geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r397916 - in /geronimo/branches/1.1/modules: jetty-builder/src/java/org/apache/geronimo/jetty/deployment/ jetty-builder/src/schema/ jetty/src/java/org/apache/geronimo/jetty/ jetty/src/java/org/apache/geronimo/jetty/interceptor/ jetty/src/te...
Date Fri, 28 Apr 2006 15:12:23 GMT
Author: djencks
Date: Fri Apr 28 08:12:20 2006
New Revision: 397916

URL: http://svn.apache.org/viewcvs?rev=397916&view=rev
Log:
finish backporting security fixes etc GERONIMO-1425, GERONIMO-1440, GERONIMO-1570, GERONIMO-1460.
 Does not include GERONIMO-1638 (multiple servers) or new keystore manager or GERONIMO-1434
(gbean-jndi references) or wadi work.

Added:
    geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/Host.java
      - copied unchanged from r374212, geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/Host.java
    geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java
      - copied unchanged from r367430, geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java
    geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/NonAuthenticator.java
      - copied unchanged from r371341, geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/NonAuthenticator.java
Modified:
    geronimo/branches/1.1/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
    geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-1.1.xsd
    geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-config-1.0.xsd
    geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java
    geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java
    geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
    geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java
    geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java
    geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
    geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
    geronimo/branches/1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java

Modified: geronimo/branches/1.1/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
(original)
+++ geronimo/branches/1.1/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
Fri Apr 28 08:12:20 2006
@@ -69,6 +69,8 @@
 import org.apache.geronimo.jetty.JettyFilterMapping;
 import org.apache.geronimo.jetty.JettyServletHolder;
 import org.apache.geronimo.jetty.JettyWebAppContext;
+import org.apache.geronimo.jetty.NonAuthenticator;
+import org.apache.geronimo.jetty.Host;
 import org.apache.geronimo.kernel.GBeanAlreadyExistsException;
 import org.apache.geronimo.kernel.GBeanNotFoundException;
 import org.apache.geronimo.kernel.Kernel;
@@ -220,9 +222,9 @@
         EnvironmentType environmentType = jettyWebApp.getEnvironment();
         Environment environment = EnvironmentBuilder.buildEnvironment(environmentType, defaultEnvironment);
         if (standAlone && environment.getConfigId() == null) {
-        	if (contextRoot.startsWith("/")) {
-        		contextRoot = contextRoot.substring(1);
-        	}
+            if (contextRoot.startsWith("/")) {
+                contextRoot = contextRoot.substring(1);
+            }
             Artifact configID = new Artifact(Artifact.DEFAULT_GROUP_ID, contextRoot, "1",
"car");
             environment.setConfigId(configID);
         }
@@ -355,11 +357,23 @@
             Set securityRoles = collectRoleNames(webApp);
             Map rolePermissions = new HashMap();
 
-            String[] hosts = jettyWebApp.getVirtualHostArray();
+            String[] hosts = jettyWebApp.getHostArray();
             for (int i = 0; i < hosts.length; i++) {
                 hosts[i] = hosts[i].trim();
             }
-            webModuleData.setAttribute("virtualHosts", hosts);
+            String[] virtualHosts = jettyWebApp.getVirtualHostArray();
+            for (int i = 0; i < virtualHosts.length; i++) {
+                virtualHosts[i] = virtualHosts[i].trim();
+            }
+            if (hosts.length > 0 || virtualHosts.length > 0) {
+                //use name same as module
+                AbstractName hostName = earContext.getNaming().createChildName(moduleName,
"Host", "Host");
+                GBeanData hostData = new GBeanData(hostName, Host.GBEAN_INFO);
+                hostData.setAttribute("hosts", hosts);
+                hostData.setAttribute("virtualHosts", virtualHosts);
+                earContext.addGBean(hostData);
+                webModuleData.setReferencePattern("Host", hostName);
+            }
 
             //session manager
             webModuleData.setAttribute("sessionManager", jettyWebApp.getSessionManager());
@@ -507,6 +521,8 @@
                     webModuleData.setAttribute("realmName", loginConfig.getRealmName().getStringValue());
                 }
 
+            } else if (jettyWebApp.isSetSecurityRealmName()) {
+                webModuleData.setAttribute("authenticator", new NonAuthenticator());
             }
             moduleContext.addGBean(webModuleData);
 

Modified: geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-1.1.xsd
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-1.1.xsd?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-1.1.xsd (original)
+++ geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-1.1.xsd Fri Apr
28 08:12:20 2006
@@ -43,6 +43,7 @@
 
             <xs:element ref="naming:web-container" minOccurs="0"/>
 
+            <xs:element name="host" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
             <xs:element name="virtual-host" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
             <xs:element name="session-manager" type="xs:string" minOccurs="0"/>
 

Modified: geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-config-1.0.xsd
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-config-1.0.xsd?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-config-1.0.xsd (original)
+++ geronimo/branches/1.1/modules/jetty-builder/src/schema/geronimo-jetty-config-1.0.xsd Fri
Apr 28 08:12:20 2006
@@ -28,6 +28,7 @@
 
     <xs:complexType name="jetty-configType">
         <xs:sequence>
+            <xs:element name="host" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
             <xs:element name="virtual-host" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
             <xs:element name="session-manager" type="xs:string" minOccurs="0"/>
         </xs:sequence>

Modified: geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java
(original)
+++ geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java
Fri Apr 28 08:12:20 2006
@@ -16,23 +16,10 @@
  */
 package org.apache.geronimo.jetty;
 
-import java.security.AccessControlContext;
-import java.security.AccessControlException;
 import java.security.Principal;
-import java.security.cert.X509Certificate;
-import java.util.HashMap;
-import javax.security.auth.Subject;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-import javax.security.jacc.WebRoleRefPermission;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.apache.geronimo.jetty.interceptor.SecurityContextBeforeAfter;
-import org.apache.geronimo.security.ContextManager;
-import org.apache.geronimo.security.realm.providers.CertificateCallbackHandler;
-import org.apache.geronimo.security.realm.providers.ClearableCallbackHandler;
-import org.apache.geronimo.security.realm.providers.PasswordCallbackHandler;
 import org.mortbay.http.HttpRequest;
 import org.mortbay.http.UserRealm;
 
@@ -44,12 +31,11 @@
     private static Log log = LogFactory.getLog(JAASJettyRealm.class);
 
     private final String webRealmName;
-    private final String geronimoRealmName;
-    private final HashMap userMap = new HashMap();
+    private final InternalJAASJettyRealm internalJAASJettyRealm;
 
-    public JAASJettyRealm(String realmName, String geronimoRealmName) {
+    public JAASJettyRealm(String realmName, InternalJAASJettyRealm internalJAASJettyRealm)
{
         this.webRealmName = realmName;
-        this.geronimoRealmName = geronimoRealmName;
+        this.internalJAASJettyRealm = internalJAASJettyRealm;
     }
 
     public String getName() {
@@ -57,126 +43,39 @@
     }
 
     public Principal getPrincipal(String username) {
-        return (Principal) userMap.get(username);
+        return internalJAASJettyRealm.getPrincipal(username);
     }
 
     public Principal authenticate(String username, Object credentials, HttpRequest request)
{
-        try {
-            if ( (username!=null) && (!username.equals("")) ) {
-
-                JAASJettyPrincipal userPrincipal = (JAASJettyPrincipal) userMap.get(username);
-
-                //user has been previously authenticated, but
-                //re-authentication has been requested, so remove them
-                if (userPrincipal != null) {
-                    userMap.remove(username);
-                }
-
-                ClearableCallbackHandler callbackHandler;
-                if (credentials instanceof char[]) {
-                    char[] password = (char[]) credentials;
-                    callbackHandler = new PasswordCallbackHandler(username, password);
-                } else if (credentials instanceof String) {
-                    char[] password = ((String) credentials).toCharArray();
-                    callbackHandler = new PasswordCallbackHandler(username, password);
-                } else if (credentials instanceof X509Certificate[]) {
-                    X509Certificate[] certs = (X509Certificate[]) credentials;
-                    if (certs.length < 1) {
-                        throw new LoginException("no certificates supplied");
-                    }
-                    callbackHandler = new CertificateCallbackHandler(certs[0]);
-                } else {
-                    throw new LoginException("Cannot extract credentials from class: " +
credentials.getClass().getName());
-                }
-
-                //set up the login context
-                LoginContext loginContext = new LoginContext(geronimoRealmName, callbackHandler);
-                loginContext.login();
-                callbackHandler.clear();
-
-                Subject subject = ContextManager.getServerSideSubject(loginContext.getSubject());
-                ContextManager.setCurrentCaller(subject);
-
-                //login success
-                userPrincipal = new JAASJettyPrincipal(username);
-                userPrincipal.setSubject(subject);
-
-                userMap.put(username, userPrincipal);
-
-                return userPrincipal;
-            }
-            else {
-                log.debug("Login Failed - null userID");
-                return null;
-            }
-
-        } catch (LoginException e) {
-//          log.warn("Login Failed", e);
-            log.debug("Login Failed", e);
-            return null;
-        }
-    }
-
-    public void logout(Principal user) {
-        JAASJettyPrincipal principal = (JAASJettyPrincipal) user;
-
-        userMap.remove(principal.getName());
-        ContextManager.unregisterSubject(principal.getSubject());
+        return internalJAASJettyRealm.authenticate(username, credentials, request);
     }
 
     public boolean reauthenticate(Principal user) {
-        // TODO This is not correct if auth can expire! We need to
-
-        ContextManager.setCurrentCaller(((JAASJettyPrincipal) user).getSubject());
-
-        // get the user out of the cache
-        return (userMap.get(user.getName()) != null);
+        return internalJAASJettyRealm.reauthenticate(user);
     }
 
-    public void disassociate(Principal user) {
-        // do nothing
+    public boolean isUserInRole(Principal user, String role) {
+        return internalJAASJettyRealm.isUserInRole(user, role);
     }
 
-    public boolean isUserInRole(Principal user, String role) {
-        if (user == null || role == null) {
-            return false;
-        }
-        
-        AccessControlContext acc = ContextManager.getCurrentContext();
-        try {
-            // JACC v1.0 secion B.19
-            String servletName = JettyServletHolder.getCurrentServletName();
-            if (servletName.equals("jsp")) {
-                servletName = "";
-            }
-            acc.checkPermission(new WebRoleRefPermission(servletName, role));
-        } catch (AccessControlException e) {
-            return false;
-        }
-        return true;
+    public void disassociate(Principal user) {
+        internalJAASJettyRealm.disassociate(user);
     }
 
     public Principal pushRole(Principal user, String role) {
-        ((JAASJettyPrincipal) user).push(ContextManager.getCurrentCaller());
-        ContextManager.setCurrentCaller(SecurityContextBeforeAfter.getCurrentRoleDesignate(role));
-        return user;
+        return internalJAASJettyRealm.pushRole(user, role);
     }
 
     public Principal popRole(Principal user) {
-        ContextManager.setCurrentCaller(((JAASJettyPrincipal) user).pop());
-        return user;
+        return internalJAASJettyRealm.popRole(user);
     }
 
-    public int hashCode() {
-        return webRealmName.hashCode() * 37 ^ geronimoRealmName.hashCode();
+    public void logout(Principal user) {
+        internalJAASJettyRealm.logout(user);
     }
 
-    public boolean equals(Object other) {
-        if (other == null || other.getClass() != JAASJettyRealm.class) {
-            return false;
-        }
-        JAASJettyRealm otherRealm = (JAASJettyRealm) other;
-        return webRealmName.equals(otherRealm.webRealmName) && geronimoRealmName.equals(otherRealm.geronimoRealmName);
+    public String getSecurityRealmName() {
+        return internalJAASJettyRealm.getSecurityRealmName();
     }
 
 }

Modified: geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java
(original)
+++ geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java
Fri Apr 28 08:12:20 2006
@@ -35,9 +35,9 @@
 
     void removeContext(HttpContext context);
 
-    UserRealm addRealm(UserRealm realm);
+    InternalJAASJettyRealm addRealm(String realmName);
 
-    void removeRealm(UserRealm realm);
+    void removeRealm(String realmName);
 
     void resetStatistics();
 

Modified: geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
(original)
+++ geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
Fri Apr 28 08:12:20 2006
@@ -19,22 +19,22 @@
 
 import java.util.HashMap;
 import java.util.Map;
+
+import javax.management.j2ee.statistics.Stats;
+
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.gbean.GBeanLifecycle;
-import org.apache.geronimo.webservices.SoapHandler;
-import org.apache.geronimo.webservices.WebServiceContainer;
 import org.apache.geronimo.management.StatisticsProvider;
-import org.apache.geronimo.management.geronimo.WebManager;
 import org.apache.geronimo.management.geronimo.NetworkConnector;
+import org.apache.geronimo.management.geronimo.WebManager;
+import org.apache.geronimo.webservices.SoapHandler;
+import org.apache.geronimo.webservices.WebServiceContainer;
 import org.mortbay.http.HttpContext;
 import org.mortbay.http.HttpListener;
 import org.mortbay.http.RequestLog;
-import org.mortbay.http.UserRealm;
 import org.mortbay.jetty.Server;
 
-import javax.management.j2ee.statistics.Stats;
-
 /**
  * @version $Rev$ $Date$
  */
@@ -44,6 +44,7 @@
     private final String objectName;
     private final WebManager manager;
     private JettyWebContainerStatsImpl stats;
+    private final Map realms = new HashMap();
 
     public JettyContainerImpl(String objectName, WebManager manager) {
         this.objectName = objectName;
@@ -157,16 +158,29 @@
         server.removeContext(context);
     }
 
-    public UserRealm addRealm(UserRealm realm) {
-        return server.addRealm(realm);
+    public InternalJAASJettyRealm addRealm(String realmName) {
+        InternalJAASJettyRealm realm = (InternalJAASJettyRealm) realms.get(realmName);
+        if (realm == null) {
+            realm = new InternalJAASJettyRealm(realmName);
+            realms.put(realmName, realm);
+        } else {
+            realm.addUse();
+        }
+        return realm;
     }
 
-    public void removeRealm(UserRealm realm) {
-        server.removeRealm(realm.getName());
+    public void removeRealm(String realmName) {
+        InternalJAASJettyRealm realm = (InternalJAASJettyRealm) realms.get(realmName);
+        if (realm != null) {
+            if (realm.removeUse() == 0){
+                realms.remove(realmName);
+            }
+        }
     }
 
     public void addWebService(String contextPath, String[] virtualHosts, WebServiceContainer
webServiceContainer, String securityRealmName, String realmName, String transportGuarantee,
String authMethod, ClassLoader classLoader) throws Exception {
-        JettyEJBWebServiceContext webServiceContext = new JettyEJBWebServiceContext(contextPath,
webServiceContainer, securityRealmName, realmName, transportGuarantee, authMethod, classLoader);
+        InternalJAASJettyRealm internalJAASJettyRealm = securityRealmName == null? null:addRealm(securityRealmName);
+        JettyEJBWebServiceContext webServiceContext = new JettyEJBWebServiceContext(contextPath,
webServiceContainer, internalJAASJettyRealm, realmName, transportGuarantee, authMethod, classLoader);
         webServiceContext.setHosts(virtualHosts);
         addContext(webServiceContext);
         webServiceContext.start();
@@ -175,6 +189,10 @@
 
     public void removeWebService(String contextPath) {
         JettyEJBWebServiceContext webServiceContext = (JettyEJBWebServiceContext) webServices.remove(contextPath);
+        String securityRealmName = webServiceContext.getSecurityRealmName();
+        if (securityRealmName != null) {
+            removeRealm(securityRealmName);
+        }
         removeContext(webServiceContext);
     }
 
@@ -220,8 +238,8 @@
         infoBuilder.addOperation("removeListener", new Class[]{HttpListener.class});
         infoBuilder.addOperation("addContext", new Class[]{HttpContext.class});
         infoBuilder.addOperation("removeContext", new Class[]{HttpContext.class});
-        infoBuilder.addOperation("addRealm", new Class[]{UserRealm.class});
-        infoBuilder.addOperation("removeRealm", new Class[]{UserRealm.class});
+        infoBuilder.addOperation("addRealm", new Class[]{String.class});
+        infoBuilder.addOperation("removeRealm", new Class[]{String.class});
 
         infoBuilder.addAttribute("objectName", String.class, false);
         infoBuilder.addReference("WebManager", WebManager.class);

Modified: geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java
(original)
+++ geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java
Fri Apr 28 08:12:20 2006
@@ -16,6 +16,9 @@
  */
 package org.apache.geronimo.jetty;
 
+import org.apache.geronimo.webservices.WebServiceContainer;
+import org.mortbay.http.*;
+
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -24,18 +27,6 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import org.apache.geronimo.webservices.WebServiceContainer;
-import org.mortbay.http.Authenticator;
-import org.mortbay.http.BasicAuthenticator;
-import org.mortbay.http.ClientCertAuthenticator;
-import org.mortbay.http.DigestAuthenticator;
-import org.mortbay.http.HttpContext;
-import org.mortbay.http.HttpException;
-import org.mortbay.http.HttpHandler;
-import org.mortbay.http.HttpRequest;
-import org.mortbay.http.HttpResponse;
-import org.mortbay.http.UserRealm;
-
 /**
  * Delegates requests to a WebServiceContainer which is presumably for an EJB WebService.
  * <p/>
@@ -65,18 +56,18 @@
     private final String contextPath;
     private final WebServiceContainer webServiceContainer;
     private final Authenticator authenticator;
-    private final UserRealm realm;
+    private final JAASJettyRealm realm;
     private final boolean isConfidentialTransportGuarantee;
     private final boolean isIntegralTransportGuarantee;
     private final ClassLoader classLoader;
 
     private HttpContext httpContext;
 
-    public JettyEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer,
String securityRealmName, String realmName, String transportGuarantee, String authMethod,
ClassLoader classLoader) {
+    public JettyEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer,
InternalJAASJettyRealm internalJAASJettyRealm, String realmName, String transportGuarantee,
String authMethod, ClassLoader classLoader) {
         this.contextPath = contextPath;
         this.webServiceContainer = webServiceContainer;
-        if (securityRealmName != null) {
-            JAASJettyRealm realm = new JAASJettyRealm(realmName, securityRealmName);
+        if (internalJAASJettyRealm != null) {
+            JAASJettyRealm realm = new JAASJettyRealm(realmName, internalJAASJettyRealm);
             setRealm(realm);
             this.realm = realm;
             if ("NONE".equals(transportGuarantee)) {
@@ -175,6 +166,14 @@
 
     public String getContextPath() {
         return contextPath;
+    }
+
+    public String getSecurityRealmName() {
+        if (realm == null) {
+            return null;
+        } else {
+            return realm.getSecurityRealmName();
+        }
     }
 
     public static class RequestAdapter implements WebServiceContainer.Request {

Modified: geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java
(original)
+++ geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java
Fri Apr 28 08:12:20 2006
@@ -16,104 +16,29 @@
  */
 package org.apache.geronimo.jetty;
 
-import java.security.Principal;
-import java.util.HashMap;
-import java.util.Map;
-
-import org.mortbay.http.HttpRequest;
 import org.mortbay.http.UserRealm;
 import org.mortbay.jetty.Server;
 
 
 /**
+ * JettyServer extends the base Jetty Server class to prevent managing any user realm information
by the web.xml realm name
+ * which is only relevant for basic and digest authentication and should not be tied to any
+ * actual information about which security realm is in use.
+ * 
  * @version $Rev$ $Date$
  */
 public class JettyServer extends Server {
-    private final Map realmDelegates = new HashMap();
 
     public UserRealm addRealm(UserRealm realm) {
-        RealmDelegate delegate = (RealmDelegate) getRealm(realm.getName());
-        delegate.addDelegate(realm);
-        return delegate.delegate;
+        throw new IllegalArgumentException("You must supply a security-realm-name to every
web module using security features");
     }
 
     public UserRealm getRealm(String realmName) {
-        RealmDelegate delegate = (RealmDelegate) realmDelegates.get(realmName);
-
-        if (delegate == null) {
-            delegate = new RealmDelegate(realmName);
-            realmDelegates.put(realmName, delegate);
-        }
-        return delegate;
+        throw new IllegalArgumentException("You must supply a security-realm-name to every
web module using security features");
     }
 
     public synchronized void removeRealm(UserRealm realm) {
-        RealmDelegate delegate = (RealmDelegate) realmDelegates.get(realm.getName());
-        if (delegate != null) {
-            if (delegate.removeDelegate() == 0) {
-                realmDelegates.remove(realm.getName());
-            }
-        }
+        throw new IllegalArgumentException("You must supply a security-realm-name to every
web module using security features");
     }
 
-    private static class RealmDelegate implements UserRealm {
-
-        private UserRealm delegate;
-        private final String name;
-        private int  count;
-
-        private RealmDelegate(String name) {
-            this.name = name;
-        }
-
-        private synchronized void addDelegate(UserRealm newDelegate) {
-            if (delegate != null && !delegate.equals(newDelegate)) {
-                throw new IllegalArgumentException("Inconsistent assigment of user realm:
old: " + delegate + ", new: " + newDelegate);
-            }
-            if (delegate == null) {
-                delegate = newDelegate;
-            }
-            count++;
-        }
-
-        private int removeDelegate() {
-            return count--;
-        }
-
-        public String getName() {
-            return name;
-        }
-
-        public Principal getPrincipal(String username) {
-            return delegate.getPrincipal(username);
-        }
-
-        public Principal authenticate(String username, Object credentials, HttpRequest request)
{
-            return delegate.authenticate(username, credentials, request);
-        }
-
-        public boolean reauthenticate(Principal user) {
-            return delegate.reauthenticate(user);
-        }
-
-        public boolean isUserInRole(Principal user, String role) {
-            return delegate.isUserInRole(user, role);
-        }
-
-        public void disassociate(Principal user) {
-            delegate.disassociate(user);
-        }
-
-        public Principal pushRole(Principal user, String role) {
-            return delegate.pushRole(user, role);
-        }
-
-        public Principal popRole(Principal user) {
-            return delegate.popRole(user);
-        }
-
-        public void logout(Principal user) {
-            delegate.logout(user);
-        }
-    }
 }

Modified: geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
(original)
+++ geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
Fri Apr 28 08:12:20 2006
@@ -17,6 +17,23 @@
 
 package org.apache.geronimo.jetty;
 
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.PermissionCollection;
+import java.util.Collection;
+import java.util.EventListener;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import javax.management.MalformedObjectNameException;
+import javax.management.ObjectName;
+import javax.naming.Context;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.geronimo.gbean.GBeanInfo;
@@ -36,10 +53,9 @@
 import org.apache.geronimo.kernel.ObjectNameUtil;
 import org.apache.geronimo.management.J2EEApplication;
 import org.apache.geronimo.management.J2EEServer;
-import org.apache.geronimo.management.geronimo.WebModule;
-import org.apache.geronimo.management.geronimo.WebContainer;
-import org.apache.geronimo.management.geronimo.NetworkConnector;
 import org.apache.geronimo.management.geronimo.WebConnector;
+import org.apache.geronimo.management.geronimo.WebContainer;
+import org.apache.geronimo.management.geronimo.WebModule;
 import org.apache.geronimo.naming.enc.EnterpriseNamingContext;
 import org.apache.geronimo.naming.reference.ClassLoaderAwareReference;
 import org.apache.geronimo.naming.reference.KernelAwareReference;
@@ -48,7 +64,10 @@
 import org.apache.geronimo.transaction.TrackedConnectionAssociator;
 import org.apache.geronimo.transaction.context.OnlineUserTransaction;
 import org.apache.geronimo.transaction.context.TransactionContextManager;
-import org.mortbay.http.*;
+import org.mortbay.http.Authenticator;
+import org.mortbay.http.HttpException;
+import org.mortbay.http.HttpRequest;
+import org.mortbay.http.HttpResponse;
 import org.mortbay.jetty.servlet.AbstractSessionManager;
 import org.mortbay.jetty.servlet.Dispatcher;
 import org.mortbay.jetty.servlet.FilterHolder;
@@ -58,22 +77,6 @@
 import org.mortbay.jetty.servlet.WebApplicationContext;
 import org.mortbay.jetty.servlet.WebApplicationHandler;
 
-import javax.management.ObjectName;
-import javax.management.MalformedObjectNameException;
-import javax.naming.Context;
-import java.io.IOException;
-import java.net.URL;
-import java.net.MalformedURLException;
-import java.security.PermissionCollection;
-import java.util.Collection;
-import java.util.EventListener;
-import java.util.HashSet;
-import java.util.Hashtable;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-import java.util.HashMap;
-
 /**
  * Wrapper for a WebApplicationContext that sets up its J2EE environment.
  *
@@ -166,7 +169,6 @@
 
     public JettyWebAppContext(String objectName,
                               String originalSpecDD,
-                              String[] virtualHosts,
                               String sessionManager,
                               Map componentContext,
                               OnlineUserTransaction userTransaction,
@@ -194,6 +196,7 @@
                               PermissionCollection checkedPermissions,
                               PermissionCollection excludedPermissions,
 
+                              Host host,
                               TransactionContextManager transactionContextManager,
                               TrackedConnectionAssociator trackedConnectionAssociator,
                               JettyContainer jettyContainer,
@@ -229,7 +232,10 @@
         this.webClassLoader = classLoader;
         setClassLoader(this.webClassLoader);
 
-        setVirtualHosts(virtualHosts);
+        if (host != null) {
+            setHosts(host.getHosts());
+            setVirtualHosts(host.getVirtualHosts());
+        }
 
         handler = new WebApplicationHandler();
         addHandler(handler);
@@ -275,9 +281,10 @@
                 throw new IllegalArgumentException("RoleDesignateSource must be supplied
for a secure web app");
             }
             Map roleDesignates = roleDesignateSource.getRoleDesignateMap();
-            //set the JAASJettyRealm as our realm.
-            UserRealm realm = new JAASJettyRealm(realmName, securityRealmName);
-            realm = jettyContainer.addRealm(realm);
+            InternalJAASJettyRealm internalJAASJettyRealm = jettyContainer.addRealm(securityRealmName);
+            //wrap jetty realm with something that knows the dumb realmName
+            JAASJettyRealm realm = new JAASJettyRealm(realmName, internalJAASJettyRealm);
+            setRealm(realm);
             this.securityInterceptor = new SecurityContextBeforeAfter(interceptor, index++,
index++, policyContextID, defaultPrincipal, authenticator, checkedPermissions, excludedPermissions,
roleDesignates, realm, classLoader);
             interceptor = this.securityInterceptor;
         } else {
@@ -624,7 +631,6 @@
         infoBuilder.addAttribute("sessionTimeoutSeconds", int.class, true);
 
 
-        infoBuilder.addAttribute("virtualHosts", String[].class, true);
         infoBuilder.addAttribute("sessionManager", String.class, true);
         infoBuilder.addAttribute("componentContext", Map.class, true);
         infoBuilder.addAttribute("userTransaction", OnlineUserTransaction.class, true);
@@ -635,6 +641,7 @@
 
         infoBuilder.addAttribute("contextPath", String.class, true);
 
+        infoBuilder.addReference("Host", Host.class, "Host");
         infoBuilder.addReference("TransactionContextManager", TransactionContextManager.class,
NameFactory.TRANSACTION_CONTEXT_MANAGER);
         infoBuilder.addReference("TrackedConnectionAssociator", TrackedConnectionAssociator.class,
NameFactory.JCA_CONNECTION_TRACKER);
         infoBuilder.addReference("JettyContainer", JettyContainer.class, NameFactory.GERONIMO_SERVICE);
@@ -664,7 +671,6 @@
         infoBuilder.setConstructor(new String[]{
                 "objectName",
                 "deploymentDescriptor",
-                "virtualHosts",
                 "sessionManager",
                 "componentContext",
                 "userTransaction",
@@ -693,6 +699,7 @@
                 "checkedPermissions",
                 "excludedPermissions",
 
+                "Host",
                 "TransactionContextManager",
                 "TrackedConnectionAssociator",
                 "JettyContainer",

Modified: geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
(original)
+++ geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
Fri Apr 28 08:12:20 2006
@@ -20,6 +20,7 @@
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.jetty.JAASJettyPrincipal;
 import org.apache.geronimo.jetty.JettyContainer;
+import org.apache.geronimo.jetty.JAASJettyRealm;
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.security.IdentificationPrincipal;
 import org.apache.geronimo.security.SubjectId;
@@ -60,7 +61,7 @@
     private final PermissionCollection excludedPermissions;
     private final Authenticator authenticator;
 
-    private final UserRealm realm;
+    private final JAASJettyRealm realm;
 
     public SecurityContextBeforeAfter(BeforeAfter next,
                                       int policyContextIDIndex,
@@ -71,7 +72,8 @@
                                       PermissionCollection checkedPermissions,
                                       PermissionCollection excludedPermissions,
                                       Map roleDesignates,
-                                      UserRealm realm, ClassLoader classLoader) {
+                                      JAASJettyRealm realm,
+                                      ClassLoader classLoader) {
         assert realm != null;
         assert authenticator != null;
 
@@ -109,7 +111,7 @@
     public void stop(JettyContainer jettyContainer) {
         Subject defaultSubject = this.defaultPrincipal.getSubject();
         ContextManager.unregisterSubject(defaultSubject);
-        jettyContainer.removeRealm(realm);
+        jettyContainer.removeRealm(realm.getSecurityRealmName());
     }
 
     public void before(Object[] context, HttpRequest httpRequest, HttpResponse httpResponse)
{
@@ -238,7 +240,7 @@
      *         security checking should not proceed and servlet handling should proceed,
      *         e.g. login page.
      */
-    private Principal obtainUser(String pathInContext, HttpRequest request, HttpResponse
response, WebResourcePermission resourcePermission, WebUserDataPermission dataPermission)
throws IOException, IOException {
+    private Principal obtainUser(String pathInContext, HttpRequest request, HttpResponse
response, WebResourcePermission resourcePermission, WebUserDataPermission dataPermission)
throws IOException {
         boolean unauthenticated = !(checked.implies(resourcePermission) || checked.implies(dataPermission));
         boolean forbidden = excludedPermissions.implies(resourcePermission) || excludedPermissions.implies(dataPermission);
 

Modified: geronimo/branches/1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?rev=397916&r1=397915&r2=397916&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
(original)
+++ geronimo/branches/1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
Fri Apr 28 08:12:20 2006
@@ -88,7 +88,6 @@
         JettyWebAppContext app = new JettyWebAppContext(null,
                 null,
                 null,
-                null,
                 Collections.EMPTY_MAP,
                 new OnlineUserTransaction(),
                 cl,
@@ -112,6 +111,7 @@
                 defaultPrincipal,
                 checkedPermissions,
                 excludedPermissions,
+                null,
                 transactionContextManager,
                 connectionTrackingCoordinator,
                 container,



Mime
View raw message