geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r109824 - in geronimo/branches/djencks/jetty-deployer1/trunk/modules: jetty-builder/src/java/org/apache/geronimo/jetty/deployment jetty/src/java/org/apache/geronimo/jetty jetty/src/test/org/apache/geronimo/jetty
Date Sat, 04 Dec 2004 20:51:00 GMT
Author: djencks
Date: Sat Dec  4 12:51:00 2004
New Revision: 109824

URL: http://svn.apache.org/viewcvs?view=rev&rev=109824
Log:
add missing security configuration piece.  With luck we can figure out how to take this out
again
Modified:
   geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
   geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
   geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
   geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java

Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java?view=diff&rev=109824&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r1=109823&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r2=109824
==============================================================================
--- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
(original)
+++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
Sat Dec  4 12:51:00 2004
@@ -26,6 +26,7 @@
 import java.net.URL;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -34,7 +35,6 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-import java.util.Collections;
 import java.util.jar.JarFile;
 import java.util.zip.ZipEntry;
 import javax.management.MalformedObjectNameException;
@@ -107,6 +107,7 @@
 import org.mortbay.http.BasicAuthenticator;
 import org.mortbay.http.ClientCertAuthenticator;
 import org.mortbay.http.DigestAuthenticator;
+import org.mortbay.http.SecurityConstraint;
 import org.mortbay.jetty.servlet.FormAuthenticator;
 
 
@@ -378,6 +379,8 @@
                 }
                 webModuleData.setAttribute("policyContextID", policyContextID);
                 buildSpecSecurityConfig(webApp, webModuleData, securityRoles);
+                //TODO figure out if we can avoid this.
+                buildLegacySecurityConstraints(webApp, webModuleData);
 
             } else {
                 webModuleData = new GBeanData(webModuleName, JettyWebAppContext.GBEAN_INFO);
@@ -846,6 +849,72 @@
         webModuleData.setAttribute("excludedPermissions", excludedPermissions);
         webModuleData.setAttribute("uncheckedPermissions", uncheckedPermissions);
         webModuleData.setAttribute("rolePermissions", rolePermissions);
+    }
+
+    private void buildLegacySecurityConstraints(WebAppType webApp, GBeanData webModuleData)
throws DeploymentException {
+        //this is basically what jetty's XMLConfiguration does.  I would hope we could come
up with a better way.
+        Map urlToSecurityConstraintListMap = new HashMap();
+        SecurityConstraintType[] securityConstraintArray = webApp.getSecurityConstraintArray();
+        for (int i = 0; i < securityConstraintArray.length; i++) {
+            SecurityConstraintType securityConstraintType = securityConstraintArray[i];
+
+            SecurityConstraint scBase = new SecurityConstraint();
+            if (securityConstraintType.isSetAuthConstraint()) {
+                scBase.setAuthenticate(true);
+                RoleNameType[] roleNameArray = securityConstraintType.getAuthConstraint().getRoleNameArray();
+                for (int j = 0; j < roleNameArray.length; j++) {
+                    RoleNameType roleNameType = roleNameArray[j];
+                    scBase.addRole(roleNameType.getStringValue().trim());
+                }
+            }
+            if (securityConstraintType.isSetUserDataConstraint()) {
+                String guarantee = securityConstraintType.getUserDataConstraint().getTransportGuarantee().getStringValue().trim();
+                if (guarantee == null || guarantee.length() == 0 || "NONE".equals(guarantee))
+                    scBase.setDataConstraint(SecurityConstraint.DC_NONE);
+                else if ("INTEGRAL".equals(guarantee))
+                    scBase.setDataConstraint(SecurityConstraint.DC_INTEGRAL);
+                else if ("CONFIDENTIAL".equals(guarantee))
+                    scBase.setDataConstraint(SecurityConstraint.DC_CONFIDENTIAL);
+                else
+                {
+                    //ToDO what do we do here?
+//                    log.warn("Unknown user-data-constraint:" + guarantee);
+                    scBase.setDataConstraint(SecurityConstraint.DC_CONFIDENTIAL);
+                }
+            }
+            WebResourceCollectionType[] webResourceCollectionArray = securityConstraintType.getWebResourceCollectionArray();
+            for (int j = 0; j < webResourceCollectionArray.length; j++) {
+                WebResourceCollectionType webResourceCollectionType = webResourceCollectionArray[j];
+
+                String name = webResourceCollectionType.getWebResourceName().getStringValue().trim();
+                SecurityConstraint sc = null;
+                try {
+                    sc = (SecurityConstraint) scBase.clone();
+                } catch (CloneNotSupportedException e) {
+                    throw new DeploymentException("this should not have happened", e);
+                }
+                sc.setName(name);
+                HttpMethodType[] httpMethodArray = webResourceCollectionType.getHttpMethodArray();
+                for (int k = 0; k < httpMethodArray.length; k++) {
+                    HttpMethodType httpMethodType = httpMethodArray[k];
+                        sc.addMethod(httpMethodType.getStringValue().trim());
+                }
+                UrlPatternType[] urlPatternArray = webResourceCollectionType.getUrlPatternArray();
+                for (int k = 0; k < urlPatternArray.length; k++) {
+                    UrlPatternType urlPatternType = urlPatternArray[k];
+                    String urlPattern = urlPatternType.getStringValue();
+                    List securityConstraints = (List) urlToSecurityConstraintListMap.get(urlPattern);
+                    if (securityConstraints == null) {
+                        securityConstraints = new ArrayList();
+                        urlToSecurityConstraintListMap.put(urlPattern, securityConstraints);
+                    }
+                    securityConstraints.add(sc);
+                }
+            }
+        }
+
+        webModuleData.setAttribute("legacySecurityConstraintMap", urlToSecurityConstraintListMap);
+
     }
 
     private static Set collectRoleNames(WebAppType webApp) {

Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java?view=diff&rev=109824&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r1=109823&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r2=109824
==============================================================================
--- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
(original)
+++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
Sat Dec  4 12:51:00 2004
@@ -25,13 +25,13 @@
 import java.security.AccessControlException;
 import java.security.Permission;
 import java.security.Principal;
+import java.util.Collection;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-import java.util.Collection;
 import javax.management.MalformedObjectNameException;
 import javax.management.ObjectName;
 import javax.security.auth.Subject;
@@ -154,6 +154,9 @@
                                   Set excludedPermissions,
                                   Map rolePermissions,
 
+                                  //TODO remove
+                                  Map legacySecurityConstraintMap,
+
                                   TransactionContextManager transactionContextManager,
                                   TrackedConnectionAssociator trackedConnectionAssociator,
                                   JettyContainer jettyContainer,
@@ -203,18 +206,18 @@
 
         this.defaultPrincipal = generateDefaultPrincipal(securityConfig, loginDomainName);
 
-    }
-
-    public Kernel getKernel() {
-        return kernel;
-    }
+        //TODO remove
+        for (Iterator entries = legacySecurityConstraintMap.entrySet().iterator(); entries.hasNext();)
{
+            Map.Entry entry = (Map.Entry) entries.next();
+            String urlPattern = (String) entry.getKey();
+            List securityConstraints = (List) entry.getValue();
+            for (Iterator constraints = securityConstraints.iterator(); constraints.hasNext();)
{
+                SecurityConstraint securityConstraint = (SecurityConstraint) constraints.next();
+                addSecurityConstraint(urlPattern, securityConstraint);
+            }
 
-    public String getPolicyContextID() {
-        return policyContextID;
-    }
+        }
 
-    public Security getSecurityConfig() {
-        return securityConfig;
     }
 
     public Subject getRoleDesignate(String roleName) {
@@ -514,7 +517,7 @@
         SubjectId id = ContextManager.getSubjectId(defaultSubject);
         defaultSubject.getPrincipals().add(new IdentificationPrincipal(id));
 
-        log.debug("Default subject " + id + " for JACC policy '" + ((JettyWebAppJACCContext)
getHttpContext()).getPolicyContextID() + "' registered.");
+        log.debug("Default subject " + id + " for JACC policy '" + policyContextID + "' registered.");
 
         /**
          * Get the JACC policy configuration that's associated with this
@@ -552,7 +555,7 @@
             id = ContextManager.getSubjectId(roleDesignate);
             roleDesignate.getPrincipals().add(new IdentificationPrincipal(id));
 
-            log.debug("Role designate " + id + " for role '" + roleName + "' for JACC policy
'" + ((JettyWebAppJACCContext) getHttpContext()).getPolicyContextID() + "' registered.");
+            log.debug("Role designate " + id + " for role '" + roleName + "' for JACC policy
'" + policyContextID + "' registered.");
         }
 
         log.info("JettyWebAppJACCContext started with JACC policy '" + policyContextID +
"'");
@@ -564,7 +567,7 @@
         /**
          * Unregister the default principal and role designates
          */
-        log.debug("Default subject " + ContextManager.getSubjectId(defaultPrincipal.getSubject())
+ " for JACC policy " + ((JettyWebAppJACCContext) getHttpContext()).getPolicyContextID() +
"' unregistered.");
+        log.debug("Default subject " + ContextManager.getSubjectId(defaultPrincipal.getSubject())
+ " for JACC policy " + policyContextID + "' unregistered.");
 
         ContextManager.unregisterSubject(defaultPrincipal.getSubject());
 
@@ -574,7 +577,7 @@
             Subject roleDesignate = (Subject) roleDesignates.get(roleName);
 
             ContextManager.unregisterSubject(roleDesignate);
-            log.debug("Role designate " + ContextManager.getSubjectId(roleDesignate) + "
for role '" + roleName + "' for JACC policy '" + ((JettyWebAppJACCContext) getHttpContext()).getPolicyContextID()
+ "' unregistered.");
+            log.debug("Role designate " + ContextManager.getSubjectId(roleDesignate) + "
for role '" + roleName + "' for JACC policy '" + policyContextID + "' unregistered.");
         }
 
         /**
@@ -677,6 +680,8 @@
         infoBuilder.addAttribute("uncheckedPermissions", Set.class, true);
         infoBuilder.addAttribute("excludedPermissions", Set.class, true);
         infoBuilder.addAttribute("rolePermissions", Map.class, true);
+        //TODO remove
+        infoBuilder.addAttribute("legacySecurityConstraintMap", Map.class, true);
 
         infoBuilder.addAttribute("kernel", Kernel.class, false);
 
@@ -712,6 +717,8 @@
             "uncheckedPermissions",
             "excludedPermissions",
             "rolePermissions",
+            //TODO remove
+            "legacySecurityConstraintMap",
 
             "TransactionContextManager",
             "TrackedConnectionAssociator",

Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?view=diff&rev=109824&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r1=109823&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r2=109824
==============================================================================
--- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
(original)
+++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
Sat Dec  4 12:51:00 2004
@@ -119,7 +119,7 @@
         start(app);
     }
 
-    protected void setUpSecureAppContext(Security securityConfig, Set uncheckedPermissions,
Set excludedPermissions, Map rolePermissions, Set securityRoles) throws Exception {
+    protected void setUpSecureAppContext(Security securityConfig, Set uncheckedPermissions,
Set excludedPermissions, Map rolePermissions, Set securityRoles, Map legacySecurityConstraintMap)
throws Exception {
         GBeanData app = new GBeanData(webModuleName, JettyWebAppJACCContext.GBEAN_INFO);
         app.setAttribute("loginDomainName", "jaasTest");
         app.setAttribute("securityConfig", securityConfig);
@@ -127,6 +127,7 @@
         app.setAttribute("excludedPermissions", excludedPermissions);
         app.setAttribute("rolePermissions", rolePermissions);
         app.setAttribute("securityRoles", securityRoles);
+        app.setAttribute("legacySecurityConstraintMap", legacySecurityConstraintMap);
         FormAuthenticator formAuthenticator = new FormAuthenticator();
         formAuthenticator.setLoginPage("/auth/logon.html?param=test");
         formAuthenticator.setErrorPage("/auth/logonError.html?param=test");

Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java?view=diff&rev=109824&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r1=109823&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r2=109824
==============================================================================
--- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
(original)
+++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
Sat Dec  4 12:51:00 2004
@@ -81,8 +81,9 @@
         Set excludedPermissions = new HashSet();
         Map rolePermissions = new HashMap();
         Set securityRoles = new HashSet();
+        Map legacySecurityConstraintMap = new HashMap();
 
-        startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions,
securityRoles);
+        startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions,
securityRoles, legacySecurityConstraintMap);
 
         HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
         connection.setInstanceFollowRedirects(false);
@@ -190,7 +191,9 @@
         securityRoles.add("content-administrator");
         securityRoles.add("auto-administrator");
 
-        startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions,
securityRoles);
+        Map legacySecurityConstraintMap = new HashMap();
+
+        startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions,
securityRoles, legacySecurityConstraintMap);
 
         HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
         connection.setInstanceFollowRedirects(false);
@@ -306,8 +309,9 @@
         Set excludedPermissions = new HashSet();
         Map rolePermissions = new HashMap();
         Set securityRoles = new HashSet();
+        Map legacySecurityConstraintMap = new HashMap();
 
-        startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions,
securityRoles);
+        startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions,
securityRoles, legacySecurityConstraintMap);
 
         HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
         connection.setInstanceFollowRedirects(false);
@@ -371,8 +375,8 @@
         stopWebApp();
     }
 
-    protected void startWebApp(Security securityConfig, Set uncheckedPermissions, Set excludedPermissions,
Map rolePermissions, Set securityRoles) throws Exception {
-        setUpSecureAppContext(securityConfig, uncheckedPermissions, excludedPermissions,
rolePermissions, securityRoles);
+    protected void startWebApp(Security securityConfig, Set uncheckedPermissions, Set excludedPermissions,
Map rolePermissions, Set securityRoles, Map legacySecurityConstraintMap) throws Exception
{
+        setUpSecureAppContext(securityConfig, uncheckedPermissions, excludedPermissions,
rolePermissions, securityRoles, legacySecurityConstraintMap);
         setUpStaticContentServlet();
 //        GBeanMBean app = new GBeanMBean(JettyWebAppJACCContext.GBEAN_INFO);
 //

Mime
View raw message