geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ammul...@apache.org
Subject svn commit: r106257 - in geronimo/trunk/modules: assembly/src/plan connector/src/java/org/apache/geronimo/connector/outbound/security jetty/src/java/org/apache/geronimo/jetty jetty/src/test-resources/deployables/war3/WEB-INF jetty/src/test/org/apache/geronimo/jetty security/src/java/org/apache/geronimo/security security/src/java/org/apache/geronimo/security/deploy security/src/java/org/apache/geronimo/security/jaas security/src/java/org/apache/geronimo/security/realm security/src/java/org/apache/geronimo/security/realm/providers security/src/java/org/apache/geronimo/security/util security/src/test/org/apache/geronimo/security security/src/test/org/apache/geronimo/security/jaas security/src/test/org/apache/geronimo/security/network/protocol
Date Tue, 23 Nov 2004 02:03:24 GMT
Author: ammulder
Date: Mon Nov 22 18:03:22 2004
New Revision: 106257

Added:
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/DeploymentSupport.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/FileAuditLoginModule.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoGroupPrincipal.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoUserPrincipal.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/DeploymentSupportTest.java
Removed:
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileGroupPrincipal.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileUserPrincipal.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLGroupPrincipal.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLUserPrincipal.java
Modified:
   geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml
   geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml
   geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java
   geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
   geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java
   geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml
   geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java
   geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java
   geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java
Log:
Next round of security improvements
 - add login domains
 - consolidate principal classes
 - pull deployment methods out of realm into helper interface
 - add auditing login module
 - test & fix realms with multiple login modules
 - add flag to control whether server-side principals are returned to client
 - update all tests and plans with the new syntax


Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml?view=diff&rev=106257&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml&r1=106256&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml&r2=106257
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml	(original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-secure-plan.xml	Mon Nov 22 18:03:22 2004
@@ -44,6 +44,7 @@
             usersURI=var/security/demo_users.properties
             groupsURI=var/security/demo_groups.properties
         </attribute>
+        <attribute name="loginDomainName" type="java.lang.String">demo-properties-realm</attribute>
     </gbean>
 
     <gbean name="geronimo.security:type=SecurityRealm,realm=demo-properties-realm"

Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml?view=diff&rev=106257&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r1=106256&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r2=106257
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml	(original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml	Mon Nov 22 18:03:22 2004
@@ -108,6 +108,7 @@
             usersURI=var/security/users.properties
             groupsURI=var/security/groups.properties
         </attribute>
+        <attribute name="loginDomainName" type="java.lang.String">geronimo-properties-realm</attribute>
     </gbean>
 
     <gbean name="geronimo.security:type=SecurityRealm,realm=geronimo-properties-realm"

Modified: geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java?view=diff&rev=106257&p1=geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java&r1=106256&p2=geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java	(original)
+++ geronimo/trunk/modules/connector/src/java/org/apache/geronimo/connector/outbound/security/PasswordCredentialRealm.java	Mon Nov 22 18:03:22 2004
@@ -20,10 +20,6 @@
 import javax.resource.spi.ManagedConnectionFactory;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.Set;
-
-import org.apache.regexp.RE;
-
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
@@ -33,6 +29,7 @@
 import org.apache.geronimo.security.jaas.JaasLoginModuleConfiguration;
 import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
 import org.apache.geronimo.security.realm.SecurityRealm;
+import org.apache.geronimo.security.realm.DeploymentSupport;
 
 /**
  *
@@ -59,40 +56,29 @@
         return realmName;
     }
 
-    public Set getGroupPrincipals() throws GeronimoSecurityException {
-        return null;
+    public boolean isRestrictPrincipalsToServer() {
+        return true;
     }
 
-    public Set getGroupPrincipals(RE regexExpression) throws GeronimoSecurityException {
-        return null;
+    public String[] getLoginDomains() {
+        return new String[]{realmName};
     }
 
-    public Set getUserPrincipals() throws GeronimoSecurityException {
+    public DeploymentSupport getDeploymentSupport(String loginDomain) throws GeronimoSecurityException {
         return null;
     }
 
-    public Set getUserPrincipals(RE regexExpression) throws GeronimoSecurityException {
-        return null;
-    }
-
-    public void refresh() throws GeronimoSecurityException {
-    }
-
     public JaasLoginModuleConfiguration[] getAppConfigurationEntries() {
         Map options = new HashMap();
 
         // TODO: This can be a bad thing, passing a reference to a realm to the login module
         // since the SerializableACE can be sent remotely
         options.put(REALM_INSTANCE, this);
-        JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(getRealmName(), PasswordCredentialLoginModule.class.getName(),
-                LoginModuleControlFlag.REQUISITE, options, true);
+        JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(PasswordCredentialLoginModule.class.getName(),
+                LoginModuleControlFlag.REQUISITE, options, true, getRealmName());
         return new JaasLoginModuleConfiguration[]{config};
     }
 
-    public boolean isLoginModuleLocal() {
-        return true;
-    }
-
     public void setManagedConnectionFactory(ManagedConnectionFactory managedConnectionFactory) {
         this.managedConnectionFactory = managedConnectionFactory;
     }
@@ -110,7 +96,7 @@
         options.put("realm", realmName);
         options.put("kernel", kernel.getKernelName());
 
-        return new JaasLoginModuleConfiguration(realmName, JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true);
+        return new JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true, realmName);
     }
 
     static {

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java?view=diff&rev=106257&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r1=106256&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java	(original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java	Mon Nov 22 18:03:22 2004
@@ -412,11 +412,13 @@
         JAASJettyPrincipal result = new JAASJettyPrincipal("default");
         Subject defaultSubject = new Subject();
 
-        RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(defaultPrincipal.getPrincipal(), defaultPrincipal.getRealmName());
+        //todo: needs a proper login domain name to go with the realm name
+        RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(defaultPrincipal.getPrincipal(), defaultPrincipal.getRealmName(), defaultPrincipal.getRealmName());
         if (realmPrincipal == null) {
             throw new GeronimoSecurityException("Unable to create realm principal");
         }
-        PrimaryRealmPrincipal primaryRealmPrincipal = ConfigurationUtil.generatePrimaryRealmPrincipal(defaultPrincipal.getPrincipal(), defaultPrincipal.getRealmName());
+        //todo: needs a proper login domain name to go with the realm name
+        PrimaryRealmPrincipal primaryRealmPrincipal = ConfigurationUtil.generatePrimaryRealmPrincipal(defaultPrincipal.getPrincipal(), defaultPrincipal.getRealmName(), defaultPrincipal.getRealmName());
         if (primaryRealmPrincipal == null) {
             throw new GeronimoSecurityException("Unable to create primary realm principal");
         }

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java?view=diff&rev=106257&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java&r1=106256&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java	(original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java	Mon Nov 22 18:03:22 2004
@@ -341,8 +341,8 @@
                 Iterator principals = realm.getPrincipals().iterator();
                 while (principals.hasNext()) {
                     Principal principal = (Principal) principals.next();
-
-                    RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(principal, realm.getRealmName());
+                    //todo: The next line must use a login domain name, which I guess means that neds to go in the geronimo-jetty.xml
+                    RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(principal, realm.getRealmName(), realm.getRealmName());
                     if (realmPrincipal == null) throw new GeronimoSecurityException("Unable to create realm principal");
 
                     principalSet.add(realmPrincipal);

Modified: geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml?view=diff&rev=106257&p1=geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml&r1=106256&p2=geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml&r2=106257
==============================================================================
--- geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml	(original)
+++ geronimo/trunk/modules/jetty/src/test-resources/deployables/war3/WEB-INF/geronimo-web.xml	Mon Nov 22 18:03:22 2004
@@ -25,7 +25,7 @@
     <context-priority-classloader>false</context-priority-classloader>
     <sec:security>
         <sec:default-principal realm-name="demo-properties-realm">
-            <sec:principal class="org.apache.geronimo.security.realm.providers.PropertiesFileUserPrincipal" name="metro"/>
+            <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="metro"/>
         </sec:default-principal>
     </sec:security>
 </web-app>

Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java&r1=106256&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java	(original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/BaseSecurityTest.java	Mon Nov 22 18:03:22 2004
@@ -128,6 +128,7 @@
         options.setProperty("usersURI", "src/test-resources/data/users.properties");
         options.setProperty("groupsURI", "src/test-resources/data/groups.properties");
         propertiesLMGBean.setAttribute("options", options);
+        propertiesLMGBean.setAttribute("loginDomainName", "demo-properties-realm");
 
         propertiesRealmGBean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
         propertiesRealmName = new ObjectName("geronimo.security:type=SecurityRealm,realm=demo-properties-realm");
@@ -136,8 +137,8 @@
         Properties config = new Properties();
         config.setProperty("LoginModule.1.REQUIRED", propertiesLMName.getCanonicalName());
         propertiesRealmGBean.setAttribute("loginModuleConfiguration", config);
-        propertiesRealmGBean.setAttribute("autoMapPrincipalClasses", "org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal");
-        propertiesRealmGBean.setAttribute("defaultPrincipal", "metro=org.apache.geronimo.security.realm.providers.PropertiesFileUserPrincipal");
+//        propertiesRealmGBean.setAttribute("autoMapPrincipalClasses", "demo-properties-realm=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
+        propertiesRealmGBean.setAttribute("defaultPrincipal", "metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
 
         start(serverInfoName, serverInfoGBean);
         start(propertiesLMName, propertiesLMGBean);

Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r1=106256&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java	(original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java	Mon Nov 22 18:03:22 2004
@@ -55,7 +55,7 @@
         DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
         defaultPrincipal.setRealmName("demo-properties-realm");
         Principal principal = new Principal();
-        principal.setClassName("org.apache.geronimo.security.realm.providers.PropertiesFileUserPrincipal");
+        principal.setClassName("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
         principal.setPrincipalName("izumi");
         defaultPrincipal.setPrincipal(principal);
 
@@ -64,7 +64,7 @@
         Role role = new Role();
         role.setRoleName("content-administrator");
         principal = new Principal();
-        principal.setClassName("org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal");
+        principal.setClassName("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
         principal.setPrincipalName("it");
         Realm realm = new Realm();
         realm.setRealmName("demo-properties-realm");
@@ -247,7 +247,7 @@
         DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
         defaultPrincipal.setRealmName("demo-properties-realm");
         Principal principal = new Principal();
-        principal.setClassName("org.apache.geronimo.security.realm.providers.PropertiesFileUserPrincipal");
+        principal.setClassName("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
         principal.setPrincipalName("izumi");
         defaultPrincipal.setPrincipal(principal);
 
@@ -256,7 +256,7 @@
         Role role = new Role();
         role.setRoleName("content-administrator");
         principal = new Principal();
-        principal.setClassName("org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal");
+        principal.setClassName("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
         principal.setPrincipalName("it");
         Realm realm = new Realm();
         realm.setRealmName("demo-properties-realm");

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java	Mon Nov 22 18:03:22 2004
@@ -25,8 +25,8 @@
  */
 public class PrimaryRealmPrincipal extends RealmPrincipal {
 
-    public PrimaryRealmPrincipal(String realm, Principal principal) {
-        super(realm, principal);
+    public PrimaryRealmPrincipal(String loginDomain, Principal principal, String realmName) {
+        super(loginDomain, principal, realmName);
     }
 
     /**
@@ -43,6 +43,6 @@
 
         PrimaryRealmPrincipal realmPrincipal = (PrimaryRealmPrincipal) another;
 
-        return getRealm().equals(realmPrincipal.getRealm()) && getPrincipal().equals(realmPrincipal.getPrincipal());
+        return getLoginDomain().equals(realmPrincipal.getLoginDomain()) && getPrincipal().equals(realmPrincipal.getPrincipal());
     }
 }

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java	Mon Nov 22 18:03:22 2004
@@ -19,6 +19,7 @@
 
 import java.io.Serializable;
 import java.security.Principal;
+import org.apache.geronimo.common.NullArgumentException;
 
 
 /**
@@ -27,17 +28,18 @@
  * @version $Rev$ $Date$
  */
 public class RealmPrincipal implements Principal, Serializable {
-    private final String realm;
+    private final String loginDomain;
     private final Principal principal;
     private transient String name = null;
     private transient long id;
 
-    public RealmPrincipal(String realm, Principal principal) {
-        if (realm == null) throw new IllegalArgumentException("realm == null");
-        if (principal == null) throw new IllegalArgumentException("principal == null");
+    public RealmPrincipal(String loginDomain, Principal principal, String realmName) {
+        if (loginDomain == null) throw new NullArgumentException("loginDomain");
+        if (principal == null) throw new NullArgumentException("principal");
 
-        this.realm = realm;
+        this.loginDomain = loginDomain;
         this.principal = principal;
+        //todo: ignoring realm name; we don't think we'll need it.
     }
 
     public long getId() {
@@ -62,7 +64,7 @@
 
         RealmPrincipal realmPrincipal = (RealmPrincipal) another;
 
-        return realm.equals(realmPrincipal.realm) && principal.equals(realmPrincipal.principal);
+        return loginDomain.equals(realmPrincipal.loginDomain) && principal.equals(realmPrincipal.principal);
     }
 
     /**
@@ -92,7 +94,7 @@
         if (name == null) {
 
             StringBuffer buffer = new StringBuffer("");
-            buffer.append(realm);
+            buffer.append(loginDomain);
             buffer.append(":[");
             buffer.append(principal.getClass().getName());
             buffer.append(':');
@@ -118,7 +120,7 @@
      *
      * @return the realm that is associated with the principal.
      */
-    public String getRealm() {
-        return realm;
+    public String getLoginDomain() {
+        return loginDomain;
     }
 }

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java	Mon Nov 22 18:03:22 2004
@@ -129,12 +129,13 @@
 
             realm.setRealmName(assistant.getSecurityRealm());
 
-            for (Iterator principalClasses = autoMapAssistant.obtainRolePrincipalClasses().iterator(); principalClasses.hasNext();) {
+            //todo: the usage of the realm name in the next call instead of the login domain name is an error!
+            for (Iterator principalClasses = autoMapAssistant.obtainRolePrincipalClasses(realmName).iterator(); principalClasses.hasNext();) {
                 Principal principal = new Principal();
-
+                //todo: Principal class needs to handle login domain as well
                 principal.setClassName((String) principalClasses.next());
                 principal.setPrincipalName(roleName);
-                principal.setDesignatedRunAs(true);
+                principal.setDesignatedRunAs(false);
 
                 realm.getPrincipals().add(principal);
             }

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java	Mon Nov 22 18:03:22 2004
@@ -50,7 +50,7 @@
     }
 
     public JaasLoginModuleConfiguration generateConfiguration() {
-        return new JaasLoginModuleConfiguration(applicationConfigName, module.getLoginModuleClass(), controlFlag, module.getOptions(), module.isServerSide());
+        return new JaasLoginModuleConfiguration(module.getLoginModuleClass(), controlFlag, module.getOptions(), module.isServerSide(), applicationConfigName);
     }
 
     public static final GBeanInfo GBEAN_INFO;

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java	Mon Nov 22 18:03:22 2004
@@ -92,7 +92,6 @@
         if (sm != null) sm.checkPermission(SecurityService.CONFIGURE);
 
         ConfigurationEntryFactory factory = (ConfigurationEntryFactory) event.getMember();
-
         addConfiguration(factory);
     }
 
@@ -108,6 +107,12 @@
 
     private final void addConfiguration(ConfigurationEntryFactory factory) {
         JaasLoginModuleConfiguration config = factory.generateConfiguration();
+        if(config.getLoginDomainName() == null) {
+            throw new IllegalArgumentException("A login module to be registered standalone must have a domain name!");
+        }
+        if (entries.containsKey(factory.getConfigurationName())) {
+            throw new java.lang.IllegalArgumentException("ConfigurationEntry already registered");
+        }
         AppConfigurationEntry ace = new AppConfigurationEntry(config.getLoginModuleClassName(), config.getFlag().getFlag(), config.getOptions());
 
         entries.put(factory.getConfigurationName(), ace);

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java	Mon Nov 22 18:03:22 2004
@@ -99,7 +99,11 @@
         for (int i = 0; i < workers.length; i++) {
             workers[i].getModule().commit();
         }
-        subject.getPrincipals().add(service.loginSucceeded(client));
+        Principal[] principals = service.loginSucceeded(client);
+        for (int i = 0; i < principals.length; i++) {
+            Principal principal = principals[i];
+            subject.getPrincipals().add(principal);
+        }
         return true;
     }
 
@@ -111,6 +115,7 @@
         } finally {
             service.loginFailed(client);
         }
+        clear();
         return true;
     }
 
@@ -122,9 +127,24 @@
         } finally {
             service.logout(client);
         }
+        clear();
         return true;
     }
 
+    private void clear() {
+        serverHost = null;
+        serverPort = 0;
+        realmName = null;
+        kernelName = null;
+        service = null;
+        handler = null;
+        subject = null;
+        processedPrincipals.clear();
+        config = null;
+        client = null;
+        workers = null;
+    }
+
     private JaasLoginServiceMBean connect() {
         if(serverHost != null && serverPort > 0) {
             return JaasLoginServiceRemotingClient.create(serverHost, serverPort);
@@ -186,15 +206,11 @@
         public void initialize(Subject subject, CallbackHandler handler,
                                Map sharedState, Map options) {
             this.handler = handler;
-            try {
-                callbacks = service.getServerLoginCallbacks(client, index);
-            } catch (LoginException e) {
-                throw new RuntimeException("Server unable to initialize login module", e);
-            }
         }
 
         public boolean login() throws LoginException {
             try {
+                callbacks = service.getServerLoginCallbacks(client, index);
                 if(handler != null) {
                     handler.handle(callbacks);
                 } else if(callbacks != null && callbacks.length > 0) {

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java	Mon Nov 22 18:03:22 2004
@@ -35,18 +35,21 @@
  */
 public class JaasLoginModuleConfiguration implements Serializable {
     private boolean serverSide;
-    private String name;
+    private String loginDomainName;
     private LoginModuleControlFlag flag;
     private String loginModuleName;
     private Map options;
     private transient LoginModule loginModule;
 
-    public JaasLoginModuleConfiguration(String name, String loginModuleName, LoginModuleControlFlag flag, Map options, boolean serverSide) {
-        this.name = name;
+    public JaasLoginModuleConfiguration(String loginModuleName, LoginModuleControlFlag flag, Map options, boolean serverSide, String loginDomainName) {
         this.serverSide = serverSide;
         this.flag = flag;
         this.loginModuleName = loginModuleName;
         this.options = options;
+        this.loginDomainName = loginDomainName;
+    }
+    public JaasLoginModuleConfiguration(String loginModuleName, LoginModuleControlFlag flag, Map options, boolean serverSide) {
+        this(loginModuleName, flag, options, serverSide, null);
     }
 
     public String getLoginModuleClassName() {
@@ -76,8 +79,8 @@
         return options;
     }
 
-    public String getName() {
-        return name;
+    public String getLoginDomainName() {
+        return loginDomainName;
     }
 
     /**
@@ -94,6 +97,6 @@
             }
         }
 
-        return new JaasLoginModuleConfiguration(name, loginModuleName, flag, other, serverSide);
+        return new JaasLoginModuleConfiguration(loginModuleName, flag, other, serverSide, loginDomainName);
     }
 }

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java	Mon Nov 22 18:03:22 2004
@@ -26,6 +26,7 @@
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
+import java.util.ArrayList;
 import javax.crypto.Mac;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
@@ -153,13 +154,13 @@
      *         methods in this class.
      */
     public JaasClientId connectToRealm(String realmName) {
-        for (Iterator it = realms.iterator(); it.hasNext();) {
-            SecurityRealm realm = (SecurityRealm) it.next();
-            if(realm.getRealmName().equals(realmName)) {
-                return initializeClient(realm);
-            }
+        SecurityRealm realm = null;
+        realm = getRealm(realmName);
+        if(realm == null) {
+            throw new GeronimoSecurityException("No such realm ("+realmName+")");
+        } else {
+            return initializeClient(realm);
         }
-        throw new GeronimoSecurityException("No such realm ("+realmName+")");
     }
 
     /**
@@ -198,6 +199,7 @@
         JaasLoginModuleConfiguration config = context.getModules()[loginModuleIndex];
         LoginModule module = config.getLoginModule(classLoader);
         //todo: properly handle shared state
+        context.getHandler().setExploring();
         try {
             module.initialize(context.getSubject(), context.getHandler(), new HashMap(), config.getOptions());
         } catch (Exception e) {
@@ -251,7 +253,7 @@
         if(loginModuleIndex < 0 || loginModuleIndex >= context.getModules().length || context.getModules()[loginModuleIndex].isServerSide()) {
             throw new LoginException("Invalid login module specified");
         }
-        context.processPrincipals(clientLoginModulePrincipals);
+        context.processPrincipals(clientLoginModulePrincipals, context.getModules()[loginModuleIndex].getLoginDomainName());
     }
 
     /**
@@ -270,7 +272,7 @@
         }
         JaasLoginModuleConfiguration module = context.getModules()[loginModuleIndex];
         boolean result = module.getLoginModule(classLoader).commit();
-        context.processPrincipals();
+        context.processPrincipals(context.getModules()[loginModuleIndex].getLoginDomainName());
         return result;
     }
 
@@ -278,7 +280,7 @@
      * Indicates that the overall login succeeded.  All login modules that were
      * touched should have been logged in and committed before calling this.
      */
-    public IdentificationPrincipal loginSucceeded(JaasClientId userIdentifier) throws LoginException {
+    public Principal[] loginSucceeded(JaasClientId userIdentifier) throws LoginException {
         JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
         if(context == null) {
             throw new ExpiredLoginModuleException();
@@ -289,7 +291,15 @@
         SubjectId id = ContextManager.getSubjectId(subject);
         IdentificationPrincipal principal = new IdentificationPrincipal(id);
         subject.getPrincipals().add(principal);
-        return principal;
+        SecurityRealm realm = getRealm(context.getRealmName());
+        if(realm.isRestrictPrincipalsToServer()) {
+            return new Principal[]{principal};
+        } else {
+            List list = new ArrayList();
+            list.addAll(context.getProcessedPrincipals());
+            list.add(principal);
+            return (Principal[]) list.toArray(new Principal[list.size()]);
+        }
     }
 
     /**
@@ -311,6 +321,11 @@
         }
         ContextManager.unregisterSubject(context.getSubject());
         activeLogins.remove(userIdentifier);
+        for (int i = 0; i < context.getModules().length; i++) {
+            if(context.getModules()[i].isServerSide()) {
+                context.getModules()[i].getLoginModule(classLoader).logout();
+            }
+        }
     }
 
     /**
@@ -330,6 +345,16 @@
         JaasSecurityContext context = new JaasSecurityContext(realm.getRealmName(), modules);
         activeLogins.put(clientId, context);
         return clientId;
+    }
+
+    private SecurityRealm getRealm(String realmName) {
+        for (Iterator it = realms.iterator(); it.hasNext();) {
+            SecurityRealm test = (SecurityRealm) it.next();
+            if(test.getRealmName().equals(realmName)) {
+                return test;
+            }
+        }
+        return null;
     }
 
     /**

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java	Mon Nov 22 18:03:22 2004
@@ -116,7 +116,7 @@
      * Indicates that the overall login succeeded.  All login modules that were
      * touched should have been logged in and committed before calling this.
      */
-    public IdentificationPrincipal loginSucceeded(JaasClientId userIdentifier) throws LoginException;
+    public Principal[] loginSucceeded(JaasClientId userIdentifier) throws LoginException;
 
     /**
      * Indicates that the overall login failed, and the server should release

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java	Mon Nov 22 18:03:22 2004
@@ -73,25 +73,34 @@
         return handler;
     }
 
-    public void processPrincipals() {
+    public void processPrincipals(String loginDomainName) {
         List list = new LinkedList();
         for (Iterator it = subject.getPrincipals().iterator(); it.hasNext();) {
             Principal p = (Principal) it.next();
-            if(!processedPrincipals.contains(p)) {
-                list.add(ContextManager.registerPrincipal(new RealmPrincipal(realmName, p)));
+            if(!(p instanceof RealmPrincipal) && !processedPrincipals.contains(p)) {
+                list.add(ContextManager.registerPrincipal(new RealmPrincipal(loginDomainName, p, realmName)));
                 processedPrincipals.add(p);
             }
         }
         subject.getPrincipals().addAll(list);
     }
 
-    public void processPrincipals(Principal[] principals) {
+    public void processPrincipals(Principal[] principals, String loginDomainName) {
         List list = new LinkedList();
         for (int i = 0; i < principals.length; i++) {
             Principal p = principals[i];
             list.add(p);
-            list.add(ContextManager.registerPrincipal(new RealmPrincipal(realmName, p)));
+            list.add(ContextManager.registerPrincipal(new RealmPrincipal(loginDomainName, p, realmName)));
+            processedPrincipals.add(p);
         }
         subject.getPrincipals().addAll(list);
+    }
+
+    public Set getProcessedPrincipals() {
+        return processedPrincipals;
+    }
+
+    public String getRealmName() {
+        return realmName;
     }
 }

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java	Mon Nov 22 18:03:22 2004
@@ -30,6 +30,7 @@
  * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
  */
 public class LoginModuleGBean {
+    private String loginDomainName;
     private String loginModuleClass;
     private Properties options;
     private String objectName;
@@ -44,6 +45,14 @@
         this.serverSide = serverSide;
     }
 
+    public String getLoginDomainName() {
+        return loginDomainName;
+    }
+
+    public void setLoginDomainName(String loginDomainName) {
+        this.loginDomainName = loginDomainName;
+    }
+
     public Properties getOptions() {
         return options;
     }
@@ -72,6 +81,7 @@
         infoFactory.addAttribute("loginModuleClass", String.class, true);
         infoFactory.addAttribute("objectName", String.class, false);
         infoFactory.addAttribute("serverSide", boolean.class, true);
+        infoFactory.addAttribute("loginDomainName", String.class, true);
         infoFactory.setConstructor(new String[]{"loginModuleClass","objectName","serverSide"});
         GBEAN_INFO = infoFactory.getBeanInfo();
     }

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java	Mon Nov 22 18:03:22 2004
@@ -62,7 +62,7 @@
         options.put("realm", realmName);
         options.put("kernel", kernel.getKernelName());
 
-        return new JaasLoginModuleConfiguration(applicationConfigName, JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true);
+        return new JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true, applicationConfigName);
     }
 
     public static final GBeanInfo GBEAN_INFO;

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/AutoMapAssistant.java	Mon Nov 22 18:03:22 2004
@@ -52,5 +52,5 @@
      *
      * @return a set of principal class names
      */
-    public Set obtainRolePrincipalClasses();
+    public Set obtainRolePrincipalClasses(String loginDomain);
 }

Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/DeploymentSupport.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/DeploymentSupport.java?view=auto&rev=106257
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/DeploymentSupport.java	Mon Nov 22 18:03:22 2004
@@ -0,0 +1,47 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.security.realm;
+
+/**
+ * A helper class that lists principals available in a security realm in order
+ * to help populate deployment descriptors.  This may or may not be provided
+ * for a specific security realm.  A LoginModule may implement this interface,
+ * in which case the GenericSecurityRealm can take advantage of that [and the
+ * LoginModule should accept an initialize(null, null, null, options) call].
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public interface DeploymentSupport {
+    /**
+     * Gets the names of all principal classes that may be populated into
+     * a Subject.
+     */
+    String[] getPrincipalClassNames();
+
+    /**
+     * Gets the names of all principal classes that should correspond to
+     * roles when automapping.  This is a default, and may be overridden
+     * by specific values configured for the realm.
+     */
+    String[] getAutoMapPrincipalClassNames();
+
+    /**
+     * Gets a list of all the principals of a particular type (identified by
+     * the principal class).  These are available for manual role mapping.
+     */
+    String[] getPrincipalsOfClass(String className);
+}

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java	Mon Nov 22 18:03:22 2004
@@ -26,9 +26,11 @@
 import java.util.Map;
 import java.util.Properties;
 import java.util.Set;
-
-import org.apache.regexp.RE;
-
+import java.util.Collections;
+import java.util.Iterator;
+import javax.management.MalformedObjectNameException;
+import javax.management.ObjectName;
+import javax.security.auth.spi.LoginModule;
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
@@ -86,8 +88,12 @@
     private Kernel kernel;
     private ServerInfo serverInfo;
     private ClassLoader classLoader;
-    private String[] autoMapPrincipals;
+    private Map autoMapPrincipals = new HashMap();
     private Principal defaultPrincipal;
+    private Properties deploymentSupport;
+    private Map deployment;
+    private String[] domains;
+    private boolean restrictPrincipalsToServer;
 
     public GenericSecurityRealm(String realmName, Kernel kernel, ServerInfo serverInfo, Properties loginModuleConfiguration, ClassLoader classLoader) throws MalformedObjectNameException {
         this.realmName = realmName;
@@ -95,6 +101,7 @@
         this.serverInfo = serverInfo;
         this.classLoader = classLoader;
         processConfiguration(loginModuleConfiguration);
+        initializeDeployment();
     }
 
     public String getRealmName() {
@@ -106,6 +113,33 @@
     }
 
     /**
+     * Gets a helper that lists principals for the realm to help with
+     * generating deployment descriptors.  May return null if the realm does
+     * not support these features.
+     */
+    public DeploymentSupport getDeploymentSupport(String domain) throws GeronimoSecurityException {
+        return (DeploymentSupport) deployment.get(domain);
+    }
+
+    /**
+     * Gets a list of the login domains that make up this security realm.  A
+     * particular LoginModule represents 0 or 1 login domains, and a realm is
+     * composed of a number of login modules, so the realm may cover any
+     * number of login domains, though typically that number will be 1.
+     */
+    public String[] getLoginDomains() {
+        return domains;
+    }
+
+    public Properties getDeploymentSupport() {
+        return deploymentSupport;
+    }
+
+    public void setDeploymentSupport(Properties deploymentSupport) {
+        this.deploymentSupport = deploymentSupport;
+    }
+
+    /**
      * Provides the default principal to be used when an unauthenticated
      * subject uses a container.
      *
@@ -121,10 +155,14 @@
      *
      * @return a set of principal class names
      */
-    public Set obtainRolePrincipalClasses() {
+    public Set obtainRolePrincipalClasses(String loginDomain) {
+        String[] list = (String[]) autoMapPrincipals.get(loginDomain);
+        if(list == null) {
+            return Collections.EMPTY_SET;
+        }
         Set set = new HashSet();
-        for (int i = 0; i < autoMapPrincipals.length; i++) {
-            set.add(autoMapPrincipals[i]);
+        for (int i = 0; i < list.length; i++) {
+            set.add(list[i]);
         }
         return set;
     }
@@ -141,44 +179,29 @@
         }
     }
 
-    public void setAutoMapPrincipalClasses(String classes) {
-        if (classes != null) {
-            autoMapPrincipals = classes.split(",");
-        } else {
-            autoMapPrincipals = new String[0];
-        }
-    }
-
-    /**
-     * @deprecated Will be removed in favor of (some kind of realm editor object) in
-     *             a future milestone release.
-     */
-    public Set getGroupPrincipals() throws GeronimoSecurityException {
-        return null; //todo
-    }
-
     /**
-     * @deprecated Will be removed in favor of (some kind of realm editor object) in
-     *             a future milestone release.
+     * Should be of the form loginDomain=class,class,class...
      */
-    public Set getGroupPrincipals(RE regexExpression) throws GeronimoSecurityException {
-        return null; //todo
+    public void setAutoMapPrincipalClasses(Properties props) {
+        for (Iterator it = props.keySet().iterator(); it.hasNext();) {
+            String key = (String) it.next();
+            String value = props.getProperty(key);
+            autoMapPrincipals.put(key, value.split(","));
+        }
     }
 
     /**
-     * @deprecated Will be removed in favor of (some kind of realm editor object) in
-     *             a future milestone release.
+     * A GBean property.  If set to true, the login service will not return
+     * principals generated by this realm to clients.  If set to false (the
+     * default), the client will get a copy of all principals (except realm
+     * principals generated strictly for use within Geronimo).
      */
-    public Set getUserPrincipals() throws GeronimoSecurityException {
-        return null; //todo
+    public boolean isRestrictPrincipalsToServer() {
+        return restrictPrincipalsToServer;
     }
 
-    /**
-     * @deprecated Will be removed in favor of (some kind of realm editor object) in
-     *             a future milestone release.
-     */
-    public Set getUserPrincipals(RE regexExpression) throws GeronimoSecurityException {
-        return null; //todo
+    public void setRestrictPrincipalsToServer(boolean restrictPrincipalsToServer) {
+        this.restrictPrincipalsToServer = restrictPrincipalsToServer;
     }
 
     public String getConfigurationName() {
@@ -190,11 +213,12 @@
         options.put("realm", realmName);
         options.put("kernel", kernel.getKernelName());
 
-        return new JaasLoginModuleConfiguration(realmName, JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true);
+        return new JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true, realmName);
     }
 
     private void processConfiguration(Properties props) throws MalformedObjectNameException {
         int i = 1;
+        Set domains = new HashSet();
         List list = new ArrayList();
         LoginModuleControlFlagEditor editor = new LoginModuleControlFlagEditor();
         while (true) {
@@ -222,7 +246,14 @@
                     if (classLoader != null && !options.containsKey(CLASSLOADER_LM_OPTION)) {
                         options.put(CLASSLOADER_LM_OPTION, classLoader);
                     }
-                    JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(module.getObjectName(), module.getLoginModuleClass(), flag, options, module.isServerSide());
+                    if(module.getLoginDomainName() != null) {
+                        if(domains.contains(module.getLoginDomainName())) {
+                            throw new IllegalStateException("Error in "+realmName+": one security realm cannot contain multiple login modules for the same login domain");
+                        } else {
+                            domains.add(module.getLoginDomainName());
+                        }
+                    }
+                    JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(module.getLoginModuleClass(), flag, options, module.isServerSide(), module.getLoginDomainName());
                     list.add(config);
                     ++i;
                     found = true;
@@ -233,9 +264,39 @@
                 break;
             }
         }
+        this.domains = (String[]) domains.toArray(new String[domains.size()]);
         config = (JaasLoginModuleConfiguration[]) list.toArray(new JaasLoginModuleConfiguration[list.size()]);
     }
 
+    private void initializeDeployment() {
+        deployment = new HashMap();
+        for (int i = 0; i < config.length; i++) {
+            if(config[i].getLoginDomainName() == null) {
+                continue;
+            }
+            DeploymentSupport support = null;
+            if(deploymentSupport != null && deploymentSupport.containsKey(config[i].getLoginDomainName())) {
+                try {
+                    //todo: how should this be configured?  Should it be a GBean?
+                    support = (DeploymentSupport) classLoader.loadClass(deploymentSupport.getProperty(config[i].getLoginDomainName())).newInstance();
+                } catch (Exception e) {
+                    throw new GeronimoSecurityException("Unable to load deployment support class '"+deploymentSupport.getProperty(config[i].getLoginDomainName())+"'", e);
+                }
+            } else if(config[i].getLoginModule(classLoader) instanceof DeploymentSupport) {
+                LoginModule module = config[i].getLoginModule(classLoader);
+                module.initialize(null, null, null, config[i].getOptions());
+                support = (DeploymentSupport) module;
+            }
+            if(support != null) {
+                deployment.put(config[i].getLoginDomainName(), support);
+                String[] auto = support.getAutoMapPrincipalClassNames();
+                if(auto != null) {
+                    autoMapPrincipals.put(config[i].getLoginDomainName(), auto);
+                }
+            }
+        }
+    }
+
 
     public static final GBeanInfo GBEAN_INFO;
 
@@ -250,12 +311,15 @@
         infoFactory.addAttribute("classLoader", ClassLoader.class, false);
         infoFactory.addAttribute("autoMapPrincipalClasses", String.class, true);
         infoFactory.addAttribute("defaultPrincipal", String.class, true);
+        infoFactory.addAttribute("deploymentSupport", Properties.class, true);
+        infoFactory.addAttribute("restrictPrincipalsToServer", boolean.class, true);
 
         infoFactory.addReference("ServerInfo", ServerInfo.class);
 
         infoFactory.addOperation("getAppConfigurationEntries", new Class[0]);
         infoFactory.addOperation("obtainDefaultPrincipal", new Class[0]);
-        infoFactory.addOperation("obtainRolePrincipalClasses", new Class[0]);
+        infoFactory.addOperation("obtainRolePrincipalClasses", new Class[]{String.class});
+        infoFactory.addOperation("getDeploymentSupport", new Class[]{String.class});
 
         infoFactory.setConstructor(new String[]{"realmName", "kernel", "ServerInfo", "loginModuleConfiguration", "classLoader"});
 

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java	Mon Nov 22 18:03:22 2004
@@ -30,34 +30,39 @@
  * @version $Rev$ $Date$
  */
 public interface SecurityRealm {
-
     static final String BASE_OBJECT_NAME = "geronimo.security:type=SecurityRealm";
 
+    /**
+     * The name of the realm, which must be unique across all realms in the
+     * server.
+     */
     public String getRealmName();
 
-    public JaasLoginModuleConfiguration[] getAppConfigurationEntries();
-
     /**
-     * @deprecated Will be removed in favor of (some kind of realm editor object) in
-     *             a future milestone release.
+     * Gets the JAAS configuration for this security realm.
      */
-    public Set getGroupPrincipals() throws GeronimoSecurityException;
+    public JaasLoginModuleConfiguration[] getAppConfigurationEntries();
 
     /**
-     * @deprecated Will be removed in favor of (some kind of realm editor object) in
-     *             a future milestone release.
+     * If this attribute is true, the login service will not return
+     * principals generated by this realm to clients.  If set to false (the
+     * default), the client will get a copy of all principals (except realm
+     * principals generated strictly for use within Geronimo).
      */
-    public Set getGroupPrincipals(RE regexExpression) throws GeronimoSecurityException;
+    public boolean isRestrictPrincipalsToServer();
 
     /**
-     * @deprecated Will be removed in favor of (some kind of realm editor object) in
-     *             a future milestone release.
+     * Gets a list of the login domains that make up this security realm.  A
+     * particular LoginModule represents 0 or 1 login domains, and a realm is
+     * composed of a number of login modules, so the realm may cover any
+     * number of login domains, though typically that number will be 1.
      */
-    public Set getUserPrincipals() throws GeronimoSecurityException;
+    public String[] getLoginDomains();
 
     /**
-     * @deprecated Will be removed in favor of (some kind of realm editor object) in
-     *             a future milestone release.
+     * Gets a helper that lists principals for the realm to help with
+     * generating deployment descriptors.  May return null if the realm does
+     * not support these features.
      */
-    public Set getUserPrincipals(RE regexExpression) throws GeronimoSecurityException;
+    public DeploymentSupport getDeploymentSupport(String loginDomain) throws GeronimoSecurityException;
 }

Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/FileAuditLoginModule.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/FileAuditLoginModule.java?view=auto&rev=106257
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/FileAuditLoginModule.java	Mon Nov 22 18:03:22 2004
@@ -0,0 +1,118 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.security.realm.providers;
+
+import java.util.Map;
+import java.util.Date;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.PrintWriter;
+import java.io.IOException;
+import java.nio.channels.FileChannel;
+import java.nio.channels.FileLock;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import javax.security.auth.spi.LoginModule;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.Callback;
+import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.security.realm.GenericSecurityRealm;
+
+/**
+ * Writes audit records to a file for all authentication activity.  Currently
+ * doesn't perform too well; perhaps the file management should be centralized
+ * and the IO objects kept open across many requests.  It would also be nice
+ * to write in a more convenient XML format.
+ *
+ * This module does not write any Principals into the Subject.
+ *
+ * To enable this login module, set your primary login module to REQUIRED or
+ * OPTIONAL, and list this module after it (with any setting).
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public class FileAuditLoginModule implements LoginModule {
+    public static final String LOG_FILE_OPTION = "file";
+    private final static DateFormat DATE_FORMAT = new SimpleDateFormat("MM/dd/yyyy HH:mm:ss");
+    private File logFile;
+    private CallbackHandler handler;
+    private String username;
+
+    public void initialize(Subject subject, CallbackHandler callbackHandler,
+                           Map sharedState, Map options) {
+        String name = (String) options.get(LOG_FILE_OPTION);
+        ServerInfo info = (ServerInfo) options.get(GenericSecurityRealm.SERVERINFO_LM_OPTION);
+        logFile = info.resolve(name);
+        handler = callbackHandler;
+    }
+
+    public boolean login() throws LoginException {
+        NameCallback user = new NameCallback("User name:");
+        Callback[] callbacks = new Callback[]{user};
+        try {
+            handler.handle(callbacks);
+        } catch (Exception e) {
+            throw new LoginException("Unable to process callback: "+e);
+        }
+        if(callbacks.length != 1) {
+            throw new IllegalStateException("Number of callbacks changed by server!");
+        }
+        user = (NameCallback) callbacks[0];
+        username = user.getName();
+        writeToFile("Authentication attempt");
+
+        return true;
+    }
+
+    private synchronized void writeToFile(String action) {
+        Date date = new Date();
+        try {
+            FileOutputStream out = new FileOutputStream(logFile, true);
+            FileChannel channel = out.getChannel();
+            FileLock lock = channel.lock(0, Long.MAX_VALUE, false);
+            PrintWriter writer = new PrintWriter(out, false);
+            writer.println(DATE_FORMAT.format(date)+" - "+action+" - "+username);
+            writer.flush();
+            writer.close();
+            lock.release();
+        } catch (IOException e) {
+            throw new RuntimeException("Unable to write to authentication log file", e);
+        }
+    }
+
+    public boolean commit() throws LoginException {
+        writeToFile("Authentication succeeded");
+        return true;
+    }
+
+    public boolean abort() throws LoginException {
+        if(username != null) { //work around initial "fake" login
+            writeToFile("Authentication failed");
+            username = null;
+        }
+        return true;
+    }
+
+    public boolean logout() throws LoginException {
+        writeToFile("Explicit logout");
+        username = null;
+        return true;
+    }
+}

Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoGroupPrincipal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoGroupPrincipal.java?view=auto&rev=106257
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoGroupPrincipal.java	Mon Nov 22 18:03:22 2004
@@ -0,0 +1,67 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.security.realm.providers;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+/**
+ * A principal that represents a group for the login modules distributed
+ * with Geronimo.  Custom login modules may use this if convenient or provide
+ * their own Principal implementations -- it doesn't matter.
+ * 
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public class GeronimoGroupPrincipal implements Principal, Serializable {
+    private final String name;
+
+    public GeronimoGroupPrincipal(String name) {
+        this.name = name;
+    }
+
+    /**
+     * Compares this principal to the specified object.  Returns true
+     * if the object passed in is a GeronimoGroupPrincipal with the
+     * same name.
+     */
+    public boolean equals(Object another) {
+        if (!(another instanceof GeronimoGroupPrincipal)) return false;
+
+        return ((GeronimoGroupPrincipal) another).name.equals(name);
+    }
+
+    /**
+     * Returns a string representation of this principal.
+     */
+    public String toString() {
+        return name;
+    }
+
+    /**
+     * Returns a hashcode for this principal.
+     */
+    public int hashCode() {
+        return name.hashCode();
+    }
+
+    /**
+     * Returns the name of this principal.
+     */
+    public String getName() {
+        return name;
+    }
+}

Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoUserPrincipal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoUserPrincipal.java?view=auto&rev=106257
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/GeronimoUserPrincipal.java	Mon Nov 22 18:03:22 2004
@@ -0,0 +1,67 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.security.realm.providers;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+/**
+ * A principal that represents a user for the login modules distributed
+ * with Geronimo.  Custom login modules may use this if convenient or provide
+ * their own Principal implementations -- it doesn't matter.
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public class GeronimoUserPrincipal implements Principal, Serializable {
+    private final String name;
+
+    public GeronimoUserPrincipal(String name) {
+        this.name = name;
+    }
+
+    /**
+     * Compares this principal to the specified object.  Returns true
+     * if the object passed in is a GeronimoUserPrincipal with the
+     * same name.
+     */
+    public boolean equals(Object another) {
+        if (!(another instanceof GeronimoUserPrincipal)) return false;
+
+        return ((GeronimoUserPrincipal) another).name.equals(name);
+    }
+
+    /**
+     * Returns a string representation of this principal.
+     */
+    public String toString() {
+        return name;
+    }
+
+    /**
+     * Returns a hashcode for this principal.
+     */
+    public int hashCode() {
+        return name.hashCode();
+    }
+
+    /**
+     * Returns the name of this principal.
+     */
+    public String getName() {
+        return name;
+    }
+}

Deleted: /geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileGroupPrincipal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileGroupPrincipal.java?view=auto&rev=106256
==============================================================================

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java	Mon Nov 22 18:03:22 2004
@@ -26,6 +26,7 @@
 import java.util.Map;
 import java.util.Properties;
 import java.util.Set;
+import java.util.HashMap;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
@@ -39,6 +40,7 @@
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.kernel.Kernel;
 import org.apache.geronimo.security.realm.GenericSecurityRealm;
+import org.apache.geronimo.security.realm.DeploymentSupport;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
 
 
@@ -49,12 +51,12 @@
  *
  * @version $Rev$ $Date$
  */
-public class PropertiesFileLoginModule implements LoginModule {
+public class PropertiesFileLoginModule implements LoginModule, DeploymentSupport {
     public final static String USERS_URI = "usersURI";
     public final static String GROUPS_URI = "groupsURI";
     private static Log log = LogFactory.getLog(PropertiesFileLoginModule.class);
     final Properties users = new Properties();
-    final Properties groups = new Properties();
+    final Map groups = new HashMap();
 
     Subject subject;
     CallbackHandler handler;
@@ -134,17 +136,17 @@
     public boolean commit() throws LoginException {
         Set principals = subject.getPrincipals();
 
-        principals.add(new PropertiesFileUserPrincipal(username));
+        principals.add(new GeronimoUserPrincipal(username));
 
-        Enumeration e = groups.keys();
-        while (e.hasMoreElements()) {
-            String groupName = (String) e.nextElement();
+        Iterator e = groups.keySet().iterator();
+        while (e.hasNext()) {
+            String groupName = (String) e.next();
             Set users = (Set) groups.get(groupName);
             Iterator iter = users.iterator();
             while (iter.hasNext()) {
                 String user = (String) iter.next();
                 if (username.equals(user)) {
-                    principals.add(new PropertiesFileGroupPrincipal(groupName));
+                    principals.add(new GeronimoGroupPrincipal(groupName));
                     break;
                 }
             }
@@ -165,5 +167,38 @@
         password = null;
 
         return true;
+    }
+
+    /**
+     * Gets the names of all principal classes that may be populated into
+     * a Subject.
+     */
+    public String[] getPrincipalClassNames() {
+        return new String[]{GeronimoUserPrincipal.class.getName(), GeronimoGroupPrincipal.class.getName()};
+    }
+
+    /**
+     * Gets the names of all principal classes that should correspond to
+     * roles when automapping.  This is a default, and may be overridden
+     * by specific values configured for the realm.
+     */
+    public String[] getAutoMapPrincipalClassNames() {
+        return new String[]{GeronimoGroupPrincipal.class.getName()};
+    }
+
+    /**
+     * Gets a list of all the principals of a particular type (identified by
+     * the principal class).  These are available for manual role mapping.
+     */
+    public String[] getPrincipalsOfClass(String className) {
+        Set s;
+        if(className.equals(GeronimoGroupPrincipal.class.getName())) {
+            s = groups.keySet();
+        } else if(className.equals(GeronimoUserPrincipal.class.getName())) {
+            s = users.keySet();
+        } else {
+            throw new IllegalArgumentException("No such principal class "+className);
+        }
+        return (String[]) s.toArray(new String[s.size()]);
     }
 }

Deleted: /geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileUserPrincipal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/PropertiesFileUserPrincipal.java?view=auto&rev=106256
==============================================================================

Deleted: /geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLGroupPrincipal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLGroupPrincipal.java?view=auto&rev=106256
==============================================================================

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java	Mon Nov 22 18:03:22 2004
@@ -130,7 +130,7 @@
                             String userName = result.getString(2);
 
                             if (cbUsername.equals(userName)) {
-                                groups.add(new SQLGroupPrincipal(groupName));
+                                groups.add(new GeronimoGroupPrincipal(groupName));
                             }
                         }
                     } finally {
@@ -151,7 +151,7 @@
 
     public boolean commit() throws LoginException {
         Set principals = subject.getPrincipals();
-        principals.add(new SQLUserPrincipal(cbUsername));
+        principals.add(new GeronimoUserPrincipal(cbUsername));
         Iterator iter = groups.iterator();
         while (iter.hasNext()) {
             principals.add(iter.next());

Deleted: /geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLUserPrincipal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SQLUserPrincipal.java?view=auto&rev=106256
==============================================================================

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java&r1=106256&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java	Mon Nov 22 18:03:22 2004
@@ -46,7 +46,7 @@
      * @param realmName the security realm that the principal belongs go
      * @return a RealmPrincipal from a deployment description
      */
-    public static RealmPrincipal generateRealmPrincipal(final Principal principal, final String realmName) {
+    public static RealmPrincipal generateRealmPrincipal(final Principal principal, final String loginDomain, final String realmName) {
         try {
             return (RealmPrincipal) AccessController.doPrivileged(new PrivilegedExceptionAction() {
                 public Object run() throws Exception {
@@ -55,10 +55,14 @@
                     Constructor constructor = clazz.getDeclaredConstructor(new Class[]{String.class});
                     p = (java.security.Principal) constructor.newInstance(new Object[]{principal.getPrincipalName()});
 
-                    return new RealmPrincipal(realmName, p);
+                    return new RealmPrincipal(loginDomain, p, realmName);
                 }
             });
         } catch (PrivilegedActionException e) {
+            e.printStackTrace();
+            if(e.getException() != null) {
+                e.getException().printStackTrace();
+            }
             return null;
         }
     }
@@ -69,7 +73,7 @@
      * @param realmName the security realm that the principal belongs go
      * @return a RealmPrincipal from a deployment description
      */
-    public static PrimaryRealmPrincipal generatePrimaryRealmPrincipal(final Principal principal, final String realmName) {
+    public static PrimaryRealmPrincipal generatePrimaryRealmPrincipal(final Principal principal, final String loginDomain, final String realmName) {
         try {
             return (PrimaryRealmPrincipal) AccessController.doPrivileged(new PrivilegedExceptionAction() {
                 public Object run() throws Exception {
@@ -78,10 +82,14 @@
                     Constructor constructor = clazz.getDeclaredConstructor(new Class[]{String.class});
                     p = (java.security.Principal) constructor.newInstance(new Object[]{principal.getPrincipalName()});
 
-                    return new PrimaryRealmPrincipal(realmName, p);
+                    return new PrimaryRealmPrincipal(loginDomain, p, realmName);
                 }
             });
         } catch (PrivilegedActionException e) {
+            e.printStackTrace();
+            if(e.getException() != null) {
+                e.getException().printStackTrace();
+            }
             return null;
         }
     }

Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java&r1=106256&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java	(original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java	Mon Nov 22 18:03:22 2004
@@ -69,6 +69,7 @@
         testLoginModule = new ObjectName("geronimo.security:type=LoginModule,name=TestModule");
         gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.bridge.TestLoginModule");
         gbean.setAttribute("serverSide", new Boolean(true));
+        gbean.setAttribute("loginDomainName", "TestLoginDomain");
         kernel.loadGBean(testLoginModule, gbean);
 
         gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");

Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java&r1=106256&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java	(original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java	Mon Nov 22 18:03:22 2004
@@ -56,15 +56,24 @@
     protected ObjectName serverStub;
 
     public void test() throws Exception {
+        File log = new File("target/login-audit.log");
+        if(log.exists()) {
+            log.delete();
+        }
+        assertEquals("Audit file wasn't cleared", 0, log.length());
+
+
         // First try with explicit configuration entry
         LoginContext context = new LoginContext("properties-client", new AbstractTest.UsernamePasswordCallback("alan", "starcraft"));
 
         context.login();
         Subject subject = context.getSubject();
+        Subject clientSubject = subject;
         assertTrue("expected non-null client subject", subject != null);
         Set set = subject.getPrincipals(IdentificationPrincipal.class);
         assertEquals("client subject should have one ID principal", set.size(), 1);
         IdentificationPrincipal idp = (IdentificationPrincipal)set.iterator().next();
+        assertEquals(idp.getId(), idp.getId());
         subject = ContextManager.getRegisteredSubject(idp.getId());
 
         assertTrue("expected non-null server subject", subject != null);
@@ -78,6 +87,9 @@
 
         context.logout();
 
+        assertNull(ContextManager.getRegisteredSubject(idp.getId()));
+        assertNull(ContextManager.getServerSideSubject(clientSubject));
+
         assertTrue("id of subject should be null", ContextManager.getSubjectId(subject) == null);
 
         // next try the automatic configuration entry
@@ -86,6 +98,11 @@
         context.login();
         subject = context.getSubject();
         assertTrue("expected non-null client subject", subject != null);
+        set = subject.getPrincipals(IdentificationPrincipal.class);
+        assertEquals("client subject should have one ID principal", set.size(), 1);
+        IdentificationPrincipal idp2 = (IdentificationPrincipal)set.iterator().next();
+        assertNotSame(idp.getId(), idp2.getId());
+        assertEquals(idp2.getId(), idp2.getId());
         subject = ContextManager.getServerSideSubject(subject);
 
         assertTrue("expected non-null server subject", subject != null);
@@ -100,6 +117,8 @@
         context.logout();
 
         assertTrue("id of subject should be null", ContextManager.getSubjectId(subject) == null);
+
+        assertTrue("Audit file wasn't written to", log.length() > 0);
     }
 
     protected void setUp() throws Exception {
@@ -146,12 +165,23 @@
         props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toURI().toString());
         props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toURI().toString());
         gbean.setAttribute("options", props);
+        gbean.setAttribute("loginDomainName", "TestProperties");
+        kernel.loadGBean(testCE, gbean);
+
+        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
+        testCE = new ObjectName("geronimo.security:type=LoginModule,name=audit");
+        gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.FileAuditLoginModule");
+        gbean.setAttribute("serverSide", new Boolean(true));
+        props = new Properties();
+        props.put("file", "target/login-audit.log");
+        gbean.setAttribute("options", props);
         kernel.loadGBean(testCE, gbean);
 
         gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
         testRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=properties-realm");
         gbean.setAttribute("realmName", "properties-realm");
         props = new Properties();
+        props.setProperty("LoginModule.2.OPTIONAL","geronimo.security:type=LoginModule,name=audit");
         props.setProperty("LoginModule.1.REQUIRED","geronimo.security:type=LoginModule,name=properties");
         gbean.setAttribute("loginModuleConfiguration", props);
         gbean.setReferencePatterns("ServerInfo", Collections.singleton(serverInfo));

Added: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/DeploymentSupportTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/DeploymentSupportTest.java?view=auto&rev=106257
==============================================================================
--- (empty file)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/DeploymentSupportTest.java	Mon Nov 22 18:03:22 2004
@@ -0,0 +1,169 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.security.jaas;
+
+import javax.management.ObjectName;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+import java.io.File;
+import java.util.Collections;
+import java.util.Properties;
+import java.util.Set;
+import java.util.List;
+import java.util.Arrays;
+
+import org.apache.geronimo.gbean.jmx.GBeanMBean;
+import org.apache.geronimo.security.AbstractTest;
+import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.IdentificationPrincipal;
+import org.apache.geronimo.security.RealmPrincipal;
+import org.apache.geronimo.security.realm.SecurityRealm;
+import org.apache.geronimo.security.realm.DeploymentSupport;
+import org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal;
+import org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal;
+import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.kernel.jmx.MBeanProxyFactory;
+import org.apache.geronimo.kernel.Kernel;
+
+/**
+ * Unit test for the DeploymentSupport features of security realms.
+ *
+ * @version $Rev: 105949 $ $Date: 2004-11-20 02:38:55 -0500 (Sat, 20 Nov 2004) $
+ */
+public class DeploymentSupportTest extends AbstractTest {
+
+    protected ObjectName serverInfo;
+    protected ObjectName loginConfiguration;
+    protected ObjectName clientLM;
+    protected ObjectName clientCE;
+    protected ObjectName testCE;
+    protected ObjectName testRealm;
+
+    public void setUp() throws Exception {
+        super.setUp();
+
+        GBeanMBean gbean;
+
+        gbean = new GBeanMBean(ServerInfo.GBEAN_INFO);
+        serverInfo = new ObjectName("geronimo.system:role=ServerInfo");
+        gbean.setAttribute("baseDirectory", ".");
+        kernel.loadGBean(serverInfo, gbean);
+        kernel.startGBean(serverInfo);
+
+        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.GeronimoLoginConfiguration");
+        loginConfiguration = new ObjectName("geronimo.security:type=LoginConfiguration");
+        kernel.loadGBean(loginConfiguration, gbean);
+
+        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
+        clientLM = new ObjectName("geronimo.security:type=LoginModule,name=properties-client");
+        gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.jaas.JaasLoginCoordinator");
+        gbean.setAttribute("serverSide", new Boolean(false));
+        Properties props = new Properties();
+        props.put("host", "localhost");
+        props.put("port", "4242");
+        props.put("realm", "properties-realm");
+        gbean.setAttribute("options", props);
+        kernel.loadGBean(clientLM, gbean);
+
+        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.DirectConfigurationEntry");
+        clientCE = new ObjectName("geronimo.security:type=ConfigurationEntry,jaasId=properties-client");
+        gbean.setAttribute("applicationConfigName", "properties-client");
+        gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED);
+        gbean.setReferencePatterns("Module", Collections.singleton(clientLM));
+        kernel.loadGBean(clientCE, gbean);
+
+        gbean = new GBeanMBean("org.apache.geronimo.security.jaas.LoginModuleGBean");
+        testCE = new ObjectName("geronimo.security:type=LoginModule,name=properties");
+        gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule");
+        gbean.setAttribute("serverSide", new Boolean(true));
+        props = new Properties();
+        props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toString());
+        props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toString());
+        gbean.setAttribute("options", props);
+        gbean.setAttribute("loginDomainName", "TestProperties");
+        kernel.loadGBean(testCE, gbean);
+
+        gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
+        testRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=properties-realm");
+        gbean.setAttribute("realmName", "properties-realm");
+        props = new Properties();
+        props.setProperty("LoginModule.1.REQUIRED","geronimo.security:type=LoginModule,name=properties");
+        gbean.setAttribute("loginModuleConfiguration", props);
+        gbean.setReferencePatterns("ServerInfo", Collections.singleton(serverInfo));
+        kernel.loadGBean(testRealm, gbean);
+
+        kernel.startGBean(loginConfiguration);
+        kernel.startGBean(clientLM);
+        kernel.startGBean(clientCE);
+        kernel.startGBean(testCE);
+        kernel.startGBean(testRealm);
+    }
+
+    public void tearDown() throws Exception {
+        kernel.stopGBean(testRealm);
+        kernel.stopGBean(testCE);
+        kernel.stopGBean(clientCE);
+        kernel.stopGBean(clientLM);
+        kernel.stopGBean(loginConfiguration);
+        kernel.stopGBean(serverInfo);
+
+        kernel.unloadGBean(testCE);
+        kernel.unloadGBean(testRealm);
+        kernel.unloadGBean(clientCE);
+        kernel.unloadGBean(clientLM);
+        kernel.unloadGBean(loginConfiguration);
+        kernel.unloadGBean(serverInfo);
+
+        super.tearDown();
+    }
+
+    public void testDeploymentSupport() throws Exception {
+        SecurityRealm realm = (SecurityRealm) MBeanProxyFactory.getProxy(SecurityRealm.class, kernel.getMBeanServer(), testRealm);
+        String[] domains = realm.getLoginDomains();
+        assertEquals(1, domains.length);
+        DeploymentSupport deployment = realm.getDeploymentSupport(domains[0]);
+        assertNotNull(deployment);
+        String[] classes = deployment.getPrincipalClassNames();
+        assertEquals(2, classes.length);
+        if(classes[0].equals(GeronimoUserPrincipal.class.getName())) {
+            assertEquals(GeronimoGroupPrincipal.class.getName(), classes[1]);
+        } else if(classes[1].equals(GeronimoUserPrincipal.class.getName())) {
+            assertEquals(GeronimoGroupPrincipal.class.getName(), classes[0]);
+        } else {
+            fail("Unexpected principal class names "+classes[0]+" / "+classes[1]);
+        }
+        String[] names = deployment.getPrincipalsOfClass(GeronimoUserPrincipal.class.getName());
+        assertEquals(5, names.length);
+        List list = Arrays.asList(names);
+        assertTrue(list.contains("izumi"));
+        assertTrue(list.contains("alan"));
+        assertTrue(list.contains("george"));
+        assertTrue(list.contains("gracie"));
+        assertTrue(list.contains("metro"));
+        names = deployment.getPrincipalsOfClass(GeronimoGroupPrincipal.class.getName());
+        assertEquals(5, names.length);
+        list = Arrays.asList(names);
+        assertTrue(list.contains("manager"));
+        assertTrue(list.contains("it"));
+        assertTrue(list.contains("pet"));
+        assertTrue(list.contains("dog"));
+        assertTrue(list.contains("cat"));
+        String[] map = deployment.getAutoMapPrincipalClassNames();
+        assertEquals(1, map.length);
+        assertEquals(GeronimoGroupPrincipal.class.getName(), map[0]);
+    }
+}

Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java&r1=106256&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java	(original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java	Mon Nov 22 18:03:22 2004
@@ -31,7 +31,13 @@
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.security.IdentificationPrincipal;
 import org.apache.geronimo.security.RealmPrincipal;
+import org.apache.geronimo.security.realm.SecurityRealm;
+import org.apache.geronimo.security.realm.DeploymentSupport;
+import org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal;
+import org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.kernel.jmx.MBeanProxyFactory;
+import org.apache.geronimo.kernel.Kernel;
 
 
 /**
@@ -91,6 +97,7 @@
         props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toURI().toString());
         props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toURI().toString());
         gbean.setAttribute("options", props);
+        gbean.setAttribute("loginDomainName", "TestProperties");
         kernel.loadGBean(testCE, gbean);
 
         gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");
@@ -133,18 +140,22 @@
 
         context.login();
         Subject subject = context.getSubject();
-        assertTrue("expected non-null client subject", subject != null);
-        Set set = subject.getPrincipals(IdentificationPrincipal.class);
-        assertEquals("client subject should have one ID principal", set.size(), 1);
-        IdentificationPrincipal idp = (IdentificationPrincipal)set.iterator().next();
-        subject = ContextManager.getRegisteredSubject(idp.getId());
 
-        assertTrue("expected non-null server subject", subject != null);
-        assertTrue("server subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1);
+        assertTrue("expected non-null subject", subject != null);
+        assertTrue("subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1);
         IdentificationPrincipal remote = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
-        assertTrue("server subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null);
-        assertTrue("server subject should have five principals", subject.getPrincipals().size() == 5);
-        assertTrue("server subject should have two realm principal", subject.getPrincipals(RealmPrincipal.class).size() == 2);
+        assertTrue("subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null);
+        assertEquals("subject should have three principals ("+subject.getPrincipals().size()+")", 3, subject.getPrincipals().size());
+        assertEquals("subject should have no realm principals ("+subject.getPrincipals(RealmPrincipal.class).size()+")", 0, subject.getPrincipals(RealmPrincipal.class).size());
+
+        subject = ContextManager.getServerSideSubject(subject);
+
+        assertTrue("expected non-null subject", subject != null);
+        assertTrue("subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1);
+        remote = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
+        assertTrue("subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null);
+        assertEquals("subject should have five principals ("+subject.getPrincipals().size()+")", 5, subject.getPrincipals().size());
+        assertEquals("subject should have two realm principals ("+subject.getPrincipals(RealmPrincipal.class).size()+")", 2, subject.getPrincipals(RealmPrincipal.class).size());
         RealmPrincipal principal = (RealmPrincipal) subject.getPrincipals(RealmPrincipal.class).iterator().next();
         assertTrue("id of principal should be non-zero", principal.getId() != 0);
 

Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java&r1=106256&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java	(original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java	Mon Nov 22 18:03:22 2004
@@ -93,6 +93,7 @@
         props.put("userSelect", "SELECT UserName, Password FROM Users");
         props.put("groupSelect", "SELECT GroupName, UserName FROM Groups");
         gbean.setAttribute("options", props);
+        gbean.setAttribute("loginDomainName", "SQLDomain");
         kernel.loadGBean(sqlModule, gbean);
         kernel.startGBean(sqlModule);
 

Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java&r1=106256&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java	(original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java	Mon Nov 22 18:03:22 2004
@@ -113,6 +113,7 @@
         props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toURI().toString());
         props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toURI().toString());
         gbean.setAttribute("options", props);
+        gbean.setAttribute("loginDomainName", "PropertiesDomain");
         kernel.loadGBean(testCE, gbean);
 
         gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");

Modified: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java?view=diff&rev=106257&p1=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java&r1=106256&p2=geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java&r2=106257
==============================================================================
--- geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java	(original)
+++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/network/protocol/SubjectCarryingProtocolTest.java	Mon Nov 22 18:03:22 2004
@@ -285,6 +285,7 @@
         props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toURI().toString());
         props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toURI().toString());
         gbean.setAttribute("options", props);
+        gbean.setAttribute("loginDomainName", "PropertiesDomain");
         kernel.loadGBean(testCE, gbean);
 
         gbean = new GBeanMBean("org.apache.geronimo.security.realm.GenericSecurityRealm");

Mime
View raw message