geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r111381 - in geronimo/branches/djencks/jetty-deployer1/trunk/modules: jetty-builder/src/java/org/apache/geronimo/jetty/deployment jetty/src/java/org/apache/geronimo/jetty jetty/src/test/org/apache/geronimo/jetty
Date Thu, 09 Dec 2004 13:38:09 GMT
Author: adc
Date: Thu Dec  9 05:38:07 2004
New Revision: 111381

URL: http://svn.apache.org/viewcvs?view=rev&rev=111381
Log:
Removed the old Jetty legacy security constraints
Modified:
   geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
   geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
   geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
   geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java

Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java?view=diff&rev=111381&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r1=111380&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r2=111381
==============================================================================
--- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
(original)
+++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
Thu Dec  9 05:38:07 2004
@@ -24,6 +24,8 @@
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
+import java.security.PermissionCollection;
+import java.security.Permissions;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -44,6 +46,13 @@
 import javax.security.jacc.WebUserDataPermission;
 import javax.transaction.UserTransaction;
 
+import org.apache.xmlbeans.XmlException;
+import org.apache.xmlbeans.XmlObject;
+import org.mortbay.http.BasicAuthenticator;
+import org.mortbay.http.ClientCertAuthenticator;
+import org.mortbay.http.DigestAuthenticator;
+import org.mortbay.jetty.servlet.FormAuthenticator;
+
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.deployment.service.GBeanHelper;
 import org.apache.geronimo.deployment.util.DeploymentUtil;
@@ -102,13 +111,6 @@
 import org.apache.geronimo.xbeans.j2ee.WebAppType;
 import org.apache.geronimo.xbeans.j2ee.WebResourceCollectionType;
 import org.apache.geronimo.xbeans.j2ee.WelcomeFileListType;
-import org.apache.xmlbeans.XmlException;
-import org.apache.xmlbeans.XmlObject;
-import org.mortbay.http.BasicAuthenticator;
-import org.mortbay.http.ClientCertAuthenticator;
-import org.mortbay.http.DigestAuthenticator;
-import org.mortbay.http.SecurityConstraint;
-import org.mortbay.jetty.servlet.FormAuthenticator;
 
 
 /**
@@ -384,8 +386,6 @@
                 }
                 webModuleData.setAttribute("policyContextID", policyContextID);
                 buildSpecSecurityConfig(webApp, webModuleData, securityRoles);
-                //TODO figure out if we can avoid this.
-                buildLegacySecurityConstraints(webApp, webModuleData);
 
             } else {
                 webModuleData = new GBeanData(webModuleName, JettyWebAppContext.GBEAN_INFO);
@@ -839,8 +839,8 @@
             }
         }
 
-        Set excludedPermissions = new HashSet();
-        Set uncheckedPermissions = new HashSet();
+        PermissionCollection excludedPermissions = new Permissions();
+        PermissionCollection uncheckedPermissions = new Permissions();
         Map rolePermissions = new HashMap();
 
         Iterator iter = excludedPatterns.keySet().iterator();
@@ -934,71 +934,6 @@
         webModuleData.setAttribute("excludedPermissions", excludedPermissions);
         webModuleData.setAttribute("uncheckedPermissions", uncheckedPermissions);
         webModuleData.setAttribute("rolePermissions", rolePermissions);
-    }
-
-    private void buildLegacySecurityConstraints(WebAppType webApp, GBeanData webModuleData)
throws DeploymentException {
-        //this is basically what jetty's XMLConfiguration does.  I would hope we could come
up with a better way.
-        Map urlToSecurityConstraintListMap = new HashMap();
-        SecurityConstraintType[] securityConstraintArray = webApp.getSecurityConstraintArray();
-        for (int i = 0; i < securityConstraintArray.length; i++) {
-            SecurityConstraintType securityConstraintType = securityConstraintArray[i];
-
-            SecurityConstraint scBase = new SecurityConstraint();
-            if (securityConstraintType.isSetAuthConstraint()) {
-                scBase.setAuthenticate(true);
-                RoleNameType[] roleNameArray = securityConstraintType.getAuthConstraint().getRoleNameArray();
-                for (int j = 0; j < roleNameArray.length; j++) {
-                    RoleNameType roleNameType = roleNameArray[j];
-                    scBase.addRole(roleNameType.getStringValue().trim());
-                }
-            }
-            if (securityConstraintType.isSetUserDataConstraint()) {
-                String guarantee = securityConstraintType.getUserDataConstraint().getTransportGuarantee().getStringValue().trim();
-                if (guarantee == null || guarantee.length() == 0 || "NONE".equals(guarantee))
-                    scBase.setDataConstraint(SecurityConstraint.DC_NONE);
-                else if ("INTEGRAL".equals(guarantee))
-                    scBase.setDataConstraint(SecurityConstraint.DC_INTEGRAL);
-                else if ("CONFIDENTIAL".equals(guarantee))
-                    scBase.setDataConstraint(SecurityConstraint.DC_CONFIDENTIAL);
-                else {
-                    //ToDO what do we do here?
-//                    log.warn("Unknown user-data-constraint:" + guarantee);
-                    scBase.setDataConstraint(SecurityConstraint.DC_CONFIDENTIAL);
-                }
-            }
-            WebResourceCollectionType[] webResourceCollectionArray = securityConstraintType.getWebResourceCollectionArray();
-            for (int j = 0; j < webResourceCollectionArray.length; j++) {
-                WebResourceCollectionType webResourceCollectionType = webResourceCollectionArray[j];
-
-                String name = webResourceCollectionType.getWebResourceName().getStringValue().trim();
-                SecurityConstraint sc = null;
-                try {
-                    sc = (SecurityConstraint) scBase.clone();
-                } catch (CloneNotSupportedException e) {
-                    throw new DeploymentException("this should not have happened", e);
-                }
-                sc.setName(name);
-                HttpMethodType[] httpMethodArray = webResourceCollectionType.getHttpMethodArray();
-                for (int k = 0; k < httpMethodArray.length; k++) {
-                    HttpMethodType httpMethodType = httpMethodArray[k];
-                    sc.addMethod(httpMethodType.getStringValue().trim());
-                }
-                UrlPatternType[] urlPatternArray = webResourceCollectionType.getUrlPatternArray();
-                for (int k = 0; k < urlPatternArray.length; k++) {
-                    UrlPatternType urlPatternType = urlPatternArray[k];
-                    String urlPattern = urlPatternType.getStringValue();
-                    List securityConstraints = (List) urlToSecurityConstraintListMap.get(urlPattern);
-                    if (securityConstraints == null) {
-                        securityConstraints = new ArrayList();
-                        urlToSecurityConstraintListMap.put(urlPattern, securityConstraints);
-                    }
-                    securityConstraints.add(sc);
-                }
-            }
-        }
-
-        webModuleData.setAttribute("legacySecurityConstraintMap", urlToSecurityConstraintListMap);
-
     }
 
     private static Set collectRoleNames(WebAppType webApp) {

Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java?view=diff&rev=111381&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r1=111380&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r2=111381
==============================================================================
--- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
(original)
+++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
Thu Dec  9 05:38:07 2004
@@ -18,18 +18,20 @@
 package org.apache.geronimo.jetty;
 
 import java.io.IOException;
-import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URL;
 import java.security.AccessControlContext;
 import java.security.AccessControlException;
 import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Permissions;
 import java.security.Principal;
 import java.util.Collection;
+import java.util.HashSet;
 import java.util.Iterator;
-import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.Enumeration;
 import javax.management.MalformedObjectNameException;
 import javax.management.ObjectName;
 import javax.security.auth.Subject;
@@ -42,6 +44,16 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.mortbay.http.Authenticator;
+import org.mortbay.http.HttpException;
+import org.mortbay.http.HttpRequest;
+import org.mortbay.http.HttpResponse;
+import org.mortbay.http.SecurityConstraint;
+import org.mortbay.http.UserRealm;
+import org.mortbay.jetty.servlet.FormAuthenticator;
+import org.mortbay.jetty.servlet.ServletHolder;
+import org.mortbay.jetty.servlet.ServletHttpRequest;
+
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
@@ -63,17 +75,6 @@
 import org.apache.geronimo.transaction.OnlineUserTransaction;
 import org.apache.geronimo.transaction.TrackedConnectionAssociator;
 import org.apache.geronimo.transaction.context.TransactionContextManager;
-import org.mortbay.http.Authenticator;
-import org.mortbay.http.HttpException;
-import org.mortbay.http.HttpRequest;
-import org.mortbay.http.HttpResponse;
-import org.mortbay.http.PathMap;
-import org.mortbay.http.SecurityConstraint;
-import org.mortbay.http.UserRealm;
-import org.mortbay.jetty.servlet.FormAuthenticator;
-import org.mortbay.jetty.servlet.ServletHolder;
-import org.mortbay.jetty.servlet.ServletHttpRequest;
-import org.mortbay.util.LazyList;
 
 
 /**
@@ -95,15 +96,15 @@
     private PolicyConfigurationFactory factory;
     private PolicyConfiguration policyConfiguration;
 
-    private final PathMap constraintMap = new PathMap();
-
     private String formLoginPath;
 
     private final Set securityRoles;
-    private final Set excludedPermissions;
-    private final Set uncheckedPermissions;
+    private final PermissionCollection excludedPermissions;
+    private final PermissionCollection uncheckedPermissions;
     private final Map rolePermissions;
 
+    PermissionCollection checked = new Permissions();
+
     private final SecurityContextBeforeAfter securityInterceptor;
 
 
@@ -148,13 +149,10 @@
                                   Security securityConfig,
                                   //from jettyxmlconfig
                                   Set securityRoles,
-                                  Set uncheckedPermissions,
-                                  Set excludedPermissions,
+                                  PermissionCollection uncheckedPermissions,
+                                  PermissionCollection excludedPermissions,
                                   Map rolePermissions,
 
-                                  //TODO remove
-                                  Map legacySecurityConstraintMap,
-
                                   TransactionContextManager transactionContextManager,
                                   TrackedConnectionAssociator trackedConnectionAssociator,
                                   JettyContainer jettyContainer,
@@ -209,16 +207,18 @@
         contextLength = index;
         chain = securityInterceptor;
 
-        //TODO remove
-        for (Iterator entries = legacySecurityConstraintMap.entrySet().iterator(); entries.hasNext();)
{
-            Map.Entry entry = (Map.Entry) entries.next();
-            String urlPattern = (String) entry.getKey();
-            List securityConstraints = (List) entry.getValue();
-            for (Iterator constraints = securityConstraints.iterator(); constraints.hasNext();)
{
-                SecurityConstraint securityConstraint = (SecurityConstraint) constraints.next();
-                addSecurityConstraint(urlPattern, securityConstraint);
+        Set p = new HashSet();
+        for (Iterator iterator = rolePermissions.entrySet().iterator(); iterator.hasNext();)
{
+            Map.Entry entry = (Map.Entry) iterator.next();
+            Set permissions = (Set) entry.getValue();
+            for (Iterator iterator1 = permissions.iterator(); iterator1.hasNext();) {
+                Permission permission = (Permission) iterator1.next();
+                p.add(permission);
             }
-
+        }
+        for (Iterator iterator = p.iterator(); iterator.hasNext();) {
+            Permission permission = (Permission) iterator.next();
+            checked.add(permission);
         }
 
     }
@@ -236,31 +236,6 @@
         policyConfiguration.commit();
     }
 
-
-    /**
-     * Keep our own copy of security constraints.<p/>
-     * <p/>
-     * We keep our own copy of security constraints because Jetty's copy is
-     * private.  We use these constraints not for any authorization descitions
-     * but, to decide whether we should attempt to authenticate the request.
-     *
-     * @param pathSpec The path spec to which the secuiryt cosntraint applies
-     * @param sc       the security constraint
-     *                 TODO Jetty to provide access to this map so we can remove this method
-     * @see org.mortbay.http.HttpContext#addSecurityConstraint(java.lang.String, org.mortbay.http.SecurityConstraint)
-     */
-    public void addSecurityConstraint(String pathSpec, SecurityConstraint sc) {
-        super.addSecurityConstraint(pathSpec, sc);
-
-        Object scs = constraintMap.get(pathSpec);
-        scs = LazyList.add(scs, sc);
-        constraintMap.put(pathSpec, scs);
-
-        if (log.isDebugEnabled()) {
-            log.debug("added " + sc + " at " + pathSpec);
-        }
-    }
-
     /**
      * Check the security constraints using JACC.
      *
@@ -328,49 +303,11 @@
      *         e.g. login page.
      */
     public Principal obtainUser(String pathInContext, HttpRequest request, HttpResponse response)
throws HttpException, IOException {
-        List scss = constraintMap.getMatches(pathInContext);
-        String pattern = null;
-        boolean unauthenticated = false;
-        boolean forbidden = false;
-
-        if (scss != null && scss.size() > 0) {
-
-            // for each path match
-            // Add only constraints that have the correct method
-            // break if the matching pattern changes.  This allows only
-            // constraints with matching pattern and method to be combined.
-            loop:
-            for (int m = 0; m < scss.size(); m++) {
-                Map.Entry entry = (Map.Entry) scss.get(m);
-                Object scs = entry.getValue();
-                String p = (String) entry.getKey();
-                for (int c = 0; c < LazyList.size(scs); c++) {
-                    SecurityConstraint sc = (SecurityConstraint) LazyList.get(scs, c);
-                    if (!sc.forMethod(request.getMethod())) continue;
-
-                    if (pattern != null && !pattern.equals(p)) break loop;
-                    pattern = p;
-
-                    // Check the method applies
-                    if (!sc.forMethod(request.getMethod())) continue;
-
-                    // Combine auth constraints.
-                    if (sc.getAuthenticate()) {
-                        if (!sc.isAnyRole()) {
-                            List scr = sc.getRoles();
-                            if (scr == null || scr.size() == 0) {
-                                forbidden = true;
-                                break loop;
-                            }
-                        }
-                    } else {
-                        unauthenticated = true;
-                    }
-                }
-            }
-        } else {
-            unauthenticated = true;
-        }
+        ServletHttpRequest servletHttpRequest = (ServletHttpRequest) request.getWrapper();
+        WebResourcePermission resourcePermission = new WebResourcePermission(servletHttpRequest);
+        WebUserDataPermission dataPermission = new WebUserDataPermission(servletHttpRequest);
+        boolean unauthenticated = !(checked.implies(resourcePermission) || checked.implies(dataPermission));
+        boolean forbidden = excludedPermissions.implies(resourcePermission) || excludedPermissions.implies(dataPermission);
 
         UserRealm realm = getRealm();
         Authenticator authenticator = getAuthenticator();
@@ -414,7 +351,7 @@
     /**
      * Generate the default principal from the security config.
      *
-     * @param securityConfig The Geronimo security configuration.
+     * @param securityConfig  The Geronimo security configuration.
      * @param loginDomainName
      * @return the default principal
      */
@@ -553,21 +490,15 @@
 
     private void configure() throws GeronimoSecurityException {
         try {
-            for (Iterator iterator = excludedPermissions.iterator(); iterator.hasNext();)
{
-                Permission permission =  (Permission) iterator.next();
-                policyConfiguration.addToExcludedPolicy(permission);
-            }
-            for (Iterator iterator = uncheckedPermissions.iterator(); iterator.hasNext();)
{
-                Permission permission = (Permission) iterator.next();
-                policyConfiguration.addToUncheckedPolicy(permission);
-            }
+            policyConfiguration.addToExcludedPolicy(excludedPermissions);
+            policyConfiguration.addToUncheckedPolicy(uncheckedPermissions);
             for (Iterator iterator = rolePermissions.entrySet().iterator(); iterator.hasNext();)
{
                 Map.Entry entry = (Map.Entry) iterator.next();
                 String roleName = (String) entry.getKey();
                 Set permissions = (Set) entry.getValue();
                 for (Iterator iterator1 = permissions.iterator(); iterator1.hasNext();) {
                     Permission permission = (Permission) iterator1.next();
-                    policyConfiguration.addToRole(roleName,  permission);
+                    policyConfiguration.addToRole(roleName, permission);
                 }
             }
         } catch (PolicyContextException e) {
@@ -587,11 +518,9 @@
         infoBuilder.addAttribute("securityConfig", Security.class, true);
 
         infoBuilder.addAttribute("securityRoles", Set.class, true);
-        infoBuilder.addAttribute("uncheckedPermissions", Set.class, true);
-        infoBuilder.addAttribute("excludedPermissions", Set.class, true);
+        infoBuilder.addAttribute("uncheckedPermissions", PermissionCollection.class, true);
+        infoBuilder.addAttribute("excludedPermissions", PermissionCollection.class, true);
         infoBuilder.addAttribute("rolePermissions", Map.class, true);
-        //TODO remove
-        infoBuilder.addAttribute("legacySecurityConstraintMap", Map.class, true);
 
         infoBuilder.addAttribute("kernel", Kernel.class, false);
 
@@ -627,8 +556,6 @@
             "uncheckedPermissions",
             "excludedPermissions",
             "rolePermissions",
-            //TODO remove
-            "legacySecurityConstraintMap",
 
             "TransactionContextManager",
             "TrackedConnectionAssociator",

Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?view=diff&rev=111381&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r1=111380&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r2=111381
==============================================================================
--- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
(original)
+++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
Thu Dec  9 05:38:07 2004
@@ -18,6 +18,7 @@
 
 import java.io.File;
 import java.net.URI;
+import java.security.PermissionCollection;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -123,7 +124,7 @@
         start(app);
     }
 
-    protected void setUpSecureAppContext(Security securityConfig, Set uncheckedPermissions,
Set excludedPermissions, Map rolePermissions, Set securityRoles, Map legacySecurityConstraintMap)
throws Exception {
+    protected void setUpSecureAppContext(Security securityConfig, PermissionCollection uncheckedPermissions,
PermissionCollection excludedPermissions, Map rolePermissions, Set securityRoles) throws Exception
{
         GBeanData app = new GBeanData(webModuleName, JettyWebAppJACCContext.GBEAN_INFO);
         app.setAttribute("loginDomainName", "demo-properties-realm");
         app.setAttribute("securityConfig", securityConfig);
@@ -131,7 +132,6 @@
         app.setAttribute("excludedPermissions", excludedPermissions);
         app.setAttribute("rolePermissions", rolePermissions);
         app.setAttribute("securityRoles", securityRoles);
-        app.setAttribute("legacySecurityConstraintMap", legacySecurityConstraintMap);
 
         FormAuthenticator formAuthenticator = new FormAuthenticator();
         formAuthenticator.setLoginPage("/auth/logon.html?param=test");

Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java?view=diff&rev=111381&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r1=111380&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r2=111381
==============================================================================
--- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
(original)
+++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
Thu Dec  9 05:38:07 2004
@@ -22,17 +22,15 @@
 import java.io.InputStreamReader;
 import java.net.HttpURLConnection;
 import java.net.URL;
+import java.security.PermissionCollection;
+import java.security.Permissions;
 import java.util.HashMap;
 import java.util.HashSet;
-import java.util.LinkedList;
-import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import javax.security.jacc.WebResourcePermission;
 import javax.security.jacc.WebUserDataPermission;
 
-import org.mortbay.http.SecurityConstraint;
-
 import org.apache.geronimo.security.SecurityService;
 import org.apache.geronimo.security.deploy.AutoMapAssistant;
 import org.apache.geronimo.security.deploy.DefaultPrincipal;
@@ -54,7 +52,7 @@
      *
      * @throws Exception thrown if an error in the test occurs
      */
-    public void XtestExplicitMapping() throws Exception {
+    public void testExplicitMapping() throws Exception {
         Security securityConfig = new Security();
         securityConfig.setUseContextHandler(false);
 
@@ -79,9 +77,9 @@
 
         securityConfig.getRoleMappings().put(role.getRoleName(), role);
 
-        Set uncheckedPermissions = new HashSet();
+        PermissionCollection uncheckedPermissions = new Permissions();
 
-        Set excludedPermissions = new HashSet();
+        PermissionCollection excludedPermissions = new Permissions();
         excludedPermissions.add(new WebResourcePermission("/auth/login.html", ""));
         excludedPermissions.add(new WebUserDataPermission("/auth/login.html", ""));
 
@@ -96,25 +94,7 @@
         securityRoles.add("content-administrator");
         securityRoles.add("auto-administrator");
 
-        /**
-         * TODO Remove the legacySecurityConstraintMap
-         */
-        Map legacySecurityConstraintMap = new HashMap();
-        List constraints = new LinkedList();
-        SecurityConstraint constraint = new SecurityConstraint();
-        constraint.setAuthenticate(true);
-        constraint.addRole("content-administrator");
-        constraint.addRole("auto-administrator");
-        constraints.add(constraint);
-        legacySecurityConstraintMap.put("/protected/*", constraints);
-
-        constraints = new LinkedList();
-        constraint = new SecurityConstraint();
-        constraint.setAuthenticate(true);
-        constraints.add(constraint);
-        legacySecurityConstraintMap.put("/auth/logon.html", constraints);
-
-        startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions,
securityRoles, legacySecurityConstraintMap);
+        startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions,
securityRoles);
 
         HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
         connection.setInstanceFollowRedirects(false);
@@ -204,9 +184,9 @@
             kernel.getProxyManager().destroyProxy(securityService);
         }
 
-        Set uncheckedPermissions = new HashSet();
+        PermissionCollection uncheckedPermissions = new Permissions();
 
-        Set excludedPermissions = new HashSet();
+        PermissionCollection excludedPermissions = new Permissions();
         excludedPermissions.add(new WebResourcePermission("/auth/login.html", ""));
         excludedPermissions.add(new WebUserDataPermission("/auth/login.html", ""));
 
@@ -221,25 +201,7 @@
         securityRoles.add("content-administrator");
         securityRoles.add("auto-administrator");
 
-        /**
-         * TODO Remove the legacySecurityConstraintMap
-         */
-        Map legacySecurityConstraintMap = new HashMap();
-        List constraints = new LinkedList();
-        SecurityConstraint constraint = new SecurityConstraint();
-        constraint.setAuthenticate(true);
-        constraint.addRole("content-administrator");
-        constraint.addRole("auto-administrator");
-        constraints.add(constraint);
-        legacySecurityConstraintMap.put("/protected/*", constraints);
-
-        constraints = new LinkedList();
-        constraint = new SecurityConstraint();
-        constraint.setAuthenticate(true);
-        constraints.add(constraint);
-        legacySecurityConstraintMap.put("/auth/logon.html", constraints);
-
-        startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions,
securityRoles, legacySecurityConstraintMap);
+        startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions,
securityRoles);
 
         HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
         connection.setInstanceFollowRedirects(false);
@@ -351,9 +313,9 @@
 
         securityConfig.append(role);
 
-        Set uncheckedPermissions = new HashSet();
+        PermissionCollection uncheckedPermissions = new Permissions();
 
-        Set excludedPermissions = new HashSet();
+        PermissionCollection excludedPermissions = new Permissions();
         excludedPermissions.add(new WebResourcePermission("/auth/login.html", ""));
         excludedPermissions.add(new WebUserDataPermission("/auth/login.html", ""));
 
@@ -368,25 +330,7 @@
         securityRoles.add("content-administrator");
         securityRoles.add("auto-administrator");
 
-        /**
-         * TODO Remove the legacySecurityConstraintMap
-         */
-        Map legacySecurityConstraintMap = new HashMap();
-        List constraints = new LinkedList();
-        SecurityConstraint constraint = new SecurityConstraint();
-        constraint.setAuthenticate(true);
-        constraint.addRole("content-administrator");
-        constraint.addRole("auto-administrator");
-        constraints.add(constraint);
-        legacySecurityConstraintMap.put("/protected/*", constraints);
-
-        constraints = new LinkedList();
-        constraint = new SecurityConstraint();
-        constraint.setAuthenticate(true);
-        constraints.add(constraint);
-        legacySecurityConstraintMap.put("/auth/logon.html", constraints);
-
-        startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions,
securityRoles, legacySecurityConstraintMap);
+        startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions,
securityRoles);
 
         HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
         connection.setInstanceFollowRedirects(false);
@@ -450,30 +394,9 @@
         stopWebApp();
     }
 
-    protected void startWebApp(Security securityConfig, Set uncheckedPermissions, Set excludedPermissions,
Map rolePermissions, Set securityRoles, Map legacySecurityConstraintMap) throws Exception
{
-        setUpSecureAppContext(securityConfig, uncheckedPermissions, excludedPermissions,
rolePermissions, securityRoles, legacySecurityConstraintMap);
+    protected void startWebApp(Security securityConfig, PermissionCollection uncheckedPermissions,
PermissionCollection excludedPermissions, Map rolePermissions, Set securityRoles) throws Exception
{
+        setUpSecureAppContext(securityConfig, uncheckedPermissions, excludedPermissions,
rolePermissions, securityRoles);
         setUpStaticContentServlet();
-//        GBeanMBean app = new GBeanMBean(JettyWebAppJACCContext.GBEAN_INFO);
-//
-//        app.setAttribute("userRealmName", "Test JAAS Realm");
-//        app.setAttribute("securityRealmName", "jaasTest");
-//        app.setAttribute("uri", URI.create("war3/"));
-//        app.setAttribute("componentContext", null);
-//        OnlineUserTransaction userTransaction = new OnlineUserTransaction();
-//        app.setAttribute("userTransaction", userTransaction);
-//        app.setAttribute("webClassPath", new URI[0]);
-//        app.setAttribute("contextPriorityClassLoader", Boolean.FALSE);
-//        app.setAttribute("configurationBaseUrl", Thread.currentThread().getContextClassLoader().getResource("deployables/"));
-//        app.setAttribute("securityConfig", securityConfig);
-//        app.setReferencePattern("SecurityService", securityServiceName);
-//        app.setAttribute("policyContextID", "TEST");
-//
-//        app.setAttribute("contextPath", "/test");
-//
-//        app.setReferencePattern("TransactionContextManager", tcmName);
-//        app.setReferencePattern("TrackedConnectionAssociator", tcaName);
-//        app.setReferencePatterns("JettyContainer", containerPatterns);
-//
 //        start(appName, app);
     }
 

Mime
View raw message