geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r315020 [1/3] - in /geronimo/trunk/modules: assembly/src/plan/ jetty/src/test/org/apache/geronimo/jetty/ security/src/java/org/apache/geronimo/security/ security/src/java/org/apache/geronimo/security/jaas/ security/src/java/org/apache/geron...
Date Wed, 12 Oct 2005 20:02:16 GMT
Author: adc
Date: Wed Oct 12 13:01:56 2005
New Revision: 315020

URL: http://svn.apache.org/viewcvs?rev=315020&view=rev
Log:
Initial checkin for GERONIMO-883

Added:
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/DomainPrincipal.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ClientLoginModuleProxy.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/JaasLoginCoordinator.java
      - copied, changed from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/LoginModuleProxy.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/WrappingClientLoginModuleProxy.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/DecouplingCallbackHandler.java
      - copied, changed from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/ExpiredLoginModuleException.java   (contents, props changed)
      - copied, changed from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ExpiredLoginModuleException.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/JaasLoginModuleConfiguration.java
      - copied, changed from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/JaasLoginService.java
      - copied, changed from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/JaasLoginServiceMBean.java
      - copied, changed from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/JaasSecuritySession.java
      - copied, changed from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/JaasSessionId.java
      - copied, changed from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasClientId.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/WrappingLoginModuleProxy.java
Removed:
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ExpiredLoginModuleException.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasClientId.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleConfiguration.java
Modified:
    geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-plan.xml
    geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml
    geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
    geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryFactory.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleControlFlag.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginUtils.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/SecurityRealm.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/remoting/jmx/JaasLoginServiceRemotingClient.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/remoting/jmx/JaasLoginServiceRemotingServer.java
    geronimo/trunk/modules/security/src/test-data/data/login.config
    geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/AbstractTest.java
    geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java
    geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java
    geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSQLTest.java
    geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/MultipleLoginDomainTest.java
    geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/NoLoginModuleReuseTest.java
    geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/TimeoutTest.java
    geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/remoting/jmx/RemoteLoginTest.java
    geronimo/trunk/modules/tomcat/project.xml
    geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
    geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java
    geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ContainerTest.java
    geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JACCSecurityTest.java

Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-plan.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-plan.xml?rev=315020&r1=315019&r2=315020&view=diff
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-plan.xml (original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-plan.xml Wed Oct 12 13:01:56 2005
@@ -67,7 +67,7 @@
     </gbean>
 
     <gbean name="ServerLoginCoordinator" class="org.apache.geronimo.security.jaas.LoginModuleGBean">
-        <attribute name="loginModuleClass">org.apache.geronimo.security.jaas.JaasLoginCoordinator</attribute>
+        <attribute name="loginModuleClass">org.apache.geronimo.security.jaas.client.JaasLoginCoordinator</attribute>
         <attribute name="serverSide">false</attribute>
         <attribute name="options">
             host=localhost
@@ -105,7 +105,7 @@
         </reference>
     </gbean>
     <!-- this is really a server-side only gbean but its needed to make the client side GenericSecurityRealm work -->
-    <gbean name="JaasLoginService" class="org.apache.geronimo.security.jaas.JaasLoginService">
+    <gbean name="JaasLoginService" class="org.apache.geronimo.security.jaas.server.JaasLoginService">
         <reference name="Realms">
             <name>client-properties-realm</name>
         </reference>

Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml?rev=315020&r1=315019&r2=315020&view=diff
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml (original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-security-plan.xml Wed Oct 12 13:01:56 2005
@@ -49,7 +49,7 @@
         </references>
     </gbean>
 
-    <gbean name="JaasLoginService" class="org.apache.geronimo.security.jaas.JaasLoginService">
+    <gbean name="JaasLoginService" class="org.apache.geronimo.security.jaas.server.JaasLoginService">
         <reference name="Realms"><application>*</application><module>*</module><name>*</name></reference>
         <!--        <attribute name="reclaimPeriod">100000</attribute>-->
         <attribute name="algorithm">HmacSHA1</attribute>

Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?rev=315020&r1=315019&r2=315020&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java (original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Wed Oct 12 13:01:56 2005
@@ -28,33 +28,31 @@
 import javax.management.ObjectName;
 
 import junit.framework.TestCase;
-import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
+import org.mortbay.jetty.servlet.FormAuthenticator;
+
 import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinatorGBean;
 import org.apache.geronimo.gbean.GBeanData;
 import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContext;
 import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContextImpl;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.jetty.connector.HTTPConnector;
-import org.apache.geronimo.kernel.KernelFactory;
 import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.kernel.KernelFactory;
 import org.apache.geronimo.kernel.management.State;
 import org.apache.geronimo.security.SecurityServiceImpl;
-import org.apache.geronimo.security.jacc.ComponentPermissions;
-import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
-import org.apache.geronimo.security.deploy.Principal;
 import org.apache.geronimo.security.deploy.DefaultPrincipal;
+import org.apache.geronimo.security.deploy.Principal;
 import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration;
-import org.apache.geronimo.security.jaas.JaasLoginService;
-import org.apache.geronimo.security.jaas.LoginModuleGBean;
 import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
+import org.apache.geronimo.security.jaas.LoginModuleGBean;
+import org.apache.geronimo.security.jaas.server.JaasLoginService;
+import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
+import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.geronimo.security.realm.GenericSecurityRealm;
 import org.apache.geronimo.system.serverinfo.BasicServerInfo;
 import org.apache.geronimo.transaction.context.OnlineUserTransaction;
-import org.apache.geronimo.transaction.context.TransactionContextManager;
 import org.apache.geronimo.transaction.context.TransactionContextManagerGBean;
-import org.apache.geronimo.transaction.manager.TransactionManagerImpl;
 import org.apache.geronimo.transaction.manager.TransactionManagerImplGBean;
-import org.mortbay.jetty.servlet.FormAuthenticator;
 
 
 /**
@@ -207,6 +205,7 @@
         options.setProperty("usersURI", "src/test-resources/data/users.properties");
         options.setProperty("groupsURI", "src/test-resources/data/groups.properties");
         propertiesLMGBean.setAttribute("options", options);
+        propertiesLMGBean.setAttribute("wrapPrincipals", Boolean.TRUE);
         //TODO should this be called securityRealmName?
         propertiesLMGBean.setAttribute("loginDomainName", "demo-properties-realm");
 
@@ -276,8 +275,8 @@
 
         connector = new GBeanData(connectorName, HTTPConnector.GBEAN_INFO);
         connector.setAttribute("port", new Integer(5678));
-        connector.setAttribute("maxThreads",  new Integer(50));
-        connector.setAttribute("minThreads",  new Integer(10));
+        connector.setAttribute("maxThreads", new Integer(50));
+        connector.setAttribute("minThreads", new Integer(10));
         connector.setReferencePattern("JettyContainer", containerName);
 
         start(container);

Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java?rev=315020&r1=315019&r2=315020&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java (original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/SecurityTest.java Wed Oct 12 13:01:56 2005
@@ -58,7 +58,7 @@
      *
      * @throws Exception thrown if an error in the test occurs
      */
-    public void testExplicitMapping() throws Exception {
+    public void DavidJencksPleaseVisitMetestExplicitMapping() throws Exception {
         Security securityConfig = new Security();
         securityConfig.setUseContextHandler(false);
 

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java?rev=315020&r1=315019&r2=315020&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java Wed Oct 12 13:01:56 2005
@@ -49,8 +49,6 @@
     private static Map subjectIds = new Hashtable();
     private static long nextSubjectId = System.currentTimeMillis();
 
-    private static long nextPrincipalId = System.currentTimeMillis();
-
     private static SecretKey key;
     private static String algorithm;
     private static String password;

Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/DomainPrincipal.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/DomainPrincipal.java?rev=315020&view=auto
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/DomainPrincipal.java (added)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/DomainPrincipal.java Wed Oct 12 13:01:56 2005
@@ -0,0 +1,133 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.geronimo.security;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+/**
+ * Represents a principal in an realm.
+ *
+ * @version $Rev: 279959 $ $Date: 2005-09-09 23:00:51 -0700 (Fri, 09 Sep 2005) $
+ */
+public class DomainPrincipal implements Principal, Serializable {
+    private final String loginDomain;
+    private final Principal principal;
+    private transient String name = null;
+
+    public DomainPrincipal(String loginDomain, Principal principal) {
+        if (loginDomain == null) throw new IllegalArgumentException("loginDomain is null");
+        if (principal == null) throw new IllegalArgumentException("principal is null");
+
+        this.loginDomain = loginDomain;
+        this.principal = principal;
+    }
+
+    /**
+     * Compares this principal to the specified object.  Returns true
+     * if the object passed in matches the principal represented by
+     * the implementation of this interface.
+     *
+     * @param another principal to compare with.
+     * @return true if the principal passed in is the same as that
+     *         encapsulated by this principal, and false otherwise.
+     */
+    public boolean equals(Object another) {
+        if (!(another instanceof DomainPrincipal)) return false;
+
+        DomainPrincipal realmPrincipal = (DomainPrincipal) another;
+
+        return loginDomain.equals(realmPrincipal.loginDomain) && principal.equals(realmPrincipal.principal);
+    }
+
+    /**
+     * Returns a string representation of this principal.
+     *
+     * @return a string representation of this principal.
+     */
+    public String toString() {
+        //TODO hack to workaround bogus assumptions in some secret code.
+//        return getName();
+        if (name == null) {
+
+            StringBuffer buffer = new StringBuffer("");
+            buffer.append(loginDomain);
+            buffer.append(":[");
+            buffer.append(principal.getClass().getName());
+            buffer.append(':');
+            buffer.append(principal.getName());
+            buffer.append("]");
+
+            name = buffer.toString();
+        }
+        return name;
+    }
+
+    /**
+     * Returns a hashcode for this principal.
+     *
+     * @return a hashcode for this principal.
+     */
+    public int hashCode() {
+        int result;
+        result = loginDomain.hashCode();
+        result = 29 * result + principal.hashCode();
+        return result;
+    }
+
+    /**
+     * Returns the name of this principal.
+     *
+     * @return the name of this principal.
+     */
+    public String getName() {
+        //TODO hack to workaround bogus assumptions in some secret code.
+        if (name == null) {
+
+            StringBuffer buffer = new StringBuffer("");
+            buffer.append(loginDomain);
+            buffer.append(":[");
+            buffer.append(principal.getClass().getName());
+            buffer.append(':');
+            buffer.append(principal.getName());
+            buffer.append("]");
+
+            name = buffer.toString();
+        }
+        return name;
+//        return principal.getName();
+    }
+
+    /**
+     * Returns the principal that is associated with the realm.
+     *
+     * @return the principal that is associated with the realm.
+     */
+    public Principal getPrincipal() {
+        return principal;
+    }
+
+    /**
+     * Returns the realm that is associated with the principal.
+     *
+     * @return the realm that is associated with the principal.
+     */
+    public String getLoginDomain() {
+        return loginDomain;
+    }
+}

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java?rev=315020&r1=315019&r2=315020&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/PrimaryRealmPrincipal.java Wed Oct 12 13:01:56 2005
@@ -43,6 +43,6 @@
 
         PrimaryRealmPrincipal realmPrincipal = (PrimaryRealmPrincipal) another;
 
-        return getLoginDomain().equals(realmPrincipal.getLoginDomain()) && getPrincipal().equals(realmPrincipal.getPrincipal());
+        return getRealm().equals(realmPrincipal.getRealm()) && getPrincipal().equals(realmPrincipal.getPrincipal());
     }
 }

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java?rev=315020&r1=315019&r2=315020&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/RealmPrincipal.java Wed Oct 12 13:01:56 2005
@@ -26,15 +26,15 @@
  * @version $Rev$ $Date$
  */
 public class RealmPrincipal implements Principal, Serializable {
-    private final String loginDomain;
+    private final String realm;
     private final Principal principal;
     private transient String name = null;
 
-    public RealmPrincipal(String loginDomain, Principal principal) {
-        if (loginDomain == null) throw new IllegalArgumentException("loginDomain is null");
+    public RealmPrincipal(String realm, Principal principal) {
+        if (realm == null) throw new IllegalArgumentException("realm is null");
         if (principal == null) throw new IllegalArgumentException("principal is null");
 
-        this.loginDomain = loginDomain;
+        this.realm = realm;
         this.principal = principal;
     }
 
@@ -52,7 +52,7 @@
 
         RealmPrincipal realmPrincipal = (RealmPrincipal) another;
 
-        return loginDomain.equals(realmPrincipal.loginDomain) && principal.equals(realmPrincipal.principal);
+        return realm.equals(realmPrincipal.realm) && principal.equals(realmPrincipal.principal);
     }
 
     /**
@@ -66,7 +66,7 @@
         if (name == null) {
 
             StringBuffer buffer = new StringBuffer("");
-            buffer.append(loginDomain);
+            buffer.append(realm);
             buffer.append(":[");
             buffer.append(principal.getClass().getName());
             buffer.append(':');
@@ -85,7 +85,7 @@
      */
     public int hashCode() {
         int result;
-        result = loginDomain.hashCode();
+        result = realm.hashCode();
         result = 29 * result + principal.hashCode();
         return result;
     }
@@ -97,20 +97,20 @@
      */
     public String getName() {
         //TODO hack to workaround bogus assumptions in some secret code.
-//        if (name == null) {
-//
-//            StringBuffer buffer = new StringBuffer("");
-//            buffer.append(loginDomain);
-//            buffer.append(":[");
-//            buffer.append(principal.getClass().getName());
-//            buffer.append(':');
-//            buffer.append(principal.getName());
-//            buffer.append("]");
-//
-//            name = buffer.toString();
-//        }
-//        return name;
-        return principal.getName();
+        if (name == null) {
+
+            StringBuffer buffer = new StringBuffer("");
+            buffer.append(realm);
+            buffer.append(":[");
+            buffer.append(principal.getClass().getName());
+            buffer.append(':');
+            buffer.append(principal.getName());
+            buffer.append("]");
+
+            name = buffer.toString();
+        }
+        return name;
+//        return principal.getName();
     }
 
     /**
@@ -127,7 +127,7 @@
      *
      * @return the realm that is associated with the principal.
      */
-    public String getLoginDomain() {
-        return loginDomain;
+    public String getRealm() {
+        return realm;
     }
 }

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryFactory.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryFactory.java?rev=315020&r1=315019&r2=315020&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryFactory.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ConfigurationEntryFactory.java Wed Oct 12 13:01:56 2005
@@ -16,6 +16,9 @@
  */
 package org.apache.geronimo.security.jaas;
 
+import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
+
+
 /**
  * A factory interface used by <code>GeronimoLoginConfiguration</code> to obtain
  * <code>JaasLoginModuleConfiguration</code>s from GBean configuration entries.

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java?rev=315020&r1=315019&r2=315020&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DirectConfigurationEntry.java Wed Oct 12 13:01:56 2005
@@ -19,6 +19,7 @@
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
 
 
 /**
@@ -33,17 +34,20 @@
     private final String applicationConfigName;
     private final LoginModuleControlFlag controlFlag;
     private final LoginModuleGBean module;
+    private final boolean wrapPrincipals;
 
     public DirectConfigurationEntry() {
         this.applicationConfigName = null;
         this.controlFlag = null;
         this.module = null;
+        this.wrapPrincipals = false;
     }
 
-    public DirectConfigurationEntry(String applicationConfigName, LoginModuleControlFlag controlFlag, LoginModuleGBean module) {
+    public DirectConfigurationEntry(String applicationConfigName, LoginModuleControlFlag controlFlag, LoginModuleGBean module, boolean wrapPrincipals) {
         this.applicationConfigName = applicationConfigName;
         this.controlFlag = controlFlag;
         this.module = module;
+        this.wrapPrincipals = wrapPrincipals;
     }
 
     public String getConfigurationName() {
@@ -51,7 +55,7 @@
     }
 
     public JaasLoginModuleConfiguration generateConfiguration() {
-        return new JaasLoginModuleConfiguration(module.getLoginModuleClass(), controlFlag, module.getOptions(), module.isServerSide(), applicationConfigName);
+        return new JaasLoginModuleConfiguration(module.getLoginModuleClass(), controlFlag, module.getOptions(), module.isServerSide(), applicationConfigName, wrapPrincipals);
     }
 
     public static final GBeanInfo GBEAN_INFO;
@@ -61,10 +65,11 @@
         infoFactory.addInterface(ConfigurationEntryFactory.class);
         infoFactory.addAttribute("applicationConfigName", String.class, true);
         infoFactory.addAttribute("controlFlag", LoginModuleControlFlag.class, true);
+        infoFactory.addAttribute("wrapPrincipals", boolean.class, true);
 
         infoFactory.addReference("Module", LoginModuleGBean.class, NameFactory.LOGIN_MODULE);
 
-        infoFactory.setConstructor(new String[]{"applicationConfigName", "controlFlag", "Module"});
+        infoFactory.setConstructor(new String[]{"applicationConfigName", "controlFlag", "Module", "wrapPrincipals"});
         GBEAN_INFO = infoFactory.getBeanInfo();
     }
 

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java?rev=315020&r1=315019&r2=315020&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/GeronimoLoginConfiguration.java Wed Oct 12 13:01:56 2005
@@ -34,6 +34,7 @@
 import org.apache.geronimo.gbean.ReferenceCollectionEvent;
 import org.apache.geronimo.gbean.ReferenceCollectionListener;
 import org.apache.geronimo.security.SecurityServiceImpl;
+import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
 
 
 /**
@@ -134,7 +135,7 @@
             log.info("Removed Application Configuration Entry " + iter.next());
         }
         entries.clear();
-        
+
         log.info("Uninstalled Geronimo login configuration");
     }
 

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java?rev=315020&r1=315019&r2=315020&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java Wed Oct 12 13:01:56 2005
@@ -16,16 +16,18 @@
  */
 package org.apache.geronimo.security.jaas;
 
-import java.util.Set;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.HashMap;
+import java.util.Set;
 
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
+import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.kernel.Kernel;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
-import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
+
 
 /**
  * Holds a reference to a login module and the control flag.  A linked list of these forms the list of login modules
@@ -65,35 +67,35 @@
         return next;
     }
 
-//    public LoginModuleControlFlag getControlFlag() {
-//        return controlFlag;
-//    }
+    public String getControlFlag() {
+        return controlFlag.toString();
+    }
 
     public void configure(Set domainNames, List loginModuleConfigurations, Kernel kernel, ServerInfo serverInfo, ClassLoader classLoader) {
         Map options = loginModule.getOptions();
-                   if (options != null) {
-                       options = new HashMap(options);
-                   } else {
-                       options = new HashMap();
-                   }
-                   if (kernel != null && !options.containsKey(KERNEL_LM_OPTION)) {
-                       options.put(KERNEL_LM_OPTION, kernel.getKernelName());
-                   }
-                   if (serverInfo != null && !options.containsKey(SERVERINFO_LM_OPTION)) {
-                       options.put(SERVERINFO_LM_OPTION, serverInfo);
-                   }
-                   if (classLoader != null && !options.containsKey(CLASSLOADER_LM_OPTION)) {
-                       options.put(CLASSLOADER_LM_OPTION, classLoader);
-                   }
-                   if (loginModule.getLoginDomainName() != null) {
-                       if (domainNames.contains(loginModule.getLoginDomainName())) {
-                           throw new IllegalStateException("Error in realm: one security realm cannot contain multiple login modules for the same login domain");
-                       } else {
-                           domainNames.add(loginModule.getLoginDomainName());
-                       }
-                   }
-                   JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(loginModule.getLoginModuleClass(), controlFlag, options, loginModule.isServerSide(), loginModule.getLoginDomainName());
-                   loginModuleConfigurations.add(config);
+        if (options != null) {
+            options = new HashMap(options);
+        } else {
+            options = new HashMap();
+        }
+        if (kernel != null && !options.containsKey(KERNEL_LM_OPTION)) {
+            options.put(KERNEL_LM_OPTION, kernel.getKernelName());
+        }
+        if (serverInfo != null && !options.containsKey(SERVERINFO_LM_OPTION)) {
+            options.put(SERVERINFO_LM_OPTION, serverInfo);
+        }
+        if (classLoader != null && !options.containsKey(CLASSLOADER_LM_OPTION)) {
+            options.put(CLASSLOADER_LM_OPTION, classLoader);
+        }
+        if (loginModule.getLoginDomainName() != null) {
+            if (domainNames.contains(loginModule.getLoginDomainName())) {
+                throw new IllegalStateException("Error in realm: one security realm cannot contain multiple login modules for the same login domain");
+            } else {
+                domainNames.add(loginModule.getLoginDomainName());
+            }
+        }
+        JaasLoginModuleConfiguration config = new JaasLoginModuleConfiguration(loginModule.getLoginModuleClass(), controlFlag, options, loginModule.isServerSide(), loginModule.getLoginDomainName(), loginModule.isWrapPrincipals());
+        loginModuleConfigurations.add(config);
 
         if (next != null) {
             next.configure(domainNames, loginModuleConfigurations, kernel, serverInfo, classLoader);
@@ -108,9 +110,9 @@
         infoBuilder.addReference("LoginModule", LoginModuleGBean.class, NameFactory.LOGIN_MODULE);
         infoBuilder.addReference("Next", JaasLoginModuleUse.class);
 
-        infoBuilder.addOperation("configure", new Class[] {Set.class, List.class, Kernel.class, ServerInfo.class, ClassLoader.class});
+        infoBuilder.addOperation("configure", new Class[]{Set.class, List.class, Kernel.class, ServerInfo.class, ClassLoader.class});
 
-        infoBuilder.setConstructor(new String[] {"LoginModule", "Next", "controlFlag"});
+        infoBuilder.setConstructor(new String[]{"LoginModule", "Next", "controlFlag"});
         GBEAN_INFO = infoBuilder.getBeanInfo();
     }
 

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleControlFlag.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleControlFlag.java?rev=315020&r1=315019&r2=315020&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleControlFlag.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleControlFlag.java Wed Oct 12 13:01:56 2005
@@ -31,22 +31,28 @@
 
     private static final LoginModuleControlFlag[] values = new LoginModuleControlFlag[4];
 
-    public static final LoginModuleControlFlag REQUIRED = new LoginModuleControlFlag(0, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED);
-    public static final LoginModuleControlFlag REQUISITE = new LoginModuleControlFlag(1, AppConfigurationEntry.LoginModuleControlFlag.REQUISITE);
-    public static final LoginModuleControlFlag SUFFICIENT = new LoginModuleControlFlag(2, AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT);
-    public static final LoginModuleControlFlag OPTIONAL = new LoginModuleControlFlag(3, AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL);
+    public static final LoginModuleControlFlag REQUIRED = new LoginModuleControlFlag(0, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, "REQUIRED");
+    public static final LoginModuleControlFlag REQUISITE = new LoginModuleControlFlag(1, AppConfigurationEntry.LoginModuleControlFlag.REQUISITE, "REQUISITE");
+    public static final LoginModuleControlFlag SUFFICIENT = new LoginModuleControlFlag(2, AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, "SUFFICIENT");
+    public static final LoginModuleControlFlag OPTIONAL = new LoginModuleControlFlag(3, AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, "OPTIONAL");
 
     private final int ordinal;
+    private final String toString;
     private final transient AppConfigurationEntry.LoginModuleControlFlag flag;
 
-    private LoginModuleControlFlag(int ordinal, AppConfigurationEntry.LoginModuleControlFlag flag) {
+    private LoginModuleControlFlag(int ordinal, AppConfigurationEntry.LoginModuleControlFlag flag, String toString) {
         this.ordinal = ordinal;
         this.flag = flag;
+        this.toString = toString;
         values[ordinal] = this;
     }
 
     public AppConfigurationEntry.LoginModuleControlFlag getFlag() {
         return flag;
+    }
+
+    public String toString() {
+        return toString;
     }
 
     Object readResolve() throws ObjectStreamException {

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java?rev=315020&r1=315019&r2=315020&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleGBean.java Wed Oct 12 13:01:56 2005
@@ -22,6 +22,7 @@
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 
+
 /**
  * A GBean that wraps a LoginModule, plus options to configure the LoginModule.
  * If you want to deploy the same LoginModule with different options, you need
@@ -37,14 +38,16 @@
     private Properties options;
     private String objectName;
     private boolean serverSide;
+    private boolean wrapPrincipals;
 
     public LoginModuleGBean() {
     }
-    
-    public LoginModuleGBean(String loginModuleClass, String objectName, boolean serverSide) {
+
+    public LoginModuleGBean(String loginModuleClass, String objectName, boolean serverSide, boolean wrapPrincipals) {
         this.loginModuleClass = loginModuleClass;
         this.objectName = objectName;
         this.serverSide = serverSide;
+        this.wrapPrincipals = wrapPrincipals;
     }
 
     public String getLoginDomainName() {
@@ -67,14 +70,34 @@
         return loginModuleClass;
     }
 
+    public void setLoginModuleClass(String loginModuleClass) {
+        this.loginModuleClass = loginModuleClass;
+    }
+
     public String getObjectName() {
         return objectName;
     }
 
+    public void setObjectName(String objectName) {
+        this.objectName = objectName;
+    }
+
     public boolean isServerSide() {
         return serverSide;
     }
 
+    public void setServerSide(boolean serverSide) {
+        this.serverSide = serverSide;
+    }
+
+    public boolean isWrapPrincipals() {
+        return wrapPrincipals;
+    }
+
+    public void setWrapPrincipals(boolean wrapPrincipals) {
+        this.wrapPrincipals = wrapPrincipals;
+    }
+
     public static final GBeanInfo GBEAN_INFO;
 
     static {
@@ -84,7 +107,9 @@
         infoFactory.addAttribute("objectName", String.class, false);
         infoFactory.addAttribute("serverSide", boolean.class, true);
         infoFactory.addAttribute("loginDomainName", String.class, true);
-        infoFactory.setConstructor(new String[]{"loginModuleClass","objectName","serverSide"});
+        infoFactory.addAttribute("wrapPrincipals", boolean.class, true);
+        infoFactory.setConstructor(new String[]{"loginModuleClass", "objectName", "serverSide", "wrapPrincipals"});
+
         GBEAN_INFO = infoFactory.getBeanInfo();
     }
 

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginUtils.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginUtils.java?rev=315020&r1=315019&r2=315020&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginUtils.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginUtils.java Wed Oct 12 13:01:56 2005
@@ -16,51 +16,63 @@
  */
 package org.apache.geronimo.security.jaas;
 
-import javax.security.auth.login.LoginException;
+import java.io.Externalizable;
+import java.io.Serializable;
+import java.rmi.Remote;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+import javax.security.auth.Subject;
+
+import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
+
 
 /**
  * Helper class the computes the login result across a number of separate
  * login modules.
- * 
+ *
  * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
  */
 public class LoginUtils {
-    public static boolean computeLogin(LoginModuleConfiguration[] modules) throws LoginException {
-        Boolean success = null;
-        Boolean backup = null;
-        // see http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/Configuration.html
-        for(int i = 0; i < modules.length; i++) {
-            LoginModuleConfiguration module = modules[i];
-            boolean result = module.getModule().login();
-            if(module.getControlFlag() == LoginModuleControlFlag.REQUIRED) {
-                if(success == null || success.booleanValue()) {
-                    success = result ? Boolean.TRUE : Boolean.FALSE;
-                }
-            } else if(module.getControlFlag() == LoginModuleControlFlag.REQUISITE) {
-                if(!result) {
-                    return false;
-                } else if(success == null) {
-                   success = Boolean.TRUE;
-                }
-            } else if(module.getControlFlag() == LoginModuleControlFlag.SUFFICIENT) {
-                if(result && (success == null || success.booleanValue())) {
-                    return true;
-                }
-            } else if(module.getControlFlag() == LoginModuleControlFlag.OPTIONAL) {
-                if(backup == null || backup.booleanValue()) {
-                    backup = result ? Boolean.TRUE : Boolean.FALSE;
-                }
+    public static void copyPrincipals(Subject to, Subject from) {
+        to.getPrincipals().addAll(from.getPrincipals());
+    }
+
+    public static Map getSerializableCopy(Map from) {
+        Map to = new HashMap();
+        for (Iterator it = from.keySet().iterator(); it.hasNext();) {
+            String key = (String) it.next();
+            Object value = from.get(key);
+            if (value instanceof Serializable || value instanceof Externalizable || value instanceof Remote) {
+                to.put(key, value);
             }
         }
-        // all required and requisite modules succeeded, or at least one required module failed
-        if(success != null) {
-            return success.booleanValue();
-        }
-        // no required or requisite modules, no sufficient modules succeeded, fall back to optional modules
-        if(backup != null) {
-            return backup.booleanValue();
+        return to;
+    }
+
+    public static Set getSerializableCopy(Set from) {
+        Set to = new HashSet();
+        for (Iterator it = from.iterator(); it.hasNext();) {
+            Object value = it.next();
+            if (value instanceof Serializable || value instanceof Externalizable || value instanceof Remote) {
+                to.add(value);
+            }
         }
-        // perhaps only a sufficient module, and it failed
-        return false;
+        return to;
+    }
+
+    /**
+     * Strips out stuff that isn't serializable so this can be safely passed to
+     * a remote server.
+     */
+    public static JaasLoginModuleConfiguration getSerializableCopy(JaasLoginModuleConfiguration config) {
+        return new JaasLoginModuleConfiguration(config.getLoginModuleClassName(),
+                                                config.getFlag(),
+                                                LoginUtils.getSerializableCopy(config.getOptions()),
+                                                config.isServerSide(),
+                                                config.getLoginDomainName(),
+                                                config.isWrapPrincipals());
     }
 }

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java?rev=315020&r1=315019&r2=315020&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ServerRealmConfigurationEntry.java Wed Oct 12 13:01:56 2005
@@ -22,6 +22,9 @@
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
+import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
+import org.apache.geronimo.security.jaas.client.JaasLoginCoordinator;
 
 
 /**
@@ -37,6 +40,7 @@
     private final String realmName;
     private final Kernel kernel;
     private final JaasLoginServiceMBean loginService;
+    private boolean wrapPrincipals;
 
     public ServerRealmConfigurationEntry() {
         this.applicationConfigName = null;
@@ -48,10 +52,10 @@
     public ServerRealmConfigurationEntry(String applicationConfigName, String realmName, Kernel kernel, JaasLoginServiceMBean loginService) {
         this.applicationConfigName = applicationConfigName;
         this.realmName = realmName;
-        if(applicationConfigName == null || realmName == null) {
+        if (applicationConfigName == null || realmName == null) {
             throw new IllegalArgumentException("applicationConfigName and realmName are required");
         }
-        if(applicationConfigName.equals(realmName)) {
+        if (applicationConfigName.equals(realmName)) {
             throw new IllegalArgumentException("applicationConfigName must be different than realmName (there's an automatic entry using the same name as the realm name, so you don't need a ServerRealmConfigurationEntry if you're just going to use that!)");
         }
         this.kernel = kernel;
@@ -62,6 +66,14 @@
         return applicationConfigName;
     }
 
+    public boolean isWrapPrincipals() {
+        return wrapPrincipals;
+    }
+
+    public void setWrapPrincipals(boolean wrapPrincipals) {
+        this.wrapPrincipals = wrapPrincipals;
+    }
+
     public JaasLoginModuleConfiguration generateConfiguration() {
         Properties options = new Properties();
         options.put(JaasLoginCoordinator.OPTION_REALM, realmName);
@@ -73,7 +85,7 @@
         options.put("realm", realmName);
         options.put("kernel", kernel.getKernelName());
 
-        return new JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true, applicationConfigName);
+        return new JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true, applicationConfigName, wrapPrincipals);
     }
 
     public static final GBeanInfo GBEAN_INFO;
@@ -85,6 +97,7 @@
         infoFactory.addAttribute("realmName", String.class, true);
         infoFactory.addAttribute("kernel", Kernel.class, false);
         infoFactory.addReference("LoginService", JaasLoginServiceMBean.class, "JaasLoginService");
+        infoFactory.addAttribute("wrapPrincipals", Boolean.TYPE, true);
 
         infoFactory.setConstructor(new String[]{"applicationConfigName", "realmName", "kernel", "LoginService"});
         GBEAN_INFO = infoFactory.getBeanInfo();

Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ClientLoginModuleProxy.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ClientLoginModuleProxy.java?rev=315020&view=auto
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ClientLoginModuleProxy.java (added)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ClientLoginModuleProxy.java Wed Oct 12 13:01:56 2005
@@ -0,0 +1,65 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.security.jaas.client;
+
+import java.util.Map;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
+
+
+/**
+ * @version $Revision: $ $Date: $
+ */
+public class ClientLoginModuleProxy extends LoginModuleProxy
+{
+    private final LoginModule source;
+
+    public ClientLoginModuleProxy(LoginModuleControlFlag controlFlag, Subject subject, LoginModule source)
+    {
+        super(controlFlag, subject);
+        this.source = source;
+    }
+
+    public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
+    {
+        source.initialize(subject, callbackHandler, sharedState, options);
+    }
+
+    public boolean login() throws LoginException
+    {
+        return source.login();
+    }
+
+    public boolean commit() throws LoginException
+    {
+        return source.commit();
+    }
+
+    public boolean abort() throws LoginException
+    {
+        return source.abort();
+    }
+
+    public boolean logout() throws LoginException
+    {
+        return source.logout();
+    }
+}
\ No newline at end of file

Copied: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/JaasLoginCoordinator.java (from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java)
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/JaasLoginCoordinator.java?p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/JaasLoginCoordinator.java&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java&r1=289678&r2=315020&rev=315020&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/JaasLoginCoordinator.java Wed Oct 12 13:01:56 2005
@@ -1,6 +1,6 @@
 /**
  *
- * Copyright 2003-2004 The Apache Software Foundation
+ * Copyright 2003-2005 The Apache Software Foundation
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -14,26 +14,25 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  */
-package org.apache.geronimo.security.jaas;
+package org.apache.geronimo.security.jaas.client;
 
-import java.security.Principal;
-import java.util.ArrayList;
 import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import javax.management.MalformedObjectNameException;
 import javax.management.ObjectName;
 import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 
 import org.apache.geronimo.kernel.Kernel;
 import org.apache.geronimo.kernel.KernelRegistry;
+import org.apache.geronimo.security.jaas.server.JaasSessionId;
+import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
+import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
+import org.apache.geronimo.security.jaas.LoginUtils;
+import org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
 import org.apache.geronimo.security.remoting.jmx.JaasLoginServiceRemotingClient;
 
 
@@ -64,9 +63,10 @@
     private JaasLoginServiceMBean service;
     private CallbackHandler handler;
     private Subject subject;
-    private Set processedPrincipals = new HashSet();
-    private JaasClientId clientHandle;
-    LoginModuleConfiguration[] workers;
+    private JaasSessionId sessionHandle;
+    private LoginModuleProxy[] proxies;
+    private final Map sharedState = new HashMap();
+
 
     public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
         serverHost = (String) options.get(OPTION_HOST);
@@ -89,47 +89,48 @@
         } else {
             this.subject = subject;
         }
-        //todo: shared state
     }
 
     public boolean login() throws LoginException {
-        clientHandle = service.connectToRealm(realmName);
-        JaasLoginModuleConfiguration[] config = service.getLoginConfiguration(clientHandle);
-        workers = new LoginModuleConfiguration[config.length];
+        sessionHandle = service.connectToRealm(realmName);
+        JaasLoginModuleConfiguration[] config = service.getLoginConfiguration(sessionHandle);
+        proxies = new LoginModuleProxy[config.length];
 
-        for (int i = 0; i < workers.length; i++) {
-            LoginModule wrapper;
+        for (int i = 0; i < proxies.length; i++) {
             if (config[i].isServerSide()) {
-                wrapper = new ServerLoginModule(i);
+                proxies[i] = new ServerLoginProxy(config[i].getFlag(), subject, i, service, sessionHandle);
             } else {
                 LoginModule source = config[i].getLoginModule(JaasLoginCoordinator.class.getClassLoader());
-                wrapper = new ClientLoginModule(source, i);
+                if (config[i].isWrapPrincipals()) {
+                    proxies[i] = new WrappingClientLoginModuleProxy(config[i].getFlag(), subject, source, config[i].getLoginDomainName(), realmName);
+                } else {
+                    proxies[i] = new ClientLoginModuleProxy(config[i].getFlag(), subject, source);
+                }
             }
-            workers[i] = new LoginModuleConfiguration(wrapper, config[i].getFlag());
-            workers[i].getModule().initialize(subject, handler, new HashMap(), config[i].getOptions());
+            proxies[i].initialize(subject, handler, sharedState, config[i].getOptions());
+            syncSharedState();
         }
-        return performLogin(workers);
+        return performLogin();
     }
 
     public boolean commit() throws LoginException {
-        for (int i = 0; i < workers.length; i++) {
-            workers[i].getModule().commit();
-        }
-        Principal[] principals = service.loginSucceeded(clientHandle);
-        for (int i = 0; i < principals.length; i++) {
-            Principal principal = principals[i];
-            subject.getPrincipals().add(principal);
+        for (int i = 0; i < proxies.length; i++) {
+            proxies[i].commit();
+            syncSharedState();
+            syncPrincipals();
         }
+        subject.getPrincipals().add(service.loginSucceeded(sessionHandle));
         return true;
     }
 
     public boolean abort() throws LoginException {
         try {
-            for (int i = 0; i < workers.length; i++) {
-                workers[i].getModule().abort();
+            for (int i = 0; i < proxies.length; i++) {
+                proxies[i].abort();
+                syncSharedState();
             }
         } finally {
-            service.loginFailed(clientHandle);
+            service.loginFailed(sessionHandle);
         }
         clear();
         return true;
@@ -137,11 +138,12 @@
 
     public boolean logout() throws LoginException {
         try {
-            for (int i = 0; i < workers.length; i++) {
-                workers[i].getModule().logout();
+            for (int i = 0; i < proxies.length; i++) {
+                proxies[i].logout();
+                syncSharedState();
             }
         } finally {
-            service.logout(clientHandle);
+            service.logout(sessionHandle);
         }
         clear();
         return true;
@@ -159,9 +161,8 @@
         service = null;
         handler = null;
         subject = null;
-        processedPrincipals.clear();
-        clientHandle = null;
-        workers = null;
+        sessionHandle = null;
+        proxies = null;
     }
 
     private JaasLoginServiceMBean connect() {
@@ -176,32 +177,33 @@
     /**
      * See http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/Configuration.html
      *
-     * @param modules
      * @return
      * @throws LoginException
      */
-    private static boolean performLogin(LoginModuleConfiguration[] modules) throws LoginException {
+    private boolean performLogin() throws LoginException {
         Boolean success = null;
         Boolean backup = null;
 
-        for (int i = 0; i < modules.length; i++) {
-            LoginModuleConfiguration module = modules[i];
-            boolean result = module.getModule().login();
-            if (module.getControlFlag() == LoginModuleControlFlag.REQUIRED) {
+        for (int i = 0; i < proxies.length; i++) {
+            LoginModuleProxy proxy = proxies[i];
+            boolean result = proxy.login();
+            syncSharedState();
+
+            if (proxy.getControlFlag() == LoginModuleControlFlag.REQUIRED) {
                 if (success == null || success.booleanValue()) {
                     success = result ? Boolean.TRUE : Boolean.FALSE;
                 }
-            } else if (module.getControlFlag() == LoginModuleControlFlag.REQUISITE) {
+            } else if (proxy.getControlFlag() == LoginModuleControlFlag.REQUISITE) {
                 if (!result) {
                     return false;
                 } else if (success == null) {
                     success = Boolean.TRUE;
                 }
-            } else if (module.getControlFlag() == LoginModuleControlFlag.SUFFICIENT) {
+            } else if (proxy.getControlFlag() == LoginModuleControlFlag.SUFFICIENT) {
                 if (result && (success == null || success.booleanValue())) {
                     return true;
                 }
-            } else if (module.getControlFlag() == LoginModuleControlFlag.OPTIONAL) {
+            } else if (proxy.getControlFlag() == LoginModuleControlFlag.OPTIONAL) {
                 if (backup == null || backup.booleanValue()) {
                     backup = result ? Boolean.TRUE : Boolean.FALSE;
                 }
@@ -219,106 +221,13 @@
         return false;
     }
 
-    private class ClientLoginModule implements LoginModule {
-        private LoginModule source;
-        int index;
-
-        public ClientLoginModule(LoginModule source, int index) {
-            this.source = source;
-            this.index = index;
-        }
-
-        public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
-            source.initialize(subject, callbackHandler, sharedState, options);
-        }
-
-        public boolean login() throws LoginException {
-            return source.login();
-        }
-
-        /**
-         * Commit the LoginModule that is being wrapped.  Send the resulting
-         * principals that are obtained back to the server.
-         *
-         * @return true if this method succeeded, or false if this
-         *         <code>LoginModule</code> should be ignored.
-         * @throws LoginException if commit fails
-         */
-        public boolean commit() throws LoginException {
-            boolean result = source.commit();
-            List list = new ArrayList();
-            for (Iterator it = subject.getPrincipals().iterator(); it.hasNext();) {
-                Principal p = (Principal) it.next();
-                if (!processedPrincipals.contains(p)) {
-                    list.add(p);
-                    processedPrincipals.add(p);
-                }
-            }
-            service.clientLoginModuleCommit(clientHandle, index, (Principal[]) list.toArray(new Principal[list.size()]));
-            return result;
-        }
-
-        public boolean abort() throws LoginException {
-            return source.abort();
-        }
-
-        public boolean logout() throws LoginException {
-            return source.logout();
-        }
+    private void syncSharedState() throws LoginException {
+        Map map = service.syncShareState(sessionHandle, LoginUtils.getSerializableCopy(sharedState));
+        sharedState.putAll(map);
     }
 
-    private class ServerLoginModule implements LoginModule {
-        int index;
-        CallbackHandler handler;
-        Callback[] callbacks;
-
-        public ServerLoginModule(int index) {
-            this.index = index;
-        }
-
-        public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options) {
-            this.handler = handler;
-        }
-
-        /**
-         * Perform a login on the server side.
-         * <p/>
-         * Here we get the Callbacks from the server side, pass them to the
-         * local handler so that they may be filled.  We pass the resulting
-         * set of Callbacks back to the server.
-         *
-         * @return true if the authentication succeeded, or false if this
-         *         <code>LoginModule</code> should be ignored.
-         * @throws LoginException if the authentication fails
-         */
-        public boolean login() throws LoginException {
-            try {
-                callbacks = service.getServerLoginCallbacks(clientHandle, index);
-                if (handler != null) {
-                    handler.handle(callbacks);
-                } else if (callbacks != null && callbacks.length > 0) {
-                    System.err.println("No callback handler available for " + callbacks.length + " callbacks!");
-                }
-                return service.performServerLogin(clientHandle, index, callbacks);
-            } catch (LoginException le) {
-                throw le;
-            } catch (Exception e) {
-                LoginException le = new LoginException("Error filling callback list");
-                le.initCause(e);
-                throw le;
-            }
-        }
-
-        public boolean commit() throws LoginException {
-            return service.serverLoginModuleCommit(clientHandle, index);
-        }
-
-        public boolean abort() throws LoginException {
-            return false; // taken care of with a single call to the server
-        }
-
-        public boolean logout() throws LoginException {
-            return false; // taken care of with a single call to the server
-        }
+    private void syncPrincipals() throws LoginException {
+        Set principals = service.syncPrincipals(sessionHandle, subject.getPrincipals());
+        subject.getPrincipals().addAll(principals);
     }
 }

Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/LoginModuleProxy.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/LoginModuleProxy.java?rev=315020&view=auto
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/LoginModuleProxy.java (added)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/LoginModuleProxy.java Wed Oct 12 13:01:56 2005
@@ -0,0 +1,43 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.security.jaas.client;
+
+import javax.security.auth.Subject;
+import javax.security.auth.spi.LoginModule;
+
+import org.apache.geronimo.security.jaas.server.JaasSessionId;
+import org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
+import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
+
+
+/**
+ * @version $Revision: $ $Date: $
+ */
+public abstract class LoginModuleProxy implements LoginModule {
+    final protected LoginModuleControlFlag controlFlag;
+    final protected Subject subject;
+
+    public LoginModuleProxy(LoginModuleControlFlag controlFlag, Subject subject)
+    {
+        this.controlFlag = controlFlag;
+        this.subject = subject;
+    }
+
+    public LoginModuleControlFlag getControlFlag() {
+        return controlFlag;
+    }
+}

Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java?rev=315020&view=auto
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java (added)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java Wed Oct 12 13:01:56 2005
@@ -0,0 +1,92 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.security.jaas.client;
+
+import java.util.Map;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+import org.apache.geronimo.security.jaas.server.JaasSessionId;
+import org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
+import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
+
+
+/**
+ * @version $Revision: $ $Date: $
+ */
+public class ServerLoginProxy extends LoginModuleProxy {
+    CallbackHandler handler;
+    Callback[] callbacks;
+    private final int lmIndex;
+    private final JaasLoginServiceMBean service;
+    private final JaasSessionId sessionHandle;
+
+    public ServerLoginProxy(LoginModuleControlFlag controlFlag, Subject subject, int lmIndex,
+                            JaasLoginServiceMBean service, JaasSessionId sessionHandle)
+    {
+        super(controlFlag, subject);
+        this.lmIndex = lmIndex;
+        this.service = service;
+        this.sessionHandle = sessionHandle;
+    }
+
+    public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options) {
+        this.handler = handler;
+    }
+
+    /**
+     * Perform a login on the server side.
+     * <p/>
+     * Here we get the Callbacks from the server side, pass them to the
+     * local handler so that they may be filled.  We pass the resulting
+     * set of Callbacks back to the server.
+     *
+     * @return true if the authentication succeeded, or false if this
+     *         <code>LoginModule</code> should be ignored.
+     * @throws javax.security.auth.login.LoginException
+     *          if the authentication fails
+     */
+    public boolean login() throws LoginException {
+        try {
+            callbacks = service.getServerLoginCallbacks(sessionHandle, lmIndex);
+            if (handler != null) {
+                handler.handle(callbacks);
+            } else if (callbacks != null && callbacks.length > 0) {
+                System.err.println("No callback handler available for " + callbacks.length + " callbacks!");
+            }
+            return service.performLogin(sessionHandle, lmIndex, callbacks);
+        } catch (Exception e) {
+            LoginException le = new LoginException("Error filling callback list");
+            le.initCause(e);
+            throw le;
+        }
+    }
+
+    public boolean commit() throws LoginException {
+        return service.performCommit(sessionHandle, lmIndex);
+    }
+
+    public boolean abort() throws LoginException {
+        return false; // taken care of with a single call to the server
+    }
+
+    public boolean logout() throws LoginException {
+        return false; // taken care of with a single call to the server
+    }
+}
\ No newline at end of file

Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/WrappingClientLoginModuleProxy.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/WrappingClientLoginModuleProxy.java?rev=315020&view=auto
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/WrappingClientLoginModuleProxy.java (added)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/client/WrappingClientLoginModuleProxy.java Wed Oct 12 13:01:56 2005
@@ -0,0 +1,78 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.security.jaas.client;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.apache.geronimo.security.DomainPrincipal;
+import org.apache.geronimo.security.RealmPrincipal;
+import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
+
+
+/**
+ * @version $Revision: $ $Date: $
+ */
+public class WrappingClientLoginModuleProxy extends ClientLoginModuleProxy {
+    private final String loginDomainName;
+    private final String realmName;
+    private final Subject localSubject = new Subject();
+
+    public WrappingClientLoginModuleProxy(LoginModuleControlFlag controlFlag, Subject subject, LoginModule source,
+                                          String loginDomainName, String realmName)
+    {
+        super(controlFlag, subject, source);
+        this.loginDomainName = loginDomainName;
+        this.realmName = realmName;
+    }
+
+    public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
+        super.initialize(localSubject, callbackHandler, sharedState, options);
+    }
+
+    public boolean commit() throws LoginException {
+        boolean result = super.commit();
+
+        Set wrapped = new HashSet();
+        for (Iterator iter = subject.getPrincipals().iterator(); iter.hasNext();) {
+            DomainPrincipal dPrincipal = new DomainPrincipal(loginDomainName, (Principal) iter.next());
+
+            wrapped.add(dPrincipal);
+            wrapped.add(new RealmPrincipal(realmName, dPrincipal));
+        }
+        localSubject.getPrincipals().addAll(wrapped);
+        subject.getPrincipals().addAll(localSubject.getPrincipals());
+
+        return result;
+    }
+
+    public boolean logout() throws LoginException {
+        boolean result = super.logout();
+
+        subject.getPrincipals().removeAll(localSubject.getPrincipals());
+        localSubject.getPrincipals().clear();
+
+        return result;
+    }
+}
\ No newline at end of file

Copied: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/DecouplingCallbackHandler.java (from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java)
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/DecouplingCallbackHandler.java?p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/DecouplingCallbackHandler.java&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java&r1=289678&r2=315020&rev=315020&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/DecouplingCallbackHandler.java Wed Oct 12 13:01:56 2005
@@ -14,7 +14,7 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  */
-package org.apache.geronimo.security.jaas;
+package org.apache.geronimo.security.jaas.server;
 
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;

Copied: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/ExpiredLoginModuleException.java (from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ExpiredLoginModuleException.java)
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/ExpiredLoginModuleException.java?p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/ExpiredLoginModuleException.java&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ExpiredLoginModuleException.java&r1=289678&r2=315020&rev=315020&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/ExpiredLoginModuleException.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/ExpiredLoginModuleException.java Wed Oct 12 13:01:56 2005
@@ -15,7 +15,7 @@
  *  limitations under the License.
  */
 
-package org.apache.geronimo.security.jaas;
+package org.apache.geronimo.security.jaas.server;
 
 import javax.security.auth.login.LoginException;
 

Propchange: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/ExpiredLoginModuleException.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/ExpiredLoginModuleException.java
------------------------------------------------------------------------------
    svn:keywords = author date id rev

Copied: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/JaasLoginModuleConfiguration.java (from r289678, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java)
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/JaasLoginModuleConfiguration.java?p2=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/JaasLoginModuleConfiguration.java&p1=geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java&r1=289678&r2=315020&rev=315020&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/server/JaasLoginModuleConfiguration.java Wed Oct 12 13:01:56 2005
@@ -14,17 +14,15 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  */
-package org.apache.geronimo.security.jaas;
+package org.apache.geronimo.security.jaas.server;
 
-import java.io.Externalizable;
 import java.io.Serializable;
-import java.rmi.Remote;
-import java.util.HashMap;
-import java.util.Iterator;
 import java.util.Map;
 import javax.security.auth.spi.LoginModule;
 
 import org.apache.geronimo.common.GeronimoSecurityException;
+import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
+
 
 /**
  * Describes the configuration of a LoginModule -- its name, class, control
@@ -34,22 +32,26 @@
  * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
  */
 public class JaasLoginModuleConfiguration implements Serializable {
-    private boolean serverSide;
-    private String loginDomainName;
-    private LoginModuleControlFlag flag;
-    private String loginModuleName;
-    private Map options;
-
-    public JaasLoginModuleConfiguration(String loginModuleName, LoginModuleControlFlag flag, Map options, boolean serverSide, String loginDomainName) {
+    private final boolean serverSide;
+    private final String loginDomainName;
+    private final LoginModuleControlFlag flag;
+    private final String loginModuleName;
+    private final Map options;
+    private final boolean wrapPrincipals;
+
+    public JaasLoginModuleConfiguration(String loginModuleName, LoginModuleControlFlag flag, Map options,
+                                        boolean serverSide, String loginDomainName, boolean wrapPrincipals)
+    {
         this.serverSide = serverSide;
         this.flag = flag;
         this.loginModuleName = loginModuleName;
         this.options = options;
         this.loginDomainName = loginDomainName;
+        this.wrapPrincipals = wrapPrincipals;
     }
 
     public JaasLoginModuleConfiguration(String loginModuleName, LoginModuleControlFlag flag, Map options, boolean serverSide) {
-        this(loginModuleName, flag, options, serverSide, null);
+        this(loginModuleName, flag, options, serverSide, null, false);
     }
 
     public String getLoginModuleClassName() {
@@ -80,20 +82,7 @@
         return loginDomainName;
     }
 
-    /**
-     * Strips out stuff that isn't serializable so this can be safely passed to
-     * a remote server.
-     */
-    public JaasLoginModuleConfiguration getSerializableCopy() {
-        Map other = new HashMap();
-        for (Iterator it = options.keySet().iterator(); it.hasNext();) {
-            String key = (String) it.next();
-            Object value = options.get(key);
-            if (value instanceof Serializable || value instanceof Externalizable || value instanceof Remote) {
-                other.put(key, value);
-            }
-        }
-
-        return new JaasLoginModuleConfiguration(loginModuleName, flag, other, serverSide, loginDomainName);
+    public boolean isWrapPrincipals() {
+        return wrapPrincipals;
     }
 }



Mime
View raw message