Return-Path: Delivered-To: apmail-geronimo-scm-archive@www.apache.org Received: (qmail 92333 invoked from network); 4 Dec 2004 20:51:03 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 4 Dec 2004 20:51:03 -0000 Received: (qmail 21206 invoked by uid 500); 4 Dec 2004 20:51:03 -0000 Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org Received: (qmail 21041 invoked by uid 500); 4 Dec 2004 20:51:02 -0000 Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: dev@geronimo.apache.org Delivered-To: mailing list scm@geronimo.apache.org Received: (qmail 21026 invoked by uid 99); 4 Dec 2004 20:51:02 -0000 X-ASF-Spam-Status: No, hits=-10.0 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME,WEIRD_PORT X-Spam-Check-By: apache.org Received: from minotaur.apache.org (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.28) with SMTP; Sat, 04 Dec 2004 12:51:02 -0800 Received: (qmail 92315 invoked by uid 65534); 4 Dec 2004 20:51:00 -0000 Date: 4 Dec 2004 20:51:00 -0000 Message-ID: <20041204205100.92309.qmail@minotaur.apache.org> From: djencks@apache.org To: scm@geronimo.apache.org Subject: svn commit: r109824 - in geronimo/branches/djencks/jetty-deployer1/trunk/modules: jetty-builder/src/java/org/apache/geronimo/jetty/deployment jetty/src/java/org/apache/geronimo/jetty jetty/src/test/org/apache/geronimo/jetty MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Author: djencks Date: Sat Dec 4 12:51:00 2004 New Revision: 109824 URL: http://svn.apache.org/viewcvs?view=rev&rev=109824 Log: add missing security configuration piece. With luck we can figure out how to take this out again Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java?view=diff&rev=109824&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r1=109823&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r2=109824 ============================================================================== --- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java (original) +++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java Sat Dec 4 12:51:00 2004 @@ -26,6 +26,7 @@ import java.net.URL; import java.util.ArrayList; import java.util.Collection; +import java.util.Collections; import java.util.Enumeration; import java.util.HashMap; import java.util.HashSet; @@ -34,7 +35,6 @@ import java.util.List; import java.util.Map; import java.util.Set; -import java.util.Collections; import java.util.jar.JarFile; import java.util.zip.ZipEntry; import javax.management.MalformedObjectNameException; @@ -107,6 +107,7 @@ import org.mortbay.http.BasicAuthenticator; import org.mortbay.http.ClientCertAuthenticator; import org.mortbay.http.DigestAuthenticator; +import org.mortbay.http.SecurityConstraint; import org.mortbay.jetty.servlet.FormAuthenticator; @@ -378,6 +379,8 @@ } webModuleData.setAttribute("policyContextID", policyContextID); buildSpecSecurityConfig(webApp, webModuleData, securityRoles); + //TODO figure out if we can avoid this. + buildLegacySecurityConstraints(webApp, webModuleData); } else { webModuleData = new GBeanData(webModuleName, JettyWebAppContext.GBEAN_INFO); @@ -846,6 +849,72 @@ webModuleData.setAttribute("excludedPermissions", excludedPermissions); webModuleData.setAttribute("uncheckedPermissions", uncheckedPermissions); webModuleData.setAttribute("rolePermissions", rolePermissions); + } + + private void buildLegacySecurityConstraints(WebAppType webApp, GBeanData webModuleData) throws DeploymentException { + //this is basically what jetty's XMLConfiguration does. I would hope we could come up with a better way. + Map urlToSecurityConstraintListMap = new HashMap(); + SecurityConstraintType[] securityConstraintArray = webApp.getSecurityConstraintArray(); + for (int i = 0; i < securityConstraintArray.length; i++) { + SecurityConstraintType securityConstraintType = securityConstraintArray[i]; + + SecurityConstraint scBase = new SecurityConstraint(); + if (securityConstraintType.isSetAuthConstraint()) { + scBase.setAuthenticate(true); + RoleNameType[] roleNameArray = securityConstraintType.getAuthConstraint().getRoleNameArray(); + for (int j = 0; j < roleNameArray.length; j++) { + RoleNameType roleNameType = roleNameArray[j]; + scBase.addRole(roleNameType.getStringValue().trim()); + } + } + if (securityConstraintType.isSetUserDataConstraint()) { + String guarantee = securityConstraintType.getUserDataConstraint().getTransportGuarantee().getStringValue().trim(); + if (guarantee == null || guarantee.length() == 0 || "NONE".equals(guarantee)) + scBase.setDataConstraint(SecurityConstraint.DC_NONE); + else if ("INTEGRAL".equals(guarantee)) + scBase.setDataConstraint(SecurityConstraint.DC_INTEGRAL); + else if ("CONFIDENTIAL".equals(guarantee)) + scBase.setDataConstraint(SecurityConstraint.DC_CONFIDENTIAL); + else + { + //ToDO what do we do here? +// log.warn("Unknown user-data-constraint:" + guarantee); + scBase.setDataConstraint(SecurityConstraint.DC_CONFIDENTIAL); + } + } + WebResourceCollectionType[] webResourceCollectionArray = securityConstraintType.getWebResourceCollectionArray(); + for (int j = 0; j < webResourceCollectionArray.length; j++) { + WebResourceCollectionType webResourceCollectionType = webResourceCollectionArray[j]; + + String name = webResourceCollectionType.getWebResourceName().getStringValue().trim(); + SecurityConstraint sc = null; + try { + sc = (SecurityConstraint) scBase.clone(); + } catch (CloneNotSupportedException e) { + throw new DeploymentException("this should not have happened", e); + } + sc.setName(name); + HttpMethodType[] httpMethodArray = webResourceCollectionType.getHttpMethodArray(); + for (int k = 0; k < httpMethodArray.length; k++) { + HttpMethodType httpMethodType = httpMethodArray[k]; + sc.addMethod(httpMethodType.getStringValue().trim()); + } + UrlPatternType[] urlPatternArray = webResourceCollectionType.getUrlPatternArray(); + for (int k = 0; k < urlPatternArray.length; k++) { + UrlPatternType urlPatternType = urlPatternArray[k]; + String urlPattern = urlPatternType.getStringValue(); + List securityConstraints = (List) urlToSecurityConstraintListMap.get(urlPattern); + if (securityConstraints == null) { + securityConstraints = new ArrayList(); + urlToSecurityConstraintListMap.put(urlPattern, securityConstraints); + } + securityConstraints.add(sc); + } + } + } + + webModuleData.setAttribute("legacySecurityConstraintMap", urlToSecurityConstraintListMap); + } private static Set collectRoleNames(WebAppType webApp) { Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java?view=diff&rev=109824&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r1=109823&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r2=109824 ============================================================================== --- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java (original) +++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java Sat Dec 4 12:51:00 2004 @@ -25,13 +25,13 @@ import java.security.AccessControlException; import java.security.Permission; import java.security.Principal; +import java.util.Collection; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Set; -import java.util.Collection; import javax.management.MalformedObjectNameException; import javax.management.ObjectName; import javax.security.auth.Subject; @@ -154,6 +154,9 @@ Set excludedPermissions, Map rolePermissions, + //TODO remove + Map legacySecurityConstraintMap, + TransactionContextManager transactionContextManager, TrackedConnectionAssociator trackedConnectionAssociator, JettyContainer jettyContainer, @@ -203,18 +206,18 @@ this.defaultPrincipal = generateDefaultPrincipal(securityConfig, loginDomainName); - } - - public Kernel getKernel() { - return kernel; - } + //TODO remove + for (Iterator entries = legacySecurityConstraintMap.entrySet().iterator(); entries.hasNext();) { + Map.Entry entry = (Map.Entry) entries.next(); + String urlPattern = (String) entry.getKey(); + List securityConstraints = (List) entry.getValue(); + for (Iterator constraints = securityConstraints.iterator(); constraints.hasNext();) { + SecurityConstraint securityConstraint = (SecurityConstraint) constraints.next(); + addSecurityConstraint(urlPattern, securityConstraint); + } - public String getPolicyContextID() { - return policyContextID; - } + } - public Security getSecurityConfig() { - return securityConfig; } public Subject getRoleDesignate(String roleName) { @@ -514,7 +517,7 @@ SubjectId id = ContextManager.getSubjectId(defaultSubject); defaultSubject.getPrincipals().add(new IdentificationPrincipal(id)); - log.debug("Default subject " + id + " for JACC policy '" + ((JettyWebAppJACCContext) getHttpContext()).getPolicyContextID() + "' registered."); + log.debug("Default subject " + id + " for JACC policy '" + policyContextID + "' registered."); /** * Get the JACC policy configuration that's associated with this @@ -552,7 +555,7 @@ id = ContextManager.getSubjectId(roleDesignate); roleDesignate.getPrincipals().add(new IdentificationPrincipal(id)); - log.debug("Role designate " + id + " for role '" + roleName + "' for JACC policy '" + ((JettyWebAppJACCContext) getHttpContext()).getPolicyContextID() + "' registered."); + log.debug("Role designate " + id + " for role '" + roleName + "' for JACC policy '" + policyContextID + "' registered."); } log.info("JettyWebAppJACCContext started with JACC policy '" + policyContextID + "'"); @@ -564,7 +567,7 @@ /** * Unregister the default principal and role designates */ - log.debug("Default subject " + ContextManager.getSubjectId(defaultPrincipal.getSubject()) + " for JACC policy " + ((JettyWebAppJACCContext) getHttpContext()).getPolicyContextID() + "' unregistered."); + log.debug("Default subject " + ContextManager.getSubjectId(defaultPrincipal.getSubject()) + " for JACC policy " + policyContextID + "' unregistered."); ContextManager.unregisterSubject(defaultPrincipal.getSubject()); @@ -574,7 +577,7 @@ Subject roleDesignate = (Subject) roleDesignates.get(roleName); ContextManager.unregisterSubject(roleDesignate); - log.debug("Role designate " + ContextManager.getSubjectId(roleDesignate) + " for role '" + roleName + "' for JACC policy '" + ((JettyWebAppJACCContext) getHttpContext()).getPolicyContextID() + "' unregistered."); + log.debug("Role designate " + ContextManager.getSubjectId(roleDesignate) + " for role '" + roleName + "' for JACC policy '" + policyContextID + "' unregistered."); } /** @@ -677,6 +680,8 @@ infoBuilder.addAttribute("uncheckedPermissions", Set.class, true); infoBuilder.addAttribute("excludedPermissions", Set.class, true); infoBuilder.addAttribute("rolePermissions", Map.class, true); + //TODO remove + infoBuilder.addAttribute("legacySecurityConstraintMap", Map.class, true); infoBuilder.addAttribute("kernel", Kernel.class, false); @@ -712,6 +717,8 @@ "uncheckedPermissions", "excludedPermissions", "rolePermissions", + //TODO remove + "legacySecurityConstraintMap", "TransactionContextManager", "TrackedConnectionAssociator", Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?view=diff&rev=109824&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r1=109823&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r2=109824 ============================================================================== --- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java (original) +++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Sat Dec 4 12:51:00 2004 @@ -119,7 +119,7 @@ start(app); } - protected void setUpSecureAppContext(Security securityConfig, Set uncheckedPermissions, Set excludedPermissions, Map rolePermissions, Set securityRoles) throws Exception { + protected void setUpSecureAppContext(Security securityConfig, Set uncheckedPermissions, Set excludedPermissions, Map rolePermissions, Set securityRoles, Map legacySecurityConstraintMap) throws Exception { GBeanData app = new GBeanData(webModuleName, JettyWebAppJACCContext.GBEAN_INFO); app.setAttribute("loginDomainName", "jaasTest"); app.setAttribute("securityConfig", securityConfig); @@ -127,6 +127,7 @@ app.setAttribute("excludedPermissions", excludedPermissions); app.setAttribute("rolePermissions", rolePermissions); app.setAttribute("securityRoles", securityRoles); + app.setAttribute("legacySecurityConstraintMap", legacySecurityConstraintMap); FormAuthenticator formAuthenticator = new FormAuthenticator(); formAuthenticator.setLoginPage("/auth/logon.html?param=test"); formAuthenticator.setErrorPage("/auth/logonError.html?param=test"); Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java?view=diff&rev=109824&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r1=109823&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r2=109824 ============================================================================== --- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java (original) +++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Sat Dec 4 12:51:00 2004 @@ -81,8 +81,9 @@ Set excludedPermissions = new HashSet(); Map rolePermissions = new HashMap(); Set securityRoles = new HashSet(); + Map legacySecurityConstraintMap = new HashMap(); - startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles); + startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap); HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection(); connection.setInstanceFollowRedirects(false); @@ -190,7 +191,9 @@ securityRoles.add("content-administrator"); securityRoles.add("auto-administrator"); - startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles); + Map legacySecurityConstraintMap = new HashMap(); + + startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap); HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection(); connection.setInstanceFollowRedirects(false); @@ -306,8 +309,9 @@ Set excludedPermissions = new HashSet(); Map rolePermissions = new HashMap(); Set securityRoles = new HashSet(); + Map legacySecurityConstraintMap = new HashMap(); - startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles); + startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap); HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection(); connection.setInstanceFollowRedirects(false); @@ -371,8 +375,8 @@ stopWebApp(); } - protected void startWebApp(Security securityConfig, Set uncheckedPermissions, Set excludedPermissions, Map rolePermissions, Set securityRoles) throws Exception { - setUpSecureAppContext(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles); + protected void startWebApp(Security securityConfig, Set uncheckedPermissions, Set excludedPermissions, Map rolePermissions, Set securityRoles, Map legacySecurityConstraintMap) throws Exception { + setUpSecureAppContext(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap); setUpStaticContentServlet(); // GBeanMBean app = new GBeanMBean(JettyWebAppJACCContext.GBEAN_INFO); //