geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r374193 - in /geronimo/trunk/modules: j2ee-builder/src/java/org/apache/geronimo/j2ee/deployment/ jetty/src/test/org/apache/geronimo/jetty/ security/src/java/org/apache/geronimo/security/jacc/ tomcat-builder/src/test/org/apache/geronimo/tomc...
Date Wed, 01 Feb 2006 22:08:56 GMT
Author: djencks
Date: Wed Feb  1 14:08:48 2006
New Revision: 374193

URL: http://svn.apache.org/viewcvs?rev=374193&view=rev
Log:
GERONIMO-1563 step 1.  Separate our proprietary JACC configuration info into a separate gbean

Added:
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPrincipalRoleConfigurationManager.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PrincipalRoleMapper.java
Modified:
    geronimo/trunk/modules/j2ee-builder/src/java/org/apache/geronimo/j2ee/deployment/EARConfigBuilder.java
    geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java
    geronimo/trunk/modules/tomcat-builder/src/test/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java
    geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java

Modified: geronimo/trunk/modules/j2ee-builder/src/java/org/apache/geronimo/j2ee/deployment/EARConfigBuilder.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/j2ee-builder/src/java/org/apache/geronimo/j2ee/deployment/EARConfigBuilder.java?rev=374193&r1=374192&r2=374193&view=diff
==============================================================================
--- geronimo/trunk/modules/j2ee-builder/src/java/org/apache/geronimo/j2ee/deployment/EARConfigBuilder.java
(original)
+++ geronimo/trunk/modules/j2ee-builder/src/java/org/apache/geronimo/j2ee/deployment/EARConfigBuilder.java
Wed Feb  1 14:08:48 2006
@@ -54,6 +54,8 @@
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.j2ee.ApplicationInfo;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContext;
+import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContextImpl;
 import org.apache.geronimo.j2ee.management.impl.J2EEApplicationImpl;
 import org.apache.geronimo.kernel.Kernel;
 import org.apache.geronimo.kernel.config.ConfigurationData;
@@ -72,7 +74,7 @@
 import org.apache.xmlbeans.XmlObject;
 
 /**
- * @version $Rev: 6509 $ $Date$
+ * @version $Rev$ $Date$
  */
 public class EARConfigBuilder implements ConfigurationBuilder {
 
@@ -381,8 +383,9 @@
                 Module module = (Module) modules.iterator().next();
                 moduleName = module.getName();
             }
+            J2eeContext appJ2eeContext = J2eeContextImpl.newModuleContextFromApplication(earContext.getJ2eeContext(),
NameFactory.J2EE_MODULE, moduleName);
             try {
-                jaccBeanName = NameFactory.getComponentName(null, null, null, moduleName,
NameFactory.JACC_MANAGER, NameFactory.JACC_MANAGER, earContext.getJ2eeContext());
+                jaccBeanName = NameFactory.getComponentName(null, null, null, null, NameFactory.JACC_MANAGER,
NameFactory.JACC_MANAGER, appJ2eeContext);
             } catch (MalformedObjectNameException e) {
                 throw new DeploymentException("Could not construct name for JACCBean", e);
             }
@@ -402,8 +405,7 @@
 
             //add the JACC gbean if there is a principal-role mapping
             if (earContext.getSecurityConfiguration() != null) {
-                GBeanData jaccBeanData = SecurityBuilder.configureApplicationPolicyManager(jaccBeanName,
earContext.getContextIDToPermissionsMap(), earContext.getSecurityConfiguration());
-                earContext.addGBean(jaccBeanData);
+                SecurityBuilder.configureApplicationPolicyManager(jaccBeanName, earContext.getContextIDToPermissionsMap(),
earContext.getSecurityConfiguration(), appJ2eeContext, earContext);
             }
             earContext.close();
             return earContext.getConfigurationData();

Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?rev=374193&r1=374192&r2=374193&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
(original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
Wed Feb  1 14:08:48 2006
@@ -48,6 +48,7 @@
 import org.apache.geronimo.security.jaas.server.JaasLoginService;
 import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
+import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
 import org.apache.geronimo.security.realm.GenericSecurityRealm;
 import org.apache.geronimo.system.serverinfo.BasicServerInfo;
 import org.apache.geronimo.transaction.context.OnlineUserTransaction;
@@ -131,13 +132,18 @@
     }
 
     protected void setUpSecureAppContext(Map roleDesignates, Map principalRoleMap, ComponentPermissions
componentPermissions, DefaultPrincipal defaultPrincipal, PermissionCollection checked, Set
securityRoles) throws Exception {
+        ObjectName mapperName = NameFactory.getComponentName(null, null, null, null, "mapper",
NameFactory.JACC_MANAGER, moduleContext);
+        GBeanData mapperData = new GBeanData(mapperName, ApplicationPrincipalRoleConfigurationManager.GBEAN_INFO);
+        mapperData.setAttribute("principalRoleMap", principalRoleMap);
+        start(mapperData);
+
         ObjectName jaccBeanName = NameFactory.getComponentName(null, null, null, null, "foo",
NameFactory.JACC_MANAGER, moduleContext);
         GBeanData jaccBeanData = new GBeanData(jaccBeanName, ApplicationPolicyConfigurationManager.GBEAN_INFO);
         Map contextIDToPermissionsMap = new HashMap();
         contextIDToPermissionsMap.put("TEST", componentPermissions);
         jaccBeanData.setAttribute("contextIdToPermissionsMap", contextIDToPermissionsMap);
-        jaccBeanData.setAttribute("principalRoleMap", principalRoleMap);
         jaccBeanData.setAttribute("roleDesignates", roleDesignates);
+        jaccBeanData.setReferencePattern("PrincipalRoleMapper", mapperName);
         start(jaccBeanData);
 
         GBeanData app = new GBeanData(webModuleName, JettyWebAppContext.GBEAN_INFO);

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java?rev=374193&r1=374192&r2=374193&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java
(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java
Wed Feb  1 14:08:48 2006
@@ -43,8 +43,10 @@
 
     private final Map contextIdToPolicyConfigurationMap = new HashMap();
     private final Map roleDesignates;
+    private final PrincipalRoleMapper principalRoleMapper;
 
-    public ApplicationPolicyConfigurationManager(Map contextIdToPermissionsMap, Map principalRoleMap,
Map roleDesignates, ClassLoader cl) throws PolicyContextException, ClassNotFoundException
{
+    public ApplicationPolicyConfigurationManager(Map contextIdToPermissionsMap, Map roleDesignates,
ClassLoader cl, PrincipalRoleMapper principalRoleMapper) throws PolicyContextException, ClassNotFoundException
{
+        this.principalRoleMapper = principalRoleMapper;
         Thread currentThread = Thread.currentThread();
         ClassLoader oldClassLoader = currentThread.getContextClassLoader();
         currentThread.setContextClassLoader(cl);
@@ -61,9 +63,6 @@
             ComponentPermissions componentPermissions = (ComponentPermissions) entry.getValue();
 
             PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration(contextID,
true);
-//            if (policyConfiguration != policyConfigurationFactory.getPolicyConfiguration(contextID,
false)) {
-//                throw new IllegalStateException("JACC implementation is invalid: returns
different instances of PolicyConfiguration for the same contextID");
-//            }
             contextIdToPolicyConfigurationMap.put(contextID, policyConfiguration);
             policyConfiguration.addToExcludedPolicy(componentPermissions.getExcludedPermissions());
             policyConfiguration.addToUncheckedPolicy(componentPermissions.getUncheckedPermissions());
@@ -77,15 +76,10 @@
 
                 }
             }
+        }
 
-            GeronimoPolicyConfigurationFactory roleMapperFactory = GeronimoPolicyConfigurationFactory.getSingleton();
-            if (roleMapperFactory == null) {
-                throw new IllegalStateException("Inconsistent security setup.  GeronimoPolicyConfigurationFactory
is not being used");
-            }
-
-            GeronimoPolicyConfiguration geronimoPolicyConfiguration = roleMapperFactory.getGeronimoPolicyConfiguration(contextID);
-            geronimoPolicyConfiguration.setPrincipalRoleMapping(principalRoleMap);
-
+        if (principalRoleMapper != null) {
+            principalRoleMapper.install(contextIdToPermissionsMap.keySet());
         }
 
         //link everything together
@@ -130,6 +124,10 @@
              ContextManager.unregisterSubject(roleDesignate);
          }
 
+        if (principalRoleMapper != null) {
+            principalRoleMapper.uninstall();
+        }
+
         for (Iterator iterator = contextIdToPolicyConfigurationMap.values().iterator(); iterator.hasNext();)
{
             PolicyConfiguration policyConfiguration = (PolicyConfiguration) iterator.next();
             policyConfiguration.delete();
@@ -149,11 +147,11 @@
     static {
         GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic(ApplicationPolicyConfigurationManager.class,
NameFactory.JACC_MANAGER);
         infoBuilder.addAttribute("contextIdToPermissionsMap", Map.class, true);
-        infoBuilder.addAttribute("principalRoleMap", Map.class, true);
         infoBuilder.addAttribute("roleDesignates", Map.class, true);
         infoBuilder.addAttribute("classLoader", ClassLoader.class, false);
         infoBuilder.addInterface(RoleDesignateSource.class);
-        infoBuilder.setConstructor(new String[] {"contextIdToPermissionsMap", "principalRoleMap",
"roleDesignates", "classLoader"});
+        infoBuilder.addReference("PrincipalRoleMapper", PrincipalRoleMapper.class, NameFactory.JACC_MANAGER);
+        infoBuilder.setConstructor(new String[] {"contextIdToPermissionsMap", "roleDesignates",
"classLoader", "PrincipalRoleMapper"});
         GBEAN_INFO = infoBuilder.getBeanInfo();
     }
 

Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPrincipalRoleConfigurationManager.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPrincipalRoleConfigurationManager.java?rev=374193&view=auto
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPrincipalRoleConfigurationManager.java
(added)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPrincipalRoleConfigurationManager.java
Wed Feb  1 14:08:48 2006
@@ -0,0 +1,85 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.security.jacc;
+
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Policy;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyConfiguration;
+import javax.security.jacc.PolicyConfigurationFactory;
+import javax.security.jacc.PolicyContextException;
+
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+import org.apache.geronimo.gbean.GBeanLifecycle;
+import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.IdentificationPrincipal;
+import org.apache.geronimo.security.SubjectId;
+
+/**
+ * @version $Rev: 371127 $ $Date: 2006-01-21 14:30:34 -0800 (Sat, 21 Jan 2006) $
+ */
+public class ApplicationPrincipalRoleConfigurationManager implements PrincipalRoleMapper
{
+
+    private final Map principalRoleMap;
+
+    public ApplicationPrincipalRoleConfigurationManager(Map principalRoleMap) throws PolicyContextException,
ClassNotFoundException {
+        this.principalRoleMap = principalRoleMap;
+    }
+
+
+    public void install(Set contextIds) throws PolicyContextException {
+        GeronimoPolicyConfigurationFactory roleMapperFactory = GeronimoPolicyConfigurationFactory.getSingleton();
+        if (roleMapperFactory == null) {
+            throw new IllegalStateException("Inconsistent security setup.  GeronimoPolicyConfigurationFactory
is not being used");
+        }
+
+        for (Iterator iterator = contextIds.iterator(); iterator.hasNext();) {
+            String contextID = (String) iterator.next();
+
+            GeronimoPolicyConfiguration geronimoPolicyConfiguration = roleMapperFactory.getGeronimoPolicyConfiguration(contextID);
+            geronimoPolicyConfiguration.setPrincipalRoleMapping(principalRoleMap);
+        }
+
+    }
+
+
+    public void uninstall() throws PolicyContextException {
+    }
+
+
+    public static final GBeanInfo GBEAN_INFO;
+
+    static {
+        GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic(ApplicationPrincipalRoleConfigurationManager.class,
NameFactory.JACC_MANAGER);
+        infoBuilder.addAttribute("principalRoleMap", Map.class, true);
+        infoBuilder.addInterface(PrincipalRoleMapper.class);
+        infoBuilder.setConstructor(new String[] {"principalRoleMap"});
+        GBEAN_INFO = infoBuilder.getBeanInfo();
+    }
+
+    public GBeanInfo getGBeanInfo() {
+        return GBEAN_INFO;
+    }
+}

Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PrincipalRoleMapper.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PrincipalRoleMapper.java?rev=374193&view=auto
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PrincipalRoleMapper.java
(added)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PrincipalRoleMapper.java
Wed Feb  1 14:08:48 2006
@@ -0,0 +1,12 @@
+package org.apache.geronimo.security.jacc;
+
+import javax.security.jacc.PolicyContextException;
+import java.util.Set;
+
+/**
+ */
+public interface PrincipalRoleMapper {
+    void install(Set contextIds) throws PolicyContextException;
+
+    void uninstall() throws PolicyContextException;
+}

Modified: geronimo/trunk/modules/tomcat-builder/src/test/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat-builder/src/test/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java?rev=374193&r1=374192&r2=374193&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat-builder/src/test/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java
(original)
+++ geronimo/trunk/modules/tomcat-builder/src/test/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java
Wed Feb  1 14:08:48 2006
@@ -172,7 +172,7 @@
         Map contextIDToPermissionsMap = new HashMap();
         contextIDToPermissionsMap.put("test_J2EEApplication=null_J2EEServer=bar_j2eeType=WebModule_name=org/apache/geronimo/test",
componentPermissions);
         jaccBeanData.setAttribute("contextIdToPermissionsMap", contextIDToPermissionsMap);
-        jaccBeanData.setAttribute("principalRoleMap", new HashMap());
+//        jaccBeanData.setAttribute("principalRoleMap", new HashMap());
         jaccBeanData.setAttribute("roleDesignates", new HashMap());
         start(jaccBeanData);
 

Modified: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java?rev=374193&r1=374192&r2=374193&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
(original)
+++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
Wed Feb  1 14:08:48 2006
@@ -47,6 +47,7 @@
 import org.apache.geronimo.security.jaas.server.JaasLoginService;
 import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
+import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
 import org.apache.geronimo.security.realm.GenericSecurityRealm;
 import org.apache.geronimo.system.serverinfo.BasicServerInfo;
 import org.apache.geronimo.tomcat.util.SecurityHolder;
@@ -129,7 +130,7 @@
         Map contextIDToPermissionsMap = new HashMap();
         contextIDToPermissionsMap.put(POLICY_CONTEXT_ID, componentPermissions);
         jaccBeanData.setAttribute("contextIdToPermissionsMap", contextIDToPermissionsMap);
-        jaccBeanData.setAttribute("principalRoleMap", new HashMap());
+//        jaccBeanData.setAttribute("principalRoleMap", new HashMap());
         jaccBeanData.setAttribute("roleDesignates", new HashMap());
         start(jaccBeanData);
 
@@ -178,13 +179,18 @@
     {
 
         //Will use the Engine level security
+        ObjectName mapperName = NameFactory.getComponentName(null, null, null, null, "mapper",
NameFactory.JACC_MANAGER, moduleContext);
+        GBeanData mapperData = new GBeanData(mapperName, ApplicationPrincipalRoleConfigurationManager.GBEAN_INFO);
+        mapperData.setAttribute("principalRoleMap", principalRoleMap);
+        start(mapperData);
+
         ObjectName jaccBeanName = NameFactory.getComponentName(null, null, null, null, "foo",
NameFactory.JACC_MANAGER, moduleContext);
         GBeanData jaccBeanData = new GBeanData(jaccBeanName, ApplicationPolicyConfigurationManager.GBEAN_INFO);
         Map contextIDToPermissionsMap = new HashMap();
         contextIDToPermissionsMap.put(POLICY_CONTEXT_ID, componentPermissions);
         jaccBeanData.setAttribute("contextIdToPermissionsMap", contextIDToPermissionsMap);
-        jaccBeanData.setAttribute("principalRoleMap", principalRoleMap);
         jaccBeanData.setAttribute("roleDesignates", roleDesignates);
+        jaccBeanData.setReferencePattern("PrincipalRoleMapper", mapperName);
         start(jaccBeanData);
 
         SecurityHolder securityHolder = new SecurityHolder();



Mime
View raw message