Return-Path: Delivered-To: apmail-geronimo-scm-archive@www.apache.org Received: (qmail 89240 invoked from network); 9 Dec 2004 13:41:42 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 9 Dec 2004 13:41:42 -0000 Received: (qmail 77097 invoked by uid 500); 9 Dec 2004 13:38:30 -0000 Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org Received: (qmail 77053 invoked by uid 500); 9 Dec 2004 13:38:29 -0000 Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: dev@geronimo.apache.org Delivered-To: mailing list scm@geronimo.apache.org Received: (qmail 76996 invoked by uid 99); 9 Dec 2004 13:38:29 -0000 X-ASF-Spam-Status: No, hits=-10.0 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME,WEIRD_PORT X-Spam-Check-By: apache.org Received: from minotaur.apache.org (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.28) with SMTP; Thu, 09 Dec 2004 05:38:22 -0800 Received: (qmail 87314 invoked by uid 65534); 9 Dec 2004 13:38:09 -0000 Date: 9 Dec 2004 13:38:09 -0000 Message-ID: <20041209133809.87310.qmail@minotaur.apache.org> From: adc@apache.org To: scm@geronimo.apache.org Subject: svn commit: r111381 - in geronimo/branches/djencks/jetty-deployer1/trunk/modules: jetty-builder/src/java/org/apache/geronimo/jetty/deployment jetty/src/java/org/apache/geronimo/jetty jetty/src/test/org/apache/geronimo/jetty MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Author: adc Date: Thu Dec 9 05:38:07 2004 New Revision: 111381 URL: http://svn.apache.org/viewcvs?view=rev&rev=111381 Log: Removed the old Jetty legacy security constraints Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java?view=diff&rev=111381&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r1=111380&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java&r2=111381 ============================================================================== --- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java (original) +++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java Thu Dec 9 05:38:07 2004 @@ -24,6 +24,8 @@ import java.net.URI; import java.net.URISyntaxException; import java.net.URL; +import java.security.PermissionCollection; +import java.security.Permissions; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -44,6 +46,13 @@ import javax.security.jacc.WebUserDataPermission; import javax.transaction.UserTransaction; +import org.apache.xmlbeans.XmlException; +import org.apache.xmlbeans.XmlObject; +import org.mortbay.http.BasicAuthenticator; +import org.mortbay.http.ClientCertAuthenticator; +import org.mortbay.http.DigestAuthenticator; +import org.mortbay.jetty.servlet.FormAuthenticator; + import org.apache.geronimo.common.DeploymentException; import org.apache.geronimo.deployment.service.GBeanHelper; import org.apache.geronimo.deployment.util.DeploymentUtil; @@ -102,13 +111,6 @@ import org.apache.geronimo.xbeans.j2ee.WebAppType; import org.apache.geronimo.xbeans.j2ee.WebResourceCollectionType; import org.apache.geronimo.xbeans.j2ee.WelcomeFileListType; -import org.apache.xmlbeans.XmlException; -import org.apache.xmlbeans.XmlObject; -import org.mortbay.http.BasicAuthenticator; -import org.mortbay.http.ClientCertAuthenticator; -import org.mortbay.http.DigestAuthenticator; -import org.mortbay.http.SecurityConstraint; -import org.mortbay.jetty.servlet.FormAuthenticator; /** @@ -384,8 +386,6 @@ } webModuleData.setAttribute("policyContextID", policyContextID); buildSpecSecurityConfig(webApp, webModuleData, securityRoles); - //TODO figure out if we can avoid this. - buildLegacySecurityConstraints(webApp, webModuleData); } else { webModuleData = new GBeanData(webModuleName, JettyWebAppContext.GBEAN_INFO); @@ -839,8 +839,8 @@ } } - Set excludedPermissions = new HashSet(); - Set uncheckedPermissions = new HashSet(); + PermissionCollection excludedPermissions = new Permissions(); + PermissionCollection uncheckedPermissions = new Permissions(); Map rolePermissions = new HashMap(); Iterator iter = excludedPatterns.keySet().iterator(); @@ -934,71 +934,6 @@ webModuleData.setAttribute("excludedPermissions", excludedPermissions); webModuleData.setAttribute("uncheckedPermissions", uncheckedPermissions); webModuleData.setAttribute("rolePermissions", rolePermissions); - } - - private void buildLegacySecurityConstraints(WebAppType webApp, GBeanData webModuleData) throws DeploymentException { - //this is basically what jetty's XMLConfiguration does. I would hope we could come up with a better way. - Map urlToSecurityConstraintListMap = new HashMap(); - SecurityConstraintType[] securityConstraintArray = webApp.getSecurityConstraintArray(); - for (int i = 0; i < securityConstraintArray.length; i++) { - SecurityConstraintType securityConstraintType = securityConstraintArray[i]; - - SecurityConstraint scBase = new SecurityConstraint(); - if (securityConstraintType.isSetAuthConstraint()) { - scBase.setAuthenticate(true); - RoleNameType[] roleNameArray = securityConstraintType.getAuthConstraint().getRoleNameArray(); - for (int j = 0; j < roleNameArray.length; j++) { - RoleNameType roleNameType = roleNameArray[j]; - scBase.addRole(roleNameType.getStringValue().trim()); - } - } - if (securityConstraintType.isSetUserDataConstraint()) { - String guarantee = securityConstraintType.getUserDataConstraint().getTransportGuarantee().getStringValue().trim(); - if (guarantee == null || guarantee.length() == 0 || "NONE".equals(guarantee)) - scBase.setDataConstraint(SecurityConstraint.DC_NONE); - else if ("INTEGRAL".equals(guarantee)) - scBase.setDataConstraint(SecurityConstraint.DC_INTEGRAL); - else if ("CONFIDENTIAL".equals(guarantee)) - scBase.setDataConstraint(SecurityConstraint.DC_CONFIDENTIAL); - else { - //ToDO what do we do here? -// log.warn("Unknown user-data-constraint:" + guarantee); - scBase.setDataConstraint(SecurityConstraint.DC_CONFIDENTIAL); - } - } - WebResourceCollectionType[] webResourceCollectionArray = securityConstraintType.getWebResourceCollectionArray(); - for (int j = 0; j < webResourceCollectionArray.length; j++) { - WebResourceCollectionType webResourceCollectionType = webResourceCollectionArray[j]; - - String name = webResourceCollectionType.getWebResourceName().getStringValue().trim(); - SecurityConstraint sc = null; - try { - sc = (SecurityConstraint) scBase.clone(); - } catch (CloneNotSupportedException e) { - throw new DeploymentException("this should not have happened", e); - } - sc.setName(name); - HttpMethodType[] httpMethodArray = webResourceCollectionType.getHttpMethodArray(); - for (int k = 0; k < httpMethodArray.length; k++) { - HttpMethodType httpMethodType = httpMethodArray[k]; - sc.addMethod(httpMethodType.getStringValue().trim()); - } - UrlPatternType[] urlPatternArray = webResourceCollectionType.getUrlPatternArray(); - for (int k = 0; k < urlPatternArray.length; k++) { - UrlPatternType urlPatternType = urlPatternArray[k]; - String urlPattern = urlPatternType.getStringValue(); - List securityConstraints = (List) urlToSecurityConstraintListMap.get(urlPattern); - if (securityConstraints == null) { - securityConstraints = new ArrayList(); - urlToSecurityConstraintListMap.put(urlPattern, securityConstraints); - } - securityConstraints.add(sc); - } - } - } - - webModuleData.setAttribute("legacySecurityConstraintMap", urlToSecurityConstraintListMap); - } private static Set collectRoleNames(WebAppType webApp) { Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java?view=diff&rev=111381&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r1=111380&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r2=111381 ============================================================================== --- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java (original) +++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java Thu Dec 9 05:38:07 2004 @@ -18,18 +18,20 @@ package org.apache.geronimo.jetty; import java.io.IOException; -import java.net.MalformedURLException; import java.net.URI; import java.net.URL; import java.security.AccessControlContext; import java.security.AccessControlException; import java.security.Permission; +import java.security.PermissionCollection; +import java.security.Permissions; import java.security.Principal; import java.util.Collection; +import java.util.HashSet; import java.util.Iterator; -import java.util.List; import java.util.Map; import java.util.Set; +import java.util.Enumeration; import javax.management.MalformedObjectNameException; import javax.management.ObjectName; import javax.security.auth.Subject; @@ -42,6 +44,16 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.mortbay.http.Authenticator; +import org.mortbay.http.HttpException; +import org.mortbay.http.HttpRequest; +import org.mortbay.http.HttpResponse; +import org.mortbay.http.SecurityConstraint; +import org.mortbay.http.UserRealm; +import org.mortbay.jetty.servlet.FormAuthenticator; +import org.mortbay.jetty.servlet.ServletHolder; +import org.mortbay.jetty.servlet.ServletHttpRequest; + import org.apache.geronimo.common.GeronimoSecurityException; import org.apache.geronimo.gbean.GBeanInfo; import org.apache.geronimo.gbean.GBeanInfoBuilder; @@ -63,17 +75,6 @@ import org.apache.geronimo.transaction.OnlineUserTransaction; import org.apache.geronimo.transaction.TrackedConnectionAssociator; import org.apache.geronimo.transaction.context.TransactionContextManager; -import org.mortbay.http.Authenticator; -import org.mortbay.http.HttpException; -import org.mortbay.http.HttpRequest; -import org.mortbay.http.HttpResponse; -import org.mortbay.http.PathMap; -import org.mortbay.http.SecurityConstraint; -import org.mortbay.http.UserRealm; -import org.mortbay.jetty.servlet.FormAuthenticator; -import org.mortbay.jetty.servlet.ServletHolder; -import org.mortbay.jetty.servlet.ServletHttpRequest; -import org.mortbay.util.LazyList; /** @@ -95,15 +96,15 @@ private PolicyConfigurationFactory factory; private PolicyConfiguration policyConfiguration; - private final PathMap constraintMap = new PathMap(); - private String formLoginPath; private final Set securityRoles; - private final Set excludedPermissions; - private final Set uncheckedPermissions; + private final PermissionCollection excludedPermissions; + private final PermissionCollection uncheckedPermissions; private final Map rolePermissions; + PermissionCollection checked = new Permissions(); + private final SecurityContextBeforeAfter securityInterceptor; @@ -148,13 +149,10 @@ Security securityConfig, //from jettyxmlconfig Set securityRoles, - Set uncheckedPermissions, - Set excludedPermissions, + PermissionCollection uncheckedPermissions, + PermissionCollection excludedPermissions, Map rolePermissions, - //TODO remove - Map legacySecurityConstraintMap, - TransactionContextManager transactionContextManager, TrackedConnectionAssociator trackedConnectionAssociator, JettyContainer jettyContainer, @@ -209,16 +207,18 @@ contextLength = index; chain = securityInterceptor; - //TODO remove - for (Iterator entries = legacySecurityConstraintMap.entrySet().iterator(); entries.hasNext();) { - Map.Entry entry = (Map.Entry) entries.next(); - String urlPattern = (String) entry.getKey(); - List securityConstraints = (List) entry.getValue(); - for (Iterator constraints = securityConstraints.iterator(); constraints.hasNext();) { - SecurityConstraint securityConstraint = (SecurityConstraint) constraints.next(); - addSecurityConstraint(urlPattern, securityConstraint); + Set p = new HashSet(); + for (Iterator iterator = rolePermissions.entrySet().iterator(); iterator.hasNext();) { + Map.Entry entry = (Map.Entry) iterator.next(); + Set permissions = (Set) entry.getValue(); + for (Iterator iterator1 = permissions.iterator(); iterator1.hasNext();) { + Permission permission = (Permission) iterator1.next(); + p.add(permission); } - + } + for (Iterator iterator = p.iterator(); iterator.hasNext();) { + Permission permission = (Permission) iterator.next(); + checked.add(permission); } } @@ -236,31 +236,6 @@ policyConfiguration.commit(); } - - /** - * Keep our own copy of security constraints.

- *

- * We keep our own copy of security constraints because Jetty's copy is - * private. We use these constraints not for any authorization descitions - * but, to decide whether we should attempt to authenticate the request. - * - * @param pathSpec The path spec to which the secuiryt cosntraint applies - * @param sc the security constraint - * TODO Jetty to provide access to this map so we can remove this method - * @see org.mortbay.http.HttpContext#addSecurityConstraint(java.lang.String, org.mortbay.http.SecurityConstraint) - */ - public void addSecurityConstraint(String pathSpec, SecurityConstraint sc) { - super.addSecurityConstraint(pathSpec, sc); - - Object scs = constraintMap.get(pathSpec); - scs = LazyList.add(scs, sc); - constraintMap.put(pathSpec, scs); - - if (log.isDebugEnabled()) { - log.debug("added " + sc + " at " + pathSpec); - } - } - /** * Check the security constraints using JACC. * @@ -328,49 +303,11 @@ * e.g. login page. */ public Principal obtainUser(String pathInContext, HttpRequest request, HttpResponse response) throws HttpException, IOException { - List scss = constraintMap.getMatches(pathInContext); - String pattern = null; - boolean unauthenticated = false; - boolean forbidden = false; - - if (scss != null && scss.size() > 0) { - - // for each path match - // Add only constraints that have the correct method - // break if the matching pattern changes. This allows only - // constraints with matching pattern and method to be combined. - loop: - for (int m = 0; m < scss.size(); m++) { - Map.Entry entry = (Map.Entry) scss.get(m); - Object scs = entry.getValue(); - String p = (String) entry.getKey(); - for (int c = 0; c < LazyList.size(scs); c++) { - SecurityConstraint sc = (SecurityConstraint) LazyList.get(scs, c); - if (!sc.forMethod(request.getMethod())) continue; - - if (pattern != null && !pattern.equals(p)) break loop; - pattern = p; - - // Check the method applies - if (!sc.forMethod(request.getMethod())) continue; - - // Combine auth constraints. - if (sc.getAuthenticate()) { - if (!sc.isAnyRole()) { - List scr = sc.getRoles(); - if (scr == null || scr.size() == 0) { - forbidden = true; - break loop; - } - } - } else { - unauthenticated = true; - } - } - } - } else { - unauthenticated = true; - } + ServletHttpRequest servletHttpRequest = (ServletHttpRequest) request.getWrapper(); + WebResourcePermission resourcePermission = new WebResourcePermission(servletHttpRequest); + WebUserDataPermission dataPermission = new WebUserDataPermission(servletHttpRequest); + boolean unauthenticated = !(checked.implies(resourcePermission) || checked.implies(dataPermission)); + boolean forbidden = excludedPermissions.implies(resourcePermission) || excludedPermissions.implies(dataPermission); UserRealm realm = getRealm(); Authenticator authenticator = getAuthenticator(); @@ -414,7 +351,7 @@ /** * Generate the default principal from the security config. * - * @param securityConfig The Geronimo security configuration. + * @param securityConfig The Geronimo security configuration. * @param loginDomainName * @return the default principal */ @@ -553,21 +490,15 @@ private void configure() throws GeronimoSecurityException { try { - for (Iterator iterator = excludedPermissions.iterator(); iterator.hasNext();) { - Permission permission = (Permission) iterator.next(); - policyConfiguration.addToExcludedPolicy(permission); - } - for (Iterator iterator = uncheckedPermissions.iterator(); iterator.hasNext();) { - Permission permission = (Permission) iterator.next(); - policyConfiguration.addToUncheckedPolicy(permission); - } + policyConfiguration.addToExcludedPolicy(excludedPermissions); + policyConfiguration.addToUncheckedPolicy(uncheckedPermissions); for (Iterator iterator = rolePermissions.entrySet().iterator(); iterator.hasNext();) { Map.Entry entry = (Map.Entry) iterator.next(); String roleName = (String) entry.getKey(); Set permissions = (Set) entry.getValue(); for (Iterator iterator1 = permissions.iterator(); iterator1.hasNext();) { Permission permission = (Permission) iterator1.next(); - policyConfiguration.addToRole(roleName, permission); + policyConfiguration.addToRole(roleName, permission); } } } catch (PolicyContextException e) { @@ -587,11 +518,9 @@ infoBuilder.addAttribute("securityConfig", Security.class, true); infoBuilder.addAttribute("securityRoles", Set.class, true); - infoBuilder.addAttribute("uncheckedPermissions", Set.class, true); - infoBuilder.addAttribute("excludedPermissions", Set.class, true); + infoBuilder.addAttribute("uncheckedPermissions", PermissionCollection.class, true); + infoBuilder.addAttribute("excludedPermissions", PermissionCollection.class, true); infoBuilder.addAttribute("rolePermissions", Map.class, true); - //TODO remove - infoBuilder.addAttribute("legacySecurityConstraintMap", Map.class, true); infoBuilder.addAttribute("kernel", Kernel.class, false); @@ -627,8 +556,6 @@ "uncheckedPermissions", "excludedPermissions", "rolePermissions", - //TODO remove - "legacySecurityConstraintMap", "TransactionContextManager", "TrackedConnectionAssociator", Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?view=diff&rev=111381&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r1=111380&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java&r2=111381 ============================================================================== --- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java (original) +++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Thu Dec 9 05:38:07 2004 @@ -18,6 +18,7 @@ import java.io.File; import java.net.URI; +import java.security.PermissionCollection; import java.util.Collections; import java.util.HashMap; import java.util.HashSet; @@ -123,7 +124,7 @@ start(app); } - protected void setUpSecureAppContext(Security securityConfig, Set uncheckedPermissions, Set excludedPermissions, Map rolePermissions, Set securityRoles, Map legacySecurityConstraintMap) throws Exception { + protected void setUpSecureAppContext(Security securityConfig, PermissionCollection uncheckedPermissions, PermissionCollection excludedPermissions, Map rolePermissions, Set securityRoles) throws Exception { GBeanData app = new GBeanData(webModuleName, JettyWebAppJACCContext.GBEAN_INFO); app.setAttribute("loginDomainName", "demo-properties-realm"); app.setAttribute("securityConfig", securityConfig); @@ -131,7 +132,6 @@ app.setAttribute("excludedPermissions", excludedPermissions); app.setAttribute("rolePermissions", rolePermissions); app.setAttribute("securityRoles", securityRoles); - app.setAttribute("legacySecurityConstraintMap", legacySecurityConstraintMap); FormAuthenticator formAuthenticator = new FormAuthenticator(); formAuthenticator.setLoginPage("/auth/logon.html?param=test"); Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java?view=diff&rev=111381&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r1=111380&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java&r2=111381 ============================================================================== --- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java (original) +++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Thu Dec 9 05:38:07 2004 @@ -22,17 +22,15 @@ import java.io.InputStreamReader; import java.net.HttpURLConnection; import java.net.URL; +import java.security.PermissionCollection; +import java.security.Permissions; import java.util.HashMap; import java.util.HashSet; -import java.util.LinkedList; -import java.util.List; import java.util.Map; import java.util.Set; import javax.security.jacc.WebResourcePermission; import javax.security.jacc.WebUserDataPermission; -import org.mortbay.http.SecurityConstraint; - import org.apache.geronimo.security.SecurityService; import org.apache.geronimo.security.deploy.AutoMapAssistant; import org.apache.geronimo.security.deploy.DefaultPrincipal; @@ -54,7 +52,7 @@ * * @throws Exception thrown if an error in the test occurs */ - public void XtestExplicitMapping() throws Exception { + public void testExplicitMapping() throws Exception { Security securityConfig = new Security(); securityConfig.setUseContextHandler(false); @@ -79,9 +77,9 @@ securityConfig.getRoleMappings().put(role.getRoleName(), role); - Set uncheckedPermissions = new HashSet(); + PermissionCollection uncheckedPermissions = new Permissions(); - Set excludedPermissions = new HashSet(); + PermissionCollection excludedPermissions = new Permissions(); excludedPermissions.add(new WebResourcePermission("/auth/login.html", "")); excludedPermissions.add(new WebUserDataPermission("/auth/login.html", "")); @@ -96,25 +94,7 @@ securityRoles.add("content-administrator"); securityRoles.add("auto-administrator"); - /** - * TODO Remove the legacySecurityConstraintMap - */ - Map legacySecurityConstraintMap = new HashMap(); - List constraints = new LinkedList(); - SecurityConstraint constraint = new SecurityConstraint(); - constraint.setAuthenticate(true); - constraint.addRole("content-administrator"); - constraint.addRole("auto-administrator"); - constraints.add(constraint); - legacySecurityConstraintMap.put("/protected/*", constraints); - - constraints = new LinkedList(); - constraint = new SecurityConstraint(); - constraint.setAuthenticate(true); - constraints.add(constraint); - legacySecurityConstraintMap.put("/auth/logon.html", constraints); - - startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap); + startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles); HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection(); connection.setInstanceFollowRedirects(false); @@ -204,9 +184,9 @@ kernel.getProxyManager().destroyProxy(securityService); } - Set uncheckedPermissions = new HashSet(); + PermissionCollection uncheckedPermissions = new Permissions(); - Set excludedPermissions = new HashSet(); + PermissionCollection excludedPermissions = new Permissions(); excludedPermissions.add(new WebResourcePermission("/auth/login.html", "")); excludedPermissions.add(new WebUserDataPermission("/auth/login.html", "")); @@ -221,25 +201,7 @@ securityRoles.add("content-administrator"); securityRoles.add("auto-administrator"); - /** - * TODO Remove the legacySecurityConstraintMap - */ - Map legacySecurityConstraintMap = new HashMap(); - List constraints = new LinkedList(); - SecurityConstraint constraint = new SecurityConstraint(); - constraint.setAuthenticate(true); - constraint.addRole("content-administrator"); - constraint.addRole("auto-administrator"); - constraints.add(constraint); - legacySecurityConstraintMap.put("/protected/*", constraints); - - constraints = new LinkedList(); - constraint = new SecurityConstraint(); - constraint.setAuthenticate(true); - constraints.add(constraint); - legacySecurityConstraintMap.put("/auth/logon.html", constraints); - - startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap); + startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles); HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection(); connection.setInstanceFollowRedirects(false); @@ -351,9 +313,9 @@ securityConfig.append(role); - Set uncheckedPermissions = new HashSet(); + PermissionCollection uncheckedPermissions = new Permissions(); - Set excludedPermissions = new HashSet(); + PermissionCollection excludedPermissions = new Permissions(); excludedPermissions.add(new WebResourcePermission("/auth/login.html", "")); excludedPermissions.add(new WebUserDataPermission("/auth/login.html", "")); @@ -368,25 +330,7 @@ securityRoles.add("content-administrator"); securityRoles.add("auto-administrator"); - /** - * TODO Remove the legacySecurityConstraintMap - */ - Map legacySecurityConstraintMap = new HashMap(); - List constraints = new LinkedList(); - SecurityConstraint constraint = new SecurityConstraint(); - constraint.setAuthenticate(true); - constraint.addRole("content-administrator"); - constraint.addRole("auto-administrator"); - constraints.add(constraint); - legacySecurityConstraintMap.put("/protected/*", constraints); - - constraints = new LinkedList(); - constraint = new SecurityConstraint(); - constraint.setAuthenticate(true); - constraints.add(constraint); - legacySecurityConstraintMap.put("/auth/logon.html", constraints); - - startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap); + startWebApp(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles); HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection(); connection.setInstanceFollowRedirects(false); @@ -450,30 +394,9 @@ stopWebApp(); } - protected void startWebApp(Security securityConfig, Set uncheckedPermissions, Set excludedPermissions, Map rolePermissions, Set securityRoles, Map legacySecurityConstraintMap) throws Exception { - setUpSecureAppContext(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles, legacySecurityConstraintMap); + protected void startWebApp(Security securityConfig, PermissionCollection uncheckedPermissions, PermissionCollection excludedPermissions, Map rolePermissions, Set securityRoles) throws Exception { + setUpSecureAppContext(securityConfig, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles); setUpStaticContentServlet(); -// GBeanMBean app = new GBeanMBean(JettyWebAppJACCContext.GBEAN_INFO); -// -// app.setAttribute("userRealmName", "Test JAAS Realm"); -// app.setAttribute("securityRealmName", "jaasTest"); -// app.setAttribute("uri", URI.create("war3/")); -// app.setAttribute("componentContext", null); -// OnlineUserTransaction userTransaction = new OnlineUserTransaction(); -// app.setAttribute("userTransaction", userTransaction); -// app.setAttribute("webClassPath", new URI[0]); -// app.setAttribute("contextPriorityClassLoader", Boolean.FALSE); -// app.setAttribute("configurationBaseUrl", Thread.currentThread().getContextClassLoader().getResource("deployables/")); -// app.setAttribute("securityConfig", securityConfig); -// app.setReferencePattern("SecurityService", securityServiceName); -// app.setAttribute("policyContextID", "TEST"); -// -// app.setAttribute("contextPath", "/test"); -// -// app.setReferencePattern("TransactionContextManager", tcmName); -// app.setReferencePattern("TrackedConnectionAssociator", tcaName); -// app.setReferencePatterns("JettyContainer", containerPatterns); -// // start(appName, app); }