geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ammul...@apache.org
Subject svn commit: r105949 - in geronimo/trunk/modules: assembly/src/plan connector/src/java/org/apache/geronimo/connector/outbound/security jetty/src/test/org/apache/geronimo/jetty security/src/java/org/apache/geronimo/security/jaas security/src/java/org/apache/geronimo/security/realm security/src/java/org/apache/geronimo/security/realm/providers security/src/test/org/apache/geronimo/security security/src/test/org/apache/geronimo/security/bridge security/src/test/org/apache/geronimo/security/jaas security/src/test/org/apache/geronimo/security/network/protocol security/src/test/org/apache/geronimo/security/remoting/jmx
Date Sat, 20 Nov 2004 07:38:56 GMT
Author: ammulder
Date: Fri Nov 19 23:38:55 2004
New Revision: 105949

Added:
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
Removed:
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntry.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryLocal.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryRealmLocal.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryRealmRemote.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/AbstractSecurityRealm.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/KerberosSecurityRealm.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileSecurityRealm.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLSecurityRealm.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLSecurityRealmPasswordDigested.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SimpleSecurityRealm.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/TestRealm.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSimpleRealmTest.java
Modified:
   geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml
   geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml
   geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java
   geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/CallerIdentityUserPasswordBridgeTest.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/ConfiguredIdentityUserPasswordBridgeTest.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/MappingUserPasswordBridgeTest.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/TestLoginModule.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosTest.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/remoting/jmx/RemoteLoginTest.java
Log:
Next set of changes to security
 - GenericSecurityRealm replaces individual security realm implementations
 - Multiple login modules (including a mix of client and server side login
   modules) per realm is now a fully supported configuration
 - Options moved to login modules, each of which is deployed via
   a LoginModuleGBean
 - Reduced the number of available configuration entry classes
 - Make automapping configurable on the GenericSecurityRealm
 - Fixed all tests to run against the new configuration style

Still not done with security changes, mail will be forthcoming on the
  remaining issues.


Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml	(original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml	Fri Nov 19 23:38:55 2004
@@ -36,21 +36,30 @@
 
     <!-- Security GBeans -->
 
-    <!-- JAAS Application Config Entry -->
-    <gbean name="geronimo.security:type=ConfigurationEntry,jaasId=jaasTest" class="org.apache.geronimo.security.jaas.ConfigurationEntryRealmLocal">
-        <attribute name="applicationConfigName" type="java.lang.String">jaasTest</attribute>
-        <attribute name="realmName" type="java.lang.String">demo-properties-realm</attribute>
-        <attribute name="controlFlag" type="org.apache.geronimo.security.jaas.LoginModuleControlFlag">REQUIRED</attribute>
-        <attribute name="options" type="java.util.Properties">foo=bar</attribute>
+    <gbean name="geronimo.security:type=LoginModule,name=demo-properties-login"
+        class="org.apache.geronimo.security.jaas.LoginModuleGBean">
+        <attribute name="loginModuleClass" type="java.lang.String">org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</attribute>
+        <attribute name="serverSide" type="boolean">true</attribute>
+        <attribute name="options" type="java.util.Properties">
+            usersURI=var/security/demo_users.properties
+            groupsURI=var/security/demo_groups.properties
+        </attribute>
     </gbean>
 
-    <!-- Demo Properties File Realm -->
-    <gbean name="geronimo.security:type=SecurityRealm,realm=demo-properties-realm" class="org.apache.geronimo.security.realm.providers.PropertiesFileSecurityRealm">
+    <gbean name="geronimo.security:type=SecurityRealm,realm=demo-properties-realm"
+        class="org.apache.geronimo.security.realm.GenericSecurityRealm">
         <attribute name="realmName" type="java.lang.String">demo-properties-realm</attribute>
-        <attribute name="maxLoginModuleAge" type="long">10000</attribute>
-        <attribute name="usersURI" type="java.net.URI">var/security/demo_users.properties</attribute>
-        <attribute name="groupsURI" type="java.net.URI">var/security/demo_groups.properties</attribute>
+        <attribute name="loginModuleConfiguration" type="java.util.Properties">
+            LoginModule.1.REQUIRED=geronimo.security:type=LoginModule,name=demo-properties-login
+        </attribute>
+        <attribute name="autoMapPrincipalClasses" type="java.lang.String">org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal</attribute>
         <reference name="ServerInfo">geronimo.system:role=ServerInfo</reference>
+    </gbean>
+
+    <gbean name="geronimo.security:type=ConfigurationEntry,jaasId=jaasTest"
+        class="org.apache.geronimo.security.jaas.ServerRealmConfigurationEntry">
+        <attribute name="applicationConfigName" type="java.lang.String">jaasTest</attribute>
+        <attribute name="realmName" type="java.lang.String">demo-properties-realm</attribute>
     </gbean>
 
     <!-- Jetty Realm that points to the Geronimo Demo Properties File Realm -->

Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml	(original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml	Fri Nov 19 23:38:55 2004
@@ -100,18 +100,30 @@
 
 
     <!-- Default security realm using properties files -->
-    <gbean name="geronimo.security:type=SecurityRealm,realm=geronimo-properties-realm" class="org.apache.geronimo.security.realm.providers.PropertiesFileSecurityRealm">
+    <gbean name="geronimo.security:type=LoginModule,name=properties-login"
+        class="org.apache.geronimo.security.jaas.LoginModuleGBean">
+        <attribute name="loginModuleClass" type="java.lang.String">org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</attribute>
+        <attribute name="serverSide" type="boolean">true</attribute>
+        <attribute name="options" type="java.util.Properties">
+            usersURI=var/security/users.properties
+            groupsURI=var/security/groups.properties
+        </attribute>
+    </gbean>
+
+    <gbean name="geronimo.security:type=SecurityRealm,realm=geronimo-properties-realm"
+           class="org.apache.geronimo.security.realm.GenericSecurityRealm">
         <attribute name="realmName" type="java.lang.String">geronimo-properties-realm</attribute>
-        <attribute name="maxLoginModuleAge" type="long">10000</attribute>
-        <attribute name="usersURI" type="java.net.URI">var/security/users.properties</attribute>
-        <attribute name="groupsURI" type="java.net.URI">var/security/groups.properties</attribute>
+        <attribute name="loginModuleConfiguration" type="java.util.Properties">
+            LoginModule.1.REQUIRED=geronimo.security:type=LoginModule,name=properties-login
+        </attribute>
         <reference name="ServerInfo">geronimo.system:role=ServerInfo</reference>
+        <attribute name="autoMapPrincipalClasses" type="java.lang.String">org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal</attribute>
     </gbean>
 
-    <gbean name="geronimo.security:type=ConfigurationEntry,jaasId=JMX" class="org.apache.geronimo.security.jaas.ConfigurationEntryRealmLocal">
+    <gbean name="geronimo.security:type=ConfigurationEntry,jaasId=JMX"
+           class="org.apache.geronimo.security.jaas.ServerRealmConfigurationEntry">
         <attribute name="applicationConfigName" type="java.lang.String">JMX</attribute>
         <attribute name="realmName" type="java.lang.String">geronimo-properties-realm</attribute>
-        <attribute name="controlFlag" type="org.apache.geronimo.security.jaas.LoginModuleControlFlag">REQUIRED</attribute>
     </gbean>
 
     <!-- Register GeronimoLoginConfiguration as the LoginConfiguration handler -->

Modified: geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java
==============================================================================
--- geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java	(original)
+++ geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java	Fri Nov 19 23:38:55 2004
@@ -22,13 +22,13 @@
 import java.util.Set;
 
 import javax.resource.spi.ManagedConnectionFactory;
-import javax.security.auth.login.AppConfigurationEntry;
 
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.security.realm.SecurityRealm;
-import org.apache.geronimo.security.realm.providers.AbstractSecurityRealm;
+import org.apache.geronimo.security.jaas.JaasLoginModuleConfiguration;
+import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
 import org.apache.regexp.RE;
 
 /**
@@ -37,16 +37,25 @@
  * @version $Rev$ $Date$
  *
  * */
-public class PasswordCredentialRealm extends AbstractSecurityRealm implements SecurityRealm, ManagedConnectionFactoryListener {
+public class PasswordCredentialRealm implements SecurityRealm, ManagedConnectionFactoryListener {
 
     private static final GBeanInfo GBEAN_INFO;
 
     ManagedConnectionFactory managedConnectionFactory;
+    String realmName;
 
     static final String REALM_INSTANCE = "org.apache.connector.outbound.security.PasswordCredentialRealm";
 
     public PasswordCredentialRealm(String realmName) {
-        super(realmName);
+        this.realmName = realmName;
+    }
+
+    public String getRealmName() {
+        return realmName;
+    }
+
+    public void setRealmName(String realmName) {
+        this.realmName = realmName;
     }
 
     public Set getGroupPrincipals() throws GeronimoSecurityException {
@@ -68,16 +77,15 @@
     public void refresh() throws GeronimoSecurityException {
     }
 
-    public AppConfigurationEntry[] getAppConfigurationEntries() {
+    public JaasLoginModuleConfiguration[] getAppConfigurationEntries() {
         Map options = new HashMap();
 
         // TODO: This can be a bad thing, passing a reference to a realm to the login module
         // since the SerializableACE can be sent remotely
         options.put(REALM_INSTANCE, this);
-        AppConfigurationEntry appConfigurationEntry = new AppConfigurationEntry(PasswordCredentialLoginModule.class.getName(),
-                AppConfigurationEntry.LoginModuleControlFlag.REQUISITE,
-                options);
-        return new AppConfigurationEntry[]{appConfigurationEntry};
+        JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(getRealmName(), PasswordCredentialLoginModule.class.getName(),
+                LoginModuleControlFlag.REQUISITE, options, true);
+        return new JaasLoginModuleConfiguration[]{config};
     }
 
     public boolean isLoginModuleLocal() {
@@ -93,8 +101,10 @@
     }
 
     static {
-        GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(PasswordCredentialRealm.class, AbstractSecurityRealm.getGBeanInfo());
+        GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(PasswordCredentialRealm.class);
         infoFactory.addInterface(ManagedConnectionFactoryListener.class);
+        infoFactory.addAttribute("realmName", String.class, true);
+        infoFactory.setConstructor(new String[]{"realmName"});
         GBEAN_INFO = infoFactory.getBeanInfo();
     }
 

Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java	(original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java	Fri Nov 19 23:38:55 2004
@@ -22,6 +22,7 @@
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
+import java.util.Properties;
 
 import junit.framework.TestCase;
 
@@ -51,6 +52,8 @@
     protected ObjectName jaasRealmName;
     protected GBeanMBean propertiesRealmGBean;
     protected ObjectName propertiesRealmName;
+    protected GBeanMBean propertiesLMGBean;
+    protected ObjectName propertiesLMName;
     protected ObjectName loginServiceName;
     protected GBeanMBean loginServiceGBean;
     protected ObjectName securityServiceName;
@@ -118,16 +121,27 @@
         loginServiceGBean.setAttribute("algorithm", "HmacSHA1");
         loginServiceGBean.setAttribute("password", "secret");
 
-        propertiesRealmGBean = new GBeanMBean("org.apache.geronimo.security.realm.providers.PropertiesFileSecurityRealm");
+        propertiesLMGBean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
+        propertiesLMName = new ObjectName("geronimo.security:type=LoginModule,name=demo-properties-login");
+        propertiesLMGBean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule");
+        propertiesLMGBean.setAttribute("serverSide", Boolean.TRUE);
+        Properties options = new Properties();
+        options.setProperty("usersURI", new File(new File("."), "src/test-resources/data/users.properties").toString());
+        options.setProperty("groupsURI", new File(new File("."), "src/test-resources/data/groups.properties").toString());
+        propertiesLMGBean.setAttribute("options", options);
+
+        propertiesRealmGBean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
         propertiesRealmName = new ObjectName("geronimo.security:type=SecurityRealm,realm=demo-properties-realm");
         propertiesRealmGBean.setReferencePatterns("ServerInfo", Collections.singleton(serverInfoName));
         propertiesRealmGBean.setAttribute("realmName", "demo-properties-realm");
-        propertiesRealmGBean.setAttribute("defaultPrincipal", "metro");
-        propertiesRealmGBean.setAttribute("maxLoginModuleAge", new Long(1 * 1000));
-        propertiesRealmGBean.setAttribute("usersURI", (new File(new File("."), "src/test-resources/data/users.properties")).toURI());
-        propertiesRealmGBean.setAttribute("groupsURI", (new File(new File("."), "src/test-resources/data/groups.properties")).toURI());
+        Properties config = new Properties();
+        config.setProperty("LoginModule.1.REQUIRED", propertiesLMName.getCanonicalName());
+        propertiesRealmGBean.setAttribute("loginModuleConfiguration", config);
+        propertiesRealmGBean.setAttribute("autoMapPrincipalClasses", "org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal");
+        propertiesRealmGBean.setAttribute("defaultPrincipal", "metro=org.apache.geronimo.security.realm.providers.PropertiesFileUserPrincipal");
 
         start(serverInfoName, serverInfoGBean);
+        start(propertiesLMName, propertiesLMGBean);
         start(propertiesRealmName, propertiesRealmGBean);
         start(containerName, container);
         start(securityServiceName, securityServiceGBean);
@@ -158,6 +172,7 @@
         stop(securityServiceName);
         stop(containerName);
         stop(propertiesRealmName);
+        stop(propertiesLMName);
         stop(serverInfoName);
         kernel.shutdown();
     }

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java	Fri Nov 19 23:38:55 2004
@@ -42,7 +42,7 @@
             throws IllegalArgumentException, UnsupportedCallbackException {
         if (exploring) {
             source = callbacks;
-            throw new UnsupportedCallbackException(callbacks.length > 0 ? callbacks[0] : null, "DO NOT PROCEED WITH THIS LOGIN");
+            throw new UnsupportedCallbackException(callbacks != null && callbacks.length > 0 ? callbacks[0] : null, "DO NOT PROCEED WITH THIS LOGIN");
         } else {
             if(callbacks.length != source.length) {
                 throw new IllegalArgumentException("Mismatched callbacks");
@@ -53,7 +53,18 @@
         }
     }
 
-    public void load(Callback[] callbacks) throws IllegalArgumentException {
+    /**
+     * Within the same VM, the client just populates the callbacks directly
+     * into the array held by this object.  However, remote clients will
+     * serialize their responses, so they need to be manually set back on this
+     * object to take effect.
+     *
+     * @param callbacks The callbacks populated by the client
+     */
+    public void setClientResponse(Callback[] callbacks) throws IllegalArgumentException {
+        if(source == null && callbacks == null) {
+            return; // i.e. The Kerberos LM doesn't need callbacks
+        }
         if(callbacks.length != source.length) {
             throw new IllegalArgumentException("Mismatched callbacks");
         }
@@ -75,7 +86,7 @@
 
     /**
      * Indicates that the exploring phase is over.
-     */ 
+     */
     public Callback[] finalizeCallbackList() {
         exploring = false;
         return source;

Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java	Fri Nov 19 23:38:55 2004
@@ -0,0 +1,74 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.security.jaas;
+
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+import org.apache.geronimo.gbean.GBeanLifecycle;
+import org.apache.geronimo.gbean.WaitingException;
+
+/**
+ * Exposes a LoginModule directly to JAAS clients, without any particular
+ * wrapping by Geronimo.  You do still need to declare the login module as a
+ * GBean, but it's not like it will be run through the login service or
+ * anything.
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public class DirectConfigurationEntry implements GBeanLifecycle {
+    private String applicationConfigName;
+    private LoginModuleControlFlag controlFlag;
+    private LoginModuleGBean module;
+
+    public DirectConfigurationEntry() {
+        // just for use by GBean infrastructure
+    }
+
+    public DirectConfigurationEntry(String applicationConfigName, LoginModuleControlFlag controlFlag, LoginModuleGBean module) {
+        this.applicationConfigName = applicationConfigName;
+        this.controlFlag = controlFlag;
+        this.module = module;
+    }
+
+    public void doStart() throws WaitingException, Exception {
+        GeronimoLoginConfiguration.register(new JaasLoginModuleConfiguration(applicationConfigName, module.getLoginModuleClass(), controlFlag, module.getOptions(), module.isServerSide()));
+    }
+
+    public void doStop() throws WaitingException, Exception {
+        GeronimoLoginConfiguration.unRegister(applicationConfigName);
+    }
+
+    public void doFail() {
+    }
+
+    public static final GBeanInfo GBEAN_INFO;
+
+    static {
+        GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(DirectConfigurationEntry.class);
+        infoFactory.addAttribute("applicationConfigName", String.class, true);
+        infoFactory.addAttribute("controlFlag", LoginModuleControlFlag.class, true);
+
+        infoFactory.addReference("Module", LoginModuleGBean.class);
+
+        infoFactory.setConstructor(new String[]{"applicationConfigName", "controlFlag", "Module"});
+        GBEAN_INFO = infoFactory.getBeanInfo();
+    }
+
+    public static GBeanInfo getGBeanInfo() {
+        return GBEAN_INFO;
+    }
+}

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java	Fri Nov 19 23:38:55 2004
@@ -19,6 +19,8 @@
 
 import java.util.Hashtable;
 import java.util.Map;
+import java.util.HashMap;
+import java.util.Properties;
 import javax.security.auth.login.AppConfigurationEntry;
 import javax.security.auth.login.Configuration;
 
@@ -27,6 +29,8 @@
 import org.apache.geronimo.gbean.GBeanLifecycle;
 import org.apache.geronimo.gbean.WaitingException;
 import org.apache.geronimo.security.SecurityService;
+import org.apache.geronimo.security.realm.SecurityRealm;
+import org.apache.geronimo.kernel.Kernel;
 
 
 /**
@@ -42,32 +46,60 @@
 
     private static Map entries = new Hashtable();
     private Configuration oldConfiguration;
+    private Kernel kernel;
+
+    public GeronimoLoginConfiguration(Kernel kernel) {
+        this.kernel = kernel;
+    }
 
     public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
-        ConfigurationEntry entry = (ConfigurationEntry) entries.get(name);
+        AppConfigurationEntry entry = (AppConfigurationEntry) entries.get(name);
 
         if (entry == null) return null;
 
-        return entry.getAppConfigurationEntry();
+//        if(!entry.getOptions().containsKey("kernel")) {
+//            entry.getOptions().put("kernel", kernel.getKernelName());
+//        }
+
+        return new AppConfigurationEntry[]{entry};
     }
 
     public void refresh() {
     }
 
-    public static void register(ConfigurationEntry entry) {
+    /**
+     * Registers a single Geronimo LoginModule
+     */
+    public static void register(JaasLoginModuleConfiguration entry) {
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(SecurityService.CONFIGURE);
 
-        if (entries.containsKey(entry.getApplicationConfigName())) throw new java.lang.IllegalArgumentException("ConfigurationEntry already registered");
+        if (entries.containsKey(entry.getName())) throw new java.lang.IllegalArgumentException("ConfigurationEntry already registered");
+
+        entries.put(entry.getName(), getAppConfigurationEntry(entry));
+    }
+
+    private static AppConfigurationEntry getAppConfigurationEntry(JaasLoginModuleConfiguration config) {
+        return new AppConfigurationEntry(config.getLoginModuleClassName(), config.getFlag().getFlag(), config.getOptions());
+    }
+
+    /**
+     * Registers a wrapper configuration that will hit a Geronimo security
+     * realm under the covers.
+     */
+    public static void register(SecurityRealm realm) {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) sm.checkPermission(SecurityService.CONFIGURE);
 
-        entries.put(entry.getApplicationConfigName(), entry);
+        if (entries.containsKey(realm.getRealmName())) throw new java.lang.IllegalArgumentException("ConfigurationEntry already registered");
+        entries.put(realm.getRealmName(), new AppConfigurationEntry("org.apache.geronimo.security.jaas.JaasLoginCoordinator", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new Properties()));
     }
 
-    public static void unRegister(ConfigurationEntry entry) {
+    public static void unRegister(String name) {
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(SecurityService.CONFIGURE);
 
-        entries.remove(entry.getApplicationConfigName());
+        entries.remove(name);
     }
 
     public void doStart() throws WaitingException, Exception {
@@ -95,6 +127,8 @@
 
     static {
         GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(GeronimoLoginConfiguration.class.getName());
+        infoFactory.addAttribute("kernel", Kernel.class, false);
+        infoFactory.setConstructor(new String[]{"kernel"});
         GBEAN_INFO = infoFactory.getBeanInfo();
     }
 }

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java	Fri Nov 19 23:38:55 2004
@@ -69,7 +69,12 @@
         kernelName = (String) options.get(OPTION_KERNEL);
         service = connect();
         handler = callbackHandler;
-        this.subject = subject;
+        if(subject == null) {
+            this.subject = new Subject();
+        } else {
+            this.subject = subject;
+        }
+        //todo: shared state
     }
 
     public boolean login() throws LoginException {
@@ -190,7 +195,11 @@
 
         public boolean login() throws LoginException {
             try {
-                handler.handle(callbacks);
+                if(handler != null) {
+                    handler.handle(callbacks);
+                } else if(callbacks != null && callbacks.length > 0) {
+                    System.err.println("No callback handler available for "+callbacks.length+" callbacks!");
+                }
                 return service.performServerLogin(client, index, callbacks);
             } catch (LoginException e) {
                 throw e;

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java	Fri Nov 19 23:38:55 2004
@@ -20,7 +20,11 @@
 
 import javax.security.auth.spi.LoginModule;
 import java.io.Serializable;
+import java.io.Externalizable;
 import java.util.Map;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.rmi.Remote;
 
 /**
  * Describes the configuration of a LoginModule -- its name, class, control
@@ -31,18 +35,24 @@
  */
 public class JaasLoginModuleConfiguration implements Serializable {
     private boolean serverSide;
+    private String name;
     private LoginModuleControlFlag flag;
     private String loginModuleName;
     private Map options;
     private transient LoginModule loginModule;
 
-    public JaasLoginModuleConfiguration(String loginModuleName, LoginModuleControlFlag flag, Map options, boolean serverSide) {
+    public JaasLoginModuleConfiguration(String name, String loginModuleName, LoginModuleControlFlag flag, Map options, boolean serverSide) {
+        this.name = name;
         this.serverSide = serverSide;
         this.flag = flag;
         this.loginModuleName = loginModuleName;
         this.options = options;
     }
 
+    public String getLoginModuleClassName() {
+        return loginModuleName;
+    }
+
     public LoginModule getLoginModule(ClassLoader loader) throws GeronimoSecurityException {
         if(loginModule == null) {
             try {
@@ -64,5 +74,26 @@
 
     public Map getOptions() {
         return options;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    /**
+     * Strips out stuff that isn't serializable so this can be safely passed to
+     * a remote server.
+     */
+    public JaasLoginModuleConfiguration getSerializableCopy() {
+        Map other = new HashMap();
+        for (Iterator it = options.keySet().iterator(); it.hasNext();) {
+            String key = (String) it.next();
+            Object value = options.get(key);
+            if(value instanceof Serializable || value instanceof Externalizable || value instanceof Remote) {
+                other.put(key, value);
+            }
+        }
+
+        return new JaasLoginModuleConfiguration(name, loginModuleName, flag, other, serverSide);
     }
 }

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java	Fri Nov 19 23:38:55 2004
@@ -32,13 +32,12 @@
 import javax.management.ObjectName;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
-import javax.security.auth.login.AppConfigurationEntry;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
-
 import EDU.oswego.cs.dl.util.concurrent.ClockDaemon;
 import EDU.oswego.cs.dl.util.concurrent.ThreadFactory;
-
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
@@ -61,6 +60,7 @@
  */
 public class JaasLoginService implements GBeanLifecycle, JaasLoginServiceMBean {
     public static final ObjectName OBJECT_NAME = JMXUtil.getObjectName("geronimo.security:type=JaasLoginService");
+    public static final Log log = LogFactory.getLog(JaasLoginService.class);
     private final static int DEFAULT_EXPIRED_LOGIN_SCAN_INTERVAL = 300000; // 5 mins
     private final static int DEFAULT_MAX_LOGIN_DURATION =  1000 * 3600 * 24; // 1 day
     private final static ClockDaemon clockDaemon;
@@ -171,7 +171,13 @@
         if(context == null) {
             throw new ExpiredLoginModuleException();
         }
-        return context.getModules();
+        JaasLoginModuleConfiguration[] config = context.getModules();
+        // strip out non-serializable configuration options
+        JaasLoginModuleConfiguration[] result = new JaasLoginModuleConfiguration[config.length];
+        for (int i = 0; i < config.length; i++) {
+            result[i] = config[i].getSerializableCopy();
+        }
+        return result;
     }
 
     /**
@@ -192,7 +198,12 @@
         JaasLoginModuleConfiguration config = context.getModules()[loginModuleIndex];
         LoginModule module = config.getLoginModule(classLoader);
         //todo: properly handle shared state
-        module.initialize(context.getSubject(), context.getHandler(), new HashMap(), config.getOptions());
+        try {
+            module.initialize(context.getSubject(), context.getHandler(), new HashMap(), config.getOptions());
+        } catch (Exception e) {
+            System.err.println("Failed to initialize module");
+            e.printStackTrace();
+        }
         try {
             module.login();
         } catch (LoginException e) {}
@@ -219,7 +230,7 @@
         }
         JaasLoginModuleConfiguration module = context.getModules()[loginModuleIndex];
         try {
-            context.getHandler().load(results);
+            context.getHandler().setClientResponse(results);
         } catch (IllegalArgumentException iae) {
             throw new LoginException(iae.toString());
         }
@@ -315,13 +326,7 @@
             id = ++nextLoginModuleId;
         }
         JaasClientId clientId = new JaasClientId(id, hash(id));
-        AppConfigurationEntry[] entries = realm.getAppConfigurationEntries();
-        JaasLoginModuleConfiguration[] modules = new JaasLoginModuleConfiguration[entries.length];
-        for (int i = 0; i < modules.length; i++) {
-            modules[i] = new JaasLoginModuleConfiguration(entries[i].getLoginModuleName(),
-                    LoginModuleControlFlag.getInstance(entries[i].getControlFlag()), entries[i].getOptions(),
-                    realm.isLoginModuleLocal()); //todo: calculate local-ness per module
-        }
+        JaasLoginModuleConfiguration[] modules = realm.getAppConfigurationEntries();
         JaasSecurityContext context = new JaasSecurityContext(realm.getRealmName(), modules);
         activeLogins.put(clientId, context);
         return clientId;

Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java	Fri Nov 19 23:38:55 2004
@@ -0,0 +1,82 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.security.jaas;
+
+import java.util.Properties;
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+
+/**
+ * A GBean that wraps a LoginModule, plus options to configure the LoginModule.
+ * If you want to deploy the same LoginModule with different options, you need
+ * more than one of these GBeans.  But if you want two security realms to refer
+ * to exactly the same login module configuration, you can have both realms
+ * refer to a single login module GBean.
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public class LoginModuleGBean {
+    private String loginModuleClass;
+    private Properties options;
+    private String objectName;
+    private boolean serverSide;
+
+    public LoginModuleGBean() {
+    }
+    
+    public LoginModuleGBean(String loginModuleClass, String objectName, boolean serverSide) {
+        this.loginModuleClass = loginModuleClass;
+        this.objectName = objectName;
+        this.serverSide = serverSide;
+    }
+
+    public Properties getOptions() {
+        return options;
+    }
+
+    public void setOptions(Properties options) {
+        this.options = options;
+    }
+
+    public String getLoginModuleClass() {
+        return loginModuleClass;
+    }
+
+    public String getObjectName() {
+        return objectName;
+    }
+
+    public boolean isServerSide() {
+        return serverSide;
+    }
+
+    public static final GBeanInfo GBEAN_INFO;
+
+    static {
+        GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(LoginModuleGBean.class);
+        infoFactory.addAttribute("options", Properties.class, true);
+        infoFactory.addAttribute("loginModuleClass", String.class, true);
+        infoFactory.addAttribute("objectName", String.class, false);
+        infoFactory.addAttribute("serverSide", boolean.class, true);
+        infoFactory.setConstructor(new String[]{"loginModuleClass","objectName","serverSide"});
+        GBEAN_INFO = infoFactory.getBeanInfo();
+    }
+
+    public static GBeanInfo getGBeanInfo() {
+        return GBEAN_INFO;
+    }
+}

Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java	Fri Nov 19 23:38:55 2004
@@ -0,0 +1,79 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.security.jaas;
+
+import java.util.Properties;
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+import org.apache.geronimo.gbean.GBeanLifecycle;
+import org.apache.geronimo.gbean.WaitingException;
+import org.apache.geronimo.kernel.Kernel;
+
+/**
+ * Creates a LoginModule configuration that will connect a server-side
+ * component to a security realm.  The same thing could be done with a
+ * LoginModuleGBean and a DirectConfigurationEntry, but this method saves some
+ * configuration effort.
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public class ServerRealmConfigurationEntry implements GBeanLifecycle {
+    private String applicationConfigName;
+    private String realmName;
+    private Kernel kernel;
+
+    public ServerRealmConfigurationEntry() {
+        // just for use by GBean infrastructure
+    }
+
+    public ServerRealmConfigurationEntry(String applicationConfigName, String realmName, Kernel kernel) {
+        this.applicationConfigName = applicationConfigName;
+        this.realmName = realmName;
+        this.kernel = kernel;
+    }
+
+    public void doStart() throws WaitingException, Exception {
+        Properties options = new Properties();
+        options.put("realm", realmName);
+        options.put("kernel", kernel.getKernelName());
+        JaasLoginModuleConfiguration entry = new JaasLoginModuleConfiguration(applicationConfigName, JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true);
+        GeronimoLoginConfiguration.register(entry);
+    }
+
+    public void doStop() throws WaitingException, Exception {
+        GeronimoLoginConfiguration.unRegister(applicationConfigName);
+    }
+
+    public void doFail() {
+    }
+
+    public static final GBeanInfo GBEAN_INFO;
+
+    static {
+        GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(ServerRealmConfigurationEntry.class);
+        infoFactory.addAttribute("applicationConfigName", String.class, true);
+        infoFactory.addAttribute("realmName", String.class, true);
+        infoFactory.addAttribute("kernel", Kernel.class, false);
+
+        infoFactory.setConstructor(new String[]{"applicationConfigName", "realmName", "kernel"});
+        GBEAN_INFO = infoFactory.getBeanInfo();
+    }
+
+    public static GBeanInfo getGBeanInfo() {
+        return GBEAN_INFO;
+    }
+}

Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java	Fri Nov 19 23:38:55 2004
@@ -0,0 +1,263 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.security.realm;
+
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+import javax.management.MalformedObjectNameException;
+import javax.management.ObjectName;
+import org.apache.geronimo.common.GeronimoSecurityException;
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+import org.apache.geronimo.gbean.GBeanLifecycle;
+import org.apache.geronimo.gbean.WaitingException;
+import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.kernel.jmx.MBeanProxyFactory;
+import org.apache.geronimo.security.deploy.Principal;
+import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration;
+import org.apache.geronimo.security.jaas.JaasLoginModuleConfiguration;
+import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
+import org.apache.geronimo.security.jaas.LoginModuleControlFlagEditor;
+import org.apache.geronimo.security.jaas.LoginModuleGBean;
+import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.regexp.RE;
+
+/**
+ * A security realm that can be configured for one or more login modules.  It
+ * can handle a combination of client-side and server-side login modules for
+ * the case of remote clients, and it can auto-role-mapping for its login
+ * modules (though you must configure it for that).
+ *
+ * To configure the list of LoginModules, set the loginModuleConfiguration
+ * to a Properties object with syntax like this:
+ * <pre>
+ * LoginModule.1.REQUIRED=ObjectName1
+ * LoginModule.2.SUFFICIENT=ObjectName2
+ * ...
+ * </pre>
+ * Each ObjectName should identify a LoginModuleGBean in the server
+ * configuration.  Each LoginModuleGBean has the configuration options for its
+ * login module, and knows whether it should run on the client side or server
+ * side.
+ *
+ * This realm populates a number of special login module options for the
+ * benefit of Geronimo login modules (though some of them are only available to
+ * server-side login modules, marked as not Serializable below):
+ * <pre>
+ * Option                                      Type                   Serializable
+ * GenericSecurityRealm.KERNEL_LM_OPTION       String (Kernel name)        Yes
+ * GenericSecurityRealm.SERVERINFO_LM_OPTION   ServerInfo                  No
+ * GenericSecurityRealm.CLASSLOADER_LM_OPTION  ClassLoader                 No
+ * </pre>
+ * These options can be safely ignored by login modules that don't need them
+ * (such as any custom LoginModules you may already have lying around).
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public class GenericSecurityRealm implements SecurityRealm, GBeanLifecycle, AutoMapAssistant {
+    public final static String KERNEL_LM_OPTION="org.apache.geronimo.security.realm.GenericSecurityRealm.KERNEL";
+    public final static String SERVERINFO_LM_OPTION="org.apache.geronimo.security.realm.GenericSecurityRealm.SERVERINFO";
+    public final static String CLASSLOADER_LM_OPTION="org.apache.geronimo.security.realm.GenericSecurityRealm.CLASSLOADER";
+    private String name;
+    private JaasLoginModuleConfiguration[] config;
+    private Kernel kernel;
+    private ServerInfo serverInfo;
+    private ClassLoader classLoader;
+    private String[] autoMapPrincipals;
+    private Principal defaultPrincipal;
+
+    public GenericSecurityRealm(String realmName, Kernel kernel, ServerInfo serverInfo, Properties loginModuleConfiguration, ClassLoader classLoader) throws MalformedObjectNameException {
+        this.name = realmName;
+        this.kernel = kernel;
+        this.serverInfo = serverInfo;
+        this.classLoader = classLoader;
+        processConfiguration(loginModuleConfiguration);
+    }
+
+    public void doStart() throws WaitingException, Exception {
+        GeronimoLoginConfiguration.register(this);
+    }
+
+    public void doStop() throws WaitingException, Exception {
+        GeronimoLoginConfiguration.unRegister(name);
+    }
+
+    public void doFail() {
+    }
+
+    public String getRealmName() {
+        return name;
+    }
+
+    public JaasLoginModuleConfiguration[] getAppConfigurationEntries() {
+        return config;
+    }
+
+    /**
+     * Provides the default principal to be used when an unauthenticated
+     * subject uses a container.
+     *
+     * @return the default principal
+     */
+    public Principal obtainDefaultPrincipal() {
+        return defaultPrincipal;
+    }
+
+    /**
+     * Provides a set of principal class names to be used when automatically
+     * mapping principals to roles.
+     *
+     * @return a set of principal class names
+     */
+    public Set obtainRolePrincipalClasses() {
+        Set set = new HashSet();
+        for (int i = 0; i < autoMapPrincipals.length; i++) {
+            set.add(autoMapPrincipals[i]);
+        }
+        return set;
+    }
+
+    public void setDefaultPrincipal(String code) {
+        if(code != null) {
+            String[] parts=code.split("=");
+            if(parts.length != 2) {
+                throw new IllegalArgumentException("Default Principal should have the form 'name=class'");
+            }
+            defaultPrincipal = new Principal();
+            defaultPrincipal.setPrincipalName(parts[0]);
+            defaultPrincipal.setClassName(parts[1]);
+        }
+    }
+
+    public void setAutoMapPrincipalClasses(String classes) {
+        if(classes != null) {
+            autoMapPrincipals = classes.split(",");
+        } else {
+            autoMapPrincipals = new String[0];
+        }
+    }
+
+    /**
+     * @deprecated Will be removed in favor of (some kind of realm editor object) in
+     *             a future milestone release.
+     */
+    public Set getGroupPrincipals() throws GeronimoSecurityException {
+        return null; //todo
+    }
+
+    /**
+     * @deprecated Will be removed in favor of (some kind of realm editor object) in
+     *             a future milestone release.
+     */
+    public Set getGroupPrincipals(RE regexExpression) throws GeronimoSecurityException {
+        return null; //todo
+    }
+
+    /**
+     * @deprecated Will be removed in favor of (some kind of realm editor object) in
+     *             a future milestone release.
+     */
+    public Set getUserPrincipals() throws GeronimoSecurityException {
+        return null; //todo
+    }
+
+    /**
+     * @deprecated Will be removed in favor of (some kind of realm editor object) in
+     *             a future milestone release.
+     */
+    public Set getUserPrincipals(RE regexExpression) throws GeronimoSecurityException {
+        return null; //todo
+    }
+
+    private void processConfiguration(Properties props) throws MalformedObjectNameException {
+        int i = 1;
+        List list = new ArrayList();
+        LoginModuleControlFlagEditor editor = new LoginModuleControlFlagEditor();
+        while(true) {
+            boolean found = false;
+            String prefix = "LoginModule."+i+".";
+            for (Enumeration en = props.propertyNames(); en.hasMoreElements();) {
+                String key = (String) en.nextElement();
+                if(key.startsWith(prefix)) {
+                    String flagName = key.substring(prefix.length()).toUpperCase();
+                    editor.setAsText(flagName);
+                    LoginModuleControlFlag flag = (LoginModuleControlFlag) editor.getValue();
+                    LoginModuleGBean module = (LoginModuleGBean) MBeanProxyFactory.getProxy(LoginModuleGBean.class, kernel.getMBeanServer(), new ObjectName(props.getProperty(key)));
+                    Map options = module.getOptions();
+                    if(options != null) {
+                        options = new HashMap(options);
+                    } else {
+                        options = new HashMap();
+                    }
+                    if(kernel != null && !options.containsKey(KERNEL_LM_OPTION)) {
+                        options.put(KERNEL_LM_OPTION, kernel.getKernelName());
+                    }
+                    if(serverInfo != null && !options.containsKey(SERVERINFO_LM_OPTION)) {
+                        options.put(SERVERINFO_LM_OPTION, serverInfo);
+                    }
+                    if(classLoader != null && !options.containsKey(CLASSLOADER_LM_OPTION)) {
+                        options.put(CLASSLOADER_LM_OPTION, classLoader);
+                    }
+                    JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(module.getObjectName(), module.getLoginModuleClass(), flag, options, module.isServerSide());
+                    list.add(config);
+                    ++i;
+                    found = true;
+                    break;
+                }
+            }
+            if(!found) {
+                break;
+            }
+        }
+        config = (JaasLoginModuleConfiguration[]) list.toArray(new JaasLoginModuleConfiguration[list.size()]);
+    }
+
+
+    public static final GBeanInfo GBEAN_INFO;
+
+    static {
+        GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(GenericSecurityRealm.class);
+
+        infoFactory.addInterface(SecurityRealm.class);
+        infoFactory.addAttribute("realmName", String.class, true);
+        infoFactory.addAttribute("kernel", Kernel.class, false);
+        infoFactory.addAttribute("loginModuleConfiguration", Properties.class, true);
+        infoFactory.addAttribute("classLoader", ClassLoader.class, false);
+        infoFactory.addAttribute("autoMapPrincipalClasses", String.class, true);
+        infoFactory.addAttribute("defaultPrincipal", String.class, true);
+
+        infoFactory.addReference("ServerInfo", ServerInfo.class);
+
+        infoFactory.addOperation("getAppConfigurationEntries", new Class[0]);
+        infoFactory.addOperation("obtainDefaultPrincipal", new Class[0]);
+        infoFactory.addOperation("obtainRolePrincipalClasses", new Class[0]);
+
+        infoFactory.setConstructor(new String[]{"realmName","kernel","ServerInfo","loginModuleConfiguration","classLoader"});
+
+        GBEAN_INFO = infoFactory.getBeanInfo();
+    }
+
+    public static GBeanInfo getGBeanInfo() {
+        return GBEAN_INFO;
+    }
+}

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java	Fri Nov 19 23:38:55 2004
@@ -22,6 +22,7 @@
 import java.util.Set;
 
 import org.apache.geronimo.common.GeronimoSecurityException;
+import org.apache.geronimo.security.jaas.JaasLoginModuleConfiguration;
 import org.apache.regexp.RE;
 
 
@@ -34,11 +35,7 @@
 
     public String getRealmName();
 
-    public long getMaxLoginModuleAge();
-
-    public AppConfigurationEntry[] getAppConfigurationEntries();
-
-    public boolean isLoginModuleLocal();
+    public JaasLoginModuleConfiguration[] getAppConfigurationEntries();
 
     /**
      * @deprecated Will be removed in favor of (some kind of realm editor object) in
@@ -63,12 +60,4 @@
      *             a future milestone release.
      */
     public Set getUserPrincipals(RE regexExpression) throws GeronimoSecurityException;
-
-    /**
-     * @deprecated Will be removed a future milestone release.  The refreshing should
-     *             be done by a login module or editor when appropriate to its own
-     *             needs.
-     */
-    public void refresh() throws GeronimoSecurityException;
-
 }

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java	Fri Nov 19 23:38:55 2004
@@ -18,13 +18,14 @@
 package org.apache.geronimo.security.realm.providers;
 
 import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
 import java.util.Enumeration;
+import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Map;
-import java.util.Set;
 import java.util.Properties;
-import java.util.HashSet;
-import java.net.URI;
+import java.util.Set;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
@@ -33,33 +34,60 @@
 import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
-
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.apache.geronimo.common.GeronimoSecurityException;
+import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.security.realm.GenericSecurityRealm;
+import org.apache.geronimo.system.serverinfo.ServerInfo;
 
 
 /**
+ * A LoginModule that reads a list of users and group from files on disk.  The
+ * files should be formatted using standard Java properties syntax.  Expects
+ * to be run by a GenericSecurityRealm (doesn't work on its own).
+ *
  * @version $Rev$ $Date$
  */
 public class PropertiesFileLoginModule implements LoginModule {
+    public final static String USERS_URI = "usersURI";
+    public final static String GROUPS_URI = "groupsURI";
+    private static Log log = LogFactory.getLog(PropertiesFileLoginModule.class);
     final Properties users = new Properties();
     final Properties groups = new Properties();
+
     Subject subject;
     CallbackHandler handler;
     String username;
     String password;
 
     public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
+        this.subject = subject;
+        this.handler = callbackHandler;
+        try {
+            Kernel kernel = Kernel.getKernel((String)options.get(GenericSecurityRealm.KERNEL_LM_OPTION));
+            ServerInfo serverInfo = (ServerInfo) options.get(GenericSecurityRealm.SERVERINFO_LM_OPTION);
+            URI usersURI = new URI((String)options.get(USERS_URI));
+            URI groupsURI = new URI((String)options.get(GROUPS_URI));
+            loadProperties(kernel, serverInfo, usersURI, groupsURI);
+        } catch (Exception e) {
+            log.error(e);
+            throw new IllegalArgumentException("Unable to configure properties file login module: "+e);
+        }
+    }
 
-        URI usersURI = (URI) options.get(PropertiesFileSecurityRealm.USERS_URI);
-        URI groupsURI = (URI) options.get(PropertiesFileSecurityRealm.GROUPS_URI);
-        assert usersURI != null;
-        assert groupsURI != null;
-
+    public void loadProperties(Kernel kernel, ServerInfo serverInfo, URI userURI, URI groupURI) throws GeronimoSecurityException {
         try {
-            users.load(usersURI.toURL().openStream());
+            URI userFile = serverInfo.resolve(userURI);
+            URI groupFile = serverInfo.resolve(groupURI);
+            InputStream stream = userFile.toURL().openStream();
+            users.load(stream);
+            stream.close();
 
             Properties temp = new Properties();
-            temp.load(groupsURI.toURL().openStream());
+            stream = groupFile.toURL().openStream();
+            temp.load(stream);
+            stream.close();
 
             Enumeration e = temp.keys();
             while (e.hasMoreElements()) {
@@ -77,13 +105,12 @@
                 }
             }
 
-        } catch (IOException e) {
+        } catch (Exception e) {
+            log.error("Properties File Login Module - data load failed", e);
             throw new GeronimoSecurityException(e);
         }
-
-        this.subject = subject;
-        this.handler = callbackHandler;
     }
+
 
     public boolean login() throws LoginException {
         Callback[] callbacks = new Callback[2];

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java	Fri Nov 19 23:38:55 2004
@@ -28,34 +28,48 @@
 import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
+import org.apache.geronimo.security.realm.GenericSecurityRealm;
 
 
 /**
+ * A login module that loads security information from a SQL database.  Expects
+ * to be run by a GenericSecurityRealm (doesn't work on its own).
+ *
  * @version $Rev$ $Date$
  */
-
 public class SQLLoginModule implements LoginModule {
-    private Subject subject;
-    private CallbackHandler handler;
-    private String cbUsername;
-    private String cbPassword;
+    public final static String USER_SELECT = "userSelect";
+    public final static String GROUP_SELECT = "groupSelect";
+    public final static String CONNECTION_URL = "jdbcURL";
+    public final static String USER = "jdbcUser";
+    public final static String PASSWORD = "jdbcPassword";
+    public final static String DRIVER = "jdbcDriver";
+    //todo: support JNDI data sources too
     private String connectionURL;
     private Properties properties;
     private Driver driver;
     private String userSelect;
     private String groupSelect;
+
+    private Subject subject;
+    private CallbackHandler handler;
+    private String cbUsername;
+    private String cbPassword;
     private final Set groups = new HashSet();
 
     public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
         this.subject = subject;
         this.handler = callbackHandler;
 
-        connectionURL = (String) options.get(SQLSecurityRealm.CONNECTION_URL);
-        properties = (Properties) options.get(SQLSecurityRealm.PROPERTIES);
-        userSelect = (String) options.get(SQLSecurityRealm.USER_SELECT);
-        groupSelect = (String) options.get(SQLSecurityRealm.GROUP_SELECT);
+        connectionURL = (String) options.get(CONNECTION_URL);
+        properties = new Properties();
+        properties.put("user", options.get(USER));
+        properties.put("password", options.get(PASSWORD));
+        userSelect = (String) options.get(USER_SELECT);
+        groupSelect = (String) options.get(GROUP_SELECT);
+        ClassLoader cl = (ClassLoader) options.get(GenericSecurityRealm.CLASSLOADER_LM_OPTION);
         try {
-            this.driver = (Driver) Class.forName((String) options.get(SQLSecurityRealm.DRIVER)).newInstance();
+            this.driver = (Driver) cl.loadClass((String) options.get(DRIVER)).newInstance();
         } catch (ClassNotFoundException e) {
             throw new IllegalArgumentException("Driver class "+driver+" is not available.  Perhaps you need to add it as a dependency in your deployment plan?");
         } catch(Exception e) {

Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java	(original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java	Fri Nov 19 23:38:55 2004
@@ -27,12 +27,13 @@
 import java.io.IOException;
 import java.net.URI;
 import java.util.Collections;
+import java.util.Properties;
 
 import junit.framework.TestCase;
 
 import org.apache.geronimo.gbean.jmx.GBeanMBean;
 import org.apache.geronimo.kernel.Kernel;
-import org.apache.geronimo.security.bridge.TestRealm;
+import org.apache.geronimo.security.bridge.TestLoginModule;
 
 
 /**
@@ -41,6 +42,7 @@
 public abstract class AbstractTest extends TestCase {
     protected Kernel kernel;
     protected ObjectName loginService;
+    protected ObjectName testLoginModule;
     protected ObjectName testRealm;
     protected ObjectName subsystemRouter;
     protected ObjectName asyncTransport;
@@ -63,11 +65,18 @@
         gbean.setAttribute("password", "secret");
         kernel.loadGBean(loginService, gbean);
 
-        gbean = new GBeanMBean("org.apache.geronimo.security.bridge.TestRealm");
-        testRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=testrealm");
-        gbean.setAttribute("realmName", TestRealm.REALM_NAME);
-        gbean.setAttribute("maxLoginModuleAge", new Long(1 * 1000));
-        gbean.setAttribute("debug", new Boolean(true));
+        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
+        testLoginModule = new ObjectName("geronimo.security:type=LoginModule,name=TestModule");
+        gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.bridge.TestLoginModule");
+        gbean.setAttribute("serverSide", new Boolean(true));
+        kernel.loadGBean(testLoginModule, gbean);
+
+        gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
+        testRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm="+TestLoginModule.REALM_NAME);
+        gbean.setAttribute("realmName", TestLoginModule.REALM_NAME);
+        Properties props = new Properties();
+        props.setProperty("LoginModule.1.REQUIRED","geronimo.security:type=LoginModule,name=TestModule");
+        gbean.setAttribute("loginModuleConfiguration", props);
         kernel.loadGBean(testRealm, gbean);
 
         gbean = new GBeanMBean("org.apache.geronimo.remoting.router.SubsystemRouter");
@@ -91,6 +100,7 @@
         kernel.loadGBean(serverStub, gbean);
 
         kernel.startGBean(loginService);
+        kernel.startGBean(testLoginModule);
         kernel.startGBean(testRealm);
         kernel.startGBean(subsystemRouter);
         kernel.startGBean(asyncTransport);
@@ -108,6 +118,7 @@
 
         kernel.unloadGBean(loginService);
         kernel.unloadGBean(testRealm);
+        kernel.unloadGBean(testLoginModule);
         kernel.unloadGBean(subsystemRouter);
         kernel.unloadGBean(asyncTransport);
         kernel.unloadGBean(jmxRouter);

Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/CallerIdentityUserPasswordBridgeTest.java
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/CallerIdentityUserPasswordBridgeTest.java	(original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/CallerIdentityUserPasswordBridgeTest.java	Fri Nov 19 23:38:55 2004
@@ -37,7 +37,7 @@
     protected void setUp() throws Exception {
         super.setUp();
         bridge = new CallerIdentityUserPasswordRealmBridge();
-        bridge.setTargetRealm(TestRealm.JAAS_NAME);
+        bridge.setTargetRealm(TestLoginModule.JAAS_NAME);
     }
 
     public void testCallerIdentityBridge() throws Exception {

Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/ConfiguredIdentityUserPasswordBridgeTest.java
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/ConfiguredIdentityUserPasswordBridgeTest.java	(original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/ConfiguredIdentityUserPasswordBridgeTest.java	Fri Nov 19 23:38:55 2004
@@ -33,7 +33,7 @@
 
     protected void setUp() throws Exception {
         super.setUp();
-        bridge = new ConfiguredIdentityUserPasswordRealmBridge(TestRealm.JAAS_NAME, AbstractBridgeTest.USER, AbstractBridgeTest.PASSWORD);
+        bridge = new ConfiguredIdentityUserPasswordRealmBridge(TestLoginModule.JAAS_NAME, AbstractBridgeTest.USER, AbstractBridgeTest.PASSWORD);
     }
 
     public void testConfiguredIdentityBridge() throws Exception {

Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/MappingUserPasswordBridgeTest.java
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/MappingUserPasswordBridgeTest.java	(original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/MappingUserPasswordBridgeTest.java	Fri Nov 19 23:38:55 2004
@@ -43,7 +43,7 @@
     protected void setUp() throws Exception {
         super.setUp();
         bridge = new TestMappingBridge();
-        bridge.setTargetRealm(TestRealm.JAAS_NAME);
+        bridge.setTargetRealm(TestLoginModule.JAAS_NAME);
         bridge.setPrincipalSourceType(TestPrincipalPrincipal.class);
         bridge.setPrincipalTargetCallbackName("Resource Principal");
         Map principalMap = new HashMap();

Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/TestLoginModule.java
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/TestLoginModule.java	(original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/bridge/TestLoginModule.java	Fri Nov 19 23:38:55 2004
@@ -36,6 +36,8 @@
  * @version $Rev$ $Date$
  */
 public class TestLoginModule implements LoginModule {
+    public final static String REALM_NAME = "bridge-realm";
+    public final static String JAAS_NAME = "bridge";
 
     private Subject subject;
     private CallbackHandler callbackHandler;

Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java	(original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java	Fri Nov 19 23:38:55 2004
@@ -46,6 +46,7 @@
     protected ObjectName serverInfo;
     protected ObjectName loginConfiguration;
     protected ObjectName loginService;
+    protected ObjectName clientCE;
     protected ObjectName testCE;
     protected ObjectName testRealm;
     protected ObjectName subsystemRouter;
@@ -54,7 +55,7 @@
     protected ObjectName serverStub;
 
     public void test() throws Exception {
-        LoginContext context = new LoginContext("properties", new AbstractTest.UsernamePasswordCallback("alan", "starcraft"));
+        LoginContext context = new LoginContext("properties-client", new AbstractTest.UsernamePasswordCallback("alan", "starcraft"));
 
         context.login();
         Subject subject = context.getSubject();
@@ -104,20 +105,28 @@
         gbean.setAttribute("password", "secret");
         kernel.loadGBean(loginService, gbean);
 
-        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.ConfigurationEntryRealmLocal");
-        testCE = new ObjectName("geronimo.security:type=ConfigurationEntry,jaasId=properties");
-        gbean.setAttribute("applicationConfigName", "properties");
+        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.ServerRealmConfigurationEntry");
+        clientCE = new ObjectName("geronimo.security:type=ConfigurationEntry,jaasId=properties-client");
+        gbean.setAttribute("applicationConfigName", "properties-client");
         gbean.setAttribute("realmName", "properties-realm");
-        gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED);
-        gbean.setAttribute("options", new Properties());
+        kernel.loadGBean(clientCE, gbean);
+
+        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
+        testCE = new ObjectName("geronimo.security:type=LoginModule,name=properties");
+        gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule");
+        gbean.setAttribute("serverSide", new Boolean(true));
+        Properties props = new Properties();
+        props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toString());
+        props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toString());
+        gbean.setAttribute("options", props);
         kernel.loadGBean(testCE, gbean);
 
-        gbean = new GBeanMBean("org.apache.geronimo.security.realm.providers.PropertiesFileSecurityRealm");
+        gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
         testRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=properties-realm");
         gbean.setAttribute("realmName", "properties-realm");
-        gbean.setAttribute("maxLoginModuleAge", new Long(1 * 1000));
-        gbean.setAttribute("usersURI", (new File(new File("."), "src/test-data/data/users.properties")).toURI());
-        gbean.setAttribute("groupsURI", (new File(new File("."), "src/test-data/data/groups.properties")).toURI());
+        props = new Properties();
+        props.setProperty("LoginModule.1.REQUIRED","geronimo.security:type=LoginModule,name=properties");
+        gbean.setAttribute("loginModuleConfiguration", props);
         gbean.setReferencePatterns("ServerInfo", Collections.singleton(serverInfo));
         kernel.loadGBean(testRealm, gbean);
 
@@ -143,6 +152,7 @@
 
         kernel.startGBean(loginConfiguration);
         kernel.startGBean(loginService);
+        kernel.startGBean(clientCE);
         kernel.startGBean(testCE);
         kernel.startGBean(testRealm);
         kernel.startGBean(subsystemRouter);
@@ -158,6 +168,7 @@
         kernel.stopGBean(subsystemRouter);
         kernel.stopGBean(testRealm);
         kernel.stopGBean(testCE);
+        kernel.stopGBean(clientCE);
         kernel.stopGBean(loginService);
         kernel.stopGBean(loginConfiguration);
         kernel.stopGBean(serverInfo);
@@ -165,6 +176,7 @@
         kernel.unloadGBean(loginService);
         kernel.unloadGBean(testCE);
         kernel.unloadGBean(testRealm);
+        kernel.unloadGBean(clientCE);
         kernel.unloadGBean(subsystemRouter);
         kernel.unloadGBean(asyncTransport);
         kernel.unloadGBean(jmxRouter);

Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java	(original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java	Fri Nov 19 23:38:55 2004
@@ -22,6 +22,7 @@
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 import java.util.Properties;
+import java.util.Collections;
 
 import org.apache.geronimo.gbean.jmx.GBeanMBean;
 import org.apache.geronimo.security.AbstractTest;
@@ -40,6 +41,7 @@
 public class LoginKerberosNonGeronimoTest extends AbstractTest {
 
     protected ObjectName kerberosCE;
+    protected ObjectName kerberosLM;
     protected ObjectName loginConfiguration;
 
     /**
@@ -56,20 +58,26 @@
         loginConfiguration = new ObjectName("geronimo.security:type=LoginConfiguration");
         kernel.loadGBean(loginConfiguration, gbean);
 
-        Properties options = new Properties();
-        options.put("debug", "true");
-        options.put("useTicketCache", "true");
-        options.put("doNotPrompt", "true");
+        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
+        kerberosLM = new ObjectName("geronimo.security:type=LoginModule,name=TOOLAZYDOGS.COM");
+        gbean.setAttribute("loginModuleClass", "com.sun.security.auth.module.Krb5LoginModule");
+        gbean.setAttribute("serverSide", new Boolean(true)); // normally not, but in this case, it's treated as server-side
+        Properties props = new Properties();
+        props.put("debug", "true");
+        props.put("useTicketCache", "true");
+        props.put("doNotPrompt", "true");
+        gbean.setAttribute("options", props);
+        kernel.loadGBean(kerberosLM, gbean);
 
-        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.ConfigurationEntryLocal");
+        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.DirectConfigurationEntry");
         kerberosCE = new ObjectName("geronimo.security:type=ConfigurationEntry,jaasId=kerberos-foobar");
         gbean.setAttribute("applicationConfigName", "kerberos-foobar");
-        gbean.setAttribute("loginModuleName", "com.sun.security.auth.module.Krb5LoginModule");
         gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED);
-        gbean.setAttribute("options", options);
+        gbean.setReferencePatterns("Module", Collections.singleton(kerberosLM));
         kernel.loadGBean(kerberosCE, gbean);
 
         kernel.startGBean(loginConfiguration);
+        kernel.startGBean(kerberosLM);
         kernel.startGBean(kerberosCE);
     }
 
@@ -81,9 +89,11 @@
      */
     public void tearDown() throws Exception {
         kernel.stopGBean(kerberosCE);
+        kernel.stopGBean(kerberosLM);
         kernel.stopGBean(loginConfiguration);
 
         kernel.unloadGBean(kerberosCE);
+        kernel.unloadGBean(kerberosLM);
         kernel.unloadGBean(loginConfiguration);
 
         super.tearDown();
@@ -111,6 +121,7 @@
 
             context.logout();
         } catch (LoginException e) {
+            e.printStackTrace();
             // May not have kerberos
         }
     }

Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosTest.java
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosTest.java	(original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginKerberosTest.java	Fri Nov 19 23:38:55 2004
@@ -17,6 +17,7 @@
 
 package org.apache.geronimo.security.jaas;
 
+import java.util.Properties;
 import javax.management.ObjectName;
 import javax.security.auth.Subject;
 import javax.security.auth.login.LoginContext;
@@ -34,42 +35,56 @@
 public class LoginKerberosTest extends AbstractTest {
 
     protected ObjectName kerberosRealm;
-    protected ObjectName kerberosCE;
+    protected ObjectName kerberosLM;
 
     public void setUp() throws Exception {
         super.setUp();
 
-        GBeanMBean gbean = new GBeanMBean("org.apache.geronimo.security.realm.providers.KerberosSecurityRealm");
+        GBeanMBean gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
+        kerberosLM = new ObjectName("geronimo.security:type=LoginModule,name=TOOLAZYDOGS.COM");
+        gbean.setAttribute("loginModuleClass", "com.sun.security.auth.module.Krb5LoginModule");
+        gbean.setAttribute("serverSide", new Boolean(true)); // normally not, but in this case, it's treated as server-side
+        Properties props = new Properties();
+        props.put("debug", "true");
+        props.put("useTicketCache", "true");
+        props.put("doNotPrompt", "true");
+        gbean.setAttribute("options", props);
+        kernel.loadGBean(kerberosLM, gbean);
+
+        gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
         kerberosRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=TOOLAZYDOGS.COM");
         gbean.setAttribute("realmName", "TOOLAZYDOGS.COM");
-        gbean.setAttribute("maxLoginModuleAge", new Long(1 * 1000));
-        gbean.setAttribute("debug", new Boolean(true));
-        gbean.setAttribute("useTicketCache", new Boolean(true));
-        gbean.setAttribute("doNotPrompt", new Boolean(true));
+        props = new Properties();
+        props.setProperty("LoginModule.1.REQUIRED","geronimo.security:type=LoginModule,name=TOOLAZYDOGS.COM");
+        gbean.setAttribute("loginModuleConfiguration", props);
         kernel.loadGBean(kerberosRealm, gbean);
+        kernel.startGBean(kerberosLM);
         kernel.startGBean(kerberosRealm);
     }
 
     public void tearDown() throws Exception {
         kernel.stopGBean(kerberosRealm);
         kernel.unloadGBean(kerberosRealm);
+        kernel.stopGBean(kerberosLM);
+        kernel.unloadGBean(kerberosLM);
 
         super.tearDown();
     }
 
-    public void testNothing() throws Exception { }
-
-    public void XtestLogin() throws Exception {
+    public void testLogin() throws Exception {
         try {
             LoginContext context = new LoginContext("kerberos-local");
 
             context.login();
             Subject subject = context.getSubject();
 
-            assertTrue("expected non-null subject", subject != null);
-            assertTrue("id of subject should be non-null", ContextManager.getSubjectId(subject) != null);
-            assertEquals("subject should have two principals", 2, subject.getPrincipals().size());
-            assertEquals("subject should have one realm principal", 1, subject.getPrincipals(RealmPrincipal.class).size());
+            assertTrue("expected non-null client-side subject", subject != null);
+            subject = ContextManager.getServerSideSubject(subject);
+
+            assertTrue("expected non-null server-side subject", subject != null);
+            assertTrue("id of server-side subject should be non-null", ContextManager.getSubjectId(subject) != null);
+            assertEquals("server-side subject should have two principals", 2, subject.getPrincipals().size());
+            assertEquals("server-side subject should have one realm principal", 1, subject.getPrincipals(RealmPrincipal.class).size());
             RealmPrincipal principal = (RealmPrincipal) subject.getPrincipals(RealmPrincipal.class).iterator().next();
             assertTrue("id of principal should be non-zero", principal.getId() != 0);
 
@@ -77,6 +92,7 @@
 
             assertTrue("id of subject should be null", ContextManager.getSubjectId(subject) == null);
         } catch (LoginException e) {
+            e.printStackTrace();
             // May not have kerberos
         }
     }

Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java	(original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java	Fri Nov 19 23:38:55 2004
@@ -40,8 +40,10 @@
 
     protected ObjectName serverInfo;
     protected ObjectName loginConfiguration;
-    protected ObjectName propertiesRealm;
-    protected ObjectName propertiesCE;
+    protected ObjectName clientLM;
+    protected ObjectName clientCE;
+    protected ObjectName testCE;
+    protected ObjectName testRealm;
 
     public void setUp() throws Exception {
         super.setUp();
@@ -58,36 +60,62 @@
         loginConfiguration = new ObjectName("geronimo.security:type=LoginConfiguration");
         kernel.loadGBean(loginConfiguration, gbean);
 
-        gbean = new GBeanMBean("org.apache.geronimo.security.realm.providers.PropertiesFileSecurityRealm");
-        propertiesRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=properties-realm");
-        gbean.setAttribute("realmName", "properties-realm");
-        gbean.setAttribute("maxLoginModuleAge", new Long(1 * 1000));
-        gbean.setAttribute("usersURI", (new File(new File("."), "src/test-data/data/users.properties")).toURI());
-        gbean.setAttribute("groupsURI", (new File(new File("."), "src/test-data/data/groups.properties")).toURI());
-        gbean.setReferencePatterns("ServerInfo", Collections.singleton(serverInfo));
-        kernel.loadGBean(propertiesRealm, gbean);
+        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
+        clientLM = new ObjectName("geronimo.security:type=LoginModule,name=properties-client");
+        gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.jaas.JaasLoginCoordinator");
+        gbean.setAttribute("serverSide", new Boolean(false));
+        Properties props = new Properties();
+        props.put("host", "localhost");
+        props.put("port", "4242");
+        props.put("realm", "properties-realm");
+        gbean.setAttribute("options", props);
+        kernel.loadGBean(clientLM, gbean);
+
+        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.DirectConfigurationEntry");
+        clientCE = new ObjectName("geronimo.security:type=ConfigurationEntry,jaasId=properties-client");
+        gbean.setAttribute("applicationConfigName", "properties-client");
+        gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED);
+        gbean.setReferencePatterns("Module", Collections.singleton(clientLM));
+        kernel.loadGBean(clientCE, gbean);
 
-        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.ConfigurationEntryRealmLocal");
-        propertiesCE = new ObjectName("geronimo.security:type=ConfigurationEntry,jaasId=properties");
-        gbean.setAttribute("applicationConfigName", "properties");
+        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
+        testCE = new ObjectName("geronimo.security:type=LoginModule,name=properties");
+        gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule");
+        gbean.setAttribute("serverSide", new Boolean(true));
+        props = new Properties();
+        props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toString());
+        props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toString());
+        gbean.setAttribute("options", props);
+        kernel.loadGBean(testCE, gbean);
+
+        gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
+        testRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=properties-realm");
         gbean.setAttribute("realmName", "properties-realm");
-        gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED);
-        gbean.setAttribute("options", new Properties());
-        kernel.loadGBean(propertiesCE, gbean);
+        props = new Properties();
+        props.setProperty("LoginModule.1.REQUIRED","geronimo.security:type=LoginModule,name=properties");
+        gbean.setAttribute("loginModuleConfiguration", props);
+        gbean.setReferencePatterns("ServerInfo", Collections.singleton(serverInfo));
+        kernel.loadGBean(testRealm, gbean);
 
         kernel.startGBean(loginConfiguration);
-        kernel.startGBean(propertiesRealm);
-        kernel.startGBean(propertiesCE);
+        kernel.startGBean(clientLM);
+        kernel.startGBean(clientCE);
+        kernel.startGBean(testCE);
+        kernel.startGBean(testRealm);
     }
 
     public void tearDown() throws Exception {
-        kernel.stopGBean(propertiesCE);
-        kernel.stopGBean(propertiesRealm);
+        kernel.stopGBean(testRealm);
+        kernel.stopGBean(testCE);
+        kernel.stopGBean(clientCE);
+        kernel.stopGBean(clientLM);
         kernel.stopGBean(loginConfiguration);
         kernel.stopGBean(serverInfo);
 
-        kernel.unloadGBean(propertiesRealm);
-        kernel.unloadGBean(propertiesCE);
+        kernel.unloadGBean(testCE);
+        kernel.unloadGBean(testRealm);
+        kernel.unloadGBean(clientCE);
+        kernel.unloadGBean(clientLM);
         kernel.unloadGBean(loginConfiguration);
         kernel.unloadGBean(serverInfo);
 
@@ -96,7 +124,7 @@
 
     public void testLogin() throws Exception {
 
-        LoginContext context = new LoginContext("properties", new AbstractTest.UsernamePasswordCallback("alan", "starcraft"));
+        LoginContext context = new LoginContext("properties-client", new AbstractTest.UsernamePasswordCallback("alan", "starcraft"));
 
         context.login();
         Subject subject = context.getSubject();

Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java	(original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java	Fri Nov 19 23:38:55 2004
@@ -20,6 +20,9 @@
 import java.sql.Connection;
 import java.sql.DriverManager;
 import java.sql.SQLException;
+import java.util.Properties;
+import java.util.Collections;
+import java.io.File;
 import javax.management.ObjectName;
 import javax.security.auth.Subject;
 import javax.security.auth.login.LoginContext;
@@ -28,6 +31,7 @@
 import org.apache.geronimo.security.AbstractTest;
 import org.apache.geronimo.security.IdentificationPrincipal;
 import org.apache.geronimo.security.RealmPrincipal;
+import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.kernel.management.State;
 
 
@@ -38,6 +42,7 @@
 
     private static final String hsqldbURL = "jdbc:hsqldb:target/database/LoginSQLTest";
     protected ObjectName sqlRealm;
+    protected ObjectName sqlModule;
 
     public void setUp() throws Exception {
         super.setUp();
@@ -76,23 +81,37 @@
 
         conn.close();
 
-        GBeanMBean gbean = new GBeanMBean("org.apache.geronimo.security.realm.providers.SQLSecurityRealm");
+        GBeanMBean gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
+        sqlModule = new ObjectName("geronimo.security:type=LoginModule,name=sql");
+        gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.SQLLoginModule");
+        gbean.setAttribute("serverSide", new Boolean(true));
+        Properties props = new Properties();
+        props.put("jdbcURL", hsqldbURL);
+        props.put("jdbcDriver", "org.hsqldb.jdbcDriver");
+        props.put("jdbcUser", "loginmodule");
+        props.put("jdbcPassword", "password");
+        props.put("userSelect", "SELECT UserName, Password FROM Users");
+        props.put("groupSelect", "SELECT GroupName, UserName FROM Groups");
+        gbean.setAttribute("options", props);
+        kernel.loadGBean(sqlModule, gbean);
+        kernel.startGBean(sqlModule);
+
+        gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
         sqlRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=sql-realm");
         gbean.setAttribute("realmName", "sql-realm");
-        gbean.setAttribute("maxLoginModuleAge", new Long(1 * 1000));
-        gbean.setAttribute("connectionURL", hsqldbURL);
-        gbean.setAttribute("driver","org.hsqldb.jdbcDriver");
-        gbean.setAttribute("user", "loginmodule");
-        gbean.setAttribute("password", "password");
-        gbean.setAttribute("userSelect", "SELECT UserName, Password FROM Users");
-        gbean.setAttribute("groupSelect", "SELECT GroupName, UserName FROM Groups");
+        props = new Properties();
+        props.setProperty("LoginModule.1.REQUIRED","geronimo.security:type=LoginModule,name=sql");
+        gbean.setAttribute("loginModuleConfiguration", props);
         kernel.loadGBean(sqlRealm, gbean);
         kernel.startGBean(sqlRealm);
+
     }
 
     public void tearDown() throws Exception {
         kernel.stopGBean(sqlRealm);
+        kernel.stopGBean(sqlModule);
         kernel.unloadGBean(sqlRealm);
+        kernel.unloadGBean(sqlModule);
 
         super.tearDown();
 
@@ -109,102 +128,21 @@
 
     }
 
-    public void testNothing() {
-    }
-
     public void testLogin() throws Exception {
         LoginContext context = new LoginContext("sql", new UsernamePasswordCallback("alan", "starcraft"));
 
         context.login();
         Subject subject = context.getSubject();
+        assertTrue("expected non-null client-side subject", subject != null);
+        subject = ContextManager.getServerSideSubject(subject);
 
-        assertTrue("expected non-null subject", subject != null);
-//        assertEquals("subject should have five principal", 5, subject.getPrincipals().size());
-//        assertEquals("subject should have two realm principals", 2, subject.getPrincipals(RealmPrincipal.class).size());
-//        assertEquals("subject should have one remote principal", 1, subject.getPrincipals(IdentificationPrincipal.class).size());
-        IdentificationPrincipal principal = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
-        assertTrue("id of principal should be non-zero", principal.getId().getSubjectId().longValue() != 0);
-
-        context.logout();
-    }
-
-    public void XtestLogoutTimeout() throws Exception {
-
-        assertEquals(new Integer(State.RUNNING_INDEX), kernel.getAttribute(sqlRealm, "state"));
-
-        ClassLoader oldCl = Thread.currentThread().getContextClassLoader();
-        try {
-            Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
-            LoginContext context = new LoginContext("sql", new UsernamePasswordCallback("alan", "starcraft"));
-
-            context.login();
-            Subject subject = context.getSubject();
-
-            assertTrue("expected non-null subject", subject != null);
-            assertEquals("subject should have five principal", 5, subject.getPrincipals().size());
-            assertEquals("subject should have two realm principals", 2, subject.getPrincipals(RealmPrincipal.class).size());
-            assertEquals("subject should have one remote principal", 1, subject.getPrincipals(IdentificationPrincipal.class).size());
-            IdentificationPrincipal principal = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
-            assertTrue("id of principal should be non-zero", principal.getId().getSubjectId().longValue() != 0);
-
-            Thread.sleep(20 * 1000);
-
-            try {
-                context.logout();
-                fail("The login module should have expired");
-            } catch (ExpiredLoginModuleException e) {
-                context.login();
-
-                subject = context.getSubject();
-
-                assertTrue("expected non-null subject", subject != null);
-                assertEquals("subject should have five principal", 5, subject.getPrincipals().size());
-                assertEquals("subject should have two realm principals", 2, subject.getPrincipals(RealmPrincipal.class).size());
-                assertEquals("subject should have one remote principal", 1, subject.getPrincipals(IdentificationPrincipal.class).size());
-                principal = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
-                assertTrue("id of principal should be non-zero", principal.getId().getSubjectId().longValue() != 0);
-
-                context.logout();
-            }
-        } finally {
-            Thread.currentThread().setContextClassLoader(oldCl);
-        }
-    }
-
-    public void XtestReloginTimeout() throws Exception {
-        LoginContext context = new LoginContext("sql", new UsernamePasswordCallback("alan", "starcraft"));
-
-        context.login();
-        Subject subject = context.getSubject();
-
-        assertTrue("expected non-null subject", subject != null);
-        assertEquals("subject should have five principal", 5, subject.getPrincipals().size());
-        assertEquals("subject should have two realm principals", 2, subject.getPrincipals(RealmPrincipal.class).size());
-        assertEquals("subject should have one remote principal", 1, subject.getPrincipals(IdentificationPrincipal.class).size());
+        assertTrue("expected non-null server-side subject", subject != null);
+        assertEquals("server-side subject should have five principal", 5, subject.getPrincipals().size());
+        assertEquals("server-side subject should have two realm principals", 2, subject.getPrincipals(RealmPrincipal.class).size());
+        assertEquals("server-side subject should have one remote principal", 1, subject.getPrincipals(IdentificationPrincipal.class).size());
         IdentificationPrincipal principal = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
         assertTrue("id of principal should be non-zero", principal.getId().getSubjectId().longValue() != 0);
 
         context.logout();
-        context.login();
-        context.logout();
-
-        // Waiting this long should cause the login module w/ an artificially
-        // low age limit to expire.  The next call to login should automatically
-        // create a new one.
-        Thread.sleep(4 * 1000);
-
-        context.login();
-
-        subject = context.getSubject();
-
-        assertTrue("expected non-null subject", subject != null);
-        assertEquals("subject should have five principal", 5, subject.getPrincipals().size());
-        assertEquals("subject should have two realm principals", 2, subject.getPrincipals(RealmPrincipal.class).size());
-        assertEquals("subject should have one remote principal", 1, subject.getPrincipals(IdentificationPrincipal.class).size());
-        principal = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
-        assertTrue("id of principal should be non-zero", principal.getId().getSubjectId().longValue() != 0);
-
-        context.logout();
     }
-
 }

Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java	(original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java	Fri Nov 19 23:38:55 2004
@@ -31,7 +31,7 @@
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.security.IdentificationPrincipal;
 import org.apache.geronimo.security.RealmPrincipal;
-import org.apache.geronimo.security.bridge.TestRealm;
+import org.apache.geronimo.security.bridge.TestLoginModule;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
 import org.apache.geronimo.kernel.Kernel;
 
@@ -43,8 +43,10 @@
 
     protected ObjectName serverInfo;
     protected ObjectName loginConfiguration;
-    protected ObjectName propertiesRealm;
-    protected ObjectName propertiesCE;
+    protected ObjectName testCE;
+    protected ObjectName testRealm;
+    protected ObjectName clientLM;
+    protected ObjectName clientCE;
 
     public void setUp() throws Exception {
         kernel = new Kernel("test.kernel", "simple.geronimo.test");
@@ -63,13 +65,6 @@
         gbean.setAttribute("password", "secret");
         kernel.loadGBean(loginService, gbean);
 
-        gbean = new GBeanMBean("org.apache.geronimo.security.bridge.TestRealm");
-        testRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=testrealm");
-        gbean.setAttribute("realmName", TestRealm.REALM_NAME);
-        gbean.setAttribute("maxLoginModuleAge", new Long(1 * 1000));
-        gbean.setAttribute("debug", new Boolean(true));
-        kernel.loadGBean(testRealm, gbean);
-
         gbean = new GBeanMBean("org.apache.geronimo.remoting.router.SubsystemRouter");
         subsystemRouter = new ObjectName("geronimo.remoting:router=SubsystemRouter");
         kernel.loadGBean(subsystemRouter, gbean);
@@ -91,7 +86,6 @@
         kernel.loadGBean(serverStub, gbean);
 
         kernel.startGBean(loginService);
-        kernel.startGBean(testRealm);
         kernel.startGBean(subsystemRouter);
         kernel.startGBean(asyncTransport);
         kernel.startGBean(jmxRouter);
@@ -107,36 +101,62 @@
         loginConfiguration = new ObjectName("geronimo.security:type=LoginConfiguration");
         kernel.loadGBean(loginConfiguration, gbean);
 
-        gbean = new GBeanMBean("org.apache.geronimo.security.realm.providers.PropertiesFileSecurityRealm");
-        propertiesRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=properties-realm");
+        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
+        testCE = new ObjectName("geronimo.security:type=LoginModule,name=properties");
+        gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule");
+        gbean.setAttribute("serverSide", new Boolean(true));
+        Properties props = new Properties();
+        props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toString());
+        props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toString());
+        gbean.setAttribute("options", props);
+        kernel.loadGBean(testCE, gbean);
+
+        gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
+        testRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=properties-realm");
         gbean.setAttribute("realmName", "properties-realm");
-        gbean.setAttribute("maxLoginModuleAge", new Long(1 * 1000));
-        gbean.setAttribute("usersURI", (new File(new File("."), "src/test-data/data/users.properties")).toURI());
-        gbean.setAttribute("groupsURI", (new File(new File("."), "src/test-data/data/groups.properties")).toURI());
+        props = new Properties();
+        props.setProperty("LoginModule.1.REQUIRED","geronimo.security:type=LoginModule,name=properties");
+        gbean.setAttribute("loginModuleConfiguration", props);
         gbean.setReferencePatterns("ServerInfo", Collections.singleton(serverInfo));
-        kernel.loadGBean(propertiesRealm, gbean);
+        kernel.loadGBean(testRealm, gbean);
 
-        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.ConfigurationEntryRealmLocal");
-        propertiesCE = new ObjectName("geronimo.security:type=ConfigurationEntry,jaasId=properties");
-        gbean.setAttribute("applicationConfigName", "properties");
-        gbean.setAttribute("realmName", "properties-realm");
+        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
+        clientLM = new ObjectName("geronimo.security:type=LoginModule,name=properties-client");
+        gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.jaas.JaasLoginCoordinator");
+        gbean.setAttribute("serverSide", new Boolean(false));
+        props = new Properties();
+        props.put("host", "localhost");
+        props.put("port", "4242");
+        props.put("realm", "properties-realm");
+        gbean.setAttribute("options", props);
+        kernel.loadGBean(clientLM, gbean);
+
+        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.DirectConfigurationEntry");
+        clientCE = new ObjectName("geronimo.security:type=ConfigurationEntry,jaasId=properties-client");
+        gbean.setAttribute("applicationConfigName", "properties-client");
         gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED);
-        gbean.setAttribute("options", new Properties());
-        kernel.loadGBean(propertiesCE, gbean);
+        gbean.setReferencePatterns("Module", Collections.singleton(clientLM));
+        kernel.loadGBean(clientCE, gbean);
 
         kernel.startGBean(loginConfiguration);
-        kernel.startGBean(propertiesRealm);
-        kernel.startGBean(propertiesCE);
+        kernel.startGBean(clientLM);
+        kernel.startGBean(clientCE);
+        kernel.startGBean(testCE);
+        kernel.startGBean(testRealm);
     }
 
     public void tearDown() throws Exception {
-        kernel.stopGBean(propertiesCE);
-        kernel.stopGBean(propertiesRealm);
+        kernel.stopGBean(testRealm);
+        kernel.stopGBean(testCE);
+        kernel.stopGBean(clientCE);
+        kernel.stopGBean(clientLM);
         kernel.stopGBean(loginConfiguration);
         kernel.stopGBean(serverInfo);
 
-        kernel.unloadGBean(propertiesRealm);
-        kernel.unloadGBean(propertiesCE);
+        kernel.unloadGBean(testCE);
+        kernel.unloadGBean(testRealm);
+        kernel.unloadGBean(clientCE);
+        kernel.unloadGBean(clientLM);
         kernel.unloadGBean(loginConfiguration);
         kernel.unloadGBean(serverInfo);
 
@@ -144,11 +164,9 @@
         kernel.stopGBean(jmxRouter);
         kernel.stopGBean(asyncTransport);
         kernel.stopGBean(subsystemRouter);
-        kernel.stopGBean(testRealm);
         kernel.stopGBean(loginService);
 
         kernel.unloadGBean(loginService);
-        kernel.unloadGBean(testRealm);
         kernel.unloadGBean(subsystemRouter);
         kernel.unloadGBean(asyncTransport);
         kernel.unloadGBean(jmxRouter);
@@ -159,7 +177,7 @@
 
     public void testTimeout() throws Exception {
 
-        LoginContext context = new LoginContext("properties", new AbstractTest.UsernamePasswordCallback("alan", "starcraft"));
+        LoginContext context = new LoginContext("properties-client", new AbstractTest.UsernamePasswordCallback("alan", "starcraft"));
 
         context.login();
         Subject subject = context.getSubject();

Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java	(original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java	Fri Nov 19 23:38:55 2004
@@ -52,6 +52,7 @@
 import org.apache.geronimo.pool.ClockPool;
 import org.apache.geronimo.pool.ThreadPool;
 import org.apache.geronimo.security.AbstractTest;
+import org.apache.geronimo.security.bridge.TestLoginModule;
 import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration;
 import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
@@ -65,8 +66,8 @@
     final static private Log log = LogFactory.getLog(SubjectCarryingProtocolTest.class);
 
     protected ObjectName serverInfo;
-    protected ObjectName propertiesRealm;
-    protected ObjectName propertiesCE;
+    protected ObjectName testCE;
+    protected ObjectName testRealm;
 
     private Subject clientSubject;
     private Subject serverSubject;
@@ -260,7 +261,7 @@
     }
 
     public void setUp() throws Exception {
-        Configuration.setConfiguration(new GeronimoLoginConfiguration());
+//        Configuration.setConfiguration(new GeronimoLoginConfiguration());
 
         startLatch = new Latch();
         shutdownLatch = new Latch();
@@ -276,25 +277,27 @@
         kernel.loadGBean(serverInfo, gbean);
         kernel.startGBean(serverInfo);
 
-        gbean = new GBeanMBean("org.apache.geronimo.security.realm.providers.PropertiesFileSecurityRealm");
-        propertiesRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=properties-realm");
-        gbean.setAttribute("realmName", "properties-realm");
-        gbean.setAttribute("maxLoginModuleAge", new Long(1 * 1000));
-        gbean.setAttribute("usersURI", (new File(new File("."), "src/test-data/data/users.properties")).toURI());
-        gbean.setAttribute("groupsURI", (new File(new File("."), "src/test-data/data/groups.properties")).toURI());
-        gbean.setReferencePatterns("ServerInfo", Collections.singleton(serverInfo));
-        kernel.loadGBean(propertiesRealm, gbean);
+        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
+        testCE = new ObjectName("geronimo.security:type=LoginModule,name=properties");
+        gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule");
+        gbean.setAttribute("serverSide", new Boolean(true));
+        Properties props = new Properties();
+        props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toString());
+        props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toString());
+        gbean.setAttribute("options", props);
+        kernel.loadGBean(testCE, gbean);
 
-        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.ConfigurationEntryRealmLocal");
-        propertiesCE = new ObjectName("geronimo.security:type=ConfigurationEntry,jaasId=properties");
-        gbean.setAttribute("applicationConfigName", "properties");
+        gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
+        testRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=properties-realm");
         gbean.setAttribute("realmName", "properties-realm");
-        gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED);
-        gbean.setAttribute("options", new Properties());
-        kernel.loadGBean(propertiesCE, gbean);
+        props = new Properties();
+        props.setProperty("LoginModule.1.REQUIRED","geronimo.security:type=LoginModule,name=properties");
+        gbean.setAttribute("loginModuleConfiguration", props);
+        gbean.setReferencePatterns("ServerInfo", Collections.singleton(serverInfo));
+        kernel.loadGBean(testRealm, gbean);
 
-        kernel.startGBean(propertiesRealm);
-        kernel.startGBean(propertiesCE);
+        kernel.startGBean(testCE);
+        kernel.startGBean(testRealm);
 
         LoginContext context = new LoginContext("properties", new AbstractTest.UsernamePasswordCallback("alan", "starcraft"));
         context.login();
@@ -308,11 +311,11 @@
     }
 
     public void tearDown() throws Exception {
-        kernel.stopGBean(propertiesCE);
-        kernel.stopGBean(propertiesRealm);
+        kernel.stopGBean(testRealm);
+        kernel.stopGBean(testCE);
         kernel.stopGBean(serverInfo);
-        kernel.unloadGBean(propertiesRealm);
-        kernel.unloadGBean(propertiesCE);
+        kernel.unloadGBean(testCE);
+        kernel.unloadGBean(testRealm);
         kernel.unloadGBean(serverInfo);
 
         super.tearDown();

Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/remoting/jmx/RemoteLoginTest.java
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/remoting/jmx/RemoteLoginTest.java	(original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/remoting/jmx/RemoteLoginTest.java	Fri Nov 19 23:38:55 2004
@@ -21,6 +21,7 @@
 import java.io.IOException;
 import java.net.URI;
 import java.util.Collections;
+import java.util.Properties;
 import javax.management.ObjectName;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
@@ -48,7 +49,8 @@
     Kernel kernel;
     ObjectName serverInfo;
     ObjectName loginService;
-    ObjectName kerberosRealm;
+    protected ObjectName testCE;
+    protected ObjectName testRealm;
     ObjectName subsystemRouter;
     ObjectName secureSubsystemRouter;
     ObjectName asyncTransport;
@@ -108,14 +110,24 @@
         gbean.setAttribute("password", "secret");
         kernel.loadGBean(loginService, gbean);
 
-        gbean = new GBeanMBean("org.apache.geronimo.security.realm.providers.PropertiesFileSecurityRealm");
-        kerberosRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=properties-realm");
+        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
+        testCE = new ObjectName("geronimo.security:type=LoginModule,name=properties");
+        gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule");
+        gbean.setAttribute("serverSide", new Boolean(true));
+        Properties props = new Properties();
+        props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toString());
+        props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toString());
+        gbean.setAttribute("options", props);
+        kernel.loadGBean(testCE, gbean);
+
+        gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
+        testRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=properties-realm");
         gbean.setAttribute("realmName", "properties-realm");
-        gbean.setAttribute("maxLoginModuleAge", new Long(1 * 1000));
-        gbean.setAttribute("usersURI", (new File(new File("."), "src/test-data/data/users.properties")).toURI());
-        gbean.setAttribute("groupsURI", (new File(new File("."), "src/test-data/data/groups.properties")).toURI());
+        props = new Properties();
+        props.setProperty("LoginModule.1.REQUIRED","geronimo.security:type=LoginModule,name=properties");
+        gbean.setAttribute("loginModuleConfiguration", props);
         gbean.setReferencePatterns("ServerInfo", Collections.singleton(serverInfo));
-        kernel.loadGBean(kerberosRealm, gbean);
+        kernel.loadGBean(testRealm, gbean);
 
         gbean = new GBeanMBean("org.apache.geronimo.remoting.router.SubsystemRouter");
         subsystemRouter = new ObjectName("geronimo.remoting:router=SubsystemRouter");
@@ -159,7 +171,8 @@
         kernel.loadGBean(serverStub, gbean);
 
         kernel.startGBean(loginService);
-        kernel.startGBean(kerberosRealm);
+        kernel.startGBean(testCE);
+        kernel.startGBean(testRealm);
         kernel.startGBean(subsystemRouter);
         kernel.startGBean(secureSubsystemRouter);
         kernel.startGBean(asyncTransport);
@@ -191,12 +204,14 @@
         kernel.stopGBean(asyncTransport);
         kernel.stopGBean(secureSubsystemRouter);
         kernel.stopGBean(subsystemRouter);
-        kernel.stopGBean(kerberosRealm);
+        kernel.stopGBean(testRealm);
+        kernel.stopGBean(testCE);
         kernel.stopGBean(loginService);
         kernel.stopGBean(serverInfo);
 
         kernel.unloadGBean(loginService);
-        kernel.unloadGBean(kerberosRealm);
+        kernel.unloadGBean(testCE);
+        kernel.unloadGBean(testRealm);
         kernel.unloadGBean(subsystemRouter);
         kernel.unloadGBean(secureSubsystemRouter);
         kernel.unloadGBean(asyncTransport);

Mime
View raw message