geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jgenen...@apache.org
Subject svn commit: r161667 - in geronimo/trunk/modules/tomcat: ./ src/java/org/apache/geronimo/tomcat/ src/java/org/apache/geronimo/tomcat/deployment/ src/java/org/apache/geronimo/tomcat/valve/ src/plan/ src/test/org/apache/geronimo/tomcat/
Date Sun, 17 Apr 2005 17:01:03 GMT
Author: jgenender
Date: Sun Apr 17 10:01:00 2005
New Revision: 161667

URL: http://svn.apache.org/viewcvs?view=rev&rev=161667
Log:
Updated to use new security gbean and removed parameter in container to set the endorsed dir (it never worked)

Modified:
    geronimo/trunk/modules/tomcat/project.xml
    geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatContainer.java
    geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatGeronimoRealm.java
    geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java
    geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java
    geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/PolicyContextValve.java
    geronimo/trunk/modules/tomcat/src/plan/tomcat-plan.xml
    geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
    geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JACCSecurityTest.java

Modified: geronimo/trunk/modules/tomcat/project.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/project.xml?view=diff&r1=161666&r2=161667
==============================================================================
--- geronimo/trunk/modules/tomcat/project.xml (original)
+++ geronimo/trunk/modules/tomcat/project.xml Sun Apr 17 10:01:00 2005
@@ -116,6 +116,11 @@
         </dependency>
         <dependency>
             <groupId>geronimo</groupId>
+            <artifactId>geronimo-security-builder</artifactId>
+            <version>${pom.currentVersion}</version>
+        </dependency>
+        <dependency>
+            <groupId>geronimo</groupId>
             <artifactId>geronimo-system</artifactId>
             <version>${pom.currentVersion}</version>
         </dependency>

Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatContainer.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatContainer.java?view=diff&r1=161666&r2=161667
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatContainer.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatContainer.java Sun Apr 17 10:01:00 2005
@@ -74,12 +74,7 @@
     private Context defaultContext;
 
     /**
-     * The java.endorsed.dirs directories
-     */
-    private String endorsedDirs = System.getProperty("java.endorsed.dirs");
-
-    /**
-     * Used only to resolve the path to the endorsed standards dir
+     * Used only to resolve the paths
      */
     private ServerInfo serverInfo;
 
@@ -111,10 +106,8 @@
     public void doStart() throws Exception {
         log.debug("doStart()");
 
-        // set endorsed dirs (so it's not mandatory to set it up by a user
-        // anymore)
-        System.setProperty("java.endorsed.dirs", serverInfo.resolvePath(getEndorsedDirs()));
-
+        log.info("Endorsed Dirs set to:" + System.getProperty("java.endorsed.dirs"));
+        
         // The comments are from the javadoc of the Embedded class
 
         // 1. Instantiate a new instance of this class.
@@ -218,14 +211,6 @@
         System.setProperty("catalina.home", catalinaHome);
     }
 
-    public String getEndorsedDirs() {
-        return endorsedDirs;
-    }
-
-    public void setEndorsedDirs(String endorsedDirs) {
-        this.endorsedDirs = endorsedDirs;
-    }
-
     public void addConnector(Connector connector) {
         embedded.addConnector(connector);
     }
@@ -242,7 +227,6 @@
         infoFactory.setConstructor(new String[] { "catalinaHome", "ServerInfo" });
 
         infoFactory.addAttribute("catalinaHome", String.class, true);
-        infoFactory.addAttribute("endorsedDirs", String.class, true);
 
         infoFactory.addReference("ServerInfo", ServerInfo.class, "GBean");
 

Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatGeronimoRealm.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatGeronimoRealm.java?view=diff&r1=161666&r2=161667
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatGeronimoRealm.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatGeronimoRealm.java Sun Apr 17 10:01:00 2005
@@ -76,13 +76,13 @@
 
     private static final Log log = LogFactory.getLog(TomcatGeronimoRealm.class);
 
-    private String policyContextID = null;
-    private PolicyConfigurationFactory factory = null;
-    private PolicyConfiguration policyConfiguration = null;
-    private Subject defaultSubject = null;
-    private PermissionCollection checked = new Permissions();
-    private Map roleDesignates = new HashMap();
-    private String loginDomainName = null;
+    private final String policyContextID;
+    private final Subject defaultSubject;
+	private final DefaultPrincipal defaultPrincipal;
+    private final PermissionCollection checked;
+    private final PermissionCollection excluded;
+    private final Map roleDesignates;
+    private final String loginDomainName;
 
     private Context context = null;
     private static ThreadLocal currentRequest = new ThreadLocal();
@@ -98,15 +98,23 @@
     protected static final String name = "TomcatGeronimoRealm";
 
     public TomcatGeronimoRealm(String policyContextID,
-                               Security securityConfig,
+                               DefaultPrincipal defaultPrincipal,
                                String loginDomainName,
-                               Set securityRoles,
-                               PermissionCollection uncheckedPermissions,
+                               PermissionCollection checkedPermissions,
                                PermissionCollection excludedPermissions,
-                               Map rolePermissions) throws PolicyContextException, ClassNotFoundException {
+                               Map roleDesignates) 
+            throws PolicyContextException, ClassNotFoundException {
 
+        assert policyContextID != null;
+        assert defaultPrincipal != null;
+        
         this.policyContextID = policyContextID;
-        this.defaultSubject = ConfigurationUtil.generateDefaultSubject(securityConfig.getDefaultPrincipal());
+        this.defaultPrincipal = defaultPrincipal;
+        this.loginDomainName = loginDomainName;
+        this.defaultSubject = ConfigurationUtil.generateDefaultSubject(defaultPrincipal);
+        this.checked = checkedPermissions;
+        this.excluded = excludedPermissions;
+        this.roleDesignates = roleDesignates;
 
         /**
          * Register our default subject with the ContextManager
@@ -115,26 +123,7 @@
         SubjectId id = ContextManager.getSubjectId(defaultSubject);
         defaultSubject.getPrincipals().add(new IdentificationPrincipal(id));
 
-        factory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
-        policyConfiguration = factory.getPolicyConfiguration(policyContextID, true);
-
-        configure(uncheckedPermissions, excludedPermissions, rolePermissions);
-        RoleMappingConfiguration roleMapper = RoleMappingConfigurationFactory.getRoleMappingFactory().getRoleMappingConfiguration(policyContextID, false);
-        addRoleMappings(securityRoles, securityConfig, roleMapper);
-        policyConfiguration.commit();
-        this.loginDomainName = loginDomainName;
-
-        Set allRolePermissions = new HashSet();
-        for (Iterator iterator = rolePermissions.entrySet().iterator(); iterator.hasNext();) {
-            Map.Entry entry = (Map.Entry) iterator.next();
-            Set permissionsForRole = (Set) entry.getValue();
-            allRolePermissions.addAll(permissionsForRole);
-        }
-        for (Iterator iterator = allRolePermissions.iterator(); iterator.hasNext();) {
-            Permission permission = (Permission) iterator.next();
-            checked.add(permission);
-        }
-    }
+     }
 
     /**
      * Enforce any user data constraint required by the security constraint
@@ -178,6 +167,7 @@
             /**
              * JACC v1.0 secion 4.1.1
              */
+            WebUserDataPermission wudp = new WebUserDataPermission(request);
             acc.checkPermission(new WebUserDataPermission(request));
 
         } catch (AccessControlException ace) {
@@ -468,93 +458,6 @@
     }
 
 
-    public void addRoleMappings(Set securityRoles, Security security, RoleMappingConfiguration roleMapper) throws PolicyContextException, GeronimoSecurityException {
-
-        for (Iterator roleMappings = security.getRoleMappings().values().iterator(); roleMappings.hasNext();) {
-            Role role = (Role) roleMappings.next();
-            String roleName = role.getRoleName();
-            Set principalSet = new HashSet();
-
-            if (!securityRoles.contains(roleName)) {
-                throw new GeronimoSecurityException("Role does not exist in this configuration");
-            }
-
-            Subject roleDesignate = new Subject();
-
-            for (Iterator realms = role.getRealms().values().iterator(); realms.hasNext();) {
-                Realm realm = (Realm) realms.next();
-
-                for (Iterator principals = realm.getPrincipals().iterator(); principals.hasNext();) {
-                    org.apache.geronimo.security.deploy.Principal principal = (org.apache.geronimo.security.deploy.Principal) principals.next();
-
-                    RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(principal, realm.getRealmName());
-                    if (realmPrincipal == null) {
-                        throw new GeronimoSecurityException("Unable to create realm principal");
-                    }
-
-                    principalSet.add(realmPrincipal);
-                    if (principal.isDesignatedRunAs()) {
-                        roleDesignate.getPrincipals().add(realmPrincipal);
-                    }
-                }
-            }
-
-            for (Iterator names = role.getDNames().iterator(); names.hasNext();) {
-                DistinguishedName dn = (DistinguishedName) names.next();
-
-                X500Principal x500Principal = ConfigurationUtil.generateX500Principal(dn.getName());
-
-                principalSet.add(x500Principal);
-                if (dn.isDesignatedRunAs()) {
-                    roleDesignate.getPrincipals().add(x500Principal);
-                }
-            }
-
-            roleMapper.addRoleMapping(roleName, principalSet);
-
-            if (roleDesignate.getPrincipals().size() > 0) {
-                setRoleDesignate(roleName, roleDesignate);
-            }
-        }
-
-        /**
-         * Register the role designates with the context manager.
-         */
-        for (Iterator iter = roleDesignates.keySet().iterator(); iter.hasNext();) {
-            String roleName = (String) iter.next();
-            Subject roleDesignate = (Subject) roleDesignates.get(roleName);
-
-            ContextManager.registerSubject(roleDesignate);
-            SubjectId id = ContextManager.getSubjectId(roleDesignate);
-            roleDesignate.getPrincipals().add(new IdentificationPrincipal(id));
-        }
-
-    }
-
-    private void setRoleDesignate(String roleName, Subject subject) {
-        roleDesignates.put(roleName, subject);
-    }
-
-    private void configure(PermissionCollection uncheckedPermissions,
-                           PermissionCollection excludedPermissions,
-                           Map rolePermissions) throws GeronimoSecurityException {
-        try {
-            policyConfiguration.addToExcludedPolicy(excludedPermissions);
-            policyConfiguration.addToUncheckedPolicy(uncheckedPermissions);
-            for (Iterator iterator = rolePermissions.entrySet().iterator(); iterator.hasNext();) {
-                Map.Entry entry = (Map.Entry) iterator.next();
-                String roleName = (String) entry.getKey();
-                Set permissions = (Set) entry.getValue();
-                for (Iterator iterator1 = permissions.iterator(); iterator1.hasNext();) {
-                    Permission permission = (Permission) iterator1.next();
-                    policyConfiguration.addToRole(roleName, permission);
-                }
-            }
-        } catch (PolicyContextException e) {
-            throw new GeronimoSecurityException(e);
-        }
-    }
-
     /**
      * Prepare for active use of the public methods of this <code>Component</code>.
      *
@@ -581,23 +484,8 @@
         // Perform normal superclass finalization
         super.stop();
 
-        for (Iterator iter = roleDesignates.keySet().iterator(); iter.hasNext();) {
-            String roleName = (String) iter.next();
-            Subject roleDesignate = (Subject) roleDesignates.get(roleName);
-
-            ContextManager.unregisterSubject(roleDesignate);
-        }
+        // Remove the defaultSubject
         ContextManager.unregisterSubject(defaultSubject);
-
-        try {
-
-            if (policyConfiguration != null)
-                policyConfiguration.delete();
-
-        } catch (PolicyContextException pce) {
-            //Oh well, we tried
-        }
-
     }
 
     public void setContext(Context context) {

Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java?view=diff&r1=161666&r2=161667
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java Sun Apr 17 10:01:00 2005
@@ -20,6 +20,7 @@
 import java.net.URI;
 import java.net.URL;
 import java.security.PermissionCollection;
+import java.util.Hashtable;
 import java.util.Iterator;
 import java.util.Map;
 import java.util.Set;
@@ -36,10 +37,12 @@
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.gbean.GBeanLifecycle;
 import org.apache.geronimo.security.deploy.Security;
+import org.apache.geronimo.security.jacc.RoleDesignateSource;
 import org.apache.geronimo.naming.reference.KernelAwareReference;
 import org.apache.geronimo.naming.reference.ClassLoaderAwareReference;
 import org.apache.geronimo.naming.java.SimpleReadOnlyContext;
 import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.kernel.jmx.JMXUtil;
 import org.apache.geronimo.tomcat.valve.ComponentContextValve;
 import org.apache.geronimo.tomcat.valve.TransactionContextValve;
 import org.apache.geronimo.tomcat.valve.PolicyContextValve;
@@ -47,13 +50,16 @@
 import org.apache.geronimo.transaction.context.OnlineUserTransaction;
 import org.apache.geronimo.transaction.context.TransactionContextManager;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.j2ee.management.J2EEApplication;
+import org.apache.geronimo.j2ee.management.J2EEServer;
+import org.apache.geronimo.j2ee.management.impl.InvalidObjectNameException;
 
+import javax.management.ObjectName;
 import javax.naming.NamingException;
 
-
 /**
  * Wrapper for a WebApplicationContext that sets up its J2EE environment.
- *
+ * 
  * @version $Rev: 56022 $ $Date: 2004-10-30 07:16:18 +0200 (Sat, 30 Oct 2004) $
  */
 public class TomcatWebAppContext implements GBeanLifecycle, TomcatContext {
@@ -63,39 +69,58 @@
     protected final TomcatContainer container;
 
     protected Context context = null;
+
     private final URI webAppRoot;
+
     private String path = null;
+
     private String docBase = null;
 
     private final LoginConfig loginConfig;
+
     private final Realm tomcatRealm;
+
     private final Set securityConstraints;
+
     private final Set securityRoles;
+
     private final Map componentContext;
+
     private final Kernel kernel;
+
     private final TransactionContextManager transactionContextManager;
+
     private final String policyContextID;
 
-    public TomcatWebAppContext(URI webAppRoot,
-                               URI[] webClassPath,
-                               URL configurationBaseUrl,
-                               LoginConfig loginConfig,
-                               Realm tomcatRealm,
-                               Set securityConstraints,
-
-                               String policyContextID,
-                               String loginDomainName,
-                               Security securityConfig,
-                               Set securityRoles,
-                               PermissionCollection uncheckedPermissions,
-                               PermissionCollection excludedPermissions,
-                               Map rolePermissions,
-                               Map componentContext,
-                               OnlineUserTransaction userTransaction,
-                               TransactionContextManager transactionContextManager,
-                               TrackedConnectionAssociator trackedConnectionAssociator,
-                               TomcatContainer container,
-                               Kernel kernel) throws NamingException {
+    private final RoleDesignateSource roleDesignateSource;
+
+    private final J2EEServer server;
+
+    private final J2EEApplication application;
+
+    public TomcatWebAppContext(
+            String objectName, 
+            String originalSpecDD,
+            URI webAppRoot, 
+            URI[] webClassPath, 
+            URL configurationBaseUrl,
+            LoginConfig loginConfig, 
+            Realm tomcatRealm,
+            Set securityConstraints,
+            String policyContextID, 
+            String loginDomainName,
+            Security securityConfig, 
+            Set securityRoles,
+            Map componentContext, 
+            OnlineUserTransaction userTransaction,
+            TransactionContextManager transactionContextManager,
+            TrackedConnectionAssociator trackedConnectionAssociator,
+            TomcatContainer container, 
+            RoleDesignateSource roleDesignateSource,
+            J2EEServer server, 
+            J2EEApplication application, 
+            Kernel kernel)
+            throws NamingException {
 
         assert webAppRoot != null;
         assert webClassPath != null;
@@ -117,10 +142,27 @@
 
         this.componentContext = componentContext;
         this.transactionContextManager = transactionContextManager;
+
+        this.roleDesignateSource = roleDesignateSource;
+        this.server = server;
+        this.application = application;
+
         this.kernel = kernel;
+        ObjectName myObjectName = JMXUtil.getObjectName(objectName);
+        verifyObjectName(myObjectName);
+
+        if (tomcatRealm != null){
+            if (roleDesignateSource == null) {
+                throw new IllegalArgumentException("RoleDesignateSource must be supplied for a secure web app");
+            }            
+        }
+        userTransaction.setUp(transactionContextManager,
+                trackedConnectionAssociator);
 
-        userTransaction.setUp(transactionContextManager, trackedConnectionAssociator);
+    }
 
+    public String getServer() {
+        return server.getObjectName();
     }
 
     public String getDocBase() {
@@ -135,7 +177,7 @@
         context.setDocBase(webAppRoot.getPath());
         context.setPath(path);
 
-        //Security
+        // Security
         if (tomcatRealm != null) {
             if (tomcatRealm instanceof TomcatGeronimoRealm) {
                 ((TomcatGeronimoRealm) tomcatRealm).setContext(context);
@@ -167,13 +209,16 @@
         javax.naming.Context enc = null;
         try {
             if (componentContext != null) {
-                for (Iterator iterator = componentContext.values().iterator(); iterator.hasNext();) {
+                for (Iterator iterator = componentContext.values().iterator(); iterator
+                        .hasNext();) {
                     Object value = iterator.next();
                     if (value instanceof KernelAwareReference) {
                         ((KernelAwareReference) value).setKernel(kernel);
                     }
                     if (value instanceof ClassLoaderAwareReference) {
-                        ((ClassLoaderAwareReference) value).setClassLoader(context.getLoader().getClassLoader());
+                        ((ClassLoaderAwareReference) value)
+                                .setClassLoader(context.getLoader()
+                                        .getClassLoader());
                     }
                 }
                 enc = new SimpleReadOnlyContext(componentContext);
@@ -182,19 +227,21 @@
             log.error(ne);
         }
 
-        //Set the valves for the context
-        if (enc != null){
+        // Set the valves for the context
+        if (enc != null) {
             ComponentContextValve contextValve = new ComponentContextValve(enc);
             ((StandardContext) context).addValve(contextValve);
         }
 
-        if (transactionContextManager != null){
-            TransactionContextValve transactionValve = new TransactionContextValve(transactionContextManager);
+        if (transactionContextManager != null) {
+            TransactionContextValve transactionValve = new TransactionContextValve(
+                    transactionContextManager);
             ((StandardContext) context).addValve(transactionValve);
         }
 
-        if (policyContextID != null){
-            PolicyContextValve policyValve = new PolicyContextValve(policyContextID);
+        if (policyContextID != null) {
+            PolicyContextValve policyValve = new PolicyContextValve(
+                    policyContextID);
             ((StandardContext) context).addValve(policyValve);
         }
     }
@@ -215,6 +262,42 @@
         this.path = path;
     }
 
+    /**
+     * ObjectName must match this pattern: <p/>
+     * domain:j2eeType=WebModule,name=MyName,J2EEServer=MyServer,J2EEApplication=MyApplication
+     */
+    private void verifyObjectName(ObjectName objectName) {
+        if (objectName.isPattern()) {
+            throw new InvalidObjectNameException(
+                    "ObjectName can not be a pattern", objectName);
+        }
+        Hashtable keyPropertyList = objectName.getKeyPropertyList();
+        if (!NameFactory.WEB_MODULE.equals(keyPropertyList.get("j2eeType"))) {
+            throw new InvalidObjectNameException(
+                    "WebModule object name j2eeType property must be 'WebModule'",
+                    objectName);
+        }
+        if (!keyPropertyList.containsKey(NameFactory.J2EE_NAME)) {
+            throw new InvalidObjectNameException(
+                    "WebModule object must contain a name property", objectName);
+        }
+        if (!keyPropertyList.containsKey(NameFactory.J2EE_SERVER)) {
+            throw new InvalidObjectNameException(
+                    "WebModule object name must contain a J2EEServer property",
+                    objectName);
+        }
+        if (!keyPropertyList.containsKey(NameFactory.J2EE_APPLICATION)) {
+            throw new InvalidObjectNameException(
+                    "WebModule object name must contain a J2EEApplication property",
+                    objectName);
+        }
+        if (keyPropertyList.size() != 4) {
+            throw new InvalidObjectNameException(
+                    "WebModule object name can only have j2eeType, name, J2EEApplication, and J2EEServer properties",
+                    objectName);
+        }
+    }
+
     public void doStart() throws Exception {
 
         // See the note of TomcatContainer::addContext
@@ -240,58 +323,69 @@
     public static final GBeanInfo GBEAN_INFO;
 
     static {
-        GBeanInfoBuilder infoFactory = new GBeanInfoBuilder("Tomcat WebApplication Context", TomcatWebAppContext.class, NameFactory.WEB_MODULE);
-
-        infoFactory.addAttribute("webAppRoot", URI.class, true);
-        infoFactory.addAttribute("webClassPath", URI[].class, true);
-        infoFactory.addAttribute("configurationBaseUrl", URL.class, true);
-
-        infoFactory.addAttribute("path", String.class, true);
-
-        infoFactory.addAttribute("loginConfig", LoginConfig.class, true);
-
-        infoFactory.addAttribute("tomcatRealm", Realm.class, true);
-        infoFactory.addAttribute("securityConstraints", Set.class, true);
-
-        infoFactory.addAttribute("policyContextID", String.class, true);
-        infoFactory.addAttribute("loginDomainName", String.class, true);
-        infoFactory.addAttribute("securityConfig", Security.class, true);
-        infoFactory.addAttribute("securityRoles", Set.class, true);
-        infoFactory.addAttribute("uncheckedPermissions", PermissionCollection.class, true);
-        infoFactory.addAttribute("excludedPermissions", PermissionCollection.class, true);
-        infoFactory.addAttribute("rolePermissions", Map.class, true);
-
-        infoFactory.addAttribute("componentContext", Map.class, true);
-        infoFactory.addAttribute("userTransaction", OnlineUserTransaction.class, true);
-        infoFactory.addReference("TransactionContextManager", TransactionContextManager.class, NameFactory.JTA_RESOURCE);
-        infoFactory.addReference("TrackedConnectionAssociator", TrackedConnectionAssociator.class, NameFactory.JCA_RESOURCE);
-
-        infoFactory.addReference("Container", TomcatContainer.class, NameFactory.GERONIMO_SERVICE);
-        infoFactory.addAttribute("kernel", Kernel.class, false);
-
-        infoFactory.setConstructor(new String[]{
-            "webAppRoot",
-            "webClassPath",
-            "configurationBaseUrl",
-            "loginConfig",
-            "tomcatRealm",
-            "securityConstraints",
-            "policyContextID",
-            "loginDomainName",
-            "securityConfig",
-            "securityRoles",
-            "uncheckedPermissions",
-            "excludedPermissions",
-            "rolePermissions",
-            "componentContext",
-            "userTransaction",
-            "TransactionContextManager",
-            "TrackedConnectionAssociator",
-            "Container",
-            "kernel"
-        });
+        GBeanInfoBuilder infoBuilder = new GBeanInfoBuilder(
+                "Tomcat WebApplication Context", TomcatWebAppContext.class,
+                NameFactory.WEB_MODULE);
+
+        infoBuilder.addAttribute("objectName", String.class, false);
+        infoBuilder.addAttribute("deploymentDescriptor", String.class, true);
+        infoBuilder.addAttribute("webAppRoot", URI.class, true);
+        infoBuilder.addAttribute("webClassPath", URI[].class, true);
+        infoBuilder.addAttribute("configurationBaseUrl", URL.class, true);
+
+        infoBuilder.addAttribute("path", String.class, true);
+
+        infoBuilder.addAttribute("loginConfig", LoginConfig.class, true);
+
+        infoBuilder.addAttribute("tomcatRealm", Realm.class, true);
+        infoBuilder.addAttribute("securityConstraints", Set.class, true);
+
+        infoBuilder.addAttribute("policyContextID", String.class, true);
+        infoBuilder.addAttribute("loginDomainName", String.class, true);
+        infoBuilder.addAttribute("securityConfig", Security.class, true);
+        infoBuilder.addAttribute("securityRoles", Set.class, true);
+        infoBuilder.addAttribute("componentContext", Map.class, true);
+        infoBuilder.addAttribute("userTransaction",
+                OnlineUserTransaction.class, true);
+        infoBuilder.addReference("TransactionContextManager",
+                TransactionContextManager.class, NameFactory.JTA_RESOURCE);
+        infoBuilder.addReference("TrackedConnectionAssociator",
+                TrackedConnectionAssociator.class, NameFactory.JCA_RESOURCE);
+
+        infoBuilder.addReference("Container", TomcatContainer.class,
+                NameFactory.GERONIMO_SERVICE);
+        infoBuilder.addReference("RoleDesignateSource",
+                RoleDesignateSource.class, NameFactory.JACC_MANAGER);
+        infoBuilder.addReference("J2EEServer", J2EEServer.class);
+        infoBuilder.addReference("J2EEApplication", J2EEApplication.class);
+        infoBuilder.addAttribute("kernel", Kernel.class, false);
+
+        infoBuilder.setConstructor(new String[] { 
+                "objectName",
+                "deploymentDescriptor",
+                "webAppRoot", 
+                "webClassPath",
+                "configurationBaseUrl", 
+                "loginConfig", 
+                "tomcatRealm",
+                "securityConstraints", 
+                "policyContextID", 
+                "loginDomainName",
+                "securityConfig", 
+                "securityRoles", 
+                "componentContext",
+                "userTransaction", 
+                "TransactionContextManager",
+                "TrackedConnectionAssociator", 
+                "Container",
+                "RoleDesignateSource", 
+                "J2EEServer", 
+                "J2EEApplication",
+                "kernel" 
+                }
+        );
 
-        GBEAN_INFO = infoFactory.getBeanInfo();
+        GBEAN_INFO = infoBuilder.getBeanInfo();
     }
 
     public static GBeanInfo getGBeanInfo() {

Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java?view=diff&r1=161666&r2=161667
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java Sun Apr 17 10:01:00 2005
@@ -52,6 +52,9 @@
 import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContextImpl;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.schema.SchemaConversionUtils;
+import org.apache.geronimo.security.deploy.DefaultPrincipal;
+import org.apache.geronimo.security.deployment.SecurityBuilder;
+import org.apache.geronimo.security.deployment.SecurityConfiguration;
 import org.apache.geronimo.tomcat.TomcatWebAppContext;
 import org.apache.geronimo.xbeans.geronimo.jetty.JettyWebAppDocument;
 import org.apache.geronimo.xbeans.geronimo.jetty.JettyWebAppType;
@@ -113,6 +116,13 @@
         try {
             gbean = new GBeanData(TomcatWebAppContext.GBEAN_INFO);
 
+            gbean.setReferencePattern("J2EEServer", earContext.getServerObjectName());
+            if (!earContext.getJ2EEApplicationName().equals("null")) {
+                gbean.setReferencePattern("J2EEApplication", earContext.getApplicationObjectName());
+            }
+
+            gbean.setAttribute("deploymentDescriptor", module.getOriginalSpecDD());
+
             gbean.setName(webModuleName);
             gbean.setAttribute("webAppRoot", baseUri);
             gbean.setAttribute("webClassPath", webClassPath);
@@ -125,6 +135,7 @@
             gbean.setAttribute("path", webModule.getContextRoot());
 
             gbean.setReferencePattern("Container", tomcatContainerObjectName);
+            
         } catch (Exception e) {
             throw new DeploymentException("Unable to initialize webapp GBean", e);
         }

Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/PolicyContextValve.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/PolicyContextValve.java?view=diff&r1=161666&r2=161667
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/PolicyContextValve.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/PolicyContextValve.java Sun Apr 17 10:01:00 2005
@@ -41,6 +41,7 @@
         String oldId = PolicyContext.getContextID();
 
         PolicyContext.setContextID(policyContextID);
+        PolicyContext.setHandlerData(request);
 
         // Pass this request on to the next valve in our pipeline
         getNext().invoke(request, response);

Modified: geronimo/trunk/modules/tomcat/src/plan/tomcat-plan.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/plan/tomcat-plan.xml?view=diff&r1=161666&r2=161667
==============================================================================
--- geronimo/trunk/modules/tomcat/src/plan/tomcat-plan.xml (original)
+++ geronimo/trunk/modules/tomcat/src/plan/tomcat-plan.xml Sun Apr 17 10:01:00 2005
@@ -88,7 +88,6 @@
     <gbean gbeanName="geronimo.server:type=WebContainer,container=Tomcat" class="org.apache.geronimo.tomcat.TomcatContainer">
         <attribute name="catalinaHome">var/catalina</attribute>
         <attribute name="port">8090</attribute>
-        <attribute name="endorsedDirs">lib</attribute>
         <reference name="ServerInfo"><gbean-name>geronimo.system:role=ServerInfo</gbean-name></reference>
     </gbean>
     <gbean gbeanName="geronimo.server:type=WebConnector,container=Tomcat,port=8090" class="org.apache.geronimo.tomcat.connector.HTTPConnector">

Modified: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java?view=diff&r1=161666&r2=161667
==============================================================================
--- geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java (original)
+++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java Sun Apr 17 10:01:00 2005
@@ -19,7 +19,9 @@
 import java.io.File;
 import java.net.URI;
 import java.security.PermissionCollection;
+import java.security.Permissions;
 import java.util.*;
+
 import javax.management.ObjectName;
 
 import junit.framework.TestCase;
@@ -34,11 +36,13 @@
 import org.apache.geronimo.kernel.Kernel;
 import org.apache.geronimo.kernel.management.State;
 import org.apache.geronimo.security.SecurityServiceImpl;
+import org.apache.geronimo.security.deploy.DefaultPrincipal;
 import org.apache.geronimo.security.deploy.Principal;
-import org.apache.geronimo.security.deploy.Security;
 import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration;
 import org.apache.geronimo.security.jaas.JaasLoginService;
 import org.apache.geronimo.security.jaas.LoginModuleGBean;
+import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
+import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.geronimo.security.realm.GenericSecurityRealm;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
 import org.apache.geronimo.tomcat.connector.HTTPConnector;
@@ -104,13 +108,26 @@
     }
 
     protected ObjectName setUpJAASSecureAppContext(Set securityConstraints, Set securityRoles) throws Exception {
+        ObjectName jaccBeanName = NameFactory.getComponentName(null, null, null, null, "foo", NameFactory.JACC_MANAGER, moduleContext);
+        GBeanData jaccBeanData = new GBeanData(jaccBeanName, ApplicationPolicyConfigurationManager.GBEAN_INFO);
+        PermissionCollection excludedPermissions= new Permissions();
+        PermissionCollection uncheckedPermissions= new Permissions();
+        ComponentPermissions componentPermissions = new ComponentPermissions(excludedPermissions, uncheckedPermissions, new HashMap());
+        Map contextIDToPermissionsMap = new HashMap();
+        contextIDToPermissionsMap.put(POLICY_CONTEXT_ID, componentPermissions);
+        jaccBeanData.setAttribute("contextIdToPermissionsMap", contextIDToPermissionsMap);
+        jaccBeanData.setAttribute("principalRoleMap", new HashMap());
+        jaccBeanData.setAttribute("roleDesignates", new HashMap());
+        start(jaccBeanData);
+
         GBeanData app = new GBeanData(webModuleName, TomcatWebAppContext.GBEAN_INFO);
         app.setAttribute("webAppRoot", new File("target/var/catalina/webapps/war3/").toURI());
         app.setAttribute("webClassPath", new URI[]{});
         app.setAttribute("configurationBaseUrl", new File("target/var/catalina/webapps/war3/WEB-INF/web.xml").toURL());
         app.setAttribute("path", "/securetest");
         app.setAttribute("policyContextID", POLICY_CONTEXT_ID);
-
+        app.setReferencePattern("RoleDesignateSource", jaccBeanName);
+ 
         LoginConfig loginConfig = new LoginConfig();
         loginConfig.setAuthMethod(Constants.FORM_METHOD);
         loginConfig.setRealmName("Test JAAS Realm");
@@ -141,13 +158,23 @@
         return webModuleName;
     }
 
-    protected ObjectName setUpSecureAppContext(Security securityConfig,
-                                               Set securityConstraints,
-                                               PermissionCollection uncheckedPermissions,
-                                               PermissionCollection excludedPermissions,
-                                               Map rolePermissions,
+    protected ObjectName setUpSecureAppContext(Set securityConstraints,
+                                               Map roleDesignates, 
+                                               Map principalRoleMap,
+                                               ComponentPermissions componentPermissions, 
+                                               DefaultPrincipal defaultPrincipal, 
+                                               PermissionCollection checked,
                                                Set securityRoles)
             throws Exception {
+        
+        ObjectName jaccBeanName = NameFactory.getComponentName(null, null, null, null, "foo", NameFactory.JACC_MANAGER, moduleContext);
+        GBeanData jaccBeanData = new GBeanData(jaccBeanName, ApplicationPolicyConfigurationManager.GBEAN_INFO);
+        Map contextIDToPermissionsMap = new HashMap();
+        contextIDToPermissionsMap.put(POLICY_CONTEXT_ID, componentPermissions);
+        jaccBeanData.setAttribute("contextIdToPermissionsMap", contextIDToPermissionsMap);
+        jaccBeanData.setAttribute("principalRoleMap", principalRoleMap);
+        jaccBeanData.setAttribute("roleDesignates", roleDesignates);
+        start(jaccBeanData);
 
         GBeanData app = new GBeanData(webModuleName, TomcatWebAppContext.GBEAN_INFO);
         app.setAttribute("webAppRoot", new File("target/var/catalina/webapps/war3/").toURI());
@@ -155,6 +182,7 @@
         app.setAttribute("configurationBaseUrl", new File("target/var/catalina/webapps/war3/WEB-INF/web.xml").toURL());
         app.setAttribute("path", "/securetest");
         app.setAttribute("policyContextID", POLICY_CONTEXT_ID);
+        app.setReferencePattern("RoleDesignateSource", jaccBeanName);
  
         LoginConfig loginConfig = new LoginConfig();
         loginConfig.setAuthMethod(Constants.FORM_METHOD);
@@ -167,12 +195,11 @@
         app.setAttribute("securityRoles", securityRoles);
 
         TomcatGeronimoRealm realm = new TomcatGeronimoRealm(POLICY_CONTEXT_ID,
-                                                            securityConfig,
+                                                            defaultPrincipal,
                                                             "demo-properties-realm",
-                                                            securityRoles,
-                                                            uncheckedPermissions,
-                                                            excludedPermissions,
-                                                            rolePermissions);
+                                                            checked,
+                                                            componentPermissions.getExcludedPermissions(),
+                                                            roleDesignates);
         realm.setUserClassNames("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
         realm.setRoleClassNames("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
         app.setAttribute("tomcatRealm", realm);
@@ -264,7 +291,7 @@
         cl = this.getClass().getClassLoader();
         containerName = NameFactory.getWebComponentName(null, null, null, null, "tomcatContainer", "WebResource", moduleContext);
         connectorName = NameFactory.getWebComponentName(null, null, null, null, "tomcatConnector", "WebResource", moduleContext);
-        webModuleName = NameFactory.getWebComponentName(null, null, null, null, NameFactory.WEB_MODULE, "WebResource", moduleContext);
+        webModuleName = NameFactory.getModuleName(null, null, null, null, "testModule", moduleContext);
 
         tmName = NameFactory.getComponentName(null, null, null, null, "TransactionManager", NameFactory.JTA_RESOURCE, moduleContext);
         tcmName = NameFactory.getComponentName(null, null, null, null, "TransactionContextManager", NameFactory.JTA_RESOURCE, moduleContext);
@@ -283,7 +310,6 @@
         // Need to override the constructor for unit tests
         container = new GBeanData(containerName, TomcatContainer.GBEAN_INFO);
         container.setAttribute("catalinaHome", "target/var/catalina");
-        container.setAttribute("endorsedDirs", "target/endorsed");
         container.setReferencePattern("ServerInfo", serverInfoName);
 
         connector = new GBeanData(connectorName, HTTPConnector.GBEAN_INFO);

Modified: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JACCSecurityTest.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JACCSecurityTest.java?view=diff&r1=161666&r2=161667
==============================================================================
--- geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JACCSecurityTest.java (original)
+++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JACCSecurityTest.java Sun Apr 17 10:01:00 2005
@@ -25,20 +25,28 @@
 import java.security.Permissions;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.Iterator;
 import java.util.Map;
 import java.util.Set;
 import javax.management.ObjectName;
+import javax.security.auth.Subject;
+import javax.security.auth.x500.X500Principal;
 import javax.security.jacc.WebResourcePermission;
 import javax.security.jacc.WebUserDataPermission;
 
 import org.apache.catalina.deploy.SecurityCollection;
 import org.apache.catalina.deploy.SecurityConstraint;
 
+import org.apache.geronimo.common.DeploymentException;
+import org.apache.geronimo.security.RealmPrincipal;
 import org.apache.geronimo.security.deploy.DefaultPrincipal;
+import org.apache.geronimo.security.deploy.DistinguishedName;
 import org.apache.geronimo.security.deploy.Principal;
 import org.apache.geronimo.security.deploy.Realm;
 import org.apache.geronimo.security.deploy.Role;
 import org.apache.geronimo.security.deploy.Security;
+import org.apache.geronimo.security.jacc.ComponentPermissions;
+import org.apache.geronimo.security.util.ConfigurationUtil;
 
 
 /**
@@ -56,6 +64,9 @@
      * @throws Exception thrown if an error in the test occurs
      */
     public void testExplicitMapping() throws Exception {
+        
+        Security securityConfig = new Security();
+        securityConfig.setUseContextHandler(false);
 
         Set constraints = new HashSet();
 
@@ -75,9 +86,6 @@
         sc.addCollection(coll);
         constraints.add(sc);
 
-        Security securityConfig = new Security();
-        securityConfig.setUseContextHandler(false);
-
         DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
         defaultPrincipal.setRealmName("demo-properties-realm");
         Principal principal = new Principal();
@@ -86,7 +94,7 @@
         defaultPrincipal.setPrincipal(principal);
 
         securityConfig.setDefaultPrincipal(defaultPrincipal);
-
+        
         Role role = new Role();
         role.setRoleName("content-administrator");
         principal = new Principal();
@@ -98,7 +106,11 @@
         role.getRealms().put(realm.getRealmName(), realm);
 
         securityConfig.getRoleMappings().put(role.getRoleName(), role);
-
+        
+        Map roleDesignates = new HashMap();
+        Map principalRoleMap = new HashMap();
+        buildPrincipalRoleMap(securityConfig, roleDesignates, principalRoleMap);
+       
         PermissionCollection uncheckedPermissions = new Permissions();
 
         PermissionCollection excludedPermissions = new Permissions();
@@ -106,17 +118,22 @@
         excludedPermissions.add(new WebUserDataPermission("/auth/login.html", ""));
 
         Map rolePermissions = new HashMap();
-        Set permissions = new HashSet();
+        PermissionCollection permissions = new Permissions();
         permissions.add(new WebUserDataPermission("/protected/*", ""));
         permissions.add(new WebResourcePermission("/protected/*", ""));
         rolePermissions.put("content-administrator", permissions);
         rolePermissions.put("auto-administrator", permissions);
+        
+        PermissionCollection checked = permissions;
 
+        ComponentPermissions componentPermissions = new ComponentPermissions(excludedPermissions, uncheckedPermissions, rolePermissions);
+       
         Set securityRoles = new HashSet();
         securityRoles.add("content-administrator");
         securityRoles.add("auto-administrator");
 
-        startWebApp(securityConfig, constraints, uncheckedPermissions, excludedPermissions, rolePermissions, securityRoles);
+        startWebApp(constraints, roleDesignates, principalRoleMap,  componentPermissions,
+                defaultPrincipal, checked, securityRoles);
 
         //Begin the test
         HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:8080/securetest/protected/hello.txt").openConnection();
@@ -185,15 +202,17 @@
         stopWebApp();
     }
 
-    protected void startWebApp(Security securityConfig,
-                               Set securityConstraints,
-                               PermissionCollection uncheckedPermissions,
-                               PermissionCollection excludedPermissions,
-                               Map rolePermissions,
-                               Set securityRoles) throws Exception {
+    protected void startWebApp(
+            Set securityConstraints,
+            Map roleDesignates, 
+            Map principalRoleMap,
+            ComponentPermissions componentPermissions, 
+            DefaultPrincipal defaultPrincipal, 
+            PermissionCollection checked,
+            Set securityRoles) throws Exception {
 
-        appName = setUpSecureAppContext(securityConfig, securityConstraints, uncheckedPermissions,
-                                        excludedPermissions, rolePermissions, securityRoles);
+        appName = setUpSecureAppContext(securityConstraints, roleDesignates, principalRoleMap,
+                componentPermissions, defaultPrincipal, checked, securityRoles);
 
 
     }
@@ -202,6 +221,82 @@
         stop(appName);
     }
 
+    public static void buildPrincipalRoleMap(Security security, Map roleDesignates, Map principalRoleMap) throws DeploymentException {
+        Map roleToPrincipalMap = new HashMap();
+        buildRolePrincipalMap(security, roleDesignates, roleToPrincipalMap);
+        invertMap(roleToPrincipalMap, principalRoleMap);
+    }
+
+    private static Map invertMap(Map roleToPrincipalMap, Map principalRoleMapping) {
+        for (Iterator roles = roleToPrincipalMap.entrySet().iterator(); roles.hasNext();) {
+            Map.Entry entry = (Map.Entry) roles.next();
+            String role = (String) entry.getKey();
+            Set principals = (Set) entry.getValue();
+            for (Iterator iter = principals.iterator(); iter.hasNext();) {
+                java.security.Principal principal = (java.security.Principal) iter.next();
+
+                HashSet roleSet = (HashSet) principalRoleMapping.get(principal);
+                if (roleSet == null) {
+                    roleSet = new HashSet();
+                    principalRoleMapping.put(principal, roleSet);
+                }
+                roleSet.add(role);
+            }
+        }
+        return principalRoleMapping;
+    }
+
+    private static void buildRolePrincipalMap(Security security, Map roleDesignates, Map roleToPrincipalMap) throws DeploymentException {
+
+        Iterator rollMappings = security.getRoleMappings().values().iterator();
+        while (rollMappings.hasNext()) {
+            Role role = (Role) rollMappings.next();
+
+            String roleName = role.getRoleName();
+            Subject roleDesignate = new Subject();
+            Set principalSet = new HashSet();
+
+            Iterator realms = role.getRealms().values().iterator();
+            while (realms.hasNext()) {
+                Realm realm = (Realm) realms.next();
+
+                Iterator principals = realm.getPrincipals().iterator();
+                while (principals.hasNext()) {
+                    Principal principal = (Principal) principals.next();
+
+                    RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(principal, realm.getRealmName());
+
+                    if (realmPrincipal == null) throw new DeploymentException("Unable to create realm principal");
+
+                    principalSet.add(realmPrincipal);
+                    if (principal.isDesignatedRunAs()) roleDesignate.getPrincipals().add(realmPrincipal);
+                }
+            }
+
+            for (Iterator names = role.getDNames().iterator(); names.hasNext();) {
+                DistinguishedName dn = (DistinguishedName) names.next();
+
+                X500Principal x500Principal = ConfigurationUtil.generateX500Principal(dn.getName());
+
+                principalSet.add(x500Principal);
+                if (dn.isDesignatedRunAs()) {
+                    roleDesignate.getPrincipals().add(x500Principal);
+                }
+            }
+
+            Set roleMapping = (Set) roleToPrincipalMap.get(roleName);
+            if (roleMapping == null) {
+                roleMapping = new HashSet();
+                roleToPrincipalMap.put(roleName, roleMapping);
+            }
+            roleMapping.addAll(principalSet);
+
+            if (roleDesignate.getPrincipals().size() > 0) {
+                roleDesignates.put(roleName, roleDesignate);
+            }
+        }
+    }
+    
     protected void setUp() throws Exception {
         super.setUp();
         setUpSecurity();



Mime
View raw message