geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r407591 - in /geronimo/branches/1.1/modules: j2ee-builder/src/java/org/apache/geronimo/j2ee/deployment/ jetty/src/test/org/apache/geronimo/jetty/ security-builder/src/java/org/apache/geronimo/security/deployment/ security/src/java/org/apach...
Date Thu, 18 May 2006 16:47:06 GMT
Author: djencks
Date: Thu May 18 09:47:06 2006
New Revision: 407591

URL: http://svn.apache.org/viewvc?rev=407591&view=rev
Log:
GERONIMO-1563 make the jacc implementation pluggable 1st part backport from 1.2

Added:
    geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPrincipalRoleConfigurationManager.java
      - copied unchanged from r374193, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPrincipalRoleConfigurationManager.java
    geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/jacc/PrincipalRoleMapper.java
      - copied unchanged from r374193, geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/PrincipalRoleMapper.java
Modified:
    geronimo/branches/1.1/modules/j2ee-builder/src/java/org/apache/geronimo/j2ee/deployment/EARConfigBuilder.java
    geronimo/branches/1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
    geronimo/branches/1.1/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java
    geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java
    geronimo/branches/1.1/modules/service-builder/src/schema/geronimo-module-1.1.xsd
    geronimo/branches/1.1/modules/tomcat-builder/src/test/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java
    geronimo/branches/1.1/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java

Modified: geronimo/branches/1.1/modules/j2ee-builder/src/java/org/apache/geronimo/j2ee/deployment/EARConfigBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/modules/j2ee-builder/src/java/org/apache/geronimo/j2ee/deployment/EARConfigBuilder.java?rev=407591&r1=407590&r2=407591&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/j2ee-builder/src/java/org/apache/geronimo/j2ee/deployment/EARConfigBuilder.java
(original)
+++ geronimo/branches/1.1/modules/j2ee-builder/src/java/org/apache/geronimo/j2ee/deployment/EARConfigBuilder.java
Thu May 18 09:47:06 2006
@@ -59,6 +59,8 @@
 import org.apache.geronimo.gbean.SingleElementCollection;
 import org.apache.geronimo.j2ee.ApplicationInfo;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContext;
+import org.apache.geronimo.j2ee.j2eeobjectnames.J2eeContextImpl;
 import org.apache.geronimo.j2ee.management.impl.J2EEApplicationImpl;
 import org.apache.geronimo.kernel.GBeanAlreadyExistsException;
 import org.apache.geronimo.kernel.Kernel;
@@ -88,13 +90,13 @@
 import org.apache.xmlbeans.XmlObject;
 
 /**
- * @version $Rev:385232 $ $Date$
+ * @version $Rev$ $Date$
  */
 public class EARConfigBuilder implements ConfigurationBuilder {
 
-    private static final Log log = LogFactory.getLog(EARConfigBuilder.class);    
+    private static final Log log = LogFactory.getLog(EARConfigBuilder.class);
     private static final String LINE_SEP = System.getProperty("line.separator");
-    
+
     private final static QName APPLICATION_QNAME = GerApplicationDocument.type.getDocumentElementName();
 
     private final ConfigurationManager configurationManager;
@@ -543,7 +545,10 @@
 
             //add the JACC gbean if there is a principal-role mapping
             if (earContext.getSecurityConfiguration() != null) {
+                GBeanData roleMapperData = SecurityBuilder.configureRoleMapper(naming, earContext.getModuleName(),
earContext.getSecurityConfiguration());
+                earContext.addGBean(roleMapperData);
                 GBeanData jaccBeanData = SecurityBuilder.configureApplicationPolicyManager(naming,
earContext.getModuleName(), earContext.getContextIDToPermissionsMap(), earContext.getSecurityConfiguration());
+                jaccBeanData.setReferencePattern("PrincipalRoleMapper", roleMapperData.getAbstractName());
                 earContext.addGBean(jaccBeanData);
                 earContext.setJaccManagerName(jaccBeanData.getAbstractName());
             }

Modified: geronimo/branches/1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?rev=407591&r1=407590&r2=407591&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
(original)
+++ geronimo/branches/1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
Thu May 18 09:47:06 2006
@@ -29,6 +29,8 @@
 import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.geronimo.security.jacc.RoleDesignateSource;
+import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
+import org.apache.geronimo.security.jacc.PrincipalRoleMapper;
 import org.apache.geronimo.security.realm.GenericSecurityRealm;
 import org.apache.geronimo.system.serverinfo.BasicServerInfo;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
@@ -126,9 +128,10 @@
 
     protected JettyWebAppContext setUpSecureAppContext(Map roleDesignates, Map principalRoleMap,
ComponentPermissions componentPermissions, DefaultPrincipal defaultPrincipal, PermissionCollection
checked, Set securityRoles) throws Exception {
         String policyContextId = "TEST";
+        PrincipalRoleMapper roleMapper = new ApplicationPrincipalRoleConfigurationManager(principalRoleMap);
         Map contextIDToPermissionsMap = new HashMap();
         contextIDToPermissionsMap.put(policyContextId, componentPermissions);
-        ApplicationPolicyConfigurationManager jacc = new ApplicationPolicyConfigurationManager(contextIDToPermissionsMap,
principalRoleMap, roleDesignates, cl);
+        ApplicationPolicyConfigurationManager jacc = new ApplicationPolicyConfigurationManager(contextIDToPermissionsMap,
roleDesignates, cl, roleMapper);
         jacc.doStart();
 
         FormAuthenticator formAuthenticator = new FormAuthenticator();

Modified: geronimo/branches/1.1/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java?rev=407591&r1=407590&r2=407591&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java
(original)
+++ geronimo/branches/1.1/modules/security-builder/src/java/org/apache/geronimo/security/deployment/SecurityBuilder.java
Thu May 18 09:47:06 2006
@@ -21,11 +21,14 @@
 import java.util.Iterator;
 import java.util.Map;
 import java.util.Set;
+
 import javax.security.auth.Subject;
 import javax.security.auth.x500.X500Principal;
 
-import org.apache.geronimo.gbean.GBeanData;
 import org.apache.geronimo.gbean.AbstractName;
+import org.apache.geronimo.gbean.GBeanData;
+import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.kernel.Naming;
 import org.apache.geronimo.security.deploy.DefaultPrincipal;
 import org.apache.geronimo.security.deploy.DistinguishedName;
 import org.apache.geronimo.security.deploy.LoginDomainPrincipalInfo;
@@ -35,6 +38,7 @@
 import org.apache.geronimo.security.deploy.Security;
 import org.apache.geronimo.security.jaas.NamedUsernamePasswordCredential;
 import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
+import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
 import org.apache.geronimo.security.util.ConfigurationUtil;
 import org.apache.geronimo.xbeans.geronimo.security.GerDefaultPrincipalType;
 import org.apache.geronimo.xbeans.geronimo.security.GerDistinguishedNameType;
@@ -45,8 +49,6 @@
 import org.apache.geronimo.xbeans.geronimo.security.GerRoleMappingsType;
 import org.apache.geronimo.xbeans.geronimo.security.GerRoleType;
 import org.apache.geronimo.xbeans.geronimo.security.GerSecurityType;
-import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
-import org.apache.geronimo.kernel.Naming;
 
 
 /**
@@ -227,13 +229,21 @@
         return new PrincipalInfo(principalType.getClass1().trim(), principalType.getName().trim(),
principalType.isSetDesignatedRunAs());
     }
 
+    public static GBeanData configureRoleMapper(Naming naming, AbstractName moduleName, SecurityConfiguration
securityConfiguration) {
+        AbstractName roleMapperName = naming.createChildName(moduleName, "RoleMapper", "RoleMapper");
+        GBeanData roleMapperData = new GBeanData(roleMapperName, ApplicationPrincipalRoleConfigurationManager.GBEAN_INFO);
+        roleMapperData.setAttribute("principalRoleMap", securityConfiguration.getPrincipalRoleMap());
+        return roleMapperData;
+    }
+
     public static GBeanData configureApplicationPolicyManager(Naming naming, AbstractName
moduleName, Map contextIDToPermissionsMap, SecurityConfiguration securityConfiguration) {
         AbstractName jaccBeanName = naming.createChildName(moduleName, NameFactory.JACC_MANAGER,
NameFactory.JACC_MANAGER);
         GBeanData jaccBeanData = new GBeanData(jaccBeanName, ApplicationPolicyConfigurationManager.GBEAN_INFO);
         jaccBeanData.setAttribute("contextIdToPermissionsMap", contextIDToPermissionsMap);
-        jaccBeanData.setAttribute("principalRoleMap", securityConfiguration.getPrincipalRoleMap());
         jaccBeanData.setAttribute("roleDesignates", securityConfiguration.getRoleDesignates());
+//        jaccBeanData.setReferencePattern("PrincipalRoleMapper", roleMapperName);
         return jaccBeanData;
+
     }
 
 }

Modified: geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java?rev=407591&r1=407590&r2=407591&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java
(original)
+++ geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java
Thu May 18 09:47:06 2006
@@ -43,8 +43,10 @@
 
     private final Map contextIdToPolicyConfigurationMap = new HashMap();
     private final Map roleDesignates;
+    private final PrincipalRoleMapper principalRoleMapper;
 
-    public ApplicationPolicyConfigurationManager(Map contextIdToPermissionsMap, Map principalRoleMap,
Map roleDesignates, ClassLoader cl) throws PolicyContextException, ClassNotFoundException
{
+    public ApplicationPolicyConfigurationManager(Map contextIdToPermissionsMap, Map roleDesignates,
ClassLoader cl, PrincipalRoleMapper principalRoleMapper) throws PolicyContextException, ClassNotFoundException
{
+        this.principalRoleMapper = principalRoleMapper;
         Thread currentThread = Thread.currentThread();
         ClassLoader oldClassLoader = currentThread.getContextClassLoader();
         currentThread.setContextClassLoader(cl);
@@ -61,9 +63,6 @@
             ComponentPermissions componentPermissions = (ComponentPermissions) entry.getValue();
 
             PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration(contextID,
false);
-//            if (policyConfiguration != policyConfigurationFactory.getPolicyConfiguration(contextID,
false)) {
-//                throw new IllegalStateException("JACC implementation is invalid: returns
different instances of PolicyConfiguration for the same contextID");
-//            }
             contextIdToPolicyConfigurationMap.put(contextID, policyConfiguration);
             policyConfiguration.addToExcludedPolicy(componentPermissions.getExcludedPermissions());
             policyConfiguration.addToUncheckedPolicy(componentPermissions.getUncheckedPermissions());
@@ -77,15 +76,10 @@
 
                 }
             }
+        }
 
-            GeronimoPolicyConfigurationFactory roleMapperFactory = GeronimoPolicyConfigurationFactory.getSingleton();
-            if (roleMapperFactory == null) {
-                throw new IllegalStateException("Inconsistent security setup.  GeronimoPolicyConfigurationFactory
is not being used");
-            }
-
-            GeronimoPolicyConfiguration geronimoPolicyConfiguration = roleMapperFactory.getGeronimoPolicyConfiguration(contextID);
-            geronimoPolicyConfiguration.setPrincipalRoleMapping(principalRoleMap);
-
+        if (principalRoleMapper != null) {
+            principalRoleMapper.install(contextIdToPermissionsMap.keySet());
         }
 
         //link everything together
@@ -130,6 +124,10 @@
              ContextManager.unregisterSubject(roleDesignate);
          }
 
+        if (principalRoleMapper != null) {
+            principalRoleMapper.uninstall();
+        }
+
         for (Iterator iterator = contextIdToPolicyConfigurationMap.values().iterator(); iterator.hasNext();)
{
             PolicyConfiguration policyConfiguration = (PolicyConfiguration) iterator.next();
             policyConfiguration.delete();
@@ -149,11 +147,11 @@
     static {
         GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic(ApplicationPolicyConfigurationManager.class,
NameFactory.JACC_MANAGER);
         infoBuilder.addAttribute("contextIdToPermissionsMap", Map.class, true);
-        infoBuilder.addAttribute("principalRoleMap", Map.class, true);
         infoBuilder.addAttribute("roleDesignates", Map.class, true);
         infoBuilder.addAttribute("classLoader", ClassLoader.class, false);
         infoBuilder.addInterface(RoleDesignateSource.class);
-        infoBuilder.setConstructor(new String[] {"contextIdToPermissionsMap", "principalRoleMap",
"roleDesignates", "classLoader"});
+        infoBuilder.addReference("PrincipalRoleMapper", PrincipalRoleMapper.class, NameFactory.JACC_MANAGER);
+        infoBuilder.setConstructor(new String[] {"contextIdToPermissionsMap", "roleDesignates",
"classLoader", "PrincipalRoleMapper"});
         GBEAN_INFO = infoBuilder.getBeanInfo();
     }
 

Modified: geronimo/branches/1.1/modules/service-builder/src/schema/geronimo-module-1.1.xsd
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/modules/service-builder/src/schema/geronimo-module-1.1.xsd?rev=407591&r1=407590&r2=407591&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/service-builder/src/schema/geronimo-module-1.1.xsd (original)
+++ geronimo/branches/1.1/modules/service-builder/src/schema/geronimo-module-1.1.xsd Thu May
18 09:47:06 2006
@@ -156,7 +156,7 @@
 
     <xs:complexType name="dependenciesType">
         <xs:sequence>
-            <xs:element name="dependency" type="sys:artifactType" minOccurs="0" maxOccurs="unbounded">
+            <xs:element name="dependency" type="sys:dependencyType" minOccurs="0" maxOccurs="unbounded">
                 <xs:annotation>
                     <xs:documentation>
                         "dependency" holds an artifact locating an artifact in a repository.
@@ -234,9 +234,25 @@
                 <xs:element name="artifactId" type="xs:string"/>
                 <xs:element name="version" type="xs:string" minOccurs="0"/>
                 <xs:element name="type" type="xs:string" minOccurs="0"/>
-                <xs:element name="import" type="sys:importType" minOccurs="0"/>
+                <!--<xs:element name="import" type="sys:importType" minOccurs="0"/>-->
 
             </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="dependencyType">
+        <xs:complexContent>
+            <xs:extension base="sys:artifactType">
+                <xs:sequence>
+                    <!-- TODO not sure if groupId can in fact be optional -->
+                    <xs:element name="groupId" type="xs:string" minOccurs="0"/>
+                    <xs:element name="artifactId" type="xs:string"/>
+                    <xs:element name="version" type="xs:string" minOccurs="0"/>
+                    <xs:element name="type" type="xs:string" minOccurs="0"/>
+                    <xs:element name="import" type="sys:importType" minOccurs="0"/>
+                </xs:sequence>
+
+            </xs:extension>
+        </xs:complexContent>
     </xs:complexType>
 
     <xs:simpleType name="importType">

Modified: geronimo/branches/1.1/modules/tomcat-builder/src/test/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/modules/tomcat-builder/src/test/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java?rev=407591&r1=407590&r2=407591&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/tomcat-builder/src/test/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java
(original)
+++ geronimo/branches/1.1/modules/tomcat-builder/src/test/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java
Thu May 18 09:47:06 2006
@@ -161,7 +161,7 @@
         Map contextIDToPermissionsMap = new HashMap();
         contextIDToPermissionsMap.put("test_J2EEApplication=null_J2EEServer=bar_j2eeType=WebModule_name=org/apache/geronimo/test",
componentPermissions);
         jaccBeanData.setAttribute("contextIdToPermissionsMap", contextIDToPermissionsMap);
-        jaccBeanData.setAttribute("principalRoleMap", new HashMap());
+//        jaccBeanData.setAttribute("principalRoleMap", new HashMap());
         jaccBeanData.setAttribute("roleDesignates", new HashMap());
         earContext.addGBean(jaccBeanData);
         earContext.setJaccManagerName(jaccBeanName);

Modified: geronimo/branches/1.1/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java?rev=407591&r1=407590&r2=407591&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
(original)
+++ geronimo/branches/1.1/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
Thu May 18 09:47:06 2006
@@ -35,6 +35,8 @@
 import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.geronimo.security.jacc.RoleDesignateSource;
+import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
+import org.apache.geronimo.security.jacc.PrincipalRoleMapper;
 import org.apache.geronimo.security.realm.GenericSecurityRealm;
 import org.apache.geronimo.system.serverinfo.BasicServerInfo;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
@@ -91,9 +93,10 @@
     }
 
     protected TomcatWebAppContext setUpSecureAppContext(Map roleDesignates, Map principalRoleMap,
ComponentPermissions componentPermissions, RealmGBean realm, SecurityHolder securityHolder)
throws Exception {
+        PrincipalRoleMapper roleMapper = new ApplicationPrincipalRoleConfigurationManager(principalRoleMap);
         Map contextIDToPermissionsMap = new HashMap();
         contextIDToPermissionsMap.put(POLICY_CONTEXT_ID, componentPermissions);
-        ApplicationPolicyConfigurationManager jacc = new ApplicationPolicyConfigurationManager(contextIDToPermissionsMap,
principalRoleMap, roleDesignates, cl);
+        ApplicationPolicyConfigurationManager jacc = new ApplicationPolicyConfigurationManager(contextIDToPermissionsMap,
roleDesignates, cl, roleMapper);
         jacc.doStart();
 
         URL configurationBaseURL = new File("target/var/catalina/webapps/war3/WEB-INF/web.xml").toURL();



Mime
View raw message