geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r103456 - in geronimo/trunk/modules: assembly/src/plan jetty-builder/src/java/org/apache/geronimo/jetty/deployment jetty-builder/src/test/org/apache/geronimo/jetty/deployment jetty/src/java/org/apache/geronimo/jetty jetty/src/test/org/apache/geronimo/jetty security/src/java/org/apache/geronimo/security security/src/java/org/apache/geronimo/security/deploy security/src/java/org/apache/geronimo/security/realm
Date Fri, 19 Nov 2004 03:51:44 GMT
Author: adc
Date: Thu Nov 18 19:51:43 2004
New Revision: 103456

Modified:
   geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml
   geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml
   geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
   geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java
   geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
   geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java
   geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java
   geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityService.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java
Log:
Intermediate checkin for http://nagoya.apache.org/jira/browse/GERONIMO-454.

Auto mapping now properly occurs at deploy time.

Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml	(original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml	Thu Nov 18 19:51:43 2004
@@ -138,6 +138,7 @@
 
     <gbean name="geronimo.deployer:role=ModuleBuilder,type=Web,config=org/apache/geronimo/J2EEDeployer"
class="org.apache.geronimo.jetty.deployment.JettyModuleBuilder">
         <attribute name="defaultParentId">org/apache/geronimo/Server</attribute>
+        <!-- reference name="SecurityService">geronimo.security:type=SecurityService</reference
-->
     </gbean>
 
     <gbean name="geronimo.deployer:role=ModuleBuilder,type=EJB,config=org/apache/geronimo/J2EEDeployer"
class="org.openejb.deployment.OpenEJBModuleBuilder">

Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml	(original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-runtime-deployer-plan.xml	Thu Nov 18 19:51:43
2004
@@ -88,6 +88,7 @@
 
     <gbean name="geronimo.deployer:role=ModuleBuilder,type=Web,config=org/apache/geronimo/Server"
class="org.apache.geronimo.jetty.deployment.JettyModuleBuilder">
         <attribute name="defaultParentId">org/apache/geronimo/Server</attribute>
+        <reference name="SecurityService">geronimo.security:type=SecurityService</reference>
     </gbean>
 
     <gbean name="geronimo.deployer:role=ModuleBuilder,type=EJB,config=org/apache/geronimo/Server"
class="org.openejb.deployment.OpenEJBModuleBuilder">

Modified: geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
==============================================================================
--- geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
(original)
+++ geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
Thu Nov 18 19:51:43 2004
@@ -59,6 +59,7 @@
 import org.apache.geronimo.schema.SchemaConversionUtils;
 import org.apache.geronimo.security.deploy.Security;
 import org.apache.geronimo.security.deployment.SecurityBuilder;
+import org.apache.geronimo.security.SecurityService;
 import org.apache.geronimo.transaction.OnlineUserTransaction;
 import org.apache.geronimo.xbeans.geronimo.jetty.JettyDependencyType;
 import org.apache.geronimo.xbeans.geronimo.jetty.JettyGbeanType;
@@ -79,9 +80,11 @@
  */
 public class JettyModuleBuilder implements ModuleBuilder {
     private final URI defaultParentId;
+    private final SecurityService securityService;
 
-    public JettyModuleBuilder(URI defaultParentId) {
+    public JettyModuleBuilder(URI defaultParentId, SecurityService securityService) {
         this.defaultParentId = defaultParentId;
+        this.securityService = securityService;
     }
 
     public Module createModule(File plan, JarFile moduleFile) throws DeploymentException
{
@@ -300,7 +303,11 @@
         UserTransaction userTransaction = new OnlineUserTransaction();
         ReadOnlyContext compContext = buildComponentContext(earContext, webModule, webApp,
jettyWebApp, userTransaction, webClassLoader);
 
+        /**
+         * Build the security configuration.  Attempt to auto generate role mappings.
+         */
         Security security = SecurityBuilder.buildSecurityConfig(jettyWebApp.getSecurity(),
collectRoleNames(webApp));
+        if (security != null) security.autoGenerate(securityService);
 
         GBeanMBean gbean;
         try {
@@ -464,9 +471,10 @@
     static {
         GBeanInfoBuilder infoBuilder = new GBeanInfoBuilder(JettyModuleBuilder.class);
         infoBuilder.addAttribute("defaultParentId", URI.class, true);
+        infoBuilder.addReference("SecurityService", SecurityService.class);
         infoBuilder.addInterface(ModuleBuilder.class);
 
-        infoBuilder.setConstructor(new String[] {"defaultParentId"});
+        infoBuilder.setConstructor(new String[] {"defaultParentId", "SecurityService"});
         GBEAN_INFO = infoBuilder.getBeanInfo();
     }
 

Modified: geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java
==============================================================================
--- geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java
(original)
+++ geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/PlanParsingTest.java
Thu Nov 18 19:51:43 2004
@@ -11,7 +11,7 @@
 /**
  */
 public class PlanParsingTest extends TestCase {
-    private JettyModuleBuilder builder = new JettyModuleBuilder(null);
+    private JettyModuleBuilder builder = new JettyModuleBuilder(null, null);
     private File basedir = new File(System.getProperty("basedir", "."));
 
     public void testResourceRef() throws Exception {

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
(original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
Thu Nov 18 19:51:43 2004
@@ -87,7 +87,7 @@
     private final Kernel kernel;
     private final String policyContextID;
     private final Security securityConfig;
-    private SecurityService securityService;
+    private final SecurityService securityService;
     private final JAASJettyPrincipal defaultPrincipal;
 
     private PolicyConfigurationFactory factory;
@@ -102,6 +102,7 @@
         kernel = null;
         policyContextID = null;
         securityConfig = null;
+        securityService = null;
         defaultPrincipal = null;
     }
 
@@ -118,6 +119,7 @@
             Set applicationManagedSecurityResources,
             String policyContextID,
             Security securityConfig,
+            SecurityService securityService,
             TransactionContextManager transactionContextManager,
             TrackedConnectionAssociator trackedConnectionAssociator,
             JettyContainer jettyContainer) throws MalformedURLException {
@@ -138,7 +140,8 @@
         this.kernel = kernel;
         this.policyContextID = policyContextID;
         this.securityConfig = securityConfig;
-        defaultPrincipal = generateDefaultPrincipal(securityConfig);
+        this.securityService = securityService;
+        this.defaultPrincipal = generateDefaultPrincipal(securityConfig);
 
         /**
          * We want to use our own web-app handler.
@@ -162,10 +165,6 @@
         return securityService;
     }
 
-    public void setSecurityService(SecurityService securityService) {
-        this.securityService = securityService;
-    }
-
     public Subject getRoleDesignate(String roleName) {
         return (Subject) roleDesignates.get(roleName);
     }
@@ -562,6 +561,7 @@
             "applicationManagedSecurityResources",
             "policyContextID",
             "securityConfig",
+            "SecurityService",
             "TransactionContextManager",
             "TrackedConnectionAssociator",
             "JettyContainer",

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java
(original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java
Thu Nov 18 19:51:43 2004
@@ -23,8 +23,6 @@
 import javax.security.jacc.WebRoleRefPermission;
 import javax.security.jacc.WebUserDataPermission;
 import javax.servlet.UnavailableException;
-import javax.management.ObjectName;
-import javax.management.MalformedObjectNameException;
 import java.io.IOException;
 import java.net.MalformedURLException;
 import java.util.HashMap;
@@ -40,13 +38,11 @@
 
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.security.RealmPrincipal;
-import org.apache.geronimo.security.deploy.AutoMapAssistant;
 import org.apache.geronimo.security.deploy.Principal;
 import org.apache.geronimo.security.deploy.Realm;
 import org.apache.geronimo.security.deploy.Role;
 import org.apache.geronimo.security.deploy.Security;
 import org.apache.geronimo.security.jacc.RoleMappingConfiguration;
-import org.apache.geronimo.security.realm.SecurityRealm;
 import org.apache.geronimo.security.util.ConfigurationUtil;
 import org.apache.geronimo.security.util.URLPattern;
 
@@ -125,10 +121,6 @@
      *
      * @param node deployment descriptor from which to obtain the
      *             security constraints that are to be translated.
-     * @throws org.apache.geronimo.security.GeronimoSecurityException
-     *          if there
-     *          is any violation of the semantics of the security descriptor or the state
-     *          of the module configuration.
      * @see javax.security.jacc.PolicyConfiguration
      * @see "Java Authorization Contract for Containers", section 3.1.3
      */
@@ -330,57 +322,6 @@
     }
 
     protected void addRoleMappings(RoleMappingConfiguration roleMapper, Security security)
throws PolicyContextException, GeronimoSecurityException {
-        autoMapRoles(roleMapper, security);
-        addExplicitMappings(roleMapper, security);
-    }
-
-    protected void autoMapRoles(RoleMappingConfiguration roleMapper, Security security) throws
PolicyContextException, GeronimoSecurityException {
-
-        JettyWebAppJACCContext context = (JettyWebAppJACCContext) getWebApplicationContext();
-        AutoMapAssistant config = security.getAssistant();
-        try {
-            if (config != null) {
-                ObjectName assistantName = new ObjectName("geronimo.security:type=SecurityRealm,realm="
+ config.getSecurityRealm());
-                Set assistants = context.getKernel().listGBeans(assistantName);
-                if (assistants.size() < 1 || assistants.size() > 1) throw new GeronimoSecurityException("Only
one auto mapping assistant should match " + assistantName);
-
-                org.apache.geronimo.security.realm.AutoMapAssistant assistant = (org.apache.geronimo.security.realm.AutoMapAssistant)
assistants.iterator().next();
-                String realmName = ((SecurityRealm) assistant).getRealmName();
-                Iterator principalClasses = null;
-                if (config.getClassOverrides().size() > 0) {
-                    principalClasses = config.getClassOverrides().iterator();
-                } else {
-                    principalClasses = assistant.obtainRolePrincipalClasses().iterator();
-                }
-
-                Iterator roles = securityRoles.iterator();
-                while (roles.hasNext()) {
-                    String roleName = (String) roles.next();
-                    Set principalSet = new HashSet();
-                    Subject roleDesignate = new Subject();
-
-                    while (principalClasses.hasNext()) {
-                        Principal principal = new Principal();
-                        principal.setClassName((String) principalClasses.next());
-                        principal.setPrincipalName(roleName);
-
-                        RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(principal,
realmName);
-                        if (realmPrincipal == null) throw new GeronimoSecurityException("Unable
to create realm principal");
-
-                        principalSet.add(realmPrincipal);
-                        roleDesignate.getPrincipals().add(realmPrincipal);
-                    }
-                    roleMapper.addRoleMapping(roleName, principalSet);
-                    if (roleDesignate.getPrincipals().size() > 0) context.setRoleDesignate(roleName,
roleDesignate);
-                }
-            }
-        } catch (MalformedObjectNameException e) {
-            throw new GeronimoSecurityException("Bad object name geronimo.security:type=SecurityRealm,realm="
+ config.getSecurityRealm());
-        }
-    }
-
-    protected void addExplicitMappings(RoleMappingConfiguration roleMapper, Security security)
throws PolicyContextException, GeronimoSecurityException {
-
         JettyWebAppJACCContext context = (JettyWebAppJACCContext) getWebApplicationContext();
 
         Iterator rollMappings = security.getRoleMappings().values().iterator();

Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java
(original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java
Thu Nov 18 19:51:43 2004
@@ -108,6 +108,7 @@
         securityServiceGBean = new GBeanMBean("org.apache.geronimo.security.SecurityService");
         securityServiceName = new ObjectName("geronimo.security:type=SecurityService");
         securityServiceGBean.setReferencePatterns("Realms", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*")));
+        securityServiceGBean.setReferencePatterns("Mappers", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*")));
         securityServiceGBean.setAttribute("policyConfigurationFactory", "org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory");
 
         loginServiceGBean = new GBeanMBean("org.apache.geronimo.security.jaas.JaasLoginService");

Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java	(original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java	Thu
Nov 18 19:51:43 2004
@@ -18,12 +18,16 @@
 package org.apache.geronimo.jetty;
 
 import java.io.BufferedReader;
+import java.io.IOException;
 import java.io.InputStreamReader;
 import java.net.HttpURLConnection;
 import java.net.URI;
 import java.net.URL;
 
 import org.apache.geronimo.gbean.jmx.GBeanMBean;
+import org.apache.geronimo.kernel.jmx.MBeanProxyFactory;
+import org.apache.geronimo.security.SecurityService;
+import org.apache.geronimo.security.deploy.AutoMapAssistant;
 import org.apache.geronimo.security.deploy.DefaultPrincipal;
 import org.apache.geronimo.security.deploy.Principal;
 import org.apache.geronimo.security.deploy.Realm;
@@ -33,14 +37,18 @@
 
 
 /**
+ * Tests the JAAC security for Jetty by using both explicit and auto role mapping
+ *
  * @version $Rev$ $Date$
  */
 public class SecurityTest extends BaseSecurityTest {
 
-    public void testDummy() throws Exception {
-    }
-
-    public void testSecurity() throws Exception {
+    /**
+     * Test the explicit map feature.  Only Alan should be able to log in.
+     *
+     * @throws Exception thrown if an error in the test occurs
+     */
+    public void testExplicitMapping() throws Exception {
         Security securityConfig = new Security();
         securityConfig.setUseContextHandler(false);
 
@@ -91,7 +99,228 @@
         connection.setRequestProperty("Cookie", cookie);
         connection.setInstanceFollowRedirects(false);
         BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
-        System.out.println("Headers: "+connection.getHeaderFields());
+
+        assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+        assertEquals("Hello World", reader.readLine());
+        connection.disconnect();
+
+        connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+        connection.setInstanceFollowRedirects(false);
+        assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+        cookie = connection.getHeaderField("Set-Cookie");
+        cookie = cookie.substring(0, cookie.lastIndexOf(';'));
+        location = connection.getHeaderField("Location");
+
+        connection = (HttpURLConnection) new URL(location).openConnection();
+        connection.setInstanceFollowRedirects(false);
+        assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+
+        location = location.substring(0, location.lastIndexOf('/')) + "/j_security_check?j_username=izumi&j_password=violin";
+
+        connection = (HttpURLConnection) new URL(location).openConnection();
+        connection.setRequestMethod("POST");
+        connection.setRequestProperty("Cookie", cookie);
+        connection.setInstanceFollowRedirects(false);
+        assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+        try {
+            connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+            connection.setRequestProperty("Cookie", cookie);
+            connection.setInstanceFollowRedirects(false);
+            reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+
+            fail("Should throw an IOException for HTTP 403 response");
+        } catch (IOException e) {
+        }
+
+        assertEquals(HttpURLConnection.HTTP_FORBIDDEN, connection.getResponseCode());
+        connection.disconnect();
+
+        stopWebApp();
+    }
+
+    /**
+     * Test the auto map feature.  Only Izumi should be able to log in.
+     *
+     * @throws Exception thrown if an error in the test occurs
+     */
+    public void testAutoMapping() throws Exception {
+        Security securityConfig = new Security();
+        securityConfig.setUseContextHandler(false);
+
+        AutoMapAssistant assistant = new AutoMapAssistant();
+        assistant.setSecurityRealm("demo-properties-realm");
+        securityConfig.setAssistant(assistant);
+
+        securityConfig.getRoleNames().add("content-administrator");
+        securityConfig.getRoleNames().add("auto-administrator");
+
+        securityConfig.autoGenerate((SecurityService) MBeanProxyFactory.getProxy(SecurityService.class,
kernel.getMBeanServer(), securityServiceName));
+
+        startWebApp(securityConfig);
+
+        HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+        connection.setInstanceFollowRedirects(false);
+        assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+        String cookie = connection.getHeaderField("Set-Cookie");
+        cookie = cookie.substring(0, cookie.lastIndexOf(';'));
+        String location = connection.getHeaderField("Location");
+
+        connection = (HttpURLConnection) new URL(location).openConnection();
+        connection.setInstanceFollowRedirects(false);
+        assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+
+        location = location.substring(0, location.lastIndexOf('/')) + "/j_security_check?j_username=izumi&j_password=violin";
+
+        connection = (HttpURLConnection) new URL(location).openConnection();
+        connection.setRequestMethod("POST");
+        connection.setRequestProperty("Cookie", cookie);
+        connection.setInstanceFollowRedirects(false);
+        assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+        connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+        connection.setRequestProperty("Cookie", cookie);
+        connection.setInstanceFollowRedirects(false);
+        BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+
+        assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+        assertEquals("Hello World", reader.readLine());
+        connection.disconnect();
+
+
+        connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+        connection.setInstanceFollowRedirects(false);
+        assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+        cookie = connection.getHeaderField("Set-Cookie");
+        cookie = cookie.substring(0, cookie.lastIndexOf(';'));
+        location = connection.getHeaderField("Location");
+
+        connection = (HttpURLConnection) new URL(location).openConnection();
+        connection.setInstanceFollowRedirects(false);
+        assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+
+        location = location.substring(0, location.lastIndexOf('/')) + "/j_security_check?j_username=alan&j_password=starcraft";
+
+        connection = (HttpURLConnection) new URL(location).openConnection();
+        connection.setRequestMethod("POST");
+        connection.setRequestProperty("Cookie", cookie);
+        connection.setInstanceFollowRedirects(false);
+        assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+        try {
+            connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+            connection.setRequestProperty("Cookie", cookie);
+            connection.setInstanceFollowRedirects(false);
+            reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+
+            fail("Should throw an IOException for HTTP 403 response");
+        } catch (IOException e) {
+        }
+
+        assertEquals(HttpURLConnection.HTTP_FORBIDDEN, connection.getResponseCode());
+        connection.disconnect();
+        stopWebApp();
+    }
+
+    /**
+     * Mixed the auto map and the standard explicit map.  Both Alan and Izumi
+     * should be able to login.
+     *
+     * @throws Exception thrown if an error in the test occurs
+     */
+    public void testMixedMapping() throws Exception {
+        Security securityConfig = new Security();
+        securityConfig.setUseContextHandler(false);
+
+        AutoMapAssistant assistant = new AutoMapAssistant();
+        assistant.setSecurityRealm("demo-properties-realm");
+        securityConfig.setAssistant(assistant);
+
+        securityConfig.getRoleNames().add("content-administrator");
+        securityConfig.getRoleNames().add("auto-administrator");
+
+        securityConfig.autoGenerate((SecurityService) MBeanProxyFactory.getProxy(SecurityService.class,
kernel.getMBeanServer(), securityServiceName));
+
+        DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
+        defaultPrincipal.setRealmName("demo-properties-realm");
+        Principal principal = new Principal();
+        principal.setClassName("org.apache.geronimo.security.realm.providers.PropertiesFileUserPrincipal");
+        principal.setPrincipalName("izumi");
+        defaultPrincipal.setPrincipal(principal);
+
+        securityConfig.setDefaultPrincipal(defaultPrincipal);
+
+        Role role = new Role();
+        role.setRoleName("content-administrator");
+        principal = new Principal();
+        principal.setClassName("org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal");
+        principal.setPrincipalName("it");
+        Realm realm = new Realm();
+        realm.setRealmName("demo-properties-realm");
+        realm.getPrincipals().add(principal);
+        role.getRealms().put(realm.getRealmName(), realm);
+
+        securityConfig.append(role);
+
+        startWebApp(securityConfig);
+
+        HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+        connection.setInstanceFollowRedirects(false);
+        assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+        String cookie = connection.getHeaderField("Set-Cookie");
+        cookie = cookie.substring(0, cookie.lastIndexOf(';'));
+        String location = connection.getHeaderField("Location");
+
+        connection = (HttpURLConnection) new URL(location).openConnection();
+        connection.setInstanceFollowRedirects(false);
+        assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+
+        location = location.substring(0, location.lastIndexOf('/')) + "/j_security_check?j_username=izumi&j_password=violin";
+
+        connection = (HttpURLConnection) new URL(location).openConnection();
+        connection.setRequestMethod("POST");
+        connection.setRequestProperty("Cookie", cookie);
+        connection.setInstanceFollowRedirects(false);
+        assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+        connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+        connection.setRequestProperty("Cookie", cookie);
+        connection.setInstanceFollowRedirects(false);
+        BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+
+        assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+        assertEquals("Hello World", reader.readLine());
+        connection.disconnect();
+
+
+        connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+        connection.setInstanceFollowRedirects(false);
+        assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+        cookie = connection.getHeaderField("Set-Cookie");
+        cookie = cookie.substring(0, cookie.lastIndexOf(';'));
+        location = connection.getHeaderField("Location");
+
+        connection = (HttpURLConnection) new URL(location).openConnection();
+        connection.setInstanceFollowRedirects(false);
+        assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
+
+        location = location.substring(0, location.lastIndexOf('/')) + "/j_security_check?j_username=alan&j_password=starcraft";
+
+        connection = (HttpURLConnection) new URL(location).openConnection();
+        connection.setRequestMethod("POST");
+        connection.setRequestProperty("Cookie", cookie);
+        connection.setInstanceFollowRedirects(false);
+        assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
+
+        connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
+        connection.setRequestProperty("Cookie", cookie);
+        connection.setInstanceFollowRedirects(false);
+        reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
 
         assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
         assertEquals("Hello World", reader.readLine());

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityService.java
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityService.java
(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityService.java
Thu Nov 18 19:51:43 2004
@@ -39,6 +39,7 @@
 import org.apache.geronimo.security.jacc.PolicyContextHandlerSOAPMessage;
 import org.apache.geronimo.security.jacc.GeronimoPolicy;
 import org.apache.geronimo.security.realm.SecurityRealm;
+import org.apache.geronimo.security.realm.AutoMapAssistant;
 import org.apache.geronimo.security.util.ConfigurationUtil;
 
 
@@ -57,6 +58,7 @@
 
     private String policyConfigurationFactory;
     private Collection realms = Collections.EMPTY_SET;
+    private Collection mappers = Collections.EMPTY_SET;
     private Collection moduleConfigurations = Collections.EMPTY_SET;
 
 
@@ -117,6 +119,19 @@
         this.realms = realms;
     }
 
+    public Collection getMappers() throws GeronimoSecurityException {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) sm.checkPermission(CONFIGURE);
+        return mappers;
+    }
+
+
+    public void setMappers(Collection mappers) {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) sm.checkPermission(CONFIGURE);
+        this.mappers = mappers;
+    }
+
     public Collection getModuleConfigurations() {
         return moduleConfigurations;
     }
@@ -135,6 +150,16 @@
         return null;
     }
 
+    public AutoMapAssistant getMapper(String name) {
+        for (Iterator iter = mappers.iterator(); iter.hasNext();) {
+            AutoMapAssistant mapper = (AutoMapAssistant) iter.next();
+            if (name.equals(mapper.getRealmName())) {
+                return mapper;
+            }
+        }
+        return null;
+    }
+
     public void doStart() throws WaitingException, Exception {
         PolicyConfigurationFactory factory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
         Policy.setPolicy(new GeronimoPolicy(factory));
@@ -158,8 +183,10 @@
         infoFactory.addAttribute("policyConfigurationFactory", String.class, true);
 
         infoFactory.addReference("Realms", SecurityRealm.class);
+        infoFactory.addReference("Mappers", AutoMapAssistant.class);
         infoFactory.addReference("ModuleConfigurations", ModuleConfiguration.class);
         infoFactory.addOperation("getRealm", new Class[]{String.class});
+        infoFactory.addOperation("getMapper", new Class[]{String.class});
 
         infoFactory.setConstructor(new String[]{"policyConfigurationFactory"});
 

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
Thu Nov 18 19:51:43 2004
@@ -24,7 +24,6 @@
 import java.util.Set;
 
 import org.apache.geronimo.security.SecurityService;
-import org.apache.geronimo.security.realm.SecurityRealm;
 
 
 /**
@@ -95,21 +94,27 @@
         if (roleMappings.containsKey(role.getRoleName())) {
             Role existing = (Role) roleMappings.get(role.getRoleName());
             for (Iterator iter = role.getRealms().keySet().iterator(); iter.hasNext();) {
-                existing.append((Realm) iter.next());
+                existing.append((Realm) role.getRealms().get(iter.next()));
             }
         } else {
             roleMappings.put(role.getRoleName(), role);
         }
     }
 
-    public void autoGenerate(SecurityService secyrityService) {
-        if (secyrityService == null) return;
+    /**
+     * Automatically generate role mappings and add them to the existing role mappings.
+     * <p/>
+     * NOTE: This method should be called during deployment.
+     *
+     * @param securityService used to obtain the configured auto map assistant.
+     */
+    public void autoGenerate(SecurityService securityService) {
+        if (securityService == null) return;
         if (assistant == null) return;
 
         String realmName = assistant.getSecurityRealm();
-        SecurityRealm securityRealm = secyrityService.getRealm(realmName);
-        if (securityRealm == null || !(securityRealm instanceof AutoMapAssistant)) return;
-        org.apache.geronimo.security.realm.AutoMapAssistant autoMapAssistant = (org.apache.geronimo.security.realm.AutoMapAssistant)
securityRealm;
+        org.apache.geronimo.security.realm.AutoMapAssistant autoMapAssistant = securityService.getMapper(realmName);
+        if (autoMapAssistant == null) return;
 
         /**
          * Append roles

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java
(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java
Thu Nov 18 19:51:43 2004
@@ -33,6 +33,12 @@
 public interface AutoMapAssistant {
 
     /**
+     * Provides the realm name of the auto map assistant.
+     * @return the realm name of the auto map assistant
+     */
+    public String getRealmName();
+
+    /**
      * Provides the default principal to be used when an unauthenticated
      * subject uses a container.
      *

Mime
View raw message