;
>>  import javax.management.MalformedObjectNameException;
>>  import javax.management.ObjectName;
>>  import javax.security.auth.Subject;
>> -import javax.security.auth.callback.Callback;
>>  import javax.security.auth.callback.CallbackHandler;
>>  import javax.security.auth.login.LoginException;
>>  import javax.security.auth.spi.LoginModule;
>>   import org.apache.geronimo.kernel.Kernel;
>>  import org.apache.geronimo.kernel.KernelRegistry;
>> +import org.apache.geronimo.security.jaas.server.JaasSessionId;
>> +import  
>> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
>> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
>> +import org.apache.geronimo.security.jaas.LoginUtils;
>> +import  
>> org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
>>  import  
>> org.apache.geronimo.security.remoting.jmx.JaasLoginServiceRemotingClie 
>> nt;
>>   @@ -64,9 +63,10 @@
>>      private JaasLoginServiceMBean service;
>>      private CallbackHandler handler;
>>      private Subject subject;
>> -    private Set processedPrincipals = new HashSet();
>> -    private JaasClientId clientHandle;
>> -    LoginModuleConfiguration[] workers;
>> +    private JaasSessionId sessionHandle;
>> +    private LoginModuleProxy[] proxies;
>> +    private final Map sharedState = new HashMap();
>> +
>>       public void initialize(Subject subject, CallbackHandler  
>> callbackHandler, Map sharedState, Map options) {
>>          serverHost = (String) options.get(OPTION_HOST);
>> @@ -89,47 +89,48 @@
>>          } else {
>>              this.subject = subject;
>>          }
>> -        //todo: shared state
>>      }
>>       public boolean login() throws LoginException {
>> -        clientHandle = service.connectToRealm(realmName);
>> -        JaasLoginModuleConfiguration[] config =  
>> service.getLoginConfiguration(clientHandle);
>> -        workers = new LoginModuleConfiguration[config.length];
>> +        sessionHandle = service.connectToRealm(realmName);
>> +        JaasLoginModuleConfiguration[] config =  
>> service.getLoginConfiguration(sessionHandle);
>> +        proxies = new LoginModuleProxy[config.length];
>>  -        for (int i = 0; i < workers.length; i++) {
>> -            LoginModule wrapper;
>> +        for (int i = 0; i < proxies.length; i++) {
>>              if (config[i].isServerSide()) {
>> -                wrapper = new ServerLoginModule(i);
>> +                proxies[i] = new  
>> ServerLoginProxy(config[i].getFlag(), subject, i, service,  
>> sessionHandle);
>>              } else {
>>                  LoginModule source =  
>> config[i].getLoginModule(JaasLoginCoordinator.class.getClassLoader());
>> -                wrapper = new ClientLoginModule(source, i);
>> +                if (config[i].isWrapPrincipals()) {
>> +                    proxies[i] = new  
>> WrappingClientLoginModuleProxy(config[i].getFlag(), subject, source,  
>> config[i].getLoginDomainName(), realmName);
>> +                } else {
>> +                    proxies[i] = new  
>> ClientLoginModuleProxy(config[i].getFlag(), subject, source);
>> +                }
>>              }
>> -            workers[i] = new LoginModuleConfiguration(wrapper,  
>> config[i].getFlag());
>> -            workers[i].getModule().initialize(subject, handler, new  
>> HashMap(), config[i].getOptions());
>> +            proxies[i].initialize(subject, handler, sharedState,  
>> config[i].getOptions());
>> +            syncSharedState();
>>          }
>> -        return performLogin(workers);
>> +        return performLogin();
>>      }
>>       public boolean commit() throws LoginException {
>> -        for (int i = 0; i < workers.length; i++) {
>> -            workers[i].getModule().commit();
>> -        }
>> -        Principal[] principals =  
>> service.loginSucceeded(clientHandle);
>> -        for (int i = 0; i < principals.length; i++) {
>> -            Principal principal = principals[i];
>> -            subject.getPrincipals().add(principal);
>> +        for (int i = 0; i < proxies.length; i++) {
>> +            proxies[i].commit();
>> +            syncSharedState();
>> +            syncPrincipals();
>>          }
>> +         
>> subject.getPrincipals().add(service.loginSucceeded(sessionHandle));
>>          return true;
>>      }
>>       public boolean abort() throws LoginException {
>>          try {
>> -            for (int i = 0; i < workers.length; i++) {
>> -                workers[i].getModule().abort();
>> +            for (int i = 0; i < proxies.length; i++) {
>> +                proxies[i].abort();
>> +                syncSharedState();
>>              }
>>          } finally {
>> -            service.loginFailed(clientHandle);
>> +            service.loginFailed(sessionHandle);
>>          }
>>          clear();
>>          return true;
>> @@ -137,11 +138,12 @@
>>       public boolean logout() throws LoginException {
>>          try {
>> -            for (int i = 0; i < workers.length; i++) {
>> -                workers[i].getModule().logout();
>> +            for (int i = 0; i < proxies.length; i++) {
>> +                proxies[i].logout();
>> +                syncSharedState();
>>              }
>>          } finally {
>> -            service.logout(clientHandle);
>> +            service.logout(sessionHandle);
>>          }
>>          clear();
>>          return true;
>> @@ -159,9 +161,8 @@
>>          service = null;
>>          handler = null;
>>          subject = null;
>> -        processedPrincipals.clear();
>> -        clientHandle = null;
>> -        workers = null;
>> +        sessionHandle = null;
>> +        proxies = null;
>>      }
>>       private JaasLoginServiceMBean connect() {
>> @@ -176,32 +177,33 @@
>>      /**
>>       * See  
>> http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/ 
>> Configuration.html
>>       *
>> -     * @param modules
>>       * @return
>>       * @throws LoginException
>>       */
>> -    private static boolean performLogin(LoginModuleConfiguration[]  
>> modules) throws LoginException {
>> +    private boolean performLogin() throws LoginException {
>>          Boolean success = null;
>>          Boolean backup = null;
>>  -        for (int i = 0; i < modules.length; i++) {
>> -            LoginModuleConfiguration module = modules[i];
>> -            boolean result = module.getModule().login();
>> -            if (module.getControlFlag() ==  
>> LoginModuleControlFlag.REQUIRED) {
>> +        for (int i = 0; i < proxies.length; i++) {
>> +            LoginModuleProxy proxy = proxies[i];
>> +            boolean result = proxy.login();
>> +            syncSharedState();
>> +
>> +            if (proxy.getControlFlag() ==  
>> LoginModuleControlFlag.REQUIRED) {
>>                  if (success == null || success.booleanValue()) {
>>                      success = result ? Boolean.TRUE : Boolean.FALSE;
>>                  }
>> -            } else if (module.getControlFlag() ==  
>> LoginModuleControlFlag.REQUISITE) {
>> +            } else if (proxy.getControlFlag() ==  
>> LoginModuleControlFlag.REQUISITE) {
>>                  if (!result) {
>>                      return false;
>>                  } else if (success == null) {
>>                      success = Boolean.TRUE;
>>                  }
>> -            } else if (module.getControlFlag() ==  
>> LoginModuleControlFlag.SUFFICIENT) {
>> +            } else if (proxy.getControlFlag() ==  
>> LoginModuleControlFlag.SUFFICIENT) {
>>                  if (result && (success == null ||  
>> success.booleanValue())) {
>>                      return true;
>>                  }
>> -            } else if (module.getControlFlag() ==  
>> LoginModuleControlFlag.OPTIONAL) {
>> +            } else if (proxy.getControlFlag() ==  
>> LoginModuleControlFlag.OPTIONAL) {
>>                  if (backup == null || backup.booleanValue()) {
>>                      backup = result ? Boolean.TRUE : Boolean.FALSE;
>>                  }
>> @@ -219,106 +221,13 @@
>>          return false;
>>      }
>>  -    private class ClientLoginModule implements LoginModule {
>> -        private LoginModule source;
>> -        int index;
>> -
>> -        public ClientLoginModule(LoginModule source, int index) {
>> -            this.source = source;
>> -            this.index = index;
>> -        }
>> -
>> -        public void initialize(Subject subject, CallbackHandler  
>> callbackHandler, Map sharedState, Map options) {
>> -            source.initialize(subject, callbackHandler, sharedState,  
>> options);
>> -        }
>> -
>> -        public boolean login() throws LoginException {
>> -            return source.login();
>> -        }
>> -
>> -        /**
>> -         * Commit the LoginModule that is being wrapped.  Send the  
>> resulting
>> -         * principals that are obtained back to the server.
>> -         *
>> -         * @return true if this method succeeded, or false if this
>> -         *         <code>LoginModule</code> should be ignored.
>> -         * @throws LoginException if commit fails
>> -         */
>> -        public boolean commit() throws LoginException {
>> -            boolean result = source.commit();
>> -            List list = new ArrayList();
>> -            for (Iterator it = subject.getPrincipals().iterator();  
>> it.hasNext();) {
>> -                Principal p = (Principal) it.next();
>> -                if (!processedPrincipals.contains(p)) {
>> -                    list.add(p);
>> -                    processedPrincipals.add(p);
>> -                }
>> -            }
>> -            service.clientLoginModuleCommit(clientHandle, index,  
>> (Principal[]) list.toArray(new Principal[list.size()]));
>> -            return result;
>> -        }
>> -
>> -        public boolean abort() throws LoginException {
>> -            return source.abort();
>> -        }
>> -
>> -        public boolean logout() throws LoginException {
>> -            return source.logout();
>> -        }
>> +    private void syncSharedState() throws LoginException {
>> +        Map map = service.syncShareState(sessionHandle,  
>> LoginUtils.getSerializableCopy(sharedState));
>> +        sharedState.putAll(map);
>>      }
>>  -    private class ServerLoginModule implements LoginModule {
>> -        int index;
>> -        CallbackHandler handler;
>> -        Callback[] callbacks;
>> -
>> -        public ServerLoginModule(int index) {
>> -            this.index = index;
>> -        }
>> -
>> -        public void initialize(Subject subject, CallbackHandler  
>> handler, Map sharedState, Map options) {
>> -            this.handler = handler;
>> -        }
>> -
>> -        /**
>> -         * Perform a login on the server side.
>> -         * <p/>
>> -         * Here we get the Callbacks from the server side, pass them  
>> to the
>> -         * local handler so that they may be filled.  We pass the  
>> resulting
>> -         * set of Callbacks back to the server.
>> -         *
>> -         * @return true if the authentication succeeded, or false if  
>> this
>> -         *         <code>LoginModule</code> should be ignored.
>> -         * @throws LoginException if the authentication fails
>> -         */
>> -        public boolean login() throws LoginException {
>> -            try {
>> -                callbacks =  
>> service.getServerLoginCallbacks(clientHandle, index);
>> -                if (handler != null) {
>> -                    handler.handle(callbacks);
>> -                } else if (callbacks != null && callbacks.length >  
>> 0) {
>> -                    System.err.println("No callback handler  
>> available for " + callbacks.length + " callbacks!");
>> -                }
>> -                return service.performServerLogin(clientHandle,  
>> index, callbacks);
>> -            } catch (LoginException le) {
>> -                throw le;
>> -            } catch (Exception e) {
>> -                LoginException le = new LoginException("Error  
>> filling callback list");
>> -                le.initCause(e);
>> -                throw le;
>> -            }
>> -        }
>> -
>> -        public boolean commit() throws LoginException {
>> -            return service.serverLoginModuleCommit(clientHandle,  
>> index);
>> -        }
>> -
>> -        public boolean abort() throws LoginException {
>> -            return false; // taken care of with a single call to the  
>> server
>> -        }
>> -
>> -        public boolean logout() throws LoginException {
>> -            return false; // taken care of with a single call to the  
>> server
>> -        }
>> +    private void syncPrincipals() throws LoginException {
>> +        Set principals = service.syncPrincipals(sessionHandle,  
>> subject.getPrincipals());
>> +        subject.getPrincipals().addAll(principals);
>>      }
>>  }
>> Added:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/LoginModuleProxy.java
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/jaas/client/LoginModuleProxy.java? 
>> rev=315020&view=auto
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/LoginModuleProxy.java (added)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/LoginModuleProxy.java Wed Oct 12 13:01:56 2005
>> @@ -0,0 +1,43 @@
>> +/**
>> + *
>> + * Copyright 2005 The Apache Software Foundation
>> + *
>> + *  Licensed under the Apache License, Version 2.0 (the "License");
>> + *  you may not use this file except in compliance with the License.
>> + *  You may obtain a copy of the License at
>> + *
>> + *     http://www.apache.org/licenses/LICENSE-2.0
>> + *
>> + *  Unless required by applicable law or agreed to in writing,  
>> software
>> + *  distributed under the License is distributed on an "AS IS" BASIS,
>> + *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or  
>> implied.
>> + *  See the License for the specific language governing permissions  
>> and
>> + *  limitations under the License.
>> + */
>> +package org.apache.geronimo.security.jaas.client;
>> +
>> +import javax.security.auth.Subject;
>> +import javax.security.auth.spi.LoginModule;
>> +
>> +import org.apache.geronimo.security.jaas.server.JaasSessionId;
>> +import  
>> org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
>> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
>> +
>> +
>> +/**
>> + * @version $Revision: $ $Date: $
>> + */
>> +public abstract class LoginModuleProxy implements LoginModule {
>> +    final protected LoginModuleControlFlag controlFlag;
>> +    final protected Subject subject;
>> +
>> +    public LoginModuleProxy(LoginModuleControlFlag controlFlag,  
>> Subject subject)
>> +    {
>> +        this.controlFlag = controlFlag;
>> +        this.subject = subject;
>> +    }
>> +
>> +    public LoginModuleControlFlag getControlFlag() {
>> +        return controlFlag;
>> +    }
>> +}
>> Added:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/ServerLoginProxy.java
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java? 
>> rev=315020&view=auto
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/ServerLoginProxy.java (added)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/ServerLoginProxy.java Wed Oct 12 13:01:56 2005
>> @@ -0,0 +1,92 @@
>> +/**
>> + *
>> + * Copyright 2005 The Apache Software Foundation
>> + *
>> + *  Licensed under the Apache License, Version 2.0 (the "License");
>> + *  you may not use this file except in compliance with the License.
>> + *  You may obtain a copy of the License at
>> + *
>> + *     http://www.apache.org/licenses/LICENSE-2.0
>> + *
>> + *  Unless required by applicable law or agreed to in writing,  
>> software
>> + *  distributed under the License is distributed on an "AS IS" BASIS,
>> + *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or  
>> implied.
>> + *  See the License for the specific language governing permissions  
>> and
>> + *  limitations under the License.
>> + */
>> +package org.apache.geronimo.security.jaas.client;
>> +
>> +import java.util.Map;
>> +import javax.security.auth.Subject;
>> +import javax.security.auth.callback.Callback;
>> +import javax.security.auth.callback.CallbackHandler;
>> +import javax.security.auth.login.LoginException;
>> +
>> +import org.apache.geronimo.security.jaas.server.JaasSessionId;
>> +import  
>> org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
>> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
>> +
>> +
>> +/**
>> + * @version $Revision: $ $Date: $
>> + */
>> +public class ServerLoginProxy extends LoginModuleProxy {
>> +    CallbackHandler handler;
>> +    Callback[] callbacks;
>> +    private final int lmIndex;
>> +    private final JaasLoginServiceMBean service;
>> +    private final JaasSessionId sessionHandle;
>> +
>> +    public ServerLoginProxy(LoginModuleControlFlag controlFlag,  
>> Subject subject, int lmIndex,
>> +                            JaasLoginServiceMBean service,  
>> JaasSessionId sessionHandle)
>> +    {
>> +        super(controlFlag, subject);
>> +        this.lmIndex = lmIndex;
>> +        this.service = service;
>> +        this.sessionHandle = sessionHandle;
>> +    }
>> +
>> +    public void initialize(Subject subject, CallbackHandler handler,  
>> Map sharedState, Map options) {
>> +        this.handler = handler;
>> +    }
>> +
>> +    /**
>> +     * Perform a login on the server side.
>> +     * <p/>
>> +     * Here we get the Callbacks from the server side, pass them to  
>> the
>> +     * local handler so that they may be filled.  We pass the  
>> resulting
>> +     * set of Callbacks back to the server.
>> +     *
>> +     * @return true if the authentication succeeded, or false if this
>> +     *         <code>LoginModule</code> should be ignored.
>> +     * @throws javax.security.auth.login.LoginException
>> +     *          if the authentication fails
>> +     */
>> +    public boolean login() throws LoginException {
>> +        try {
>> +            callbacks =  
>> service.getServerLoginCallbacks(sessionHandle, lmIndex);
>> +            if (handler != null) {
>> +                handler.handle(callbacks);
>> +            } else if (callbacks != null && callbacks.length > 0) {
>> +                System.err.println("No callback handler available  
>> for " + callbacks.length + " callbacks!");
>> +            }
>> +            return service.performLogin(sessionHandle, lmIndex,  
>> callbacks);
>> +        } catch (Exception e) {
>> +            LoginException le = new LoginException("Error filling  
>> callback list");
>> +            le.initCause(e);
>> +            throw le;
>> +        }
>> +    }
>> +
>> +    public boolean commit() throws LoginException {
>> +        return service.performCommit(sessionHandle, lmIndex);
>> +    }
>> +
>> +    public boolean abort() throws LoginException {
>> +        return false; // taken care of with a single call to the  
>> server
>> +    }
>> +
>> +    public boolean logout() throws LoginException {
>> +        return false; // taken care of with a single call to the  
>> server
>> +    }
>> +}
>> \ No newline at end of file
>> Added:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/WrappingClientLoginModuleProxy.java
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/jaas/client/ 
>> WrappingClientLoginModuleProxy.java?rev=315020&view=auto
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/WrappingClientLoginModuleProxy.java (added)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/client/WrappingClientLoginModuleProxy.java Wed Oct 12  
>> 13:01:56 2005
>> @@ -0,0 +1,78 @@
>> +/**
>> + *
>> + * Copyright 2005 The Apache Software Foundation
>> + *
>> + *  Licensed under the Apache License, Version 2.0 (the "License");
>> + *  you may not use this file except in compliance with the License.
>> + *  You may obtain a copy of the License at
>> + *
>> + *     http://www.apache.org/licenses/LICENSE-2.0
>> + *
>> + *  Unless required by applicable law or agreed to in writing,  
>> software
>> + *  distributed under the License is distributed on an "AS IS" BASIS,
>> + *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or  
>> implied.
>> + *  See the License for the specific language governing permissions  
>> and
>> + *  limitations under the License.
>> + */
>> +package org.apache.geronimo.security.jaas.client;
>> +
>> +import java.security.Principal;
>> +import java.util.HashSet;
>> +import java.util.Iterator;
>> +import java.util.Map;
>> +import java.util.Set;
>> +import javax.security.auth.Subject;
>> +import javax.security.auth.callback.CallbackHandler;
>> +import javax.security.auth.login.LoginException;
>> +import javax.security.auth.spi.LoginModule;
>> +
>> +import org.apache.geronimo.security.DomainPrincipal;
>> +import org.apache.geronimo.security.RealmPrincipal;
>> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
>> +
>> +
>> +/**
>> + * @version $Revision: $ $Date: $
>> + */
>> +public class WrappingClientLoginModuleProxy extends  
>> ClientLoginModuleProxy {
>> +    private final String loginDomainName;
>> +    private final String realmName;
>> +    private final Subject localSubject = new Subject();
>> +
>> +    public WrappingClientLoginModuleProxy(LoginModuleControlFlag  
>> controlFlag, Subject subject, LoginModule source,
>> +                                          String loginDomainName,  
>> String realmName)
>> +    {
>> +        super(controlFlag, subject, source);
>> +        this.loginDomainName = loginDomainName;
>> +        this.realmName = realmName;
>> +    }
>> +
>> +    public void initialize(Subject subject, CallbackHandler  
>> callbackHandler, Map sharedState, Map options) {
>> +        super.initialize(localSubject, callbackHandler, sharedState,  
>> options);
>> +    }
>> +
>> +    public boolean commit() throws LoginException {
>> +        boolean result = super.commit();
>> +
>> +        Set wrapped = new HashSet();
>> +        for (Iterator iter = subject.getPrincipals().iterator();  
>> iter.hasNext();) {
>> +            DomainPrincipal dPrincipal = new  
>> DomainPrincipal(loginDomainName, (Principal) iter.next());
>> +
>> +            wrapped.add(dPrincipal);
>> +            wrapped.add(new RealmPrincipal(realmName, dPrincipal));
>> +        }
>> +        localSubject.getPrincipals().addAll(wrapped);
>> +        subject.getPrincipals().addAll(localSubject.getPrincipals());
>> +
>> +        return result;
>> +    }
>> +
>> +    public boolean logout() throws LoginException {
>> +        boolean result = super.logout();
>> +
>> +         
>> subject.getPrincipals().removeAll(localSubject.getPrincipals());
>> +        localSubject.getPrincipals().clear();
>> +
>> +        return result;
>> +    }
>> +}
>> \ No newline at end of file
>> Copied:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/server/DecouplingCallbackHandler.java (from r289678,  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/DecouplingCallbackHandler.java)
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/jaas/server/ 
>> DecouplingCallbackHandler.java?p2=geronimo/trunk/modules/security/ 
>> src/java/org/apache/geronimo/security/jaas/server/ 
>> DecouplingCallbackHandler.java&p1=geronimo/trunk/modules/security/ 
>> src/java/org/apache/geronimo/security/jaas/ 
>> DecouplingCallbackHandler.java&r1=289678&r2=315020&rev=315020&view=dif 
>> f
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/DecouplingCallbackHandler.java (original)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/server/DecouplingCallbackHandler.java Wed Oct 12  
>> 13:01:56 2005
>> @@ -14,7 +14,7 @@
>>   *  See the License for the specific language governing permissions  
>> and
>>   *  limitations under the License.
>>   */
>> -package org.apache.geronimo.security.jaas;
>> +package org.apache.geronimo.security.jaas.server;
>>   import javax.security.auth.callback.Callback;
>>  import javax.security.auth.callback.CallbackHandler;
>> Copied:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/server/ExpiredLoginModuleException.java (from r289678,  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/ExpiredLoginModuleException.java)
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/jaas/server/ 
>> ExpiredLoginModuleException.java?p2=geronimo/trunk/modules/security/ 
>> src/java/org/apache/geronimo/security/jaas/server/ 
>> ExpiredLoginModuleException.java&p1=geronimo/trunk/modules/security/ 
>> src/java/org/apache/geronimo/security/jaas/ 
>> ExpiredLoginModuleException.java&r1=289678&r2=315020&rev=315020&view=d 
>> iff
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/ExpiredLoginModuleException.java (original)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/server/ExpiredLoginModuleException.java Wed Oct 12  
>> 13:01:56 2005
>> @@ -15,7 +15,7 @@
>>   *  limitations under the License.
>>   */
>>  -package org.apache.geronimo.security.jaas;
>> +package org.apache.geronimo.security.jaas.server;
>>   import javax.security.auth.login.LoginException;
>>  Propchange:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/server/ExpiredLoginModuleException.java
>> ---------------------------------------------------------------------- 
>> --------
>>     svn:eol-style = native
>> Propchange:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/server/ExpiredLoginModuleException.java
>> ---------------------------------------------------------------------- 
>> --------
>>     svn:keywords = author date id rev
>> Copied:  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/server/JaasLoginModuleConfiguration.java (from r289678,  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasLoginModuleConfiguration.java)
>> URL:  
>> http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/ 
>> java/org/apache/geronimo/security/jaas/server/ 
>> JaasLoginModuleConfiguration.java?p2=geronimo/trunk/modules/security/ 
>> src/java/org/apache/geronimo/security/jaas/server/ 
>> JaasLoginModuleConfiguration.java&p1=geronimo/trunk/modules/security/ 
>> src/java/org/apache/geronimo/security/jaas/ 
>> JaasLoginModuleConfiguration.java&r1=289678&r2=315020&rev=315020&view= 
>> diff
>> ====================================================================== 
>> ========
>> ---  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/JaasLoginModuleConfiguration.java (original)
>> +++  
>> geronimo/trunk/modules/security/src/java/org/apache/geronimo/ 
>> security/jaas/server/JaasLoginModuleConfiguration.java Wed Oct 12  
>> 13:01:56 2005
>> @@ -14,17 +14,15 @@
>>   *  See the License for the specific language governing permissions  
>> and
>>   *  limitations under the License.
>>   */
>> -package org.apache.geronimo.security.jaas;
>> +package org.apache.geronimo.security.jaas.server;
>>  -import java.io.Externalizable;
>>  import java.io.Serializable;
>> -import java.rmi.Remote;
>> -import java.util.HashMap;
>> -import java.util.Iterator;
>>  import java.util.Map;
>>  import javax.security.auth.spi.LoginModule;
>>   import org.apache.geronimo.common.GeronimoSecurityException;
>> +import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
>> +
>>   /**
>>   * Describes the configuration of a LoginModule -- its name, class,  
>> control
>> @@ -34,22 +32,26 @@
>>   * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14  
>> Sep 2004) $
>>   */
>>  public class JaasLoginModuleConfiguration implements Serializable {
>> -    private boolean serverSide;
>> -    private String loginDomainName;
>> -    private LoginModuleControlFlag flag;
>> -    private String loginModuleName;
>> -    private Map options;
>> -
>> -    public JaasLoginModuleConfiguration(String loginModuleName,  
>> LoginModuleControlFlag flag, Map options, boolean serverSide, String  
>> loginDomainName) {
>> +    private final boolean serverSide;
>> +    private final String loginDomainName;
>> +    private final LoginModuleControlFlag flag;
>> +    private final String loginModuleName;
>> +    private final Map options;
>> +    private final boolean wrapPrincipals;
>> +
>> +    public JaasLoginModuleConfiguration(String loginModuleName,  
>> LoginModuleControlFlag flag, Map options,
>> +                                        boolean serverSide, String  
>> loginDomainName, boolean wrapPrincipals)
>> +    {
>>          this.serverSide = serverSide;
>>          this.flag = flag;
>>          this.loginModuleName = loginModuleName;
>>          this.options = options;
>>          this.loginDomainName = loginDomainName;
>> +        this.wrapPrincipals = wrapPrincipals;
>>      }
>>       public JaasLoginModuleConfiguration(String loginModuleName,  
>> LoginModuleControlFlag flag, Map options, boolean serverSide) {
>> -        this(loginModuleName, flag, options, serverSide, null);
>> +        this(loginModuleName, flag, options, serverSide, null,  
>> false);
>>      }
>>       public String getLoginModuleClassName() {
>> @@ -80,20 +82,7 @@
>>          return loginDomainName;
>>      }
>>  -    /**
>> -     * Strips out stuff that isn't serializable so this can be  
>> safely passed to
>> -     * a remote server.
>> -     */
>> -    public JaasLoginModuleConfiguration getSerializableCopy() {
>> -        Map other = new HashMap();
>> -        for (Iterator it = options.keySet().iterator();  
>> it.hasNext();) {
>> -            String key = (String) it.next();
>> -            Object value = options.get(key);
>> -            if (value instanceof Serializable || value instanceof  
>> Externalizable || value instanceof Remote) {
>> -                other.put(key, value);
>> -            }
>> -        }
>> -
>> -        return new JaasLoginModuleConfiguration(loginModuleName,  
>> flag, other, serverSide, loginDomainName);
>> +    public boolean isWrapPrincipals() {
>> +        return wrapPrincipals;
>>      }
>>  }
>
> -- 
> Joe Bohn
> joe.bohn@earthlink.net
>
> "He is no fool who gives what he cannot keep, to gain what he cannot  
> lose."   -- Jim Elliot
>


Mime
View raw message