geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r431706 - in /geronimo/trunk/modules: client/src/java/org/apache/geronimo/client/ connector/src/test/org/apache/geronimo/connector/outbound/ jetty-builder/src/java/org/apache/geronimo/jetty/deployment/ jetty/src/java/org/apache/geronimo/jet...
Date Tue, 15 Aug 2006 21:19:29 GMT
Author: djencks
Date: Tue Aug 15 14:19:27 2006
New Revision: 431706

URL: http://svn.apache.org/viewvc?rev=431706&view=rev
Log:
GERONIMO-2313 Track the caller and run-as identities in one place so they both always get set

Added:
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/Callers.java   (with props)
Modified:
    geronimo/trunk/modules/client/src/java/org/apache/geronimo/client/AppClientContainer.java
    geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/ConnectionManagerTestUtils.java
    geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/SubjectInterceptorTest.java
    geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyDefaultServletHolder.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServletHolder.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebApplicationHandler.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
    geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
    geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ApplicationTest.java
    geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ContainerTest.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java
    geronimo/trunk/modules/tomcat-builder/pom.xml
    geronimo/trunk/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java
    geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
    geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java
    geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
    geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
    geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/DefaultSubjectValve.java
    geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
    geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java

Modified: geronimo/trunk/modules/client/src/java/org/apache/geronimo/client/AppClientContainer.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/client/src/java/org/apache/geronimo/client/AppClientContainer.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/client/src/java/org/apache/geronimo/client/AppClientContainer.java (original)
+++ geronimo/trunk/modules/client/src/java/org/apache/geronimo/client/AppClientContainer.java Tue Aug 15 14:19:27 2006
@@ -32,6 +32,7 @@
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.kernel.Kernel;
 import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.Callers;
 import org.apache.geronimo.security.deploy.DefaultPrincipal;
 import org.apache.geronimo.security.util.ConfigurationUtil;
 
@@ -107,7 +108,7 @@
         Thread thread = Thread.currentThread();
 
         ClassLoader oldClassLoader = thread.getContextClassLoader();
-        Subject oldCurrentCaller = ContextManager.getCurrentCaller();
+        Callers oldCallers = ContextManager.getCallers();
         Subject clientSubject = defaultSubject;
         LoginContext loginContext = null;
         try {
@@ -130,7 +131,7 @@
                 }
                 clientSubject = loginContext.getSubject();
             }
-            ContextManager.setCurrentCaller(clientSubject);
+            ContextManager.setCallers(clientSubject, clientSubject);
             jndiContext.startClient(appClientModuleName, kernel, classLoader);
             if (clientSubject == null) {
                 mainMethod.invoke(null, new Object[]{args});
@@ -163,7 +164,7 @@
             jndiContext.stopClient(appClientModuleName);
 
             thread.setContextClassLoader(oldClassLoader);
-            ContextManager.setCurrentCaller(oldCurrentCaller);
+            ContextManager.popCallers(oldCallers);
         }
     }
 

Modified: geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/ConnectionManagerTestUtils.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/ConnectionManagerTestUtils.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/ConnectionManagerTestUtils.java (original)
+++ geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/ConnectionManagerTestUtils.java Tue Aug 15 14:19:27 2006
@@ -98,7 +98,7 @@
         
         mockManagedConnectionFactory = new MockManagedConnectionFactory();
         subject = new Subject();
-        ContextManager.setCurrentCaller(subject);
+        ContextManager.setCallers(subject, subject);
         connectionManagerDeployment = new GenericConnectionManager(
                 transactionSupport,
                 poolingSupport,

Modified: geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/SubjectInterceptorTest.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/SubjectInterceptorTest.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/SubjectInterceptorTest.java (original)
+++ geronimo/trunk/modules/connector/src/test/org/apache/geronimo/connector/outbound/SubjectInterceptorTest.java Tue Aug 15 14:19:27 2006
@@ -44,7 +44,7 @@
 
     public void testGetConnection() throws Exception {
         subject = new Subject();
-        ContextManager.setCurrentCaller(subject);
+        ContextManager.setCallers(subject, subject);
         ConnectionInfo connectionInfo = makeConnectionInfo();
         ManagedConnectionInfo managedConnectionInfo = connectionInfo.getManagedConnectionInfo();
         subjectInterceptor.getConnection(connectionInfo);
@@ -73,14 +73,14 @@
 
     public void testEnterWithChangedSubject() throws Exception {
         makeSubject("foo");
-        ContextManager.setCurrentCaller(subject);
+        ContextManager.setCallers(subject, subject);
         ConnectionInfo connectionInfo = makeConnectionInfo();
         managedConnection = new TestPlainManagedConnection();
         subjectInterceptor.getConnection(connectionInfo);
         //reset our test indicator
         obtainedConnectionInfo = null;
         makeSubject("bar");
-        ContextManager.setCurrentCaller(subject);
+        ContextManager.setCallers(subject, subject);
         subjectInterceptor.getConnection(connectionInfo);
         //expect re-association
         assertTrue("Expected connection asked for", obtainedConnectionInfo != null);
@@ -103,7 +103,7 @@
 
     public void testUnshareablePreventsReAssociation() throws Exception {
         makeSubject("foo");
-        ContextManager.setCurrentCaller(subject);
+        ContextManager.setCallers(subject, subject);
         ConnectionInfo connectionInfo = makeConnectionInfo();
         connectionInfo.setUnshareable(true);
         managedConnection = new TestPlainManagedConnection();
@@ -111,7 +111,7 @@
         //reset our test indicator
         obtainedConnectionInfo = null;
         makeSubject("bar");
-        ContextManager.setCurrentCaller(subject);
+        ContextManager.setCallers(subject, subject);
         try {
             subjectInterceptor.getConnection(connectionInfo);
             fail("Reassociating should fail on an unshareable connection");

Modified: geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java (original)
+++ geronimo/trunk/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java Tue Aug 15 14:19:27 2006
@@ -728,8 +728,6 @@
                 earContext.addSecurityContext(policyContextID, componentPermissions);
                 DefaultPrincipal defaultPrincipal = earContext.getSecurityConfiguration().getDefaultPrincipal();
                 webModuleData.setAttribute("defaultPrincipal", defaultPrincipal);
-
-                webModuleData.setReferencePattern("RoleDesignateSource", earContext.getJaccManagerName());
             }
             if (!module.isStandAlone()) {
                 ConfigurationData moduleConfigurationData = moduleContext.getConfigurationData();

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java Tue Aug 15 14:19:27 2006
@@ -93,7 +93,8 @@
                 callbackHandler.clear();
 
                 Subject subject = ContextManager.getServerSideSubject(loginContext.getSubject());
-                ContextManager.setCurrentCaller(subject);
+                //TODO use the run-as subject as nextCaller
+                ContextManager.setCallers(subject, subject);
 
                 //login success
                 userPrincipal = new JAASJettyPrincipal(username);
@@ -124,7 +125,8 @@
     public boolean reauthenticate(Principal user) {
         // TODO This is not correct if auth can expire! We need to
 
-        ContextManager.setCurrentCaller(((JAASJettyPrincipal) user).getSubject());
+        Subject subject = ((JAASJettyPrincipal) user).getSubject();
+        ContextManager.setCallers(subject, subject);
 
         // get the user out of the cache
         return (userMap.get(user.getName()) != null);
@@ -154,13 +156,11 @@
     }
 
     public Principal pushRole(Principal user, String role) {
-        ((JAASJettyPrincipal) user).push(ContextManager.getCurrentCaller());
-        ContextManager.setCurrentCaller(SecurityContextBeforeAfter.getCurrentRoleDesignate(role));
+        //handled by JettyServletHolder and its runAsSubject
         return user;
     }
 
     public Principal popRole(Principal user) {
-        ContextManager.setCurrentCaller(((JAASJettyPrincipal) user).pop());
         return user;
     }
 

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java Tue Aug 15 14:19:27 2006
@@ -27,7 +27,6 @@
 public class JAASJettyPrincipal implements Principal {
     private final String name;
     private Subject subject;
-    private final Stack stack = new Stack();
 
     public JAASJettyPrincipal(String name) {
         this.name = name;
@@ -44,12 +43,5 @@
     public void setSubject(Subject subject) {
         this.subject = subject;
     }
-
-    void push(Subject roleDesignate) {
-        stack.push(roleDesignate);
-    }
-
-    Subject pop() {
-        return (Subject) stack.pop();
-    }
+    
 }

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java Tue Aug 15 14:19:27 2006
@@ -185,7 +185,7 @@
         addContext(webServiceContext);
         webServiceContext.start();
         webServices.put(contextPath, webServiceContext);
-    }
+     }
 
     public void removeWebService(String contextPath) {
         JettyEJBWebServiceContext webServiceContext = (JettyEJBWebServiceContext) webServices.remove(contextPath);

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyDefaultServletHolder.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyDefaultServletHolder.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyDefaultServletHolder.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyDefaultServletHolder.java Tue Aug 15 14:19:27 2006
@@ -20,6 +20,8 @@
 import java.util.Map;
 import java.util.Set;
 
+import javax.security.auth.Subject;
+
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
@@ -33,8 +35,8 @@
     public JettyDefaultServletHolder() {
     }
 
-    public JettyDefaultServletHolder(String objectName, String servletName, String servletClassName, String jspFile, Map initParams, Integer loadOnStartup, Set servletMappings, Map webRoleRefPermissions, String runAsRole, ServletHolder previous, JettyServletRegistration context) throws Exception {
-        super(objectName, servletName, servletClassName, jspFile, initParams, loadOnStartup, servletMappings, webRoleRefPermissions, runAsRole, previous, context);
+    public JettyDefaultServletHolder(String objectName, String servletName, String servletClassName, String jspFile, Map initParams, Integer loadOnStartup, Set servletMappings, Subject runAsSubject, ServletHolder previous, JettyServletRegistration context) throws Exception {
+        super(objectName, servletName, servletClassName, jspFile, initParams, loadOnStartup, servletMappings, runAsSubject, previous, context);
     }
 
     public static final GBeanInfo GBEAN_INFO;

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java Tue Aug 15 14:19:27 2006
@@ -24,8 +24,6 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.security.auth.Subject;
-
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.webservices.WebServiceContainer;
 import org.mortbay.http.Authenticator;
@@ -154,7 +152,7 @@
             ClassLoader oldClassLoader = currentThread.getContextClassLoader();
             currentThread.setContextClassLoader(classLoader);
             //hard to imagine this could be anything but null, but....
-            Subject oldSubject = ContextManager.getCurrentCaller();
+//            Subject oldSubject = ContextManager.getCurrentCaller();
             try {
                 if (authenticator != null) {
                     String pathInContext = org.mortbay.util.URI.canonicalPath(req.getPath());
@@ -165,7 +163,7 @@
                     //EJB will figure out correct defaultSubject shortly
                     //TODO consider replacing the GenericEJBContainer.DefaultSubjectInterceptor with this line
                     //setting the defaultSubject.
-                    ContextManager.setCurrentCaller(null);
+                    ContextManager.popCallers(null);
                 }
                 try {
                     webServiceContainer.invoke(request, response);
@@ -176,7 +174,7 @@
                     throw (HttpException) new HttpException(500, "Could not process message!").initCause(e);
                 }
             } finally {
-                ContextManager.setCurrentCaller(oldSubject);
+//                ContextManager.setCurrentCaller(oldSubject);
                 currentThread.setContextClassLoader(oldClassLoader);
             }
         }

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServletHolder.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServletHolder.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServletHolder.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServletHolder.java Tue Aug 15 14:19:27 2006
@@ -19,15 +19,19 @@
 import java.io.IOException;
 import java.util.Map;
 import java.util.Set;
+
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.UnavailableException;
+import javax.security.auth.Subject;
 
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.management.Servlet;
+import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.Callers;
 
 import org.mortbay.jetty.servlet.ServletHolder;
 
@@ -36,33 +40,34 @@
  * This ServletHolder's sole purpose is to provide the thread's current
  * ServletHolder for realms that are interested in the current servlet, e.g.
  * current servlet name.
- *
+ * <p/>
  * It is also being our servlet gbean for now.  We could gbean-ize the superclass to avoid the thread local access.
  *
  * @version $Rev$ $Date$
- * @see org.apache.geronimo.jetty.JAASJettyRealm#isUserInRole(java.security.Principal, java.lang.String)
+ * @see JAASJettyRealm#isUserInRole(java.security.Principal, String)
  */
 public class JettyServletHolder extends ServletHolder implements Servlet {
     private static final ThreadLocal currentServletName = new ThreadLocal();
+    private final Subject runAsSubject;
     private final String objectName;
 
     //todo consider interface instead of this constructor for endpoint use.
     public JettyServletHolder() {
         this.objectName = null;
+        this.runAsSubject = null;
     }
 
     public JettyServletHolder(String objectName,
-                              String servletName,
-                              String servletClassName,
-                              String jspFile,
-                              Map initParams,
-                              Integer loadOnStartup,
-                              Set servletMappings,
-                              Map webRoleRefPermissions,
-                              String runAsRole,
-                              ServletHolder previous,  //dependency for startup ordering
-                              JettyServletRegistration context) throws Exception {
-        super(context == null? null: context.getServletHandler(), servletName, servletClassName, jspFile);
+            String servletName,
+            String servletClassName,
+            String jspFile,
+            Map initParams,
+            Integer loadOnStartup,
+            Set servletMappings,
+            Subject runAsSubject,
+            ServletHolder previous,  //dependency for startup ordering
+            JettyServletRegistration context) throws Exception {
+        super(context == null ? null : context.getServletHandler(), servletName, servletClassName, jspFile);
         //context will be null only for use as "default servlet info holder" in deployer.
 
         if (context != null) {
@@ -74,7 +79,7 @@
             //this now starts the servlet in the appropriate context
             context.registerServletHolder(this, servletName, servletMappings, objectName);
         }
-        setRunAs(runAsRole);
+        this.runAsSubject = runAsSubject;
         this.objectName = objectName;
     }
 
@@ -85,6 +90,8 @@
         return getName();
     }
 
+    //TODO probably need to override init and destroy (?) to handle runAsSubject since we are not setting it in the superclass any more.
+
     /**
      * Service a request with this servlet.  Set the ThreadLocal to hold the
      * current JettyServletHolder.
@@ -93,8 +100,16 @@
             throws ServletException, UnavailableException, IOException {
 
         setCurrentServletName(getServletName());
-
-        super.handle(request, response);
+        if (runAsSubject == null) {
+            super.handle(request, response);
+        } else {
+            Callers oldCallers = ContextManager.pushNextCaller(runAsSubject);
+            try {
+                super.handle(request, response);
+            } finally {
+                ContextManager.popCallers(oldCallers);
+            }
+        }
     }
 
     /**
@@ -140,25 +155,23 @@
         infoBuilder.addAttribute("initParams", Map.class, true);
         infoBuilder.addAttribute("loadOnStartup", Integer.class, true);
         infoBuilder.addAttribute("servletMappings", Set.class, true);
-        infoBuilder.addAttribute("webRoleRefPermissions", Map.class, true);
-        infoBuilder.addAttribute("runAsRole", String.class, true);
+        infoBuilder.addAttribute("runAsSubject", Subject.class, true);
         infoBuilder.addAttribute("objectName", String.class, false);
         infoBuilder.addInterface(Servlet.class);
 
         infoBuilder.addReference("Previous", ServletHolder.class, NameFactory.SERVLET);
         infoBuilder.addReference("JettyServletRegistration", JettyServletRegistration.class, NameFactory.WEB_MODULE);
 
-        infoBuilder.setConstructor(new String[] {"objectName",
-                                                 "servletName",
-                                                 "servletClass",
-                                                 "jspFile",
-                                                 "initParams",
-                                                 "loadOnStartup",
-                                                 "servletMappings",
-                                                 "webRoleRefPermissions",
-                                                 "runAsRole",
-                                                 "Previous",
-                                                 "JettyServletRegistration"});
+        infoBuilder.setConstructor(new String[]{"objectName",
+                "servletName",
+                "servletClass",
+                "jspFile",
+                "initParams",
+                "loadOnStartup",
+                "servletMappings",
+                "runAsSubject",
+                "Previous",
+                "JettyServletRegistration"});
 
         GBEAN_INFO = infoBuilder.getBeanInfo();
     }

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java Tue Aug 15 14:19:27 2006
@@ -197,7 +197,6 @@
             TransactionManager transactionManager,
             TrackedConnectionAssociator trackedConnectionAssociator,
             JettyContainer jettyContainer,
-            RoleDesignateSource roleDesignateSource,
             J2EEServer server,
             J2EEApplication application,
             Kernel kernel) throws Exception, IllegalAccessException, InstantiationException, ClassNotFoundException {
@@ -262,15 +261,11 @@
 //JACC
 
         if (securityRealmName != null) {
-            if (roleDesignateSource == null) {
-                throw new IllegalArgumentException("RoleDesignateSource must be supplied for a secure web app");
-            }
-            Map roleDesignates = roleDesignateSource.getRoleDesignateMap();
             InternalJAASJettyRealm internalJAASJettyRealm = jettyContainer.addRealm(securityRealmName);
             //wrap jetty realm with something that knows the dumb realmName
             JAASJettyRealm realm = new JAASJettyRealm(realmName, internalJAASJettyRealm);
             setRealm(realm);
-            this.securityInterceptor = new SecurityContextBeforeAfter(interceptor, index++, index++, policyContextID, defaultPrincipal, authenticator, checkedPermissions, excludedPermissions, roleDesignates, realm, classLoader);
+            this.securityInterceptor = new SecurityContextBeforeAfter(interceptor, index++, index++, policyContextID, defaultPrincipal, authenticator, checkedPermissions, excludedPermissions, realm, classLoader);
             interceptor = this.securityInterceptor;
         } else {
             securityInterceptor = null;
@@ -629,7 +624,6 @@
         infoBuilder.addReference("TransactionManager", TransactionManager.class, NameFactory.TRANSACTION_MANAGER);
         infoBuilder.addReference("TrackedConnectionAssociator", TrackedConnectionAssociator.class, NameFactory.JCA_CONNECTION_TRACKER);
         infoBuilder.addReference("JettyContainer", JettyContainer.class, NameFactory.GERONIMO_SERVICE);
-        infoBuilder.addReference("RoleDesignateSource", RoleDesignateSource.class, NameFactory.JACC_MANAGER);
 
         infoBuilder.addInterface(JettyServletRegistration.class);
 
@@ -686,7 +680,6 @@
                 "TransactionManager",
                 "TrackedConnectionAssociator",
                 "JettyContainer",
-                "RoleDesignateSource",
 
                 "J2EEServer",
                 "J2EEApplication",

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebApplicationHandler.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebApplicationHandler.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebApplicationHandler.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebApplicationHandler.java Tue Aug 15 14:19:27 2006
@@ -28,6 +28,7 @@
 import org.mortbay.jetty.servlet.WebApplicationHandler;
 import org.mortbay.jetty.servlet.ServletHolder;
 import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.Callers;
 
 /**
  * @version $Rev$ $Date$
@@ -53,11 +54,11 @@
                             int type)
         throws ServletException, UnavailableException, IOException
     {
-        Subject currentCaller = ContextManager.getCurrentCaller();
+        Callers oldCallers = ContextManager.getCallers();
         try {
             super.dispatch(pathInContext, request, response, servletHolder, type);
         } finally {
-            ContextManager.setCurrentCaller(currentCaller);
+            ContextManager.popCallers(oldCallers);
         }
 
     }

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java Tue Aug 15 14:19:27 2006
@@ -16,31 +16,35 @@
  */
 package org.apache.geronimo.jetty.interceptor;
 
+import java.io.IOException;
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
+import java.security.PermissionCollection;
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.WebUserDataPermission;
+
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.jetty.JAASJettyPrincipal;
-import org.apache.geronimo.jetty.JettyContainer;
 import org.apache.geronimo.jetty.JAASJettyRealm;
+import org.apache.geronimo.jetty.JettyContainer;
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.security.IdentificationPrincipal;
 import org.apache.geronimo.security.SubjectId;
 import org.apache.geronimo.security.deploy.DefaultPrincipal;
 import org.apache.geronimo.security.util.ConfigurationUtil;
-import org.mortbay.http.*;
+import org.mortbay.http.Authenticator;
+import org.mortbay.http.HttpException;
+import org.mortbay.http.HttpRequest;
+import org.mortbay.http.HttpResponse;
+import org.mortbay.http.SecurityConstraint;
 import org.mortbay.jetty.servlet.FormAuthenticator;
 import org.mortbay.jetty.servlet.ServletHttpRequest;
 
-import javax.security.auth.Subject;
-import javax.security.jacc.PolicyContext;
-import javax.security.jacc.WebResourcePermission;
-import javax.security.jacc.WebUserDataPermission;
-import java.io.IOException;
-import java.security.AccessControlContext;
-import java.security.AccessControlException;
-import java.security.PermissionCollection;
-import java.security.Principal;
-import java.util.Map;
-
 
 /**
  * @version $Rev$ $Date$
@@ -52,7 +56,6 @@
     private final int webAppContextIndex;
     private final String policyContextID;
     private final static ThreadLocal currentWebAppContext = new ThreadLocal();
-    private final Map roleDesignates;
     private final JAASJettyPrincipal defaultPrincipal;
 
     private final String formLoginPath;
@@ -71,7 +74,6 @@
                                       Authenticator authenticator,
                                       PermissionCollection checkedPermissions,
                                       PermissionCollection excludedPermissions,
-                                      Map roleDesignates,
                                       JAASJettyRealm realm,
                                       ClassLoader classLoader) {
         assert realm != null;
@@ -83,7 +85,6 @@
         this.policyContextID = policyContextID;
 
         this.defaultPrincipal = generateDefaultPrincipal(defaultPrincipal, classLoader);
-        this.roleDesignates = roleDesignates;
         this.checked = checkedPermissions;
         this.excludedPermissions = excludedPermissions;
 
@@ -153,14 +154,6 @@
         return (SecurityContextBeforeAfter) currentWebAppContext.get();
     }
 
-    public static Subject getCurrentRoleDesignate(String role) {
-        return getCurrentSecurityInterceptor().getRoleDesignate(role);
-    }
-
-    private Subject getRoleDesignate(String roleName) {
-        return (Subject) roleDesignates.get(roleName);
-    }
-
     //security check methods, delegated from WebAppContext
 
     /**
@@ -269,7 +262,8 @@
         /**
          * No authentication is required.  Return the defaultPrincipal.
          */
-        ContextManager.setCurrentCaller(defaultPrincipal.getSubject());
+    //TODO use run-as as nextCaller if present
+        ContextManager.setCallers(defaultPrincipal.getSubject(), defaultPrincipal.getSubject());
         return defaultPrincipal;
     }
 

Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java (original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Tue Aug 15 14:19:27 2006
@@ -16,8 +16,18 @@
  */
 package org.apache.geronimo.jetty;
 
-import junit.framework.TestCase;
+import java.io.File;
+import java.net.URL;
+import java.security.PermissionCollection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
+import javax.transaction.TransactionManager;
 
+import junit.framework.TestCase;
 import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
 import org.apache.geronimo.connector.outbound.connectiontracking.GeronimoTransactionListener;
 import org.apache.geronimo.jetty.connector.HTTPConnector;
@@ -29,9 +39,8 @@
 import org.apache.geronimo.security.jaas.LoginModuleGBean;
 import org.apache.geronimo.security.jaas.server.JaasLoginService;
 import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
-import org.apache.geronimo.security.jacc.ComponentPermissions;
-import org.apache.geronimo.security.jacc.RoleDesignateSource;
 import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
+import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.geronimo.security.jacc.PrincipalRoleMapper;
 import org.apache.geronimo.security.realm.GenericSecurityRealm;
 import org.apache.geronimo.system.serverinfo.BasicServerInfo;
@@ -40,22 +49,12 @@
 import org.mortbay.http.Authenticator;
 import org.mortbay.jetty.servlet.FormAuthenticator;
 
-import java.io.File;
-import java.net.URL;
-import java.security.PermissionCollection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-import javax.transaction.TransactionManager;
-
 
 /**
  * @version $Rev$ $Date$
  */
 public class AbstractWebModuleTest extends TestCase {
-    private File basedir = new File(System.getProperty("basedir"));
+    private File basedir = new File(System.getProperty("basedir", "."));
     
     protected ClassLoader cl;
     protected final static String securityRealmName = "demo-properties-realm";
@@ -84,12 +83,11 @@
                 Collections.singleton("/"),
                 null,
                 null,
-                null,
                 webModule);
 
     }
 
-    protected JettyWebAppContext setUpAppContext(String realmName, String securityRealmName, Authenticator authenticator, String policyContextId, RoleDesignateSource roleDesignateSource, PermissionCollection excludedPermissions, DefaultPrincipal defaultPrincipal, PermissionCollection checkedPermissions, String uriString) throws Exception {
+    protected JettyWebAppContext setUpAppContext(String realmName, String securityRealmName, Authenticator authenticator, String policyContextId, PermissionCollection excludedPermissions, DefaultPrincipal defaultPrincipal, PermissionCollection checkedPermissions, String uriString) throws Exception {
 
         JettyWebAppContext app = new JettyWebAppContext(null,
                 null,
@@ -120,7 +118,6 @@
                 transactionManager,
                 connectionTrackingCoordinator,
                 container,
-                roleDesignateSource,
                 null,
                 null,
                 null);
@@ -144,7 +141,6 @@
                 "demo-properties-realm",
                 formAuthenticator,
                 policyContextId,
-                jacc,
                 componentPermissions.getExcludedPermissions(),
                 defaultPrincipal,
                 checked, "war3/");

Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ApplicationTest.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ApplicationTest.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ApplicationTest.java (original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ApplicationTest.java Tue Aug 15 14:19:27 2006
@@ -28,7 +28,7 @@
 public class ApplicationTest extends AbstractWebModuleTest {
 
     public void testApplication() throws Exception {
-        JettyWebAppContext app = setUpAppContext(null, null, null, null, null, null, null, null, "war1/");
+        JettyWebAppContext app = setUpAppContext(null, null, null, null, null, null, null, "war1/");
 
         setUpStaticContentServlet(app);
 

Modified: geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ContainerTest.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ContainerTest.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ContainerTest.java (original)
+++ geronimo/trunk/modules/jetty/src/test/org/apache/geronimo/jetty/ContainerTest.java Tue Aug 15 14:19:27 2006
@@ -17,22 +17,12 @@
 
 package org.apache.geronimo.jetty;
 
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.util.HashSet;
-import java.util.Set;
 import java.io.BufferedReader;
 import java.io.InputStreamReader;
-import javax.management.ObjectName;
+import java.net.HttpURLConnection;
+import java.net.URL;
 
-import junit.framework.TestCase;
-import org.apache.geronimo.gbean.GBeanData;
-import org.apache.geronimo.jetty.connector.HTTPConnector;
 import org.apache.geronimo.jetty.app.MockWebServiceContainer;
-import org.apache.geronimo.kernel.KernelFactory;
-import org.apache.geronimo.kernel.Kernel;
-import org.apache.geronimo.kernel.management.State;
-import org.apache.geronimo.webservices.WebServiceContainer;
 
 /**
  * @version $Rev$ $Date$

Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/Callers.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/Callers.java?rev=431706&view=auto
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/Callers.java (added)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/Callers.java Tue Aug 15 14:19:27 2006
@@ -0,0 +1,42 @@
+/**
+ *
+ * Copyright 2006 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.geronimo.security;
+
+import javax.security.auth.Subject;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class Callers {
+
+    private final Subject currentCaller;
+    private final Subject nextCaller;
+
+    public Callers(Subject currentCaller, Subject nextCaller) {
+        this.currentCaller = currentCaller;
+        this.nextCaller = nextCaller;
+    }
+
+    public Subject getCurrentCaller() {
+        return currentCaller;
+    }
+
+    public Subject getNextCaller() {
+        return nextCaller;
+    }
+}

Propchange: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/Callers.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/Callers.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/Callers.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/ContextManager.java Tue Aug 15 14:19:27 2006
@@ -43,8 +43,7 @@
  */
 public class ContextManager {
     private static ThreadLocal currentCallerId = new ThreadLocal();
-    private static ThreadLocal currentCaller = new ThreadLocal();
-    private static ThreadLocal nextCaller = new ThreadLocal();
+    private static final ThreadLocal callers = new ThreadLocal();
     private static Map subjectContexts = new IdentityHashMap();
     private static Map subjectIds = new Hashtable();
     private static long nextSubjectId = System.currentTimeMillis();
@@ -90,39 +89,65 @@
         return (Serializable) currentCallerId.get();
     }
 
-    public static void setNextCaller(Subject subject) {
+    public static void setCallers(Subject currentCaller, Subject nextCaller) {
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(SET_CONTEXT);
+        assert currentCaller != null;
+        assert nextCaller != null;
+        Callers newCallers = new Callers(currentCaller, nextCaller);
+        callers.set(newCallers);
+    }
 
-        nextCaller.set(subject);
+    public static void clearCallers() {
+        callers.set(null);
     }
 
-    public static Subject getNextCaller() {
+    public static Callers getCallers() {
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(GET_CONTEXT);
+        return (Callers) callers.get();
+    }
 
-        return (Subject) nextCaller.get();
+    public static Callers setNextCaller(Subject nextCaller) {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) sm.checkPermission(SET_CONTEXT);
+        assert nextCaller != null;
+        Callers oldCallers = (Callers) callers.get();
+        Callers newCallers = new Callers(oldCallers.getNextCaller(), nextCaller);
+        callers.set(newCallers);
+        return oldCallers;
     }
 
-    public static void setCurrentCaller(Subject subject) {
+    public static Callers pushNextCaller(Subject nextCaller) {
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(SET_CONTEXT);
+        Callers oldCallers = (Callers) callers.get();
+        Subject oldNextCaller = oldCallers == null? null: oldCallers.getNextCaller();
+        Subject newNextCaller = nextCaller == null? oldNextCaller : nextCaller;
+        Callers newCallers = new Callers(oldNextCaller, newNextCaller);
+        callers.set(newCallers);
+        return oldCallers;
+    }
 
-        currentCaller.set(subject);
+    public static void popCallers(Callers oldCallers) {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) sm.checkPermission(SET_CONTEXT);
+        callers.set(oldCallers);
     }
 
     public static Subject getCurrentCaller() {
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(GET_CONTEXT);
 
-        return (Subject) currentCaller.get();
+        Callers callers = (Callers) ContextManager.callers.get();
+        return callers == null? null: callers.getCurrentCaller();
     }
 
     public static AccessControlContext getCurrentContext() {
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(GET_CONTEXT);
 
-        Subject currentSubject = (Subject) currentCaller.get();
+        Subject currentSubject = ((Callers) callers.get()).getCurrentCaller();
         assert currentSubject != null : "No current caller";
         Context context = (Context) subjectContexts.get(currentSubject);
 
@@ -153,7 +178,8 @@
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(GET_CONTEXT);
 
-        Context context = (Context) subjectContexts.get(currentCaller.get());
+        Subject currentSubject = ((Callers) callers.get()).getCurrentCaller();
+        Context context = (Context) subjectContexts.get(currentSubject);
 
         assert context != null : "No registered context";
 
@@ -174,10 +200,10 @@
         if (role == null) throw new IllegalArgumentException("Role must not be null");
 
         try {
-            Object caller = currentCaller.get();
-            if (caller == null) return false;
+            Subject currentSubject = ((Callers) callers.get()).getCurrentCaller();
+            if (currentSubject == null) return false;
 
-            Context context = (Context) subjectContexts.get(currentCaller.get());
+            Context context = (Context) subjectContexts.get(currentSubject);
 
             assert context != null : "No registered context";
 

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java Tue Aug 15 14:19:27 2006
@@ -39,7 +39,7 @@
 /**
  * @version $Rev$ $Date$
  */
-public class ApplicationPolicyConfigurationManager implements GBeanLifecycle, RoleDesignateSource {
+public class ApplicationPolicyConfigurationManager implements GBeanLifecycle {
 
     private final Map contextIdToPolicyConfigurationMap = new HashMap();
     private final Map roleDesignates;
@@ -138,10 +138,6 @@
 
     }
 
-    public Map getRoleDesignateMap() {
-        return roleDesignates;
-    }
-
     public static final GBeanInfo GBEAN_INFO;
 
     static {
@@ -149,7 +145,6 @@
         infoBuilder.addAttribute("contextIdToPermissionsMap", Map.class, true);
         infoBuilder.addAttribute("roleDesignates", Map.class, true);
         infoBuilder.addAttribute("classLoader", ClassLoader.class, false);
-        infoBuilder.addInterface(RoleDesignateSource.class);
         infoBuilder.addReference("PrincipalRoleMapper", PrincipalRoleMapper.class, NameFactory.JACC_MANAGER);
         infoBuilder.setConstructor(new String[] {"contextIdToPermissionsMap", "roleDesignates", "classLoader", "PrincipalRoleMapper"});
         GBEAN_INFO = infoBuilder.getBeanInfo();

Modified: geronimo/trunk/modules/tomcat-builder/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/tomcat-builder/pom.xml?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat-builder/pom.xml (original)
+++ geronimo/trunk/modules/tomcat-builder/pom.xml Tue Aug 15 14:19:27 2006
@@ -129,7 +129,13 @@
             <artifactId>geronimo-servlet_2.4_spec</artifactId>
             <scope>test</scope>
         </dependency>
-        
+        <!--WFT??? why is this needed for tests all of a sudden? -->
+        <dependency>
+            <groupId>org.apache.geronimo.specs</groupId>
+            <artifactId>geronimo-jsp_2.0_spec</artifactId>
+            <scope>test</scope>
+        </dependency>
+
         <dependency>
             <groupId>commons-io</groupId>
             <artifactId>commons-io</artifactId>

Modified: geronimo/trunk/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java (original)
+++ geronimo/trunk/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java Tue Aug 15 14:19:27 2006
@@ -418,7 +418,6 @@
                 }
 
                 webModuleData.setAttribute("securityHolder", securityHolder);
-                webModuleData.setReferencePattern("RoleDesignateSource", earContext.getJaccManagerName());
             }
 
             moduleContext.addGBean(webModuleData);

Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java Tue Aug 15 14:19:27 2006
@@ -121,7 +121,7 @@
                     defaultSubject.getPrincipals().add(new IdentificationPrincipal(id));
                 }
 
-                interceptor = new PolicyContextBeforeAfter(interceptor, index++, securityHolder.getPolicyContextID());
+                interceptor = new PolicyContextBeforeAfter(interceptor, index++, index++, securityHolder.getPolicyContextID());
             }
         }
         

Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java Tue Aug 15 14:19:27 2006
@@ -105,8 +105,6 @@
 
     private final TrackedConnectionAssociator trackedConnectionAssociator;
 
-    private final RoleDesignateSource roleDesignateSource;
-
     private final SecurityHolder securityHolder;
 
     private final J2EEServer server;
@@ -134,7 +132,6 @@
             TransactionManager transactionManager,
             TrackedConnectionAssociator trackedConnectionAssociator,
             TomcatContainer container,
-            RoleDesignateSource roleDesignateSource,
             ObjectRetriever tomcatRealm,
             ValveGBean tomcatValveChain,
             CatalinaClusterGBean cluster,
@@ -176,7 +173,6 @@
         this.applicationManagedSecurityResources = applicationManagedSecurityResources;
         this.trackedConnectionAssociator = trackedConnectionAssociator;
 
-        this.roleDesignateSource = roleDesignateSource;
         this.server = server;
         this.application = application;
 
@@ -232,11 +228,6 @@
             verifyObjectName(myObjectName);
         }
 
-        if (securityHolder != null){
-            if (roleDesignateSource == null) {
-                throw new IllegalArgumentException("RoleDesignateSource must be supplied for a secure web app");
-            }
-        }
     }
 
     public String getObjectName() {
@@ -450,14 +441,14 @@
         // super.start();
         //register the classloader <> dir context association so that tomcat's jndi based getResources works.
         DirContext resources = context.getResources();
-        DirContextURLStreamHandler.bind((ClassLoader) classLoader, resources);
+        DirContextURLStreamHandler.bind(classLoader, resources);
 
         log.debug("TomcatWebAppContext started for " + path);
     }
 
     public void doStop() throws Exception {
         container.removeContext(this);
-        DirContextURLStreamHandler.unbind((ClassLoader) classLoader);
+        DirContextURLStreamHandler.unbind(classLoader);
  
         // No more logging will occur for this ClassLoader. Inform the LogFactory to avoid a memory leak.
 //        LogFactory.release(classLoader);
@@ -495,7 +486,6 @@
         infoBuilder.addReference("TrackedConnectionAssociator", TrackedConnectionAssociator.class, NameFactory.JCA_CONNECTION_TRACKER);
 
         infoBuilder.addReference("Container", TomcatContainer.class, NameFactory.GERONIMO_SERVICE);
-        infoBuilder.addReference("RoleDesignateSource", RoleDesignateSource.class, NameFactory.JACC_MANAGER);
         infoBuilder.addReference("TomcatRealm", ObjectRetriever.class);
         infoBuilder.addReference("TomcatValveChain", ValveGBean.class);
         infoBuilder.addReference("Cluster", CatalinaClusterGBean.class, CatalinaClusterGBean.J2EE_TYPE);
@@ -522,7 +512,6 @@
                 "TransactionManager",
                 "TrackedConnectionAssociator",
                 "Container",
-                "RoleDesignateSource",
                 "TomcatRealm",
                 "TomcatValveChain",
                 "Cluster",

Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java Tue Aug 15 14:19:27 2006
@@ -16,38 +16,38 @@
  */
 package org.apache.geronimo.tomcat.interceptor;
 
-import javax.security.auth.Subject;
 import javax.security.jacc.PolicyContext;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 
+import org.apache.geronimo.security.Callers;
 import org.apache.geronimo.security.ContextManager;
 
 public class PolicyContextBeforeAfter implements BeforeAfter{
-    
+
     private final BeforeAfter next;
     private final String policyContextID;
     private final int policyContextIDIndex;
+    private final int callersIndex;
 
-    public PolicyContextBeforeAfter(BeforeAfter next, int policyContextIDIndex, String policyContextID) {
+    public PolicyContextBeforeAfter(BeforeAfter next, int policyContextIDIndex, int callersIndex, String policyContextID) {
         this.next = next;
         this.policyContextIDIndex = policyContextIDIndex;
+        this.callersIndex = callersIndex;
         this.policyContextID = policyContextID;
     }
 
     public void before(Object[] context, ServletRequest httpRequest, ServletResponse httpResponse) {
-        
+
         //Save the old
-        PolicyHolder policyHolder = new PolicyHolder();
-        policyHolder.setContextId(PolicyContext.getContextID());
-        policyHolder.setSubject(ContextManager.getCurrentCaller());
-        
-        context[policyContextIDIndex] = policyHolder;
-        
+
+        context[policyContextIDIndex] = PolicyContext.getContextID();
+        context[callersIndex] = ContextManager.getCallers();
+
         //Set the new
         PolicyContext.setContextID(policyContextID);
         PolicyContext.setHandlerData(httpRequest);
-        
+
         if (next != null) {
             next.before(context, httpRequest, httpResponse);
         }
@@ -57,30 +57,10 @@
         if (next != null) {
             next.after(context, httpRequest, httpResponse);
         }
-        
+
         //Replace the old
-        PolicyHolder policyHolder = (PolicyHolder)context[policyContextIDIndex];
-        PolicyContext.setContextID(policyHolder.getContextId());
-        ContextManager.setCurrentCaller(policyHolder.getSubject());
-    }
-    
-    class PolicyHolder{
-        
-        private Subject subject;
-        private String contextId;
-        
-        public String getContextId() {
-            return contextId;
-        }
-        public void setContextId(String contextId) {
-            this.contextId = contextId;
-        }
-        public Subject getSubject() {
-            return subject;
-        }
-        public void setSubject(Subject subject) {
-            this.subject = subject;
-        }
+        PolicyContext.setContextID((String)context[policyContextIDIndex]);
+        ContextManager.popCallers((Callers) context[callersIndex]);
     }
 
 }

Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java Tue Aug 15 14:19:27 2006
@@ -112,7 +112,7 @@
         if (subject == null)
             return super.hasUserDataPermission(request, response, constraints);
 
-        ContextManager.setCurrentCaller(subject);
+        ContextManager.setCallers(subject, subject);
 
         try {
 
@@ -192,7 +192,8 @@
             return request.isSecure();
 
         } else {
-            ContextManager.setCurrentCaller(((JAASTomcatPrincipal) principal).getSubject());
+            Subject currentCaller = ((JAASTomcatPrincipal) principal).getSubject();
+            ContextManager.setCallers(currentCaller, currentCaller);
         }
 
         try {
@@ -238,7 +239,8 @@
         }
 
         //Set the caller
-        ContextManager.setCurrentCaller(((JAASTomcatPrincipal) principal).getSubject());
+        Subject currentCaller = ((JAASTomcatPrincipal) principal).getSubject();
+        ContextManager.setCallers(currentCaller, currentCaller);
 
         AccessControlContext acc = ContextManager.getCurrentContext();
 
@@ -337,7 +339,7 @@
                       return (null);
                   }
 
-                  ContextManager.setCurrentCaller(subject);
+                  ContextManager.setCallers(subject, subject);
 
               } catch (AccountExpiredException e) {
                   if (log.isDebugEnabled())

Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/DefaultSubjectValve.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/DefaultSubjectValve.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/DefaultSubjectValve.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/DefaultSubjectValve.java Tue Aug 15 14:19:27 2006
@@ -25,6 +25,7 @@
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
 import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.Callers;
 
 /**
  * @version $Rev$ $Date$
@@ -38,15 +39,18 @@
     }
 
     public void invoke(Request request, Response response) throws IOException, ServletException {
-        boolean setSubject = ContextManager.getCurrentCaller() == null;
+        Callers oldCallers = null;
+        boolean setSubject = false;
+        if (defaultSubject != null) {
+            oldCallers = ContextManager.getCallers();
+            setSubject = oldCallers == null || oldCallers.getCurrentCaller() == null;
+        }
         if (setSubject) {
-            ContextManager.setCurrentCaller(defaultSubject);
-            ContextManager.setNextCaller(defaultSubject);
+            ContextManager.setCallers(defaultSubject, defaultSubject);
             try {
                 getNext().invoke(request, response);
             } finally {
-                ContextManager.setCurrentCaller(null);
-                ContextManager.setNextCaller(null);
+                ContextManager.popCallers(oldCallers);
             }
         } else {
             getNext().invoke(request, response);

Modified: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java (original)
+++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java Tue Aug 15 14:19:27 2006
@@ -36,9 +36,8 @@
 import org.apache.geronimo.security.jaas.LoginModuleGBean;
 import org.apache.geronimo.security.jaas.server.JaasLoginService;
 import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
-import org.apache.geronimo.security.jacc.ComponentPermissions;
-import org.apache.geronimo.security.jacc.RoleDesignateSource;
 import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
+import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.geronimo.security.jacc.PrincipalRoleMapper;
 import org.apache.geronimo.security.realm.GenericSecurityRealm;
 import org.apache.geronimo.system.serverinfo.BasicServerInfo;
@@ -63,7 +62,7 @@
     protected static final String POLICY_CONTEXT_ID = "securetest";
     private GeronimoLoginConfiguration loginConfiguration;
 
-    protected TomcatWebAppContext setUpInsecureAppContext(URI relativeWebAppRoot, URL configurationBaseURL, SecurityHolder securityHolder, RoleDesignateSource roleDesignateSource, ObjectRetriever tomcatRealm, ValveGBean valveChain) throws Exception {
+    protected TomcatWebAppContext setUpInsecureAppContext(URI relativeWebAppRoot, URL configurationBaseURL, SecurityHolder securityHolder, ObjectRetriever tomcatRealm, ValveGBean valveChain) throws Exception {
 
         TomcatWebAppContext app = new TomcatWebAppContext(cl,
                 null,
@@ -77,7 +76,6 @@
                 transactionManager,
                 connectionTrackingCoordinator,
                 container,
-                roleDesignateSource,
                 tomcatRealm,
                 valveChain,
                 null,
@@ -104,7 +102,6 @@
         return setUpInsecureAppContext(new File(basedir, "target/var/catalina/webapps/war3/").toURI(),
                 configurationBaseURL,
                 securityHolder,
-                jacc,
                 realm,
                 null);
     }

Modified: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java
URL: http://svn.apache.org/viewvc/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java?rev=431706&r1=431705&r2=431706&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java (original)
+++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java Tue Aug 15 14:19:27 2006
@@ -34,7 +34,6 @@
                 new File(basedir, "target/var/catalina/webapps/war1/WEB-INF/web.xml").toURL(),
                 null,
                 null,
-                null,
                 null);
 
         HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:8181/test/hello.txt").openConnection();



Mime
View raw message