geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jgenen...@apache.org
Subject svn commit: r227169 - in /geronimo/trunk/modules/tomcat/src: java/org/apache/geronimo/tomcat/ java/org/apache/geronimo/tomcat/util/ test/org/apache/geronimo/tomcat/
Date Wed, 03 Aug 2005 05:56:46 GMT
Author: jgenender
Date: Tue Aug  2 22:56:37 2005
New Revision: 227169

URL: http://svn.apache.org/viewcvs?rev=227169&view=rev
Log:
Added the ability to use the security-realm-name tag from geronimo-web.xml

Modified:
    geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatContainer.java
    geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/util/SecurityHolder.java
    geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
    geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JAASSecurityTest.java

Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatContainer.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatContainer.java?rev=227169&r1=227168&r2=227169&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatContainer.java
(original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatContainer.java
Tue Aug  2 22:56:37 2005
@@ -27,7 +27,9 @@
 import org.apache.catalina.Container;
 import org.apache.catalina.Context;
 import org.apache.catalina.Engine;
+import org.apache.catalina.Realm;
 import org.apache.catalina.connector.Connector;
+import org.apache.catalina.realm.JAASRealm;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.geronimo.gbean.GBeanInfo;
@@ -35,6 +37,7 @@
 import org.apache.geronimo.gbean.GBeanLifecycle;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.tomcat.util.SecurityHolder;
 import org.apache.geronimo.webservices.SoapHandler;
 import org.apache.geronimo.webservices.WebServiceContainer;
 
@@ -199,11 +202,29 @@
             throw new IllegalArgumentException("Invalid virtual host '" + virtualServer +"'.
 Do you have a matchiing Host entry in the plan?");
         }
         
-        if (ctx.getRealm() != null)
-            anotherCtxObj.setRealm(ctx.getRealm());
-        else
+        //Get the security-realm-name if the is one
+        String securityRealmName = null;
+        SecurityHolder secHolder = ctx.getSecurityHolder();
+        if (secHolder != null)
+            securityRealmName = secHolder.getSecurityRealm();
+        
+        if (ctx.getRealm() != null){
+            Realm realm = ctx.getRealm();
+                       
+            //Allow for the <security-realm-name> override from the
+            //geronimo-web.xml file to be used if our Realm is a JAAS type
+            if (securityRealmName != null){
+                if (realm instanceof JAASRealm){
+                    ((JAASRealm)realm).setAppName(secHolder.getSecurityRealm());
+                }
+            }
+            anotherCtxObj.setRealm(realm);
+        } else {
+            if (securityRealmName != null){
+                log.warn("security-realm-name was specified but no RealmGBean was configured
for this context.  Ignoring security-realm-name.");
+            }
             anotherCtxObj.setRealm(host.getRealm());
-            
+        }            
 
         host.addChild(anotherCtxObj);
     }

Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/util/SecurityHolder.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/util/SecurityHolder.java?rev=227169&r1=227168&r2=227169&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/util/SecurityHolder.java
(original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/util/SecurityHolder.java
Tue Aug  2 22:56:37 2005
@@ -29,6 +29,7 @@
     private DefaultPrincipal defaultPrincipal;
     private PermissionCollection checked;
     private PermissionCollection excluded;
+    private String securityRealm;
 
     public SecurityHolder()
     {
@@ -36,6 +37,15 @@
         defaultPrincipal = null;
         checked = null;
         excluded = null;
+        securityRealm = null;
+    }
+
+    public String getSecurityRealm() {
+        return securityRealm;
+    }
+
+    public void setSecurityRealm(String securityRealm) {
+        this.securityRealm = securityRealm;
     }
 
     public PermissionCollection getChecked()

Modified: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java?rev=227169&r1=227168&r2=227169&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
(original)
+++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
Tue Aug  2 22:56:37 2005
@@ -62,7 +62,7 @@
 public class AbstractWebModuleTest extends TestCase {
 
     protected static final String POLICY_CONTEXT_ID = "securetest";
-
+    protected static final String REALM_NAME = "usable-realm";
 
     protected Kernel kernel;
     private GBeanData container;
@@ -76,6 +76,7 @@
     private ObjectName realmName;
     private GBeanData realm;
     private ObjectName webModuleName;
+    private ObjectName contextRealmName;
     private ObjectName tmName;
     private ObjectName ctcName;
     private GBeanData tm;
@@ -94,6 +95,8 @@
     protected ObjectName propertiesLMName;
     protected ObjectName propertiesRealmName;
     private GBeanData propertiesRealmGBean;
+    protected ObjectName propertiesRealmName2;
+    private GBeanData propertiesRealmGBean2;
     private ObjectName serverInfoName;
     private GBeanData serverInfoGBean;
 
@@ -114,7 +117,8 @@
         start(app);
     }
 
-    protected ObjectName setUpJAASSecureAppContext() throws Exception {
+    protected void setUpJAASSecureAppContext() throws Exception {
+        //Will use Context Level Security
         ObjectName jaccBeanName = NameFactory.getComponentName(null, null, null, null, "foo",
NameFactory.JACC_MANAGER, moduleContext);
         GBeanData jaccBeanData = new GBeanData(jaccBeanName, ApplicationPolicyConfigurationManager.GBEAN_INFO);
         PermissionCollection excludedPermissions= new Permissions();
@@ -127,11 +131,28 @@
         jaccBeanData.setAttribute("roleDesignates", new HashMap());
         start(jaccBeanData);
 
+        //Set a context level Realm and ignore the Engine level to test that
+        //the override along with a Security Realm Name set overrides the Engine
+        Map initParams = new HashMap();
+        initParams.put("userClassNames","org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
+        initParams.put("roleClassNames","org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
+        contextRealmName = NameFactory.getWebComponentName(null, null, null, null, "tomcatContextRealm",
"WebResource", moduleContext);
+        GBeanData contextRealm = new GBeanData(contextRealmName, RealmGBean.GBEAN_INFO);
+        contextRealm.setAttribute("className", "org.apache.geronimo.tomcat.realm.TomcatJAASRealm");
+        contextRealm.setAttribute("initParams", initParams);
+        start(contextRealm);
+        
+        //Force a new realm name and ignore the application name
+        SecurityHolder securityHolder = new SecurityHolder();
+        securityHolder.setSecurityRealm(REALM_NAME);
+
         GBeanData app = new GBeanData(webModuleName, TomcatWebAppContext.GBEAN_INFO);
         app.setAttribute("webAppRoot", new File("target/var/catalina/webapps/war3/").toURI());
         app.setAttribute("webClassPath", new URI[]{});
+        app.setAttribute("securityHolder", securityHolder);
         app.setAttribute("configurationBaseUrl", new File("target/var/catalina/webapps/war3/WEB-INF/web.xml").toURL());
         app.setAttribute("path", "/securetest");
+        app.setReferencePattern("TomcatRealm",contextRealmName);
         app.setReferencePattern("RoleDesignateSource", jaccBeanName);
 
         OnlineUserTransaction userTransaction = new OnlineUserTransaction();
@@ -144,8 +165,6 @@
         app.setAttribute("kernel", null);
 
         start(app);
-
-        return webModuleName;
     }
 
     protected ObjectName setUpSecureAppContext(Map roleDesignates,
@@ -155,6 +174,7 @@
                                                PermissionCollection checked)
             throws Exception {
 
+        //Will use the Engine level security
         ObjectName jaccBeanName = NameFactory.getComponentName(null, null, null, null, "foo",
NameFactory.JACC_MANAGER, moduleContext);
         GBeanData jaccBeanData = new GBeanData(jaccBeanName, ApplicationPolicyConfigurationManager.GBEAN_INFO);
         Map contextIDToPermissionsMap = new HashMap();
@@ -169,6 +189,7 @@
         securityHolder.setExcluded(componentPermissions.getExcludedPermissions());
         securityHolder.setPolicyContextID(POLICY_CONTEXT_ID);
         securityHolder.setDefaultPrincipal(defaultPrincipal);
+        securityHolder.setSecurityRealm(REALM_NAME);
         GBeanData app = new GBeanData(webModuleName, TomcatWebAppContext.GBEAN_INFO);
         app.setAttribute("classLoader", cl);
         app.setAttribute("webAppRoot", new File("target/var/catalina/webapps/war3/").toURI());
@@ -236,16 +257,32 @@
         principalEditor.setAsText("metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
         propertiesRealmGBean.setAttribute("defaultPrincipal", principalEditor.getValue());
 
+        propertiesRealmName2 = new ObjectName("geronimo.server:j2eeType=SecurityRealm,name=geronimo-properties-realm-2");
+        propertiesRealmGBean2 = new GBeanData(propertiesRealmName2, GenericSecurityRealm.GBEAN_INFO);
+        propertiesRealmGBean2.setReferencePattern("ServerInfo", serverInfoName);
+        propertiesRealmGBean2.setAttribute("realmName", REALM_NAME);
+        propertiesRealmGBean2.setReferencePattern("LoginModuleConfiguration", testUseName);
+        Principal.PrincipalEditor principalEditor2 = new Principal.PrincipalEditor();
+        principalEditor2.setAsText("metro=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
+        propertiesRealmGBean2.setAttribute("defaultPrincipal", principalEditor2.getValue());
+        
         start(loginConfigurationGBean);
         start(securityServiceGBean);
         start(loginServiceGBean);
         start(propertiesLMGBean);
         start(lmUseGBean);
         start(propertiesRealmGBean);
+        start(propertiesRealmGBean2);
 
     }
-
+    
+    protected void tearDownJAASWebApp() throws Exception{
+        stop(webModuleName);
+        stop(contextRealmName);
+    }
+    
     protected void tearDownSecurity() throws Exception {
+        stop(propertiesRealmName2);
         stop(propertiesRealmName);
         stop(propertiesLMName);
         stop(loginServiceName);

Modified: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JAASSecurityTest.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JAASSecurityTest.java?rev=227169&r1=227168&r2=227169&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JAASSecurityTest.java
(original)
+++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JAASSecurityTest.java
Tue Aug  2 22:56:37 2005
@@ -139,11 +139,11 @@
     }
 
     protected void startWebApp() throws Exception {
-        appName = setUpJAASSecureAppContext();
+        setUpJAASSecureAppContext();
     }
 
     protected void stopWebApp() throws Exception {
-        stop(appName);
+        tearDownJAASWebApp();
     }
 
     protected void setUp() throws Exception {



Mime
View raw message