geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r122776 - in geronimo/trunk/modules: assembly/src/plan j2ee/src/java/org/apache/geronimo/j2ee/j2eeobjectnames jetty-builder/src/java/org/apache/geronimo/jetty/deployment jetty-builder/src/test/org/apache/geronimo/jetty/deployment jetty/src/java/org/apache/geronimo/jetty jetty/src/java/org/apache/geronimo/jetty/interceptor jetty/src/test/org/apache/geronimo/jetty security/src/java/org/apache/geronimo/security security/src/java/org/apache/geronimo/security/deploy tomcat/src/test/org/apache/geronimo/tomcat
Date Sun, 19 Dec 2004 19:11:09 GMT
Author: djencks
Date: Sun Dec 19 11:11:07 2004
New Revision: 122776

URL: http://svn.apache.org/viewcvs?view=rev&rev=122776
Log:
merge JettyWebAppJACCContext into JettyWebAppContext
Removed:
   geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
Modified:
   geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml
   geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml
   geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/j2eeobjectnames/NameFactory.java
   geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
   geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java
   geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java
   geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
   geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
   geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java
   geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
   geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java

Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml?view=diff&rev=122776&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml&r1=122775&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml&r2=122776
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml	(original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-deployer-plan.xml	Sun Dec 19 11:11:07 2004
@@ -163,7 +163,7 @@
     <!--can this SecurityService actually do anything in this configuration???-->
     <gbean name="geronimo.deployer:type=SecurityService" class="org.apache.geronimo.security.SecurityServiceImpl">
         <attribute name="policyConfigurationFactory" type="java.lang.String">org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory</attribute>
-        <reference name="Realms">geronimo.security:type=SecurityRealm,*</reference>
+        <reference name="Mappers">geronimo.security:type=SecurityRealm,*</reference>
     </gbean>
 
     <gbean name="geronimo.deployer:role=ModuleBuilder,type=Web,config=org/apache/geronimo/J2EEDeployer" class="org.apache.geronimo.jetty.deployment.JettyModuleBuilder">

Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml?view=diff&rev=122776&p1=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r1=122775&p2=geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml&r2=122776
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml	(original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-server-plan.xml	Sun Dec 19 11:11:07 2004
@@ -157,7 +157,7 @@
 
     <gbean name="geronimo.security:type=SecurityService" class="org.apache.geronimo.security.SecurityServiceImpl">
         <attribute name="policyConfigurationFactory" type="java.lang.String">org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory</attribute>
-        <reference name="Realms">geronimo.security:type=SecurityRealm,*</reference>
+        <reference name="Mappers">geronimo.security:type=SecurityRealm,*</reference>
     </gbean>
 
     <gbean name="geronimo.security:type=JaasLoginService" class="org.apache.geronimo.security.jaas.JaasLoginService">

Modified: geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/j2eeobjectnames/NameFactory.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/j2eeobjectnames/NameFactory.java?view=diff&rev=122776&p1=geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/j2eeobjectnames/NameFactory.java&r1=122775&p2=geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/j2eeobjectnames/NameFactory.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/j2eeobjectnames/NameFactory.java	(original)
+++ geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/j2eeobjectnames/NameFactory.java	Sun Dec 19 11:11:07 2004
@@ -210,4 +210,8 @@
         return ObjectName.getInstance(context.getJ2eeDomainName(j2eeDomainName), props);
     }
 
+    //TODO parameterize this
+    public static ObjectName getSecurityRealmName(String realmName) throws MalformedObjectNameException {
+        return ObjectName.getInstance("geronimo.security:type=SecurityRealm,name=" + realmName);
+    }
 }

Modified: geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java?view=diff&rev=122776&p1=geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r1=122775&p2=geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java	(original)
+++ geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java	Sun Dec 19 11:11:07 2004
@@ -46,13 +46,6 @@
 import javax.security.jacc.WebUserDataPermission;
 import javax.transaction.UserTransaction;
 
-import org.apache.xmlbeans.XmlException;
-import org.apache.xmlbeans.XmlObject;
-import org.mortbay.http.BasicAuthenticator;
-import org.mortbay.http.ClientCertAuthenticator;
-import org.mortbay.http.DigestAuthenticator;
-import org.mortbay.jetty.servlet.FormAuthenticator;
-
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.deployment.service.GBeanHelper;
 import org.apache.geronimo.deployment.util.DeploymentUtil;
@@ -71,7 +64,6 @@
 import org.apache.geronimo.jetty.JettyFilterMapping;
 import org.apache.geronimo.jetty.JettyServletHolder;
 import org.apache.geronimo.jetty.JettyWebAppContext;
-import org.apache.geronimo.jetty.JettyWebAppJACCContext;
 import org.apache.geronimo.kernel.Kernel;
 import org.apache.geronimo.naming.deployment.ENCConfigBuilder;
 import org.apache.geronimo.naming.deployment.GBeanResourceEnvironmentBuilder;
@@ -79,6 +71,7 @@
 import org.apache.geronimo.schema.SchemaConversionUtils;
 import org.apache.geronimo.security.SecurityService;
 import org.apache.geronimo.security.deploy.Security;
+import org.apache.geronimo.security.deploy.AutoMapAssistant;
 import org.apache.geronimo.security.deployment.SecurityBuilder;
 import org.apache.geronimo.security.util.URLPattern;
 import org.apache.geronimo.transaction.OnlineUserTransaction;
@@ -111,6 +104,12 @@
 import org.apache.geronimo.xbeans.j2ee.WebAppType;
 import org.apache.geronimo.xbeans.j2ee.WebResourceCollectionType;
 import org.apache.geronimo.xbeans.j2ee.WelcomeFileListType;
+import org.apache.xmlbeans.XmlException;
+import org.apache.xmlbeans.XmlObject;
+import org.mortbay.http.BasicAuthenticator;
+import org.mortbay.http.ClientCertAuthenticator;
+import org.mortbay.http.DigestAuthenticator;
+import org.mortbay.jetty.servlet.FormAuthenticator;
 
 
 /**
@@ -368,27 +367,29 @@
         UserTransaction userTransaction = new OnlineUserTransaction();
         ReadOnlyContext compContext = buildComponentContext(earContext, webModule, webApp, jettyWebApp, userTransaction, webClassLoader);
 
-        GBeanData webModuleData;
+        GBeanData webModuleData = new GBeanData(webModuleName, JettyWebAppContext.GBEAN_INFO);
         try {
             Set securityRoles = new HashSet();
             if (jettyWebApp.isSetLoginDomainName()) {
-                webModuleData = new GBeanData(webModuleName, JettyWebAppJACCContext.GBEAN_INFO);
                 Security security = SecurityBuilder.buildSecurityConfig(jettyWebApp.getSecurity(), collectRoleNames(webApp));
                 security.autoGenerate(securityService);
                 webModuleData.setAttribute("loginDomainName", jettyWebApp.getLoginDomainName().trim());
                 webModuleData.setAttribute("securityConfig", security);
 
-                String policyContextID;
-                if (earContext.getApplicationObjectName() == null) {
-                    policyContextID = module.getName();
-                } else {
-                    policyContextID = earContext.getApplicationObjectName().toString();
-                }
+                String policyContextID = webModuleName.getCanonicalName();
                 webModuleData.setAttribute("policyContextID", policyContextID);
                 buildSpecSecurityConfig(webApp, webModuleData, securityRoles);
-
-            } else {
-                webModuleData = new GBeanData(webModuleName, JettyWebAppContext.GBEAN_INFO);
+                AutoMapAssistant assistant = security.getAssistant();
+                if (assistant != null) {
+                    String realmName = assistant.getSecurityRealm();
+                    ObjectName securityRealmName = null;
+                    try {
+                        securityRealmName = NameFactory.getSecurityRealmName(realmName);
+                    } catch (MalformedObjectNameException e) {
+                        throw new DeploymentException("Could not construct security realm name", e);
+                    }
+                    webModuleData.setReferencePattern("SecurityRealm", securityRealmName);
+                }
             }
 
             webModuleData.setAttribute("uri", URI.create(module.getTargetPath() + "/"));

Modified: geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java?view=diff&rev=122776&p1=geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java&r1=122775&p2=geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java	(original)
+++ geronimo/trunk/modules/jetty-builder/src/test/org/apache/geronimo/jetty/deployment/JettyModuleBuilderTest.java	Sun Dec 19 11:11:07 2004
@@ -184,7 +184,7 @@
         kernel = new Kernel("test.kernel");
         kernel.boot();
         ObjectName defaultServlets = ObjectName.getInstance("test:name=test,type=none,*");
-        SecurityServiceImpl securityService = new SecurityServiceImpl("org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory", null, null);
+        SecurityServiceImpl securityService = new SecurityServiceImpl("org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory", null);
 
         builder = new JettyModuleBuilder(new URI("null"), new Integer(1800), Collections.EMPTY_LIST, containerName, defaultServlets, null, null, securityService, kernel);
 

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java?view=diff&rev=122776&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java&r1=122775&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java	(original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java	Sun Dec 19 11:11:07 2004
@@ -41,7 +41,7 @@
         return subject;
     }
 
-    void setSubject(Subject subject) {
+    public void setSubject(Subject subject) {
         this.subject = subject;
     }
 

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java?view=diff&rev=122776&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java&r1=122775&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java	(original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java	Sun Dec 19 11:11:07 2004
@@ -24,12 +24,15 @@
 import java.util.Iterator;
 import java.util.Map;
 import java.util.Set;
+import java.security.PermissionCollection;
+import java.io.IOException;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.mortbay.http.Authenticator;
 import org.mortbay.http.HttpRequest;
 import org.mortbay.http.HttpResponse;
+import org.mortbay.http.HttpException;
 import org.mortbay.jetty.servlet.AbstractSessionManager;
 import org.mortbay.jetty.servlet.FilterHolder;
 import org.mortbay.jetty.servlet.JSR154Filter;
@@ -47,10 +50,13 @@
 import org.apache.geronimo.jetty.interceptor.ThreadClassloaderBeforeAfter;
 import org.apache.geronimo.jetty.interceptor.TransactionContextBeforeAfter;
 import org.apache.geronimo.jetty.interceptor.WebApplicationContextBeforeAfter;
+import org.apache.geronimo.jetty.interceptor.SecurityContextBeforeAfter;
 import org.apache.geronimo.naming.java.ReadOnlyContext;
 import org.apache.geronimo.transaction.OnlineUserTransaction;
 import org.apache.geronimo.transaction.TrackedConnectionAssociator;
 import org.apache.geronimo.transaction.context.TransactionContextManager;
+import org.apache.geronimo.security.deploy.Security;
+import org.apache.geronimo.security.realm.AutoMapAssistant;
 
 
 /**
@@ -68,9 +74,9 @@
     private final WebApplicationHandler handler;
     private String displayName;
 
-    //TODO make these private final again!
-    protected  BeforeAfter chain;
-    protected  int contextLength;
+    private final  BeforeAfter chain;
+    private final  int contextLength;
+    private final SecurityContextBeforeAfter securityInterceptor;
 
     /**
      * @deprecated never use this... this is only here because Jetty WebApplicationContext is externalizable
@@ -82,34 +88,45 @@
         handler = null;
         chain = null;
         contextLength = 0;
+        securityInterceptor = null;
     }
 
     public JettyWebAppContext(URI uri,
-                              ReadOnlyContext componentContext,
-                              OnlineUserTransaction userTransaction,
-                              ClassLoader classLoader,
-                              URI[] webClassPath,
-                              boolean contextPriorityClassLoader,
-                              URL configurationBaseUrl,
-                              Set unshareableResources,
-                              Set applicationManagedSecurityResources,
-
-                              String displayName,
-                              Map contextParamMap,
-                              Collection listenerClassNames,
-                              boolean distributable,
-                              Map mimeMap,
-                              String[] welcomeFiles,
-                              Map localeEncodingMapping,
-                              Map errorPages,
-                              Authenticator authenticator,
-                              String realmName,
-                              Map tagLibMap,
-                              int sessionTimeoutSeconds,
-
-                              TransactionContextManager transactionContextManager,
-                              TrackedConnectionAssociator trackedConnectionAssociator,
-                              JettyContainer jettyContainer) throws Exception, IllegalAccessException, InstantiationException, ClassNotFoundException {
+                                  ReadOnlyContext componentContext,
+                                  OnlineUserTransaction userTransaction,
+                                  ClassLoader classLoader,
+                                  URI[] webClassPath,
+                                  boolean contextPriorityClassLoader,
+                                  URL configurationBaseUrl,
+                                  Set unshareableResources,
+                                  Set applicationManagedSecurityResources,
+
+                                  String displayName,
+                                  Map contextParamMap,
+                                  Collection listenerClassNames,
+                                  boolean distributable,
+                                  Map mimeMap,
+                                  String[] welcomeFiles,
+                                  Map localeEncodingMapping,
+                                  Map errorPages,
+                                  Authenticator authenticator,
+                                  String realmName,
+                                  Map tagLibMap,
+                                  int sessionTimeoutSeconds,
+
+                                  String policyContextID,
+                                  String loginDomainName,
+                                  Security securityConfig,
+                                  //from jettyxmlconfig
+                                  Set securityRoles,
+                                  PermissionCollection uncheckedPermissions,
+                                  PermissionCollection excludedPermissions,
+                                  Map rolePermissions,
+
+                                  TransactionContextManager transactionContextManager,
+                                  TrackedConnectionAssociator trackedConnectionAssociator,
+                                  JettyContainer jettyContainer,
+                                  AutoMapAssistant assistant) throws Exception, IllegalAccessException, InstantiationException, ClassNotFoundException {
 
         assert uri != null;
         assert componentContext != null;
@@ -163,6 +180,17 @@
         interceptor = new ComponentContextBeforeAfter(interceptor, index++, componentContext);
         interceptor = new ThreadClassloaderBeforeAfter(interceptor, index++, index++, this.classLoader);
         interceptor = new WebApplicationContextBeforeAfter(interceptor, index++, this);
+//JACC
+        if (securityConfig != null) {
+            //set the JAASJettyRealm as our realm.
+            JAASJettyRealm realm = new JAASJettyRealm(realmName, loginDomainName);
+            setRealm(realm);
+            this.securityInterceptor = new SecurityContextBeforeAfter(interceptor, index++, index++, policyContextID, securityConfig, loginDomainName, assistant, authenticator, securityRoles, uncheckedPermissions, excludedPermissions, rolePermissions, realm);
+            interceptor = securityInterceptor;
+        } else {
+            securityInterceptor = null;
+        }
+//end JACC
         chain = interceptor;
         contextLength = index;
 
@@ -216,24 +244,27 @@
             super.stop();
             return;
         }
+        jettyContainer.removeContext(this);
 
+        if (securityInterceptor != null) {
+            securityInterceptor.stop();
+        }
         Object context = enterContextScope(null, null);
         try {
             super.doStop();
         } finally {
             leaveContextScope(null, null, context);
         }
-        jettyContainer.removeContext(this);
         log.info("JettyWebAppContext stopped");
     }
 
     public void doFail() {
         try {
+            //this will call doStop
             super.stop();
         } catch (InterruptedException e) {
         }
 
-        jettyContainer.removeContext(this);
         log.info("JettyWebAppContext failed");
     }
 
@@ -314,6 +345,9 @@
                 handler.mapPathToServlet(urlPattern, servletName);
             }
         }
+        if (securityInterceptor != null) {
+            securityInterceptor.registerServletHolder(webRoleRefPermissions);
+        }
         Object context = enterContextScope(null, null);
         try {
             servletHolder.start();
@@ -322,6 +356,14 @@
         }
     }
 
+    public boolean checkSecurityConstraints(String pathInContext, HttpRequest request, HttpResponse response) throws HttpException, IOException {
+         if (securityInterceptor != null) {
+             return securityInterceptor.checkSecurityConstraints(pathInContext, request, response);
+         }
+         return super.checkSecurityConstraints(pathInContext, request, response);
+     }
+
+
     public static final GBeanInfo GBEAN_INFO;
 
     static {
@@ -361,6 +403,17 @@
 
         infoBuilder.addInterface(JettyServletRegistration.class);
 
+        infoBuilder.addAttribute("policyContextID", String.class, true);
+        infoBuilder.addAttribute("loginDomainName", String.class, true);
+        infoBuilder.addAttribute("securityConfig", Security.class, true);
+
+        infoBuilder.addAttribute("securityRoles", Set.class, true);
+        infoBuilder.addAttribute("uncheckedPermissions", PermissionCollection.class, true);
+        infoBuilder.addAttribute("excludedPermissions", PermissionCollection.class, true);
+        infoBuilder.addAttribute("rolePermissions", Map.class, true);
+
+        infoBuilder.addReference("SecurityRealm", AutoMapAssistant.class);
+
         infoBuilder.setConstructor(new String[]{
             "uri",
             "componentContext",
@@ -385,9 +438,19 @@
             "tagLibMap",
             "sessionTimeoutSeconds",
 
+            "policyContextID",
+            "loginDomainName",
+            "securityConfig",
+
+            "securityRoles",
+            "uncheckedPermissions",
+            "excludedPermissions",
+            "rolePermissions",
+
             "TransactionContextManager",
             "TrackedConnectionAssociator",
-            "JettyContainer"
+            "JettyContainer",
+            "SecurityRealm",
         });
 
         GBEAN_INFO = infoBuilder.getBeanInfo();

Deleted: /geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java?view=auto&rev=122775
==============================================================================

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java?view=diff&rev=122776&p1=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java&r1=122775&p2=geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java	(original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java	Sun Dec 19 11:11:07 2004
@@ -16,27 +16,49 @@
  */
 package org.apache.geronimo.jetty.interceptor;
 
+import java.io.IOException;
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Permissions;
+import java.security.Principal;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Map;
 import java.util.Set;
 import javax.security.auth.Subject;
+import javax.security.jacc.PolicyConfiguration;
+import javax.security.jacc.PolicyConfigurationFactory;
 import javax.security.jacc.PolicyContext;
 import javax.security.jacc.PolicyContextException;
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.WebRoleRefPermission;
+import javax.security.jacc.WebUserDataPermission;
 
 import org.apache.geronimo.common.GeronimoSecurityException;
+import org.apache.geronimo.jetty.JAASJettyPrincipal;
 import org.apache.geronimo.security.ContextManager;
-import org.apache.geronimo.security.RealmPrincipal;
 import org.apache.geronimo.security.IdentificationPrincipal;
+import org.apache.geronimo.security.PrimaryRealmPrincipal;
+import org.apache.geronimo.security.RealmPrincipal;
 import org.apache.geronimo.security.SubjectId;
+import org.apache.geronimo.security.deploy.DefaultPrincipal;
 import org.apache.geronimo.security.deploy.Realm;
 import org.apache.geronimo.security.deploy.Role;
 import org.apache.geronimo.security.deploy.Security;
 import org.apache.geronimo.security.jacc.RoleMappingConfiguration;
+import org.apache.geronimo.security.realm.AutoMapAssistant;
 import org.apache.geronimo.security.util.ConfigurationUtil;
+import org.mortbay.http.Authenticator;
+import org.mortbay.http.HttpException;
 import org.mortbay.http.HttpRequest;
 import org.mortbay.http.HttpResponse;
+import org.mortbay.http.SecurityConstraint;
+import org.mortbay.http.UserRealm;
+import org.mortbay.jetty.servlet.FormAuthenticator;
+import org.mortbay.jetty.servlet.ServletHttpRequest;
 
 /**
  * @version $Rev:  $ $Date:  $
@@ -49,12 +71,98 @@
     private final String policyContextID;
     private final static ThreadLocal currentWebAppContext = new ThreadLocal();
     private final Map roleDesignates = new HashMap();
+    private final JAASJettyPrincipal defaultPrincipal;
 
-    public SecurityContextBeforeAfter(BeforeAfter next, int policyContextIDIndex, int webAppContextIndex, String policyContextID) {
+    private final String formLoginPath;
+    private final PolicyConfigurationFactory factory;
+    private final PolicyConfiguration policyConfiguration;
+
+    private final PermissionCollection checked = new Permissions();
+    private final PermissionCollection excludedPermissions;
+    private final Authenticator authenticator;
+
+    private final UserRealm realm;
+
+    public SecurityContextBeforeAfter(BeforeAfter next,
+                                      int policyContextIDIndex,
+                                      int webAppContextIndex,
+                                      String policyContextID,
+                                      Security securityConfig,
+                                      String loginDomainName,
+                                      AutoMapAssistant assistant,
+                                      Authenticator authenticator,
+                                      Set securityRoles,
+                                      PermissionCollection uncheckedPermissions,
+                                      PermissionCollection excludedPermissions,
+                                      Map rolePermissions,
+                                      UserRealm realm) throws PolicyContextException, ClassNotFoundException {
         this.next = next;
         this.policyContextIDIndex = policyContextIDIndex;
         this.webAppContextIndex = webAppContextIndex;
         this.policyContextID = policyContextID;
+
+        this.defaultPrincipal = generateDefaultPrincipal(securityConfig, loginDomainName, assistant);
+
+        if (authenticator instanceof FormAuthenticator) {
+            String formLoginPath = ((FormAuthenticator) authenticator).getLoginPage();
+            if (formLoginPath.indexOf('?') > 0) {
+                formLoginPath = formLoginPath.substring(0, formLoginPath.indexOf('?'));
+            }
+            this.formLoginPath = formLoginPath;
+        } else {
+            formLoginPath = null;
+        }
+
+        this.authenticator = authenticator;
+        /**
+         * Register our default principal with the ContextManager
+         */
+        Subject defaultSubject = defaultPrincipal.getSubject();
+        ContextManager.registerSubject(defaultSubject);
+        SubjectId id = ContextManager.getSubjectId(defaultSubject);
+        defaultSubject.getPrincipals().add(new IdentificationPrincipal(id));
+
+//        log.debug("Default subject " + id + " for JACC policy '" + policyContextID + "' registered.");
+
+        /**
+         * Get the JACC policy configuration that's associated with this
+         * web application and configure it with the geronimo security
+         * configuration.  The work for this is done by the class
+         * JettyXMLConfiguration.
+         */
+        factory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
+
+        policyConfiguration = factory.getPolicyConfiguration(policyContextID, true);
+        configure(uncheckedPermissions, excludedPermissions, rolePermissions);
+        addRoleMappings(securityRoles, loginDomainName, securityConfig, (RoleMappingConfiguration) policyConfiguration);
+        policyConfiguration.commit();
+        this.excludedPermissions = excludedPermissions;
+
+        Set allRolePermissions = new HashSet();
+        for (Iterator iterator = rolePermissions.entrySet().iterator(); iterator.hasNext();) {
+            Map.Entry entry = (Map.Entry) iterator.next();
+            Set permissionsForRole = (Set) entry.getValue();
+            allRolePermissions.addAll(permissionsForRole);
+        }
+        for (Iterator iterator = allRolePermissions.iterator(); iterator.hasNext();) {
+            Permission permission = (Permission) iterator.next();
+            checked.add(permission);
+        }
+
+        this.realm = realm;
+//        log.info("JettyWebAppJACCContext started with JACC policy '" + policyContextID + "'");
+    }
+    
+    public void registerServletHolder(Map webRoleRefPermissions) throws PolicyContextException {
+        PolicyConfiguration policyConfiguration = factory.getPolicyConfiguration(policyContextID, false);
+        for (Iterator iterator = webRoleRefPermissions.entrySet().iterator(); iterator.hasNext();) {
+            Map.Entry entry = (Map.Entry) iterator.next();
+            String roleName = (String) entry.getValue();
+            WebRoleRefPermission webRoleRefPermission = (WebRoleRefPermission) entry.getKey();
+            policyConfiguration.addToRole(roleName, webRoleRefPermission);
+        }
+        policyConfiguration.commit();
+        
     }
 
     public void before(Object[] context, HttpRequest httpRequest, HttpResponse httpResponse) {
@@ -102,6 +210,167 @@
     private void setRoleDesignate(String roleName, Subject subject) {
         roleDesignates.put(roleName, subject);
     }
+    
+    //security check methods, delegated from WebAppContext
+    
+    /**
+    * Check the security constraints using JACC.
+    *
+    * @param pathInContext path in context
+    * @param request       HTTP request
+    * @param response      HTTP response
+    * @return true if the path in context passes the security check,
+    *         false if it fails or a redirection has occured during authentication.
+    */
+   public boolean checkSecurityConstraints(String pathInContext, HttpRequest request, HttpResponse response) throws HttpException, IOException {
+       if (formLoginPath != null) {
+           String pathToBeTested = (pathInContext.indexOf('?') > 0 ? pathInContext.substring(0, pathInContext.indexOf('?')) : pathInContext);
+
+           if (pathToBeTested.equals(formLoginPath)) {
+               return true;
+           }
+       }
+
+       try {
+           Principal user = obtainUser(pathInContext, request, response);
+
+           if (user == null) {
+               return false;
+           }
+           if (user == SecurityConstraint.__NOBODY) {
+               return true;
+           }
+
+           AccessControlContext acc = ContextManager.getCurrentContext();
+           ServletHttpRequest servletHttpRequest = (ServletHttpRequest) request.getWrapper();
+
+           /**
+            * JACC v1.0 secion 4.1.1
+            */
+           acc.checkPermission(new WebUserDataPermission(servletHttpRequest));
+
+           /**
+            * JACC v1.0 secion 4.1.2
+            */
+           acc.checkPermission(new WebResourcePermission(servletHttpRequest));
+       } catch (HttpException he) {
+           response.sendError(he.getCode(), he.getReason());
+           return false;
+       } catch (AccessControlException ace) {
+           response.sendError(HttpResponse.__403_Forbidden);
+           return false;
+       }
+       return true;
+   }
+
+   /**
+    * Obtain an authenticated user, if one is required.  Otherwise return the
+    * default principal.
+    * <p/>
+    * Also set the current caller for JACC security checks for the default
+    * principal.  This is automatically done by <code>JAASJettyRealm</code>.
+    *
+    * @param pathInContext path in context
+    * @param request       HTTP request
+    * @param response      HTTP response
+    * @return <code>null</code> if there is no authenticated user at the moment
+    *         and security checking should not proceed and servlet handling should also
+    *         not proceed, e.g. redirect. <code>SecurityConstraint.__NOBODY</code> if
+    *         security checking should not proceed and servlet handling should proceed,
+    *         e.g. login page.
+    */
+   private Principal obtainUser(String pathInContext, HttpRequest request, HttpResponse response) throws IOException, IOException {
+       ServletHttpRequest servletHttpRequest = (ServletHttpRequest) request.getWrapper();
+       WebResourcePermission resourcePermission = new WebResourcePermission(servletHttpRequest);
+       WebUserDataPermission dataPermission = new WebUserDataPermission(servletHttpRequest);
+       boolean unauthenticated = !(checked.implies(resourcePermission) || checked.implies(dataPermission));
+       boolean forbidden = excludedPermissions.implies(resourcePermission) || excludedPermissions.implies(dataPermission);
+
+//       Authenticator authenticator = getAuthenticator();
+       Principal user = null;
+       if (!unauthenticated && !forbidden) {
+           if (realm == null) {
+//               log.warn("Realm Not Configured");
+               throw new HttpException(HttpResponse.__500_Internal_Server_Error, "Realm Not Configured");
+           }
+
+
+           // Handle pre-authenticated request
+           if (authenticator != null) {
+               // User authenticator.
+               user = authenticator.authenticate(realm, pathInContext, request, response);
+           } else {
+               // don't know how authenticate
+//               log.warn("Mis-configured Authenticator for " + request.getPath());
+               throw new HttpException(HttpResponse.__500_Internal_Server_Error, "Mis-configured Authenticator for " + request.getPath());
+           }
+
+           return user;
+       } else if (authenticator instanceof FormAuthenticator && pathInContext.endsWith(FormAuthenticator.__J_SECURITY_CHECK)) {
+           /**
+            * This could be a post request to __J_SECURITY_CHECK.
+            */
+           if (realm == null) {
+//               log.warn("Realm Not Configured");
+               throw new HttpException(HttpResponse.__500_Internal_Server_Error, "Realm Not Configured");
+           }
+           return authenticator.authenticate(realm, pathInContext, request, response);
+       }
+
+       /**
+        * No authentication is required.  Return the defaultPrincipal.
+        */
+       ContextManager.setCurrentCaller(defaultPrincipal.getSubject());
+       return defaultPrincipal;
+   }
+    
+
+    //configuration methods
+    /**
+     * Generate the default principal from the security config.
+     *
+     * @param securityConfig  The Geronimo security configuration.
+     * @param loginDomainName
+     * @return the default principal
+     */
+    protected JAASJettyPrincipal generateDefaultPrincipal(Security securityConfig, String loginDomainName, AutoMapAssistant assistant) throws GeronimoSecurityException {
+
+        DefaultPrincipal defaultPrincipal = securityConfig.getDefaultPrincipal();
+        if (defaultPrincipal == null) {
+            if (assistant != null) {
+                org.apache.geronimo.security.deploy.Principal principal = assistant.obtainDefaultPrincipal();
+                defaultPrincipal = new DefaultPrincipal();
+                defaultPrincipal.setPrincipal(principal);
+                defaultPrincipal.setRealmName(assistant.getRealmName());
+            }
+
+        }
+        if (defaultPrincipal == null) throw new GeronimoSecurityException("Unable to generate default principal");
+
+        return generateDefaultPrincipal(securityConfig, defaultPrincipal, loginDomainName);
+    }
+
+    protected JAASJettyPrincipal generateDefaultPrincipal(Security securityConfig, DefaultPrincipal defaultPrincipal, String loginDomainName) throws GeronimoSecurityException {
+        JAASJettyPrincipal result = new JAASJettyPrincipal("default");
+        Subject defaultSubject = new Subject();
+
+        RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(defaultPrincipal.getPrincipal(), loginDomainName, defaultPrincipal.getRealmName());
+        if (realmPrincipal == null) {
+            throw new GeronimoSecurityException("Unable to create realm principal");
+        }
+        PrimaryRealmPrincipal primaryRealmPrincipal = ConfigurationUtil.generatePrimaryRealmPrincipal(defaultPrincipal.getPrincipal(), loginDomainName, defaultPrincipal.getRealmName());
+        if (primaryRealmPrincipal == null) {
+            throw new GeronimoSecurityException("Unable to create primary realm principal");
+        }
+
+        defaultSubject.getPrincipals().add(realmPrincipal);
+        defaultSubject.getPrincipals().add(primaryRealmPrincipal);
+
+        result.setSubject(defaultSubject);
+
+        return result;
+    }
+
 
     public void addRoleMappings(Set securityRoles, String loginDomainName, Security security, RoleMappingConfiguration roleMapper) throws PolicyContextException, GeronimoSecurityException {
 
@@ -158,7 +427,28 @@
 
     }
 
-    public void stop() {
+    private void configure(PermissionCollection uncheckedPermissions,
+                           PermissionCollection excludedPermissions,
+                           Map rolePermissions) throws GeronimoSecurityException {
+        try {
+            policyConfiguration.addToExcludedPolicy(excludedPermissions);
+            policyConfiguration.addToUncheckedPolicy(uncheckedPermissions);
+            for (Iterator iterator = rolePermissions.entrySet().iterator(); iterator.hasNext();) {
+                Map.Entry entry = (Map.Entry) iterator.next();
+                String roleName = (String) entry.getKey();
+                Set permissions = (Set) entry.getValue();
+                for (Iterator iterator1 = permissions.iterator(); iterator1.hasNext();) {
+                    Permission permission = (Permission) iterator1.next();
+                    policyConfiguration.addToRole(roleName, permission);
+                }
+            }
+        } catch (PolicyContextException e) {
+            throw new GeronimoSecurityException(e);
+        }
+    }
+
+
+    public void stop() throws PolicyContextException {
         for (Iterator iter = roleDesignates.keySet().iterator(); iter.hasNext();) {
             String roleName = (String) iter.next();
             Subject roleDesignate = (Subject) roleDesignates.get(roleName);
@@ -166,5 +456,12 @@
             ContextManager.unregisterSubject(roleDesignate);
 //            log.debug("Role designate " + ContextManager.getSubjectId(roleDesignate) + " for role '" + roleName + "' for JACC policy '" + policyContextID + "' unregistered.");
         }
+        ContextManager.unregisterSubject(defaultPrincipal.getSubject());
+        
+        if (policyConfiguration != null) {
+            policyConfiguration.delete();
+        }
+
+        
     }
 }

Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?view=diff&rev=122776&p1=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r1=122775&p2=geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java	(original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java	Sun Dec 19 11:11:07 2004
@@ -26,6 +26,7 @@
 import java.util.Properties;
 import java.util.Set;
 import javax.management.ObjectName;
+import javax.management.MalformedObjectNameException;
 
 import junit.framework.TestCase;
 import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
@@ -124,7 +125,7 @@
     }
 
     protected void setUpSecureAppContext(Security securityConfig, PermissionCollection uncheckedPermissions, PermissionCollection excludedPermissions, Map rolePermissions, Set securityRoles) throws Exception {
-        GBeanData app = new GBeanData(webModuleName, JettyWebAppJACCContext.GBEAN_INFO);
+        GBeanData app = new GBeanData(webModuleName, JettyWebAppContext.GBEAN_INFO);
         app.setAttribute("loginDomainName", "demo-properties-realm");
         app.setAttribute("securityConfig", securityConfig);
         app.setAttribute("uncheckedPermissions", uncheckedPermissions);
@@ -150,6 +151,7 @@
         app.setReferencePattern("TransactionContextManager", tcmName);
         app.setReferencePattern("TrackedConnectionAssociator", ctcName);
         app.setReferencePattern("JettyContainer", containerName);
+        app.setReferencePattern("SecurityRealm", propertiesRealmName);
 
         app.setAttribute("contextPath", "/test");
 
@@ -167,7 +169,6 @@
 
         securityServiceName = new ObjectName("geronimo.security:type=SecurityService");
         securityServiceGBean = new GBeanData(securityServiceName, SecurityServiceImpl.GBEAN_INFO);
-        securityServiceGBean.setReferencePatterns("Realms", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*")));
         securityServiceGBean.setReferencePatterns("Mappers", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*")));
         securityServiceGBean.setAttribute("policyConfigurationFactory", "org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory");
 

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java?view=diff&rev=122776&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java&r1=122775&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/SecurityServiceImpl.java	Sun Dec 19 11:11:07 2004
@@ -19,11 +19,11 @@
 
 import java.security.Policy;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.Iterator;
 import javax.security.jacc.PolicyConfigurationFactory;
 import javax.security.jacc.PolicyContextException;
 
+import EDU.oswego.cs.dl.util.concurrent.ConcurrentHashMap;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.geronimo.gbean.GBeanInfo;
@@ -37,7 +37,6 @@
 import org.apache.geronimo.security.jacc.PolicyContextHandlerHttpServletRequest;
 import org.apache.geronimo.security.jacc.PolicyContextHandlerSOAPMessage;
 import org.apache.geronimo.security.realm.AutoMapAssistant;
-import org.apache.geronimo.security.realm.SecurityRealm;
 import org.apache.geronimo.security.util.ConfigurationUtil;
 
 
@@ -50,8 +49,7 @@
 
     private final Log log = LogFactory.getLog(SecurityService.class);
 
-    private final Collection realms;
-    private final Collection mappers;
+    private final ConcurrentHashMap mappersMap = new ConcurrentHashMap();
 
     /**
      * Permissions that protect access to sensitive security information
@@ -59,7 +57,6 @@
     public static final GeronimoSecurityPermission CONFIGURE = new GeronimoSecurityPermission("configure");
 
     public SecurityServiceImpl(String policyConfigurationFactory,
-                               Collection realms,
                                Collection mappers) throws PolicyContextException, ClassNotFoundException {
         /**
          *  @see "JSR 115 4.6.1" Container Subject Policy Context Handler
@@ -74,39 +71,11 @@
         PolicyConfigurationFactory factory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
         GeronimoPolicyConfigurationFactory geronimoPolicyConfigurationFactory = (GeronimoPolicyConfigurationFactory) factory;
         Policy.setPolicy(new GeronimoPolicy(geronimoPolicyConfigurationFactory));
-        if (realms == null) {
-            this.realms = Collections.EMPTY_SET;
-        } else {
+        if (mappers != null) {
             SecurityManager sm = System.getSecurityManager();
             if (sm != null) {
                 sm.checkPermission(CONFIGURE);
             }
-            this.realms = realms;
-            ((ReferenceCollection) realms).addReferenceCollectionListener(new ReferenceCollectionListener() {
-
-                public void memberAdded(ReferenceCollectionEvent event) {
-                    SecurityManager sm = System.getSecurityManager();
-                    if (sm != null) {
-                        sm.checkPermission(CONFIGURE);
-                    }
-                }
-
-                public void memberRemoved(ReferenceCollectionEvent event) {
-                    SecurityManager sm = System.getSecurityManager();
-                    if (sm != null) {
-                        sm.checkPermission(CONFIGURE);
-                    }
-                }
-            });
-        }
-        if (mappers == null) {
-            this.mappers = Collections.EMPTY_SET;
-        } else {
-            SecurityManager sm = System.getSecurityManager();
-            if (sm != null) {
-                sm.checkPermission(CONFIGURE);
-            }
-            this.mappers = mappers;
             ((ReferenceCollection) mappers).addReferenceCollectionListener(new ReferenceCollectionListener() {
 
                 public void memberAdded(ReferenceCollectionEvent event) {
@@ -114,6 +83,8 @@
                     if (sm != null) {
                         sm.checkPermission(CONFIGURE);
                     }
+                    AutoMapAssistant assistant = (AutoMapAssistant) event.getMember();
+                    mappersMap.put(assistant.getRealmName(), assistant);
                 }
 
                 public void memberRemoved(ReferenceCollectionEvent event) {
@@ -121,64 +92,20 @@
                     if (sm != null) {
                         sm.checkPermission(CONFIGURE);
                     }
+                    AutoMapAssistant assistant = (AutoMapAssistant) event.getMember();
+                    mappersMap.remove(assistant.getRealmName());
                 }
             });
-        }
-        log.info("Security service started");
-    }
-
-//    public Collection getRealms() throws GeronimoSecurityException {
-//        SecurityManager sm = System.getSecurityManager();
-//        if (sm != null) sm.checkPermission(CONFIGURE);
-//        return realms;
-//    }
-//
-//
-//    public void setRealms(Collection realms) {
-//        SecurityManager sm = System.getSecurityManager();
-//        if (sm != null) sm.checkPermission(CONFIGURE);
-//        this.realms = realms;
-//    }
-//
-//    public Collection getMappers() throws GeronimoSecurityException {
-//        SecurityManager sm = System.getSecurityManager();
-//        if (sm != null) sm.checkPermission(CONFIGURE);
-//        return mappers;
-//    }
-//
-//
-//    public void setMappers(Collection mappers) {
-//        SecurityManager sm = System.getSecurityManager();
-//        if (sm != null) sm.checkPermission(CONFIGURE);
-//        this.mappers = mappers;
-//    }
-
-//    public Collection getModuleConfigurations() {
-//        return moduleConfigurations;
-//    }
-//
-//    public void setModuleConfigurations(Collection moduleConfigurations) {
-//        this.moduleConfigurations = moduleConfigurations;
-//    }
-
-    public SecurityRealm getRealm(String name) {
-        for (Iterator iter = realms.iterator(); iter.hasNext();) {
-            SecurityRealm realm = (SecurityRealm) iter.next();
-            if (name.equals(realm.getRealmName())) {
-                return realm;
+            for (Iterator iterator = mappers.iterator(); iterator.hasNext();) {
+                AutoMapAssistant assistant = (AutoMapAssistant) iterator.next();
+                mappersMap.put(assistant.getRealmName(), assistant);
             }
         }
-        return null;
+        log.info("Security service started");
     }
 
     public AutoMapAssistant getMapper(String name) {
-        for (Iterator iter = mappers.iterator(); iter.hasNext();) {
-            AutoMapAssistant mapper = (AutoMapAssistant) iter.next();
-            if (name.equals(mapper.getRealmName())) {
-                return mapper;
-            }
-        }
-        return null;
+        return (AutoMapAssistant) mappersMap.get(name);
     }
 
 
@@ -189,12 +116,10 @@
 
         infoFactory.addAttribute("policyConfigurationFactory", String.class, true);
 
-        infoFactory.addReference("Realms", SecurityRealm.class);
         infoFactory.addReference("Mappers", AutoMapAssistant.class);
-        infoFactory.addOperation("getRealm", new Class[]{String.class});
         infoFactory.addOperation("getMapper", new Class[]{String.class});
 
-        infoFactory.setConstructor(new String[]{"policyConfigurationFactory", "Realms", "Mappers"});
+        infoFactory.setConstructor(new String[]{"policyConfigurationFactory", "Mappers"});
 
         GBEAN_INFO = infoFactory.getBeanInfo();
     }

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java?view=diff&rev=122776&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java&r1=122775&p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java	(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/deploy/Security.java	Sun Dec 19 11:11:07 2004
@@ -23,7 +23,6 @@
 import java.util.Map;
 import java.util.Set;
 
-import org.apache.geronimo.security.SecurityServiceImpl;
 import org.apache.geronimo.security.SecurityService;
 
 

Modified: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java?view=diff&rev=122776&p1=geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java&r1=122775&p2=geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java&r2=122776
==============================================================================
--- geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java	(original)
+++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java	Sun Dec 19 11:11:07 2004
@@ -154,7 +154,6 @@
     protected void setUpSecurity() throws Exception {
         securityServiceName = new ObjectName("geronimo.security:type=SecurityService");
         securityServiceGBean = new GBeanData(securityServiceName, SecurityServiceImpl.GBEAN_INFO);
-        securityServiceGBean.setReferencePatterns("Realms", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*")));
         securityServiceGBean.setReferencePatterns("Mappers", Collections.singleton(new ObjectName("geronimo.security:type=SecurityRealm,*")));
         securityServiceGBean.setAttribute("policyConfigurationFactory", "org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory");
 

Mime
View raw message