geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jgenen...@apache.org
Subject svn commit: r239982 - in /geronimo/trunk/modules: tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/ tomcat/src/java/org/apache/geronimo/tomcat/ tomcat/src/java/org/apache/geronimo/tomcat/util/
Date Thu, 25 Aug 2005 03:20:44 GMT
Author: jgenender
Date: Wed Aug 24 20:20:39 2005
New Revision: 239982

URL: http://svn.apache.org/viewcvs?rev=239982&view=rev
Log:
Detect the security block in the web-app plan and use a JACC adapter when present

Modified:
    geronimo/trunk/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java
    geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatContainer.java
    geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/util/SecurityHolder.java

Modified: geronimo/trunk/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java?rev=239982&r1=239981&r2=239982&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java
(original)
+++ geronimo/trunk/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java
Wed Aug 24 20:20:39 2005
@@ -463,30 +463,34 @@
                 SecurityHolder securityHolder = new SecurityHolder();
                 securityHolder.setSecurityRealm(tomcatWebApp.getSecurityRealmName().trim());
 
-                /**
-                 * TODO - go back to commented version when possible.
-                 */
-                String policyContextID = webModuleName.getCanonicalName().replaceAll("[,
:]", "_");
-                securityHolder.setPolicyContextID(policyContextID);
-
-                ComponentPermissions componentPermissions = buildSpecSecurityConfig(webApp,
securityRoles, rolePermissions);
-                securityHolder.setExcluded(componentPermissions.getExcludedPermissions());
-                PermissionCollection checkedPermissions = new Permissions();
-                for (Iterator iterator = rolePermissions.values().iterator(); iterator.hasNext();)
{
-                    PermissionCollection permissionsForRole = (PermissionCollection) iterator.next();
-                    for (Enumeration iterator2 = permissionsForRole.elements(); iterator2.hasMoreElements();)
{
-                        Permission permission = (Permission) iterator2.nextElement();
-                        checkedPermissions.add(permission);
+                if (tomcatWebApp.isSetSecurity()){
+                    
+                    securityHolder.setSecurity(true);
+                    /**
+                     * TODO - go back to commented version when possible.
+                     */
+                    String policyContextID = webModuleName.getCanonicalName().replaceAll("[,
:]", "_");
+                    securityHolder.setPolicyContextID(policyContextID);
+    
+                    ComponentPermissions componentPermissions = buildSpecSecurityConfig(webApp,
securityRoles, rolePermissions);
+                    securityHolder.setExcluded(componentPermissions.getExcludedPermissions());
+                    PermissionCollection checkedPermissions = new Permissions();
+                    for (Iterator iterator = rolePermissions.values().iterator(); iterator.hasNext();)
{
+                        PermissionCollection permissionsForRole = (PermissionCollection)
iterator.next();
+                        for (Enumeration iterator2 = permissionsForRole.elements(); iterator2.hasMoreElements();)
{
+                            Permission permission = (Permission) iterator2.nextElement();
+                            checkedPermissions.add(permission);
+                        }
                     }
+                    securityHolder.setChecked(checkedPermissions);
+                    earContext.addSecurityContext(policyContextID, componentPermissions);
+//                    if (tomcatWebApp.isSetSecurity()) {
+                        SecurityConfiguration securityConfiguration = SecurityBuilder.buildSecurityConfiguration(tomcatWebApp.getSecurity());
+                        earContext.setSecurityConfiguration(securityConfiguration);
+//                    }
+                    DefaultPrincipal defaultPrincipal = earContext.getSecurityConfiguration().getDefaultPrincipal();
+                    securityHolder.setDefaultPrincipal(defaultPrincipal);
                 }
-                securityHolder.setChecked(checkedPermissions);
-                earContext.addSecurityContext(policyContextID, componentPermissions);
-                if (tomcatWebApp.isSetSecurity()) {
-                    SecurityConfiguration securityConfiguration = SecurityBuilder.buildSecurityConfiguration(tomcatWebApp.getSecurity());
-                    earContext.setSecurityConfiguration(securityConfiguration);
-                }
-                DefaultPrincipal defaultPrincipal = earContext.getSecurityConfiguration().getDefaultPrincipal();
-                securityHolder.setDefaultPrincipal(defaultPrincipal);
 
                 webModuleData.setAttribute("securityHolder", securityHolder);
                 webModuleData.setReferencePattern("RoleDesignateSource", earContext.getJaccManagerName());

Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatContainer.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatContainer.java?rev=239982&r1=239981&r2=239982&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatContainer.java
(original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatContainer.java
Wed Aug 24 20:20:39 2005
@@ -45,6 +45,7 @@
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.j2ee.management.impl.Util;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm;
 import org.apache.geronimo.tomcat.realm.TomcatJAASRealm;
 import org.apache.geronimo.tomcat.util.SecurityHolder;
 import org.apache.geronimo.webservices.SoapHandler;
@@ -229,12 +230,13 @@
             throw new IllegalArgumentException("Invalid virtual host '" + virtualServer +"'.
 Do you have a matchiing Host entry in the plan?");
         }
 
-        //Get the security-realm-name if the is one
+        //Get the security-realm-name if there is one
         String securityRealmName = null;
         SecurityHolder secHolder = ctx.getSecurityHolder();
         if (secHolder != null)
             securityRealmName = secHolder.getSecurityRealm();
 
+        //Did we declare a GBean at the context level?
         if (ctx.getRealm() != null){
             Realm realm = ctx.getRealm();
 
@@ -254,14 +256,32 @@
                 if (realm instanceof JAASRealm){
                     parentRealmName = ((JAASRealm)realm).getAppName();
                 }
+                
+                //Do we have a match to a parent?
                 if(!securityRealmName.equals(parentRealmName)){
-                    log.info("The security-realm-name '" + securityRealmName + "' was specified
and a parent (Engine/Host) is not named the same or no RealmGBean was configured for this
context.  Creating a default TomcatJAASRealm adapter for this context.");
-                    TomcatJAASRealm jaasRealm = new TomcatJAASRealm();
-                    jaasRealm.setUserClassNames("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
-                    jaasRealm.setRoleClassNames("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
-                    jaasRealm.setAppName(securityRealmName);
-                    anotherCtxObj.setRealm(jaasRealm);
+                    //No...we need to create a default adapter
+                    
+                    //Is the context requiring JACC?
+                    if (secHolder.isSecurity()){
+                        //JACC
+                        realm = new TomcatGeronimoRealm();
+                    } else {
+                        //JAAS
+                        realm = new TomcatJAASRealm();
+                    }
+                    
+                    log.info("The security-realm-name '" + securityRealmName + 
+                            "' was specified and a parent (Engine/Host) is not named the
same or no RealmGBean was configured for this context. " +
+                            "Creating a default " + realm.getClass().getName() +
+                            " adapter for this context.");
+                    
+                    ((JAASRealm)realm).setUserClassNames("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
+                    ((JAASRealm)realm).setRoleClassNames("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
+                    ((JAASRealm)realm).setAppName(securityRealmName);
+                    
+                    anotherCtxObj.setRealm(realm);
                 } else {
+                    //Use the parent since a name matches
                     anotherCtxObj.setRealm(realm);
                 }
             } else {

Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/util/SecurityHolder.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/util/SecurityHolder.java?rev=239982&r1=239981&r2=239982&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/util/SecurityHolder.java
(original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/util/SecurityHolder.java
Wed Aug 24 20:20:39 2005
@@ -30,6 +30,7 @@
     private PermissionCollection checked;
     private PermissionCollection excluded;
     private String securityRealm;
+    private boolean security;
 
     public SecurityHolder()
     {
@@ -38,6 +39,7 @@
         checked = null;
         excluded = null;
         securityRealm = null;
+        security = false;
     }
 
     public String getSecurityRealm() {
@@ -87,4 +89,13 @@
     {
         this.policyContextID = policyContextID;
     }
+
+    public boolean isSecurity() {
+        return security;
+    }
+
+    public void setSecurity(boolean security) {
+        this.security = security;
+    }
+    
 }



Mime
View raw message