geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r367430 - in /geronimo/trunk/modules/jetty/src: java/org/apache/geronimo/jetty/ java/org/apache/geronimo/jetty/interceptor/ test/org/apache/geronimo/jetty/
Date Tue, 10 Jan 2006 00:02:24 GMT
Author: djencks
Date: Mon Jan  9 16:02:19 2006
New Revision: 367430

URL: http://svn.apache.org/viewcvs?rev=367430&view=rev
Log:
GERONIMO-1440 Restructure realm management so it is based on our security realm names and
basically ignores the realm-name from web.xml

Added:
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java
Modified:
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
    geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java

Added: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java?rev=367430&view=auto
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java
(added)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java
Mon Jan  9 16:02:19 2006
@@ -0,0 +1,175 @@
+/**
+ *
+ * Copyright 2004 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.jetty;
+
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.HashMap;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.security.jacc.WebRoleRefPermission;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.geronimo.jetty.interceptor.SecurityContextBeforeAfter;
+import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.realm.providers.CertificateCallbackHandler;
+import org.apache.geronimo.security.realm.providers.ClearableCallbackHandler;
+import org.apache.geronimo.security.realm.providers.PasswordCallbackHandler;
+import org.mortbay.http.HttpRequest;
+
+
+/**
+ * @version $Rev: 367263 $ $Date: 2006-01-09 02:19:08 -0800 (Mon, 09 Jan 2006) $
+ */
+public class InternalJAASJettyRealm {
+    private static Log log = LogFactory.getLog(InternalJAASJettyRealm.class);
+
+    private final String securityRealmName;
+    private final HashMap userMap = new HashMap();
+    private int count = 1;
+
+    public InternalJAASJettyRealm(String geronimoRealmName) {
+        this.securityRealmName = geronimoRealmName;
+    }
+
+    public String getSecurityRealmName() {
+        return securityRealmName;
+    }
+
+    public Principal getPrincipal(String username) {
+        return (Principal) userMap.get(username);
+    }
+
+    public Principal authenticate(String username, Object credentials, HttpRequest request)
{
+        try {
+            if ((username != null) && (!username.equals(""))) {
+
+                JAASJettyPrincipal userPrincipal = (JAASJettyPrincipal) userMap.get(username);
+
+                //user has been previously authenticated, but
+                //re-authentication has been requested, so remove them
+                if (userPrincipal != null) {
+                    userMap.remove(username);
+                }
+
+                ClearableCallbackHandler callbackHandler;
+                if (credentials instanceof char[]) {
+                    char[] password = (char[]) credentials;
+                    callbackHandler = new PasswordCallbackHandler(username, password);
+                } else if (credentials instanceof String) {
+                    char[] password = ((String) credentials).toCharArray();
+                    callbackHandler = new PasswordCallbackHandler(username, password);
+                } else if (credentials instanceof X509Certificate[]) {
+                    X509Certificate[] certs = (X509Certificate[]) credentials;
+                    if (certs.length < 1) {
+                        throw new LoginException("no certificates supplied");
+                    }
+                    callbackHandler = new CertificateCallbackHandler(certs[0]);
+                } else {
+                    throw new LoginException("Cannot extract credentials from class: " +
credentials.getClass().getName());
+                }
+
+                //set up the login context
+                LoginContext loginContext = new LoginContext(securityRealmName, callbackHandler);
+                loginContext.login();
+                callbackHandler.clear();
+
+                Subject subject = ContextManager.getServerSideSubject(loginContext.getSubject());
+                ContextManager.setCurrentCaller(subject);
+
+                //login success
+                userPrincipal = new JAASJettyPrincipal(username);
+                userPrincipal.setSubject(subject);
+
+                userMap.put(username, userPrincipal);
+
+                return userPrincipal;
+            } else {
+                log.debug("Login Failed - null userID");
+                return null;
+            }
+
+        } catch (LoginException e) {
+//          log.warn("Login Failed", e);
+            log.debug("Login Failed", e);
+            return null;
+        }
+    }
+
+    public void logout(Principal user) {
+        JAASJettyPrincipal principal = (JAASJettyPrincipal) user;
+
+        userMap.remove(principal.getName());
+        ContextManager.unregisterSubject(principal.getSubject());
+    }
+
+    public boolean reauthenticate(Principal user) {
+        // TODO This is not correct if auth can expire! We need to
+
+        ContextManager.setCurrentCaller(((JAASJettyPrincipal) user).getSubject());
+
+        // get the user out of the cache
+        return (userMap.get(user.getName()) != null);
+    }
+
+    public void disassociate(Principal user) {
+        // do nothing
+    }
+
+    public boolean isUserInRole(Principal user, String role) {
+        if (user == null || role == null) {
+            return false;
+        }
+
+        AccessControlContext acc = ContextManager.getCurrentContext();
+        try {
+            // JACC v1.0 secion B.19
+            String servletName = JettyServletHolder.getCurrentServletName();
+            if (servletName.equals("jsp")) {
+                servletName = "";
+            }
+            acc.checkPermission(new WebRoleRefPermission(servletName, role));
+        } catch (AccessControlException e) {
+            return false;
+        }
+        return true;
+    }
+
+    public Principal pushRole(Principal user, String role) {
+        ((JAASJettyPrincipal) user).push(ContextManager.getCurrentCaller());
+        ContextManager.setCurrentCaller(SecurityContextBeforeAfter.getCurrentRoleDesignate(role));
+        return user;
+    }
+
+    public Principal popRole(Principal user) {
+        ContextManager.setCurrentCaller(((JAASJettyPrincipal) user).pop());
+        return user;
+    }
+
+    public void addUse() {
+        count++;
+    }
+
+    public int removeUse() {
+        return count--;
+    }
+
+}

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java?rev=367430&r1=367429&r2=367430&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java Mon
Jan  9 16:02:19 2006
@@ -16,23 +16,10 @@
  */
 package org.apache.geronimo.jetty;
 
-import java.security.AccessControlContext;
-import java.security.AccessControlException;
 import java.security.Principal;
-import java.security.cert.X509Certificate;
-import java.util.HashMap;
-import javax.security.auth.Subject;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-import javax.security.jacc.WebRoleRefPermission;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.apache.geronimo.jetty.interceptor.SecurityContextBeforeAfter;
-import org.apache.geronimo.security.ContextManager;
-import org.apache.geronimo.security.realm.providers.CertificateCallbackHandler;
-import org.apache.geronimo.security.realm.providers.ClearableCallbackHandler;
-import org.apache.geronimo.security.realm.providers.PasswordCallbackHandler;
 import org.mortbay.http.HttpRequest;
 import org.mortbay.http.UserRealm;
 
@@ -44,12 +31,11 @@
     private static Log log = LogFactory.getLog(JAASJettyRealm.class);
 
     private final String webRealmName;
-    private final String geronimoRealmName;
-    private final HashMap userMap = new HashMap();
+    private final InternalJAASJettyRealm internalJAASJettyRealm;
 
-    public JAASJettyRealm(String realmName, String geronimoRealmName) {
+    public JAASJettyRealm(String realmName, InternalJAASJettyRealm internalJAASJettyRealm)
{
         this.webRealmName = realmName;
-        this.geronimoRealmName = geronimoRealmName;
+        this.internalJAASJettyRealm = internalJAASJettyRealm;
     }
 
     public String getName() {
@@ -57,126 +43,39 @@
     }
 
     public Principal getPrincipal(String username) {
-        return (Principal) userMap.get(username);
+        return internalJAASJettyRealm.getPrincipal(username);
     }
 
     public Principal authenticate(String username, Object credentials, HttpRequest request)
{
-        try {
-            if ( (username!=null) && (!username.equals("")) ) {
-
-                JAASJettyPrincipal userPrincipal = (JAASJettyPrincipal) userMap.get(username);
-
-                //user has been previously authenticated, but
-                //re-authentication has been requested, so remove them
-                if (userPrincipal != null) {
-                    userMap.remove(username);
-                }
-
-                ClearableCallbackHandler callbackHandler;
-                if (credentials instanceof char[]) {
-                    char[] password = (char[]) credentials;
-                    callbackHandler = new PasswordCallbackHandler(username, password);
-                } else if (credentials instanceof String) {
-                    char[] password = ((String) credentials).toCharArray();
-                    callbackHandler = new PasswordCallbackHandler(username, password);
-                } else if (credentials instanceof X509Certificate[]) {
-                    X509Certificate[] certs = (X509Certificate[]) credentials;
-                    if (certs.length < 1) {
-                        throw new LoginException("no certificates supplied");
-                    }
-                    callbackHandler = new CertificateCallbackHandler(certs[0]);
-                } else {
-                    throw new LoginException("Cannot extract credentials from class: " +
credentials.getClass().getName());
-                }
-
-                //set up the login context
-                LoginContext loginContext = new LoginContext(geronimoRealmName, callbackHandler);
-                loginContext.login();
-                callbackHandler.clear();
-
-                Subject subject = ContextManager.getServerSideSubject(loginContext.getSubject());
-                ContextManager.setCurrentCaller(subject);
-
-                //login success
-                userPrincipal = new JAASJettyPrincipal(username);
-                userPrincipal.setSubject(subject);
-
-                userMap.put(username, userPrincipal);
-
-                return userPrincipal;
-            }
-            else {
-                log.debug("Login Failed - null userID");
-                return null;
-            }
-
-        } catch (LoginException e) {
-//          log.warn("Login Failed", e);
-            log.debug("Login Failed", e);
-            return null;
-        }
-    }
-
-    public void logout(Principal user) {
-        JAASJettyPrincipal principal = (JAASJettyPrincipal) user;
-
-        userMap.remove(principal.getName());
-        ContextManager.unregisterSubject(principal.getSubject());
+        return internalJAASJettyRealm.authenticate(username, credentials, request);
     }
 
     public boolean reauthenticate(Principal user) {
-        // TODO This is not correct if auth can expire! We need to
-
-        ContextManager.setCurrentCaller(((JAASJettyPrincipal) user).getSubject());
-
-        // get the user out of the cache
-        return (userMap.get(user.getName()) != null);
+        return internalJAASJettyRealm.reauthenticate(user);
     }
 
-    public void disassociate(Principal user) {
-        // do nothing
+    public boolean isUserInRole(Principal user, String role) {
+        return internalJAASJettyRealm.isUserInRole(user, role);
     }
 
-    public boolean isUserInRole(Principal user, String role) {
-        if (user == null || role == null) {
-            return false;
-        }
-        
-        AccessControlContext acc = ContextManager.getCurrentContext();
-        try {
-            // JACC v1.0 secion B.19
-            String servletName = JettyServletHolder.getCurrentServletName();
-            if (servletName.equals("jsp")) {
-                servletName = "";
-            }
-            acc.checkPermission(new WebRoleRefPermission(servletName, role));
-        } catch (AccessControlException e) {
-            return false;
-        }
-        return true;
+    public void disassociate(Principal user) {
+        internalJAASJettyRealm.disassociate(user);
     }
 
     public Principal pushRole(Principal user, String role) {
-        ((JAASJettyPrincipal) user).push(ContextManager.getCurrentCaller());
-        ContextManager.setCurrentCaller(SecurityContextBeforeAfter.getCurrentRoleDesignate(role));
-        return user;
+        return internalJAASJettyRealm.pushRole(user, role);
     }
 
     public Principal popRole(Principal user) {
-        ContextManager.setCurrentCaller(((JAASJettyPrincipal) user).pop());
-        return user;
+        return internalJAASJettyRealm.popRole(user);
     }
 
-    public int hashCode() {
-        return webRealmName.hashCode() * 37 ^ geronimoRealmName.hashCode();
+    public void logout(Principal user) {
+        internalJAASJettyRealm.logout(user);
     }
 
-    public boolean equals(Object other) {
-        if (other == null || other.getClass() != JAASJettyRealm.class) {
-            return false;
-        }
-        JAASJettyRealm otherRealm = (JAASJettyRealm) other;
-        return webRealmName.equals(otherRealm.webRealmName) && geronimoRealmName.equals(otherRealm.geronimoRealmName);
+    public String getSecurityRealmName() {
+        return internalJAASJettyRealm.getSecurityRealmName();
     }
 
 }

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java?rev=367430&r1=367429&r2=367430&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java Mon
Jan  9 16:02:19 2006
@@ -35,9 +35,9 @@
 
     void removeContext(HttpContext context);
 
-    UserRealm addRealm(UserRealm realm);
+    InternalJAASJettyRealm addRealm(String realmName);
 
-    void removeRealm(UserRealm realm);
+    void removeRealm(String realmName);
 
     void resetStatistics();
 

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java?rev=367430&r1=367429&r2=367430&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
(original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
Mon Jan  9 16:02:19 2006
@@ -17,8 +17,6 @@
 
 package org.apache.geronimo.jetty;
 
-import java.util.HashMap;
-import java.util.Map;
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.gbean.GBeanLifecycle;
@@ -30,6 +28,9 @@
 import org.mortbay.http.UserRealm;
 import org.mortbay.jetty.Server;
 
+import java.util.HashMap;
+import java.util.Map;
+
 /**
  * @version $Rev$ $Date$
  */
@@ -37,6 +38,7 @@
     private final Server server;
     private final Map webServices = new HashMap();
     private final String objectName;
+    private final Map realms = new HashMap();
 
     public JettyContainerImpl(String objectName) {
         this.objectName = objectName;
@@ -143,16 +145,29 @@
         server.removeContext(context);
     }
 
-    public UserRealm addRealm(UserRealm realm) {
-        return server.addRealm(realm);
+    public InternalJAASJettyRealm addRealm(String realmName) {
+        InternalJAASJettyRealm realm = (InternalJAASJettyRealm) realms.get(realmName);
+        if (realm == null) {
+            realm = new InternalJAASJettyRealm(realmName);
+            realms.put(realmName, realm);
+        } else {
+            realm.addUse();
+        }
+        return realm;
     }
 
-    public void removeRealm(UserRealm realm) {
-        server.removeRealm(realm.getName());
+    public void removeRealm(String realmName) {
+        InternalJAASJettyRealm realm = (InternalJAASJettyRealm) realms.get(realmName);
+        if (realm != null) {
+            if (realm.removeUse() == 0){
+                realms.remove(realmName);
+            }
+        }
     }
 
     public void addWebService(String contextPath, String[] virtualHosts, WebServiceContainer
webServiceContainer, String securityRealmName, String realmName, String transportGuarantee,
String authMethod, ClassLoader classLoader) throws Exception {
-        JettyEJBWebServiceContext webServiceContext = new JettyEJBWebServiceContext(contextPath,
webServiceContainer, securityRealmName, realmName, transportGuarantee, authMethod, classLoader);
+        InternalJAASJettyRealm internalJAASJettyRealm = securityRealmName == null? null:addRealm(securityRealmName);
+        JettyEJBWebServiceContext webServiceContext = new JettyEJBWebServiceContext(contextPath,
webServiceContainer, internalJAASJettyRealm, realmName, transportGuarantee, authMethod, classLoader);
         webServiceContext.setHosts(virtualHosts);
         addContext(webServiceContext);
         webServiceContext.start();
@@ -161,6 +176,10 @@
 
     public void removeWebService(String contextPath) {
         JettyEJBWebServiceContext webServiceContext = (JettyEJBWebServiceContext) webServices.remove(contextPath);
+        String securityRealmName = webServiceContext.getSecurityRealmName();
+        if (securityRealmName != null) {
+            removeRealm(securityRealmName);
+        }
         removeContext(webServiceContext);
     }
 
@@ -220,8 +239,8 @@
         infoBuilder.addOperation("removeListener", new Class[]{HttpListener.class});
         infoBuilder.addOperation("addContext", new Class[]{HttpContext.class});
         infoBuilder.addOperation("removeContext", new Class[]{HttpContext.class});
-        infoBuilder.addOperation("addRealm", new Class[]{UserRealm.class});
-        infoBuilder.addOperation("removeRealm", new Class[]{UserRealm.class});
+        infoBuilder.addOperation("addRealm", new Class[]{String.class});
+        infoBuilder.addOperation("removeRealm", new Class[]{String.class});
 
         infoBuilder.addAttribute("objectName", String.class, false);
 

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java?rev=367430&r1=367429&r2=367430&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java
(original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java
Mon Jan  9 16:02:19 2006
@@ -16,6 +16,9 @@
  */
 package org.apache.geronimo.jetty;
 
+import org.apache.geronimo.webservices.WebServiceContainer;
+import org.mortbay.http.*;
+
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -24,18 +27,6 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import org.apache.geronimo.webservices.WebServiceContainer;
-import org.mortbay.http.Authenticator;
-import org.mortbay.http.BasicAuthenticator;
-import org.mortbay.http.ClientCertAuthenticator;
-import org.mortbay.http.DigestAuthenticator;
-import org.mortbay.http.HttpContext;
-import org.mortbay.http.HttpException;
-import org.mortbay.http.HttpHandler;
-import org.mortbay.http.HttpRequest;
-import org.mortbay.http.HttpResponse;
-import org.mortbay.http.UserRealm;
-
 /**
  * Delegates requests to a WebServiceContainer which is presumably for an EJB WebService.
  * <p/>
@@ -65,18 +56,18 @@
     private final String contextPath;
     private final WebServiceContainer webServiceContainer;
     private final Authenticator authenticator;
-    private final UserRealm realm;
+    private final JAASJettyRealm realm;
     private final boolean isConfidentialTransportGuarantee;
     private final boolean isIntegralTransportGuarantee;
     private final ClassLoader classLoader;
 
     private HttpContext httpContext;
 
-    public JettyEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer,
String securityRealmName, String realmName, String transportGuarantee, String authMethod,
ClassLoader classLoader) {
+    public JettyEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer,
InternalJAASJettyRealm internalJAASJettyRealm, String realmName, String transportGuarantee,
String authMethod, ClassLoader classLoader) {
         this.contextPath = contextPath;
         this.webServiceContainer = webServiceContainer;
-        if (securityRealmName != null) {
-            JAASJettyRealm realm = new JAASJettyRealm(realmName, securityRealmName);
+        if (internalJAASJettyRealm != null) {
+            JAASJettyRealm realm = new JAASJettyRealm(realmName, internalJAASJettyRealm);
             setRealm(realm);
             this.realm = realm;
             if ("NONE".equals(transportGuarantee)) {
@@ -175,6 +166,14 @@
 
     public String getContextPath() {
         return contextPath;
+    }
+
+    public String getSecurityRealmName() {
+        if (realm == null) {
+            return null;
+        } else {
+            return realm.getSecurityRealmName();
+        }
     }
 
     public static class RequestAdapter implements WebServiceContainer.Request {

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java?rev=367430&r1=367429&r2=367430&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java Mon Jan
 9 16:02:19 2006
@@ -16,104 +16,29 @@
  */
 package org.apache.geronimo.jetty;
 
-import java.security.Principal;
-import java.util.HashMap;
-import java.util.Map;
-
-import org.mortbay.http.HttpRequest;
 import org.mortbay.http.UserRealm;
 import org.mortbay.jetty.Server;
 
 
 /**
+ * JettyServer extends the base Jetty Server class to prevent managing any user realm information
by the web.xml realm name
+ * which is only relevant for basic and digest authentication and should not be tied to any
+ * actual information about which security realm is in use.
+ * 
  * @version $Rev$ $Date$
  */
 public class JettyServer extends Server {
-    private final Map realmDelegates = new HashMap();
 
     public UserRealm addRealm(UserRealm realm) {
-        RealmDelegate delegate = (RealmDelegate) getRealm(realm.getName());
-        delegate.addDelegate(realm);
-        return delegate.delegate;
+        throw new IllegalArgumentException("You must supply a security-realm-name to every
web module using security features");
     }
 
     public UserRealm getRealm(String realmName) {
-        RealmDelegate delegate = (RealmDelegate) realmDelegates.get(realmName);
-
-        if (delegate == null) {
-            delegate = new RealmDelegate(realmName);
-            realmDelegates.put(realmName, delegate);
-        }
-        return delegate;
+        throw new IllegalArgumentException("You must supply a security-realm-name to every
web module using security features");
     }
 
     public synchronized void removeRealm(UserRealm realm) {
-        RealmDelegate delegate = (RealmDelegate) realmDelegates.get(realm.getName());
-        if (delegate != null) {
-            if (delegate.removeDelegate() == 0) {
-                realmDelegates.remove(realm.getName());
-            }
-        }
+        throw new IllegalArgumentException("You must supply a security-realm-name to every
web module using security features");
     }
 
-    private static class RealmDelegate implements UserRealm {
-
-        private UserRealm delegate;
-        private final String name;
-        private int  count;
-
-        private RealmDelegate(String name) {
-            this.name = name;
-        }
-
-        private synchronized void addDelegate(UserRealm newDelegate) {
-            if (delegate != null && !delegate.equals(newDelegate)) {
-                throw new IllegalArgumentException("Inconsistent assigment of user realm:
old: " + delegate + ", new: " + newDelegate);
-            }
-            if (delegate == null) {
-                delegate = newDelegate;
-            }
-            count++;
-        }
-
-        private int removeDelegate() {
-            return count--;
-        }
-
-        public String getName() {
-            return name;
-        }
-
-        public Principal getPrincipal(String username) {
-            return delegate.getPrincipal(username);
-        }
-
-        public Principal authenticate(String username, Object credentials, HttpRequest request)
{
-            return delegate.authenticate(username, credentials, request);
-        }
-
-        public boolean reauthenticate(Principal user) {
-            return delegate.reauthenticate(user);
-        }
-
-        public boolean isUserInRole(Principal user, String role) {
-            return delegate.isUserInRole(user, role);
-        }
-
-        public void disassociate(Principal user) {
-            delegate.disassociate(user);
-        }
-
-        public Principal pushRole(Principal user, String role) {
-            return delegate.pushRole(user, role);
-        }
-
-        public Principal popRole(Principal user) {
-            return delegate.popRole(user);
-        }
-
-        public void logout(Principal user) {
-            delegate.logout(user);
-        }
-    }
 }

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java?rev=367430&r1=367429&r2=367430&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
(original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
Mon Jan  9 16:02:19 2006
@@ -293,9 +293,10 @@
                 throw new IllegalArgumentException("RoleDesignateSource must be supplied
for a secure web app");
             }
             Map roleDesignates = roleDesignateSource.getRoleDesignateMap();
-            //set the JAASJettyRealm as our realm.
-            UserRealm realm = new JAASJettyRealm(realmName, securityRealmName);
-            realm = jettyContainer.addRealm(realm);
+            InternalJAASJettyRealm internalJAASJettyRealm = jettyContainer.addRealm(securityRealmName);
+            //wrap jetty realm with something that knows the dumb realmName
+            JAASJettyRealm realm = new JAASJettyRealm(realmName, internalJAASJettyRealm);
+            setRealm(realm);
             this.securityInterceptor = new SecurityContextBeforeAfter(interceptor, index++,
index++, policyContextID, defaultPrincipal, authenticator, checkedPermissions, excludedPermissions,
roleDesignates, realm, classLoader);
             interceptor = this.securityInterceptor;
         } else {

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java?rev=367430&r1=367429&r2=367430&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
(original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
Mon Jan  9 16:02:19 2006
@@ -20,6 +20,7 @@
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.jetty.JAASJettyPrincipal;
 import org.apache.geronimo.jetty.JettyContainer;
+import org.apache.geronimo.jetty.JAASJettyRealm;
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.security.IdentificationPrincipal;
 import org.apache.geronimo.security.SubjectId;
@@ -60,7 +61,7 @@
     private final PermissionCollection excludedPermissions;
     private final Authenticator authenticator;
 
-    private final UserRealm realm;
+    private final JAASJettyRealm realm;
 
     public SecurityContextBeforeAfter(BeforeAfter next,
                                       int policyContextIDIndex,
@@ -71,7 +72,8 @@
                                       PermissionCollection checkedPermissions,
                                       PermissionCollection excludedPermissions,
                                       Map roleDesignates,
-                                      UserRealm realm, ClassLoader classLoader) {
+                                      JAASJettyRealm realm,
+                                      ClassLoader classLoader) {
         assert realm != null;
         assert authenticator != null;
 
@@ -109,7 +111,7 @@
     public void stop(JettyContainer jettyContainer) {
         Subject defaultSubject = this.defaultPrincipal.getSubject();
         ContextManager.unregisterSubject(defaultSubject);
-        jettyContainer.removeRealm(realm);
+        jettyContainer.removeRealm(realm.getSecurityRealmName());
     }
 
     public void before(Object[] context, HttpRequest httpRequest, HttpResponse httpResponse)
{

Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?rev=367430&r1=367429&r2=367430&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
(original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
Mon Jan  9 16:02:19 2006
@@ -103,7 +103,7 @@
         staticContentServletInitParams.put("minGzipLength", "8192");
         staticContentServletGBeanData.setAttribute("initParams", staticContentServletInitParams);
         staticContentServletGBeanData.setAttribute("loadOnStartup", new Integer(0));
-        staticContentServletGBeanData.setAttribute("servletMappings", Collections.singleton(new
String("/")));
+        staticContentServletGBeanData.setAttribute("servletMappings", Collections.singleton("/"));
         ObjectName staticContentServletObjectName = NameFactory.getComponentName(null, null,
null, NameFactory.WEB_MODULE, null, (String) staticContentServletGBeanData.getAttribute("servletName"),
NameFactory.SERVLET, moduleContext);
         staticContentServletGBeanData.setName(staticContentServletObjectName);
         staticContentServletGBeanData.setReferencePattern("JettyServletRegistration", webModuleName);



Mime
View raw message