geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r111428 - in geronimo/trunk/modules: jetty-builder/src/java/org/apache/geronimo/jetty/deployment jetty/src/java/org/apache/geronimo/jetty jetty/src/test/org/apache/geronimo/jetty
Date Thu, 09 Dec 2004 20:15:15 GMT
Author: djencks
Date: Thu Dec  9 12:15:14 2004
New Revision: 111428

URL: http://svn.apache.org/viewcvs?view=rev&rev=111428
Log:
merged in correct changes from 111365:111381 on jetty-deployer1 branch
Modified:
   geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
   geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
   geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
   geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
   geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java

Modified: geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java?view=diff&rev=111428&p1=geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r1=111427&p2=geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r2=111428
==============================================================================
--- geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
(original)
+++ geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
Thu Dec  9 12:15:14 2004
@@ -24,6 +24,8 @@
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
+import java.security.PermissionCollection;
+import java.security.Permissions;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -44,6 +46,13 @@
 import javax.security.jacc.WebUserDataPermission;
 import javax.transaction.UserTransaction;
 
+import org.apache.xmlbeans.XmlException;
+import org.apache.xmlbeans.XmlObject;
+import org.mortbay.http.BasicAuthenticator;
+import org.mortbay.http.ClientCertAuthenticator;
+import org.mortbay.http.DigestAuthenticator;
+import org.mortbay.jetty.servlet.FormAuthenticator;
+
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.deployment.service.GBeanHelper;
 import org.apache.geronimo.deployment.util.DeploymentUtil;
@@ -102,13 +111,6 @@
 import org.apache.geronimo.xbeans.j2ee.WebAppType;
 import org.apache.geronimo.xbeans.j2ee.WebResourceCollectionType;
 import org.apache.geronimo.xbeans.j2ee.WelcomeFileListType;
-import org.apache.xmlbeans.XmlException;
-import org.apache.xmlbeans.XmlObject;
-import org.mortbay.http.BasicAuthenticator;
-import org.mortbay.http.ClientCertAuthenticator;
-import org.mortbay.http.DigestAuthenticator;
-import org.mortbay.http.SecurityConstraint;
-import org.mortbay.jetty.servlet.FormAuthenticator;
 
 
 /**
@@ -384,8 +386,6 @@
                 }
                 webModuleData.setAttribute("policyContextID", policyContextID);
                 buildSpecSecurityConfig(webApp, webModuleData, securityRoles);
-                //TODO figure out if we can avoid this.
-                buildLegacySecurityConstraints(webApp, webModuleData);
 
             } else {
                 webModuleData = new GBeanData(webModuleName, JettyWebAppContext.GBEAN_INFO);
@@ -839,8 +839,8 @@
             }
         }
 
-        Set excludedPermissions = new HashSet();
-        Set uncheckedPermissions = new HashSet();
+        PermissionCollection excludedPermissions = new Permissions();
+        PermissionCollection uncheckedPermissions = new Permissions();
         Map rolePermissions = new HashMap();
 
         Iterator iter = excludedPatterns.keySet().iterator();
@@ -934,71 +934,6 @@
         webModuleData.setAttribute("excludedPermissions", excludedPermissions);
         webModuleData.setAttribute("uncheckedPermissions", uncheckedPermissions);
         webModuleData.setAttribute("rolePermissions", rolePermissions);
-    }
-
-    private void buildLegacySecurityConstraints(WebAppType webApp, GBeanData webModuleData)
throws DeploymentException {
-        //this is basically what jetty's XMLConfiguration does.  I would hope we could come
up with a better way.
-        Map urlToSecurityConstraintListMap = new HashMap();
-        SecurityConstraintType[] securityConstraintArray = webApp.getSecurityConstraintArray();
-        for (int i = 0; i < securityConstraintArray.length; i++) {
-            SecurityConstraintType securityConstraintType = securityConstraintArray[i];
-
-            SecurityConstraint scBase = new SecurityConstraint();
-            if (securityConstraintType.isSetAuthConstraint()) {
-                scBase.setAuthenticate(true);
-                RoleNameType[] roleNameArray = securityConstraintType.getAuthConstraint().getRoleNameArray();
-                for (int j = 0; j < roleNameArray.length; j++) {
-                    RoleNameType roleNameType = roleNameArray[j];
-                    scBase.addRole(roleNameType.getStringValue().trim());
-                }
-            }
-            if (securityConstraintType.isSetUserDataConstraint()) {
-                String guarantee = securityConstraintType.getUserDataConstraint().getTransportGuarantee().getStringValue().trim();
-                if (guarantee == null || guarantee.length() == 0 || "NONE".equals(guarantee))
-                    scBase.setDataConstraint(SecurityConstraint.DC_NONE);
-                else if ("INTEGRAL".equals(guarantee))
-                    scBase.setDataConstraint(SecurityConstraint.DC_INTEGRAL);
-                else if ("CONFIDENTIAL".equals(guarantee))
-                    scBase.setDataConstraint(SecurityConstraint.DC_CONFIDENTIAL);
-                else {
-                    //ToDO what do we do here?
-//                    log.warn("Unknown user-data-constraint:" + guarantee);
-                    scBase.setDataConstraint(SecurityConstraint.DC_CONFIDENTIAL);
-                }
-            }
-            WebResourceCollectionType[] webResourceCollectionArray = securityConstraintType.getWebResourceCollectionArray();
-            for (int j = 0; j < webResourceCollectionArray.length; j++) {
-                WebResourceCollectionType webResourceCollectionType = webResourceCollectionArray[j];
-
-                String name = webResourceCollectionType.getWebResourceName().getStringValue().trim();
-                SecurityConstraint sc = null;
-                try {
-                    sc = (SecurityConstraint) scBase.clone();
-                } catch (CloneNotSupportedException e) {
-                    throw new DeploymentException("this should not have happened", e);
-                }
-                sc.setName(name);
-                HttpMethodType[] httpMethodArray = webResourceCollectionType.getHttpMethodArray();
-                for (int k = 0; k < httpMethodArray.length; k++) {
-                    HttpMethodType httpMethodType = httpMethodArray[k];
-                    sc.addMethod(httpMethodType.getStringValue().trim());
-                }
-                UrlPatternType[] urlPatternArray = webResourceCollectionType.getUrlPatternArray();
-                for (int k = 0; k < urlPatternArray.length; k++) {
-                    UrlPatternType urlPatternType = urlPatternArray[k];
-                    String urlPattern = urlPatternType.getStringValue();
-                    List securityConstraints = (List) urlToSecurityConstraintListMap.get(urlPattern);
-                    if (securityConstraints == null) {
-                        securityConstraints = new ArrayList();
-                        urlToSecurityConstraintListMap.put(urlPattern, securityConstraints);
-                    }
-                    securityConstraints.add(sc);
-                }
-            }
-        }
-
-        webModuleData.setAttribute("legacySecurityConstraintMap", urlToSecurityConstraintListMap);
-
     }
 
     private static Set collectRoleNames(WebAppType webApp) {

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java?view=diff&rev=111428&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java&r1=111427&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java&r2=111428
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
(original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
Thu Dec  9 12:15:14 2004
@@ -198,7 +198,6 @@
 
         setWAR(webAppRoot.toString());
 
-
         jettyContainer.addContext(this);
 
         Object context = enterContextScope(null, null);

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java?view=diff&rev=111428&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r1=111427&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r2=111428
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
(original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
Thu Dec  9 12:15:14 2004
@@ -18,18 +18,20 @@
 package org.apache.geronimo.jetty;
 
 import java.io.IOException;
-import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URL;
 import java.security.AccessControlContext;
 import java.security.AccessControlException;
 import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Permissions;
 import java.security.Principal;
 import java.util.Collection;
+import java.util.HashSet;
 import java.util.Iterator;
-import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.Enumeration;
 import javax.management.MalformedObjectNameException;
 import javax.management.ObjectName;
 import javax.security.auth.Subject;
@@ -42,6 +44,16 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.mortbay.http.Authenticator;
+import org.mortbay.http.HttpException;
+import org.mortbay.http.HttpRequest;
+import org.mortbay.http.HttpResponse;
+import org.mortbay.http.SecurityConstraint;
+import org.mortbay.http.UserRealm;
+import org.mortbay.jetty.servlet.FormAuthenticator;
+import org.mortbay.jetty.servlet.ServletHolder;
+import org.mortbay.jetty.servlet.ServletHttpRequest;
+
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
@@ -63,17 +75,6 @@
 import org.apache.geronimo.transaction.OnlineUserTransaction;
 import org.apache.geronimo.transaction.TrackedConnectionAssociator;
 import org.apache.geronimo.transaction.context.TransactionContextManager;
-import org.mortbay.http.Authenticator;
-import org.mortbay.http.HttpException;
-import org.mortbay.http.HttpRequest;
-import org.mortbay.http.HttpResponse;
-import org.mortbay.http.PathMap;
-import org.mortbay.http.SecurityConstraint;
-import org.mortbay.http.UserRealm;
-import org.mortbay.jetty.servlet.FormAuthenticator;
-import org.mortbay.jetty.servlet.ServletHolder;
-import org.mortbay.jetty.servlet.ServletHttpRequest;
-import org.mortbay.util.LazyList;
 
 
 /**
@@ -95,15 +96,15 @@
     private PolicyConfigurationFactory factory;
     private PolicyConfiguration policyConfiguration;
 
-    private final PathMap constraintMap = new PathMap();
-
     private String formLoginPath;
 
     private final Set securityRoles;
-    private final Set excludedPermissions;
-    private final Set uncheckedPermissions;
+    private final PermissionCollection excludedPermissions;
+    private final PermissionCollection uncheckedPermissions;
     private final Map rolePermissions;
 
+    PermissionCollection checked = new Permissions();
+
     private final SecurityContextBeforeAfter securityInterceptor;
 
 
@@ -148,13 +149,10 @@
                                   Security securityConfig,
                                   //from jettyxmlconfig
                                   Set securityRoles,
-                                  Set uncheckedPermissions,
-                                  Set excludedPermissions,
+                                  PermissionCollection uncheckedPermissions,
+                                  PermissionCollection excludedPermissions,
                                   Map rolePermissions,
 
-                                  //TODO remove
-                                  Map legacySecurityConstraintMap,
-
                                   TransactionContextManager transactionContextManager,
                                   TrackedConnectionAssociator trackedConnectionAssociator,
                                   JettyContainer jettyContainer,
@@ -209,16 +207,18 @@
         contextLength = index;
         chain = securityInterceptor;
 
-        //TODO remove
-        for (Iterator entries = legacySecurityConstraintMap.entrySet().iterator(); entries.hasNext();)
{
-            Map.Entry entry = (Map.Entry) entries.next();
-            String urlPattern = (String) entry.getKey();
-            List securityConstraints = (List) entry.getValue();
-            for (Iterator constraints = securityConstraints.iterator(); constraints.hasNext();)
{
-                SecurityConstraint securityConstraint = (SecurityConstraint) constraints.next();
-                addSecurityConstraint(urlPattern, securityConstraint);
+        Set p = new HashSet();
+        for (Iterator iterator = rolePermissions.entrySet().iterator(); iterator.hasNext();)
{
+            Map.Entry entry = (Map.Entry) iterator.next();
+            Set permissions = (Set) entry.getValue();
+            for (Iterator iterator1 = permissions.iterator(); iterator1.hasNext();) {
+                Permission permission = (Permission) iterator1.next();
+                p.add(permission);
             }
-
+        }
+        for (Iterator iterator = p.iterator(); iterator.hasNext();) {
+            Permission permission = (Permission) iterator.next();
+            checked.add(permission);
         }
 
     }
@@ -236,31 +236,6 @@
         policyConfiguration.commit();
     }
 
-
-    /**
-     * Keep our own copy of security constraints.<p/>
-     * <p/>
-     * We keep our own copy of security constraints because Jetty's copy is
-     * private.  We use these constraints not for any authorization descitions
-     * but, to decide whether we should attempt to authenticate the request.
-     *
-     * @param pathSpec The path spec to which the secuiryt cosntraint applies
-     * @param sc       the security constraint
-     *                 TODO Jetty to provide access to this map so we can remove this method
-     * @see org.mortbay.http.HttpContext#addSecurityConstraint(java.lang.String, org.mortbay.http.SecurityConstraint)
-     */
-    public void addSecurityConstraint(String pathSpec, SecurityConstraint sc) {
-        super.addSecurityConstraint(pathSpec, sc);
-
-        Object scs = constraintMap.get(pathSpec);
-        scs = LazyList.add(scs, sc);
-        constraintMap.put(pathSpec, scs);
-
-        if (log.isDebugEnabled()) {
-            log.debug("added " + sc + " at " + pathSpec);
-        }
-    }
-
     /**
      * Check the security constraints using JACC.
      *
@@ -328,49 +303,11 @@
      *         e.g. login page.
      */
     public Principal obtainUser(String pathInContext, HttpRequest request, HttpResponse response)
throws HttpException, IOException {
-        List scss = constraintMap.getMatches(pathInContext);
-        String pattern = null;
-        boolean unauthenticated = false;
-        boolean forbidden = false;
-
-        if (scss != null && scss.size() > 0) {
-
-            // for each path match
-            // Add only constraints that have the correct method
-            // break if the matching pattern changes.  This allows only
-            // constraints with matching pattern and method to be combined.
-            loop:
-            for (int m = 0; m < scss.size(); m++) {
-                Map.Entry entry = (Map.Entry) scss.get(m);
-                Object scs = entry.getValue();
-                String p = (String) entry.getKey();
-                for (int c = 0; c < LazyList.size(scs); c++) {
-                    SecurityConstraint sc = (SecurityConstraint) LazyList.get(scs, c);
-                    if (!sc.forMethod(request.getMethod())) continue;
-
-                    if (pattern != null && !pattern.equals(p)) break loop;
-                    pattern = p;
-
-                    // Check the method applies
-                    if (!sc.forMethod(request.getMethod())) continue;
-
-                    // Combine auth constraints.
-                    if (sc.getAuthenticate()) {
-                        if (!sc.isAnyRole()) {
-                            List scr = sc.getRoles();
-                            if (scr == null || scr.size() == 0) {
-                                forbidden = true;
-                                break loop;
-                            }
-                        }
-                    } else {
-                        unauthenticated = true;
-                    }
-                }
-            }
-        } else {
-            unauthenticated = true;
-        }
+        ServletHttpRequest servletHttpRequest = (ServletHttpRequest) request.getWrapper();
+        WebResourcePermission resourcePermission = new WebResourcePermission(servletHttpRequest);
+        WebUserDataPermission dataPermission = new WebUserDataPermission(servletHttpRequest);
+        boolean unauthenticated = !(checked.implies(resourcePermission) || checked.implies(dataPermission));
+        boolean forbidden = excludedPermissions.implies(resourcePermission) || excludedPermissions.implies(dataPermission);
 
         UserRealm realm = getRealm();
         Authenticator authenticator = getAuthenticator();
@@ -414,7 +351,7 @@
     /**
      * Generate the default principal from the security config.
      *
-     * @param securityConfig The Geronimo security configuration.
+     * @param securityConfig  The Geronimo security configuration.
      * @param loginDomainName
      * @return the default principal
      */
@@ -553,21 +490,15 @@
 
     private void configure() throws GeronimoSecurityException {
         try {
-            for (Iterator iterator = excludedPermissions.iterator(); iterator.hasNext();)
{
-                Permission permission =  (Permission) iterator.next();
-                policyConfiguration.addToExcludedPolicy(permission);
-            }
-            for (Iterator iterator = uncheckedPermissions.iterator(); iterator.hasNext();)
{
-                Permission permission = (Permission) iterator.next();
-                policyConfiguration.addToUncheckedPolicy(permission);
-            }
+            policyConfiguration.addToExcludedPolicy(excludedPermissions);
+            policyConfiguration.addToUncheckedPolicy(uncheckedPermissions);
             for (Iterator iterator = rolePermissions.entrySet().iterator(); iterator.hasNext();)
{
                 Map.Entry entry = (Map.Entry) iterator.next();
                 String roleName = (String) entry.getKey();
                 Set permissions = (Set) entry.getValue();
                 for (Iterator iterator1 = permissions.iterator(); iterator1.hasNext();) {
                     Permission permission = (Permission) iterator1.next();
-                    policyConfiguration.addToRole(roleName,  permission);
+                    policyConfiguration.addToRole(roleName, permission);
                 }
             }
         } catch (PolicyContextException e) {
@@ -587,11 +518,9 @@
         infoBuilder.addAttribute("securityConfig", Security.class, true);
 
         infoBuilder.addAttribute("securityRoles", Set.class, true);
-        infoBuilder.addAttribute("uncheckedPermissions", Set.class, true);
-        infoBuilder.addAttribute("excludedPermissions", Set.class, true);
+        infoBuilder.addAttribute("uncheckedPermissions", PermissionCollection.class, true);
+        infoBuilder.addAttribute("excludedPermissions", PermissionCollection.class, true);
         infoBuilder.addAttribute("rolePermissions", Map.class, true);
-        //TODO remove
-        infoBuilder.addAttribute("legacySecurityConstraintMap", Map.class, true);
 
         infoBuilder.addAttribute("kernel", Kernel.class, false);
 
@@ -627,8 +556,6 @@
             "uncheckedPermissions",
             "excludedPermissions",
             "rolePermissions",
-            //TODO remove
-            "legacySecurityConstraintMap",
 
             "TransactionContextManager",
             "TrackedConnectionAssociator",

Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?view=diff&rev=111428&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r1=111427&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r2=111428
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
(original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
Thu Dec  9 12:15:14 2004
@@ -16,37 +16,39 @@
  */
 package org.apache.geronimo.jetty;
 
-import java.util.Map;
-import java.util.HashMap;
+import java.io.File;
+import java.net.URI;
+import java.security.PermissionCollection;
 import java.util.Collections;
-import java.util.Set;
+import java.util.HashMap;
 import java.util.HashSet;
+import java.util.Map;
 import java.util.Properties;
-import java.net.URI;
-import java.io.File;
-
+import java.util.Set;
 import javax.management.ObjectName;
 
 import junit.framework.TestCase;
+import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
 import org.apache.geronimo.gbean.GBeanData;
-import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContext;
 import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContextImpl;
-import org.apache.geronimo.transaction.OnlineUserTransaction;
-import org.apache.geronimo.transaction.manager.TransactionManagerImpl;
-import org.apache.geronimo.transaction.context.TransactionContextManager;
-import org.apache.geronimo.kernel.management.State;
-import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.jetty.connector.HTTPConnector;
-import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
+import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.kernel.management.State;
 import org.apache.geronimo.security.SecurityServiceImpl;
 import org.apache.geronimo.security.deploy.Security;
-import org.apache.geronimo.security.realm.GenericSecurityRealm;
+import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration;
 import org.apache.geronimo.security.jaas.JaasLoginService;
 import org.apache.geronimo.security.jaas.LoginModuleGBean;
+import org.apache.geronimo.security.realm.GenericSecurityRealm;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.transaction.OnlineUserTransaction;
+import org.apache.geronimo.transaction.context.TransactionContextManager;
+import org.apache.geronimo.transaction.manager.TransactionManagerImpl;
 import org.mortbay.jetty.servlet.FormAuthenticator;
 
+
 /**
  * @version $Rev:  $ $Date:  $
  */
@@ -65,6 +67,8 @@
     private GBeanData tcm;
     private ClassLoader cl;
     private J2eeContext moduleContext = new J2eeContextImpl("jetty.test", "test", "null",
"jettyTest", null, null);
+    private GBeanData loginConfigurationGBean;
+    protected ObjectName loginConfigurationName;
     private GBeanData securityServiceGBean;
     protected ObjectName securityServiceName;
     private ObjectName loginServiceName;
@@ -76,8 +80,9 @@
     private ObjectName serverInfoName;
     private GBeanData serverInfoGBean;
 
-    public void testDummy() throws Exception { }
-    
+    public void testDummy() throws Exception {
+    }
+
     protected void setUpStaticContentServlet() throws Exception {
         GBeanData staticContentServletGBeanData = new GBeanData(JettyServletHolder.GBEAN_INFO);
         staticContentServletGBeanData.setAttribute("servletName", "default");
@@ -106,10 +111,9 @@
         OnlineUserTransaction userTransaction = new OnlineUserTransaction();
         app.setAttribute("userTransaction", userTransaction);
         //we have no classes or libs.
-        app.setAttribute("webClassPath", new URI[] {});
+        app.setAttribute("webClassPath", new URI[]{});
         app.setAttribute("contextPriorityClassLoader", Boolean.FALSE);
         app.setAttribute("configurationBaseUrl", new File("src/test-resources/deployables/").toURL());
-//        app.setAttribute("configurationBaseUrl", Thread.currentThread().getContextClassLoader().getResource("deployables/"));
         app.setReferencePattern("TransactionContextManager", tcmName);
         app.setReferencePattern("TrackedConnectionAssociator", ctcName);
         app.setReferencePattern("JettyContainer", containerName);
@@ -119,15 +123,15 @@
         start(app);
     }
 
-    protected void setUpSecureAppContext(Security securityConfig, Set uncheckedPermissions,
Set excludedPermissions, Map rolePermissions, Set securityRoles, Map legacySecurityConstraintMap)
throws Exception {
+    protected void setUpSecureAppContext(Security securityConfig, PermissionCollection uncheckedPermissions,
PermissionCollection excludedPermissions, Map rolePermissions, Set securityRoles) throws Exception
{
         GBeanData app = new GBeanData(webModuleName, JettyWebAppJACCContext.GBEAN_INFO);
-        app.setAttribute("loginDomainName", "jaasTest");
+        app.setAttribute("loginDomainName", "demo-properties-realm");
         app.setAttribute("securityConfig", securityConfig);
         app.setAttribute("uncheckedPermissions", uncheckedPermissions);
         app.setAttribute("excludedPermissions", excludedPermissions);
         app.setAttribute("rolePermissions", rolePermissions);
         app.setAttribute("securityRoles", securityRoles);
-        app.setAttribute("legacySecurityConstraintMap", legacySecurityConstraintMap);
+
         FormAuthenticator formAuthenticator = new FormAuthenticator();
         formAuthenticator.setLoginPage("/auth/logon.html?param=test");
         formAuthenticator.setErrorPage("/auth/logonError.html?param=test");
@@ -136,10 +140,11 @@
         app.setAttribute("policyContextID", "TEST");
         app.setAttribute("uri", URI.create("war3/"));
         app.setAttribute("componentContext", null);
+
         OnlineUserTransaction userTransaction = new OnlineUserTransaction();
         app.setAttribute("userTransaction", userTransaction);
         //we have no classes or libs.
-        app.setAttribute("webClassPath", new URI[] {});
+        app.setAttribute("webClassPath", new URI[]{});
         app.setAttribute("contextPriorityClassLoader", Boolean.FALSE);
         app.setAttribute("configurationBaseUrl", new File("src/test-resources/deployables/").toURL());
         app.setReferencePattern("TransactionContextManager", tcmName);
@@ -152,6 +157,14 @@
     }
 
     protected void setUpSecurity() throws Exception {
+
+        loginConfigurationName = new ObjectName("geronimo.security:type=LoginConfiguration");
+        loginConfigurationGBean = new GBeanData(loginConfigurationName, GeronimoLoginConfiguration.getGBeanInfo());
+        Set configurations = new HashSet();
+        configurations.add(new ObjectName("geronimo.security:type=SecurityRealm,*"));
+        configurations.add(new ObjectName("geronimo.security:type=ConfigurationEntry,*"));
+        loginConfigurationGBean.setReferencePatterns("Configurations", configurations);
+
         securityServiceName = new ObjectName("geronimo.security:type=SecurityService");
         securityServiceGBean = new GBeanData(securityServiceName, SecurityServiceImpl.GBEAN_INFO);
         securityServiceGBean.setReferencePatterns("Realms", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*")));
@@ -166,17 +179,18 @@
         loginServiceGBean.setAttribute("password", "secret");
 
         serverInfoName = new ObjectName("geronimo.system:role=ServerInfo");
-         serverInfoGBean = new GBeanData(serverInfoName, ServerInfo.GBEAN_INFO);
-       serverInfoGBean.setAttribute("baseDirectory", ".");
+        serverInfoGBean = new GBeanData(serverInfoName, ServerInfo.GBEAN_INFO);
+        serverInfoGBean.setAttribute("baseDirectory", ".");
 
         propertiesLMName = new ObjectName("geronimo.security:type=LoginModule,name=demo-properties-login");
         propertiesLMGBean = new GBeanData(propertiesLMName, LoginModuleGBean.GBEAN_INFO);
         propertiesLMGBean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule");
         propertiesLMGBean.setAttribute("serverSide", Boolean.TRUE);
         Properties options = new Properties();
-        options.setProperty("usersURI", new File(new File("."), "src/test-resources/data/users.properties").toString());
-        options.setProperty("groupsURI", new File(new File("."), "src/test-resources/data/groups.properties").toString());
+        options.setProperty("usersURI", "src/test-resources/data/users.properties");
+        options.setProperty("groupsURI", "src/test-resources/data/groups.properties");
         propertiesLMGBean.setAttribute("options", options);
+        propertiesLMGBean.setAttribute("loginDomainName", "demo-properties-realm");
 
         propertiesRealmName = new ObjectName("geronimo.security:type=SecurityRealm,realm=demo-properties-realm");
         propertiesRealmGBean = new GBeanData(propertiesRealmName, GenericSecurityRealm.GBEAN_INFO);
@@ -188,6 +202,7 @@
 //        propertiesRealmGBean.setAttribute("autoMapPrincipalClasses", "org.apache.geronimo.security.realm.providers.PropertiesFileGroupPrincipal");
         propertiesRealmGBean.setAttribute("defaultPrincipal", "metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
 
+        start(loginConfigurationGBean);
         start(securityServiceGBean);
         start(loginServiceGBean);
         start(serverInfoGBean);
@@ -202,12 +217,13 @@
         stop(serverInfoName);
         stop(loginServiceName);
         stop(securityServiceName);
+        stop(loginConfigurationName);
     }
 
     private void start(GBeanData gbeanData) throws Exception {
         kernel.loadGBean(gbeanData, cl);
         kernel.startGBean(gbeanData.getName());
-        if (((Integer)kernel.getAttribute(gbeanData.getName(), "state")).intValue() != State.RUNNING_INDEX
) {
+        if (((Integer) kernel.getAttribute(gbeanData.getName(), "state")).intValue() != State.RUNNING_INDEX)
{
             fail("gbean not started: " + gbeanData.getName());
         }
     }

Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java?view=diff&rev=111428&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r1=111427&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r2=111428
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java	(original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java	Thu
Dec  9 12:15:14 2004
@@ -22,6 +22,8 @@
 import java.io.InputStreamReader;
 import java.net.HttpURLConnection;
 import java.net.URL;
+import java.security.PermissionCollection;
+import java.security.Permissions;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
@@ -50,7 +52,7 @@
      *
      * @throws Exception thrown if an error in the test occurs
      */
-    public void xtestExplicitMapping() throws Exception {
+    public void testExplicitMapping() throws Exception {
         Security securityConfig = new Security();
         securityConfig.setUseContextHandler(false);
 
@@ -75,13 +77,24 @@
 
         securityConfig.getRoleMappings().put(role.getRoleName(), role);
 
-        Set uncheckedPermissions = new HashSet();
-        Set excludedPermissions = new HashSet();
+        PermissionCollection uncheckedPermissions = new Permissions();
+
+        PermissionCollection excludedPermissions = new Permissions();
+        excludedPermissions.add(new WebResourcePermission("/auth/login.html", ""));
+        excludedPermissions.add(new WebUserDataPermission("/auth/login.html", ""));
+
         Map rolePermissions = new HashMap();
+        Set permissions = new HashSet();
+        permissions.add(new WebUserDataPermission("/protected/*", ""));
+        permissions.add(new WebResourcePermission("/protected/*", ""));
+        rolePermissions.put("content-administrator", permissions);
+        rolePermissions.put("auto-administrator", permissions);
+
         Set securityRoles = new HashSet();
-        Map legacySecurityConstraintMap = new HashMap();
+        securityRoles.add("content-administrator");
+        securityRoles.add("auto-administrator");
 
-        startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions,
securityRoles, legacySecurityConstraintMap);
+        startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions,
securityRoles);
 
         HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
         connection.setInstanceFollowRedirects(false);
@@ -153,7 +166,7 @@
      *
      * @throws Exception thrown if an error in the test occurs
      */
-    public void xtestAutoMapping() throws Exception {
+    public void testAutoMapping() throws Exception {
         Security securityConfig = new Security();
         securityConfig.setUseContextHandler(false);
 
@@ -171,27 +184,24 @@
             kernel.getProxyManager().destroyProxy(securityService);
         }
 
-        String actions = "GET,POST,PUT,DELETE,HEAD,OPTIONS,TRACE";
-        Set uncheckedPermissions = new HashSet();
-        uncheckedPermissions.add(new WebUserDataPermission("/protected/*", actions));
-        uncheckedPermissions.add(new WebResourcePermission("/:/protected/*:/auth/logon.html",
actions));
-        uncheckedPermissions.add(new WebUserDataPermission("/:/protected/*:/auth/logon.html",
actions));
-        Set excludedPermissions = new HashSet();
-        excludedPermissions.add(new WebResourcePermission("/auth/login.html", actions));
-        excludedPermissions.add(new WebUserDataPermission("/auth/login.html", actions));
+        PermissionCollection uncheckedPermissions = new Permissions();
+
+        PermissionCollection excludedPermissions = new Permissions();
+        excludedPermissions.add(new WebResourcePermission("/auth/login.html", ""));
+        excludedPermissions.add(new WebUserDataPermission("/auth/login.html", ""));
+
         Map rolePermissions = new HashMap();
-        WebResourcePermission permission = new WebResourcePermission("/protected/*", actions);
-        Set permissionSet = new HashSet();
-        permissionSet.add(permission);
-        rolePermissions.put("content-administrator", permissionSet);
-        rolePermissions.put("auto-administrator", permissionSet);
+        Set permissions = new HashSet();
+        permissions.add(new WebUserDataPermission("/protected/*", ""));
+        permissions.add(new WebResourcePermission("/protected/*", ""));
+        rolePermissions.put("content-administrator", permissions);
+        rolePermissions.put("auto-administrator", permissions);
+
         Set securityRoles = new HashSet();
         securityRoles.add("content-administrator");
         securityRoles.add("auto-administrator");
 
-        Map legacySecurityConstraintMap = new HashMap();
-
-        startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions,
securityRoles, legacySecurityConstraintMap);
+        startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions,
securityRoles);
 
         HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
         connection.setInstanceFollowRedirects(false);
@@ -264,7 +274,7 @@
      *
      * @throws Exception thrown if an error in the test occurs
      */
-    public void xtestMixedMapping() throws Exception {
+    public void testMixedMapping() throws Exception {
         Security securityConfig = new Security();
         securityConfig.setUseContextHandler(false);
 
@@ -303,13 +313,24 @@
 
         securityConfig.append(role);
 
-        Set uncheckedPermissions = new HashSet();
-        Set excludedPermissions = new HashSet();
+        PermissionCollection uncheckedPermissions = new Permissions();
+
+        PermissionCollection excludedPermissions = new Permissions();
+        excludedPermissions.add(new WebResourcePermission("/auth/login.html", ""));
+        excludedPermissions.add(new WebUserDataPermission("/auth/login.html", ""));
+
         Map rolePermissions = new HashMap();
+        Set permissions = new HashSet();
+        permissions.add(new WebUserDataPermission("/protected/*", ""));
+        permissions.add(new WebResourcePermission("/protected/*", ""));
+        rolePermissions.put("content-administrator", permissions);
+        rolePermissions.put("auto-administrator", permissions);
+
         Set securityRoles = new HashSet();
-        Map legacySecurityConstraintMap = new HashMap();
+        securityRoles.add("content-administrator");
+        securityRoles.add("auto-administrator");
 
-        startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions,
securityRoles, legacySecurityConstraintMap);
+        startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions,
securityRoles);
 
         HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
         connection.setInstanceFollowRedirects(false);
@@ -373,30 +394,9 @@
         stopWebApp();
     }
 
-    protected void startWebApp(Security securityConfig, Set uncheckedPermissions, Set excludedPermissions,
Map rolePermissions, Set securityRoles, Map legacySecurityConstraintMap) throws Exception
{
-        setUpSecureAppContext(securityConfig, uncheckedPermissions, excludedPermissions,
rolePermissions, securityRoles, legacySecurityConstraintMap);
+    protected void startWebApp(Security securityConfig, PermissionCollection uncheckedPermissions,
PermissionCollection excludedPermissions, Map rolePermissions, Set securityRoles) throws Exception
{
+        setUpSecureAppContext(securityConfig, uncheckedPermissions, excludedPermissions,
rolePermissions, securityRoles);
         setUpStaticContentServlet();
-//        GBeanMBean app = new GBeanMBean(JettyWebAppJACCContext.GBEAN_INFO);
-//
-//        app.setAttribute("userRealmName", "Test JAAS Realm");
-//        app.setAttribute("securityRealmName", "jaasTest");
-//        app.setAttribute("uri", URI.create("war3/"));
-//        app.setAttribute("componentContext", null);
-//        OnlineUserTransaction userTransaction = new OnlineUserTransaction();
-//        app.setAttribute("userTransaction", userTransaction);
-//        app.setAttribute("webClassPath", new URI[0]);
-//        app.setAttribute("contextPriorityClassLoader", Boolean.FALSE);
-//        app.setAttribute("configurationBaseUrl", Thread.currentThread().getContextClassLoader().getResource("deployables/"));
-//        app.setAttribute("securityConfig", securityConfig);
-//        app.setReferencePattern("SecurityService", securityServiceName);
-//        app.setAttribute("policyContextID", "TEST");
-//
-//        app.setAttribute("contextPath", "/test");
-//
-//        app.setReferencePattern("TransactionContextManager", tcmName);
-//        app.setReferencePattern("TrackedConnectionAssociator", tcaName);
-//        app.setReferencePatterns("JettyContainer", containerPatterns);
-//
 //        start(appName, app);
     }
 

Mime
View raw message