geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r431975 - in /geronimo/branches/1.1.1/modules: client/src/java/org/apache/geronimo/client/ connector/src/test/org/apache/geronimo/connector/outbound/ jetty-builder/src/java/org/apache/geronimo/jetty/deployment/ jetty/src/java/org/apache/ger...
Date Wed, 16 Aug 2006 18:30:58 GMT
Author: djencks
Date: Wed Aug 16 11:30:56 2006
New Revision: 431975

URL: http://svn.apache.org/viewvc?rev=431975&view=rev
Log:
GERONIMO-2313 Track the caller and run-as identities in one place so they both always get set 

Added:
    geronimo/branches/1.1.1/modules/security/src/java/org/apache/geronimo/security/Callers.java
      - copied unchanged from r431735, geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/Callers.java
Modified:
    geronimo/branches/1.1.1/modules/client/src/java/org/apache/geronimo/client/AppClientContainer.java
    geronimo/branches/1.1.1/modules/connector/src/test/org/apache/geronimo/connector/outbound/ConnectionManagerTestUtils.java
    geronimo/branches/1.1.1/modules/connector/src/test/org/apache/geronimo/connector/outbound/SubjectInterceptorTest.java
    geronimo/branches/1.1.1/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
    geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java
    geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java
    geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
    geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyDefaultServletHolder.java
    geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java
    geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServletHolder.java
    geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
    geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebApplicationHandler.java
    geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
    geronimo/branches/1.1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
    geronimo/branches/1.1.1/modules/jetty/src/test/org/apache/geronimo/jetty/ApplicationTest.java
    geronimo/branches/1.1.1/modules/jetty/src/test/org/apache/geronimo/jetty/ContainerTest.java
    geronimo/branches/1.1.1/modules/security/src/java/org/apache/geronimo/security/ContextManager.java
    geronimo/branches/1.1.1/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java
    geronimo/branches/1.1.1/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java
    geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
    geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java
    geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
    geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/DefaultSubjectValve.java
    geronimo/branches/1.1.1/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
    geronimo/branches/1.1.1/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java

Modified: geronimo/branches/1.1.1/modules/client/src/java/org/apache/geronimo/client/AppClientContainer.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/client/src/java/org/apache/geronimo/client/AppClientContainer.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/client/src/java/org/apache/geronimo/client/AppClientContainer.java (original)
+++ geronimo/branches/1.1.1/modules/client/src/java/org/apache/geronimo/client/AppClientContainer.java Wed Aug 16 11:30:56 2006
@@ -32,6 +32,7 @@
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.kernel.Kernel;
 import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.Callers;
 import org.apache.geronimo.security.deploy.DefaultPrincipal;
 import org.apache.geronimo.security.util.ConfigurationUtil;
 import org.apache.geronimo.transaction.context.TransactionContext;
@@ -114,7 +115,7 @@
         ClassLoader oldClassLoader = thread.getContextClassLoader();
         TransactionContext oldTransactionContext = transactionContextManager.getContext();
         TransactionContext currentTransactionContext = null;
-        Subject oldCurrentCaller = ContextManager.getCurrentCaller();
+        Callers oldCallers = ContextManager.getCallers();
         Subject clientSubject = defaultSubject;
         LoginContext loginContext = null;
         try {
@@ -137,7 +138,7 @@
                 }
                 clientSubject = loginContext.getSubject();
             }
-            ContextManager.setCurrentCaller(clientSubject);
+            ContextManager.setCallers(clientSubject, clientSubject);
             jndiContext.startClient(appClientModuleName, kernel, classLoader);
             currentTransactionContext = transactionContextManager.newUnspecifiedTransactionContext();
             if (clientSubject == null) {
@@ -175,7 +176,7 @@
             if (currentTransactionContext != null) {
                 currentTransactionContext.commit();
             }
-            ContextManager.setCurrentCaller(oldCurrentCaller);
+            ContextManager.popCallers(oldCallers);
         }
     }
 

Modified: geronimo/branches/1.1.1/modules/connector/src/test/org/apache/geronimo/connector/outbound/ConnectionManagerTestUtils.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/connector/src/test/org/apache/geronimo/connector/outbound/ConnectionManagerTestUtils.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/connector/src/test/org/apache/geronimo/connector/outbound/ConnectionManagerTestUtils.java (original)
+++ geronimo/branches/1.1.1/modules/connector/src/test/org/apache/geronimo/connector/outbound/ConnectionManagerTestUtils.java Wed Aug 16 11:30:56 2006
@@ -96,7 +96,7 @@
         transactionContextManager = new TransactionContextManager(transactionManager, transactionManager);
         mockManagedConnectionFactory = new MockManagedConnectionFactory();
         subject = new Subject();
-        ContextManager.setCurrentCaller(subject);
+        ContextManager.setCallers(subject, subject);
         connectionManagerDeployment = new GenericConnectionManager(
                 transactionSupport,
                 poolingSupport,

Modified: geronimo/branches/1.1.1/modules/connector/src/test/org/apache/geronimo/connector/outbound/SubjectInterceptorTest.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/connector/src/test/org/apache/geronimo/connector/outbound/SubjectInterceptorTest.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/connector/src/test/org/apache/geronimo/connector/outbound/SubjectInterceptorTest.java (original)
+++ geronimo/branches/1.1.1/modules/connector/src/test/org/apache/geronimo/connector/outbound/SubjectInterceptorTest.java Wed Aug 16 11:30:56 2006
@@ -44,7 +44,7 @@
 
     public void testGetConnection() throws Exception {
         subject = new Subject();
-        ContextManager.setCurrentCaller(subject);
+        ContextManager.setCallers(subject, subject);
         ConnectionInfo connectionInfo = makeConnectionInfo();
         ManagedConnectionInfo managedConnectionInfo = connectionInfo.getManagedConnectionInfo();
         subjectInterceptor.getConnection(connectionInfo);
@@ -73,14 +73,14 @@
 
     public void testEnterWithChangedSubject() throws Exception {
         makeSubject("foo");
-        ContextManager.setCurrentCaller(subject);
+        ContextManager.setCallers(subject, subject);
         ConnectionInfo connectionInfo = makeConnectionInfo();
         managedConnection = new TestPlainManagedConnection();
         subjectInterceptor.getConnection(connectionInfo);
         //reset our test indicator
         obtainedConnectionInfo = null;
         makeSubject("bar");
-        ContextManager.setCurrentCaller(subject);
+        ContextManager.setCallers(subject, subject);
         subjectInterceptor.getConnection(connectionInfo);
         //expect re-association
         assertTrue("Expected connection asked for", obtainedConnectionInfo != null);
@@ -103,7 +103,7 @@
 
     public void testUnshareablePreventsReAssociation() throws Exception {
         makeSubject("foo");
-        ContextManager.setCurrentCaller(subject);
+        ContextManager.setCallers(subject, subject);
         ConnectionInfo connectionInfo = makeConnectionInfo();
         connectionInfo.setUnshareable(true);
         managedConnection = new TestPlainManagedConnection();
@@ -111,7 +111,7 @@
         //reset our test indicator
         obtainedConnectionInfo = null;
         makeSubject("bar");
-        ContextManager.setCurrentCaller(subject);
+        ContextManager.setCallers(subject, subject);
         try {
             subjectInterceptor.getConnection(connectionInfo);
             fail("Reassociating should fail on an unshareable connection");

Modified: geronimo/branches/1.1.1/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java (original)
+++ geronimo/branches/1.1.1/modules/jetty-builder/src/java/org/apache/geronimo/jetty/deployment/JettyModuleBuilder.java Wed Aug 16 11:30:56 2006
@@ -725,8 +725,6 @@
                 earContext.addSecurityContext(policyContextID, componentPermissions);
                 DefaultPrincipal defaultPrincipal = earContext.getSecurityConfiguration().getDefaultPrincipal();
                 webModuleData.setAttribute("defaultPrincipal", defaultPrincipal);
-
-                webModuleData.setReferencePattern("RoleDesignateSource", earContext.getJaccManagerName());
             }
             if (!module.isStandAlone()) {
                 ConfigurationData moduleConfigurationData = moduleContext.getConfigurationData();

Modified: geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java (original)
+++ geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/InternalJAASJettyRealm.java Wed Aug 16 11:30:56 2006
@@ -93,7 +93,8 @@
                 callbackHandler.clear();
 
                 Subject subject = ContextManager.getServerSideSubject(loginContext.getSubject());
-                ContextManager.setCurrentCaller(subject);
+                //TODO use the run-as subject as nextCaller
+                ContextManager.setCallers(subject, subject);
 
                 //login success
                 userPrincipal = new JAASJettyPrincipal(username);
@@ -124,7 +125,8 @@
     public boolean reauthenticate(Principal user) {
         // TODO This is not correct if auth can expire! We need to
 
-        ContextManager.setCurrentCaller(((JAASJettyPrincipal) user).getSubject());
+        Subject subject = ((JAASJettyPrincipal) user).getSubject();
+        ContextManager.setCallers(subject, subject);
 
         // get the user out of the cache
         return (userMap.get(user.getName()) != null);
@@ -154,13 +156,11 @@
     }
 
     public Principal pushRole(Principal user, String role) {
-        ((JAASJettyPrincipal) user).push(ContextManager.getCurrentCaller());
-        ContextManager.setCurrentCaller(SecurityContextBeforeAfter.getCurrentRoleDesignate(role));
+        //handled by JettyServletHolder and its runAsSubject
         return user;
     }
 
     public Principal popRole(Principal user) {
-        ContextManager.setCurrentCaller(((JAASJettyPrincipal) user).pop());
         return user;
     }
 

Modified: geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java (original)
+++ geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyPrincipal.java Wed Aug 16 11:30:56 2006
@@ -27,7 +27,6 @@
 public class JAASJettyPrincipal implements Principal {
     private final String name;
     private Subject subject;
-    private final Stack stack = new Stack();
 
     public JAASJettyPrincipal(String name) {
         this.name = name;
@@ -44,12 +43,5 @@
     public void setSubject(Subject subject) {
         this.subject = subject;
     }
-
-    void push(Subject roleDesignate) {
-        stack.push(roleDesignate);
-    }
-
-    Subject pop() {
-        return (Subject) stack.pop();
-    }
+    
 }

Modified: geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java (original)
+++ geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java Wed Aug 16 11:30:56 2006
@@ -185,7 +185,7 @@
         addContext(webServiceContext);
         webServiceContext.start();
         webServices.put(contextPath, webServiceContext);
-    }
+     }
 
     public void removeWebService(String contextPath) {
         JettyEJBWebServiceContext webServiceContext = (JettyEJBWebServiceContext) webServices.remove(contextPath);

Modified: geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyDefaultServletHolder.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyDefaultServletHolder.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyDefaultServletHolder.java (original)
+++ geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyDefaultServletHolder.java Wed Aug 16 11:30:56 2006
@@ -20,21 +20,23 @@
 import java.util.Map;
 import java.util.Set;
 
+import javax.security.auth.Subject;
+
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.mortbay.jetty.servlet.ServletHolder;
 
 /**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
  */
 public class JettyDefaultServletHolder extends JettyServletHolder {
 
     public JettyDefaultServletHolder() {
     }
 
-    public JettyDefaultServletHolder(String objectName, String servletName, String servletClassName, String jspFile, Map initParams, Integer loadOnStartup, Set servletMappings, Map webRoleRefPermissions, String runAsRole, ServletHolder previous, JettyServletRegistration context) throws Exception {
-        super(objectName, servletName, servletClassName, jspFile, initParams, loadOnStartup, servletMappings, webRoleRefPermissions, runAsRole, previous, context);
+    public JettyDefaultServletHolder(String objectName, String servletName, String servletClassName, String jspFile, Map initParams, Integer loadOnStartup, Set servletMappings, Subject runAsSubject, ServletHolder previous, JettyServletRegistration context) throws Exception {
+        super(objectName, servletName, servletClassName, jspFile, initParams, loadOnStartup, servletMappings, runAsSubject, previous, context);
     }
 
     public static final GBeanInfo GBEAN_INFO;

Modified: geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java (original)
+++ geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyEJBWebServiceContext.java Wed Aug 16 11:30:56 2006
@@ -24,8 +24,6 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.security.auth.Subject;
-
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.webservices.WebServiceContainer;
 import org.mortbay.http.Authenticator;
@@ -154,7 +152,7 @@
             ClassLoader oldClassLoader = currentThread.getContextClassLoader();
             currentThread.setContextClassLoader(classLoader);
             //hard to imagine this could be anything but null, but....
-            Subject oldSubject = ContextManager.getCurrentCaller();
+//            Subject oldSubject = ContextManager.getCurrentCaller();
             try {
                 if (authenticator != null) {
                     String pathInContext = org.mortbay.util.URI.canonicalPath(req.getPath());
@@ -165,7 +163,7 @@
                     //EJB will figure out correct defaultSubject shortly
                     //TODO consider replacing the GenericEJBContainer.DefaultSubjectInterceptor with this line
                     //setting the defaultSubject.
-                    ContextManager.setCurrentCaller(null);
+                    ContextManager.popCallers(null);
                 }
                 try {
                     webServiceContainer.invoke(request, response);
@@ -176,7 +174,7 @@
                     throw (HttpException) new HttpException(500, "Could not process message!").initCause(e);
                 }
             } finally {
-                ContextManager.setCurrentCaller(oldSubject);
+//                ContextManager.setCurrentCaller(oldSubject);
                 currentThread.setContextClassLoader(oldClassLoader);
             }
         }

Modified: geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServletHolder.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServletHolder.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServletHolder.java (original)
+++ geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServletHolder.java Wed Aug 16 11:30:56 2006
@@ -19,15 +19,19 @@
 import java.io.IOException;
 import java.util.Map;
 import java.util.Set;
+
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.UnavailableException;
+import javax.security.auth.Subject;
 
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.management.Servlet;
+import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.Callers;
 
 import org.mortbay.jetty.servlet.ServletHolder;
 
@@ -36,33 +40,34 @@
  * This ServletHolder's sole purpose is to provide the thread's current
  * ServletHolder for realms that are interested in the current servlet, e.g.
  * current servlet name.
- *
+ * <p/>
  * It is also being our servlet gbean for now.  We could gbean-ize the superclass to avoid the thread local access.
  *
  * @version $Rev$ $Date$
- * @see org.apache.geronimo.jetty.JAASJettyRealm#isUserInRole(java.security.Principal, java.lang.String)
+ * @see JAASJettyRealm#isUserInRole(java.security.Principal, String)
  */
 public class JettyServletHolder extends ServletHolder implements Servlet {
     private static final ThreadLocal currentServletName = new ThreadLocal();
+    private final Subject runAsSubject;
     private final String objectName;
 
     //todo consider interface instead of this constructor for endpoint use.
     public JettyServletHolder() {
         this.objectName = null;
+        this.runAsSubject = null;
     }
 
     public JettyServletHolder(String objectName,
-                              String servletName,
-                              String servletClassName,
-                              String jspFile,
-                              Map initParams,
-                              Integer loadOnStartup,
-                              Set servletMappings,
-                              Map webRoleRefPermissions,
-                              String runAsRole,
-                              ServletHolder previous,  //dependency for startup ordering
-                              JettyServletRegistration context) throws Exception {
-        super(context == null? null: context.getServletHandler(), servletName, servletClassName, jspFile);
+            String servletName,
+            String servletClassName,
+            String jspFile,
+            Map initParams,
+            Integer loadOnStartup,
+            Set servletMappings,
+            Subject runAsSubject,
+            ServletHolder previous,  //dependency for startup ordering
+            JettyServletRegistration context) throws Exception {
+        super(context == null ? null : context.getServletHandler(), servletName, servletClassName, jspFile);
         //context will be null only for use as "default servlet info holder" in deployer.
 
         if (context != null) {
@@ -74,7 +79,7 @@
             //this now starts the servlet in the appropriate context
             context.registerServletHolder(this, servletName, servletMappings, objectName);
         }
-        setRunAs(runAsRole);
+        this.runAsSubject = runAsSubject;
         this.objectName = objectName;
     }
 
@@ -85,6 +90,8 @@
         return getName();
     }
 
+    //TODO probably need to override init and destroy (?) to handle runAsSubject since we are not setting it in the superclass any more.
+
     /**
      * Service a request with this servlet.  Set the ThreadLocal to hold the
      * current JettyServletHolder.
@@ -93,8 +100,16 @@
             throws ServletException, UnavailableException, IOException {
 
         setCurrentServletName(getServletName());
-
-        super.handle(request, response);
+        if (runAsSubject == null) {
+            super.handle(request, response);
+        } else {
+            Callers oldCallers = ContextManager.pushNextCaller(runAsSubject);
+            try {
+                super.handle(request, response);
+            } finally {
+                ContextManager.popCallers(oldCallers);
+            }
+        }
     }
 
     /**
@@ -140,25 +155,23 @@
         infoBuilder.addAttribute("initParams", Map.class, true);
         infoBuilder.addAttribute("loadOnStartup", Integer.class, true);
         infoBuilder.addAttribute("servletMappings", Set.class, true);
-        infoBuilder.addAttribute("webRoleRefPermissions", Map.class, true);
-        infoBuilder.addAttribute("runAsRole", String.class, true);
+        infoBuilder.addAttribute("runAsSubject", Subject.class, true);
         infoBuilder.addAttribute("objectName", String.class, false);
         infoBuilder.addInterface(Servlet.class);
 
         infoBuilder.addReference("Previous", ServletHolder.class, NameFactory.SERVLET);
         infoBuilder.addReference("JettyServletRegistration", JettyServletRegistration.class, NameFactory.WEB_MODULE);
 
-        infoBuilder.setConstructor(new String[] {"objectName",
-                                                 "servletName",
-                                                 "servletClass",
-                                                 "jspFile",
-                                                 "initParams",
-                                                 "loadOnStartup",
-                                                 "servletMappings",
-                                                 "webRoleRefPermissions",
-                                                 "runAsRole",
-                                                 "Previous",
-                                                 "JettyServletRegistration"});
+        infoBuilder.setConstructor(new String[]{"objectName",
+                "servletName",
+                "servletClass",
+                "jspFile",
+                "initParams",
+                "loadOnStartup",
+                "servletMappings",
+                "runAsSubject",
+                "Previous",
+                "JettyServletRegistration"});
 
         GBEAN_INFO = infoBuilder.getBeanInfo();
     }

Modified: geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java (original)
+++ geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java Wed Aug 16 11:30:56 2006
@@ -60,7 +60,6 @@
 import org.apache.geronimo.naming.reference.ClassLoaderAwareReference;
 import org.apache.geronimo.naming.reference.KernelAwareReference;
 import org.apache.geronimo.security.deploy.DefaultPrincipal;
-import org.apache.geronimo.security.jacc.RoleDesignateSource;
 import org.apache.geronimo.transaction.TrackedConnectionAssociator;
 import org.apache.geronimo.transaction.context.OnlineUserTransaction;
 import org.apache.geronimo.transaction.context.TransactionContextManager;
@@ -168,42 +167,41 @@
     }
 
     public JettyWebAppContext(String objectName,
-                              String originalSpecDD,
-                              String sessionManager,
-                              Map componentContext,
-                              OnlineUserTransaction userTransaction,
-                              ClassLoader classLoader,
-                              URL configurationBaseUrl,
-                              Set unshareableResources,
-                              Set applicationManagedSecurityResources,
-
-                              String displayName,
-                              Map contextParamMap,
-                              Collection listenerClassNames,
-                              boolean distributable,
-                              Map mimeMap,
-                              String[] welcomeFiles,
-                              Map localeEncodingMapping,
-                              Map errorPages,
-                              Authenticator authenticator,
-                              String realmName,
-                              Map tagLibMap,
-                              int sessionTimeoutSeconds,
-
-                              String policyContextID,
-                              String securityRealmName,
-                              DefaultPrincipal defaultPrincipal,
-                              PermissionCollection checkedPermissions,
-                              PermissionCollection excludedPermissions,
-
-                              Host host,
-                              TransactionContextManager transactionContextManager,
-                              TrackedConnectionAssociator trackedConnectionAssociator,
-                              JettyContainer jettyContainer,
-                              RoleDesignateSource roleDesignateSource,
-                              J2EEServer server,
-                              J2EEApplication application,
-                              Kernel kernel) throws Exception, IllegalAccessException, InstantiationException, ClassNotFoundException {
+            String originalSpecDD,
+            String sessionManager,
+            Map componentContext,
+            OnlineUserTransaction userTransaction,
+            ClassLoader classLoader,
+            URL configurationBaseUrl,
+            Set unshareableResources,
+            Set applicationManagedSecurityResources,
+
+            String displayName,
+            Map contextParamMap,
+            Collection listenerClassNames,
+            boolean distributable,
+            Map mimeMap,
+            String[] welcomeFiles,
+            Map localeEncodingMapping,
+            Map errorPages,
+            Authenticator authenticator,
+            String realmName,
+            Map tagLibMap,
+            int sessionTimeoutSeconds,
+
+            String policyContextID,
+            String securityRealmName,
+            DefaultPrincipal defaultPrincipal,
+            PermissionCollection checkedPermissions,
+            PermissionCollection excludedPermissions,
+
+            Host host,
+            TransactionContextManager transactionContextManager,
+            TrackedConnectionAssociator trackedConnectionAssociator,
+            JettyContainer jettyContainer,
+            J2EEServer server,
+            J2EEApplication application,
+            Kernel kernel) throws Exception, IllegalAccessException, InstantiationException, ClassNotFoundException {
 
         assert componentContext != null;
         assert userTransaction != null;
@@ -278,15 +276,11 @@
 //JACC
 
         if (securityRealmName != null) {
-            if (roleDesignateSource == null) {
-                throw new IllegalArgumentException("RoleDesignateSource must be supplied for a secure web app");
-            }
-            Map roleDesignates = roleDesignateSource.getRoleDesignateMap();
             InternalJAASJettyRealm internalJAASJettyRealm = jettyContainer.addRealm(securityRealmName);
             //wrap jetty realm with something that knows the dumb realmName
             JAASJettyRealm realm = new JAASJettyRealm(realmName, internalJAASJettyRealm);
             setRealm(realm);
-            this.securityInterceptor = new SecurityContextBeforeAfter(interceptor, index++, index++, policyContextID, defaultPrincipal, authenticator, checkedPermissions, excludedPermissions, roleDesignates, realm, classLoader);
+            this.securityInterceptor = new SecurityContextBeforeAfter(interceptor, index++, index++, policyContextID, defaultPrincipal, authenticator, checkedPermissions, excludedPermissions, realm, classLoader);
             interceptor = this.securityInterceptor;
         } else {
             securityInterceptor = null;
@@ -348,12 +342,12 @@
             map.put(connector.getProtocol(), connector.getConnectUrl());
         }
         String urlPrefix;
-        if((urlPrefix = (String) map.get("HTTP")) == null) {
-            if((urlPrefix = (String) map.get("HTTPS")) == null) {
+        if ((urlPrefix = (String) map.get("HTTP")) == null) {
+            if ((urlPrefix = (String) map.get("HTTPS")) == null) {
                 urlPrefix = (String) map.get("AJP");
             }
         }
-        if(urlPrefix == null) {
+        if (urlPrefix == null) {
             return null;
         }
         try {
@@ -528,7 +522,7 @@
     }
 
     public String[] getServlets() {
-        synchronized(servletNames) {
+        synchronized (servletNames) {
             return (String[]) servletNames.toArray(new String[servletNames.size()]);
         }
     }
@@ -596,7 +590,7 @@
             leaveContextScope(null, null, context);
         }
         if (objectName != null) {
-            synchronized(servletNames) {
+            synchronized (servletNames) {
                 servletNames.add(objectName);
             }
         }
@@ -646,7 +640,6 @@
         infoBuilder.addReference("TransactionContextManager", TransactionContextManager.class, NameFactory.TRANSACTION_CONTEXT_MANAGER);
         infoBuilder.addReference("TrackedConnectionAssociator", TrackedConnectionAssociator.class, NameFactory.JCA_CONNECTION_TRACKER);
         infoBuilder.addReference("JettyContainer", JettyContainer.class, NameFactory.GERONIMO_SERVICE);
-        infoBuilder.addReference("RoleDesignateSource", RoleDesignateSource.class, NameFactory.JACC_MANAGER);
 
         infoBuilder.addInterface(JettyServletRegistration.class);
 
@@ -704,7 +697,6 @@
                 "TransactionContextManager",
                 "TrackedConnectionAssociator",
                 "JettyContainer",
-                "RoleDesignateSource",
 
                 "J2EEServer",
                 "J2EEApplication",

Modified: geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebApplicationHandler.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebApplicationHandler.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebApplicationHandler.java (original)
+++ geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebApplicationHandler.java Wed Aug 16 11:30:56 2006
@@ -28,9 +28,10 @@
 import org.mortbay.jetty.servlet.WebApplicationHandler;
 import org.mortbay.jetty.servlet.ServletHolder;
 import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.Callers;
 
 /**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
  */
 public class JettyWebApplicationHandler extends WebApplicationHandler {
 
@@ -53,11 +54,11 @@
                             int type)
         throws ServletException, UnavailableException, IOException
     {
-        Subject currentCaller = ContextManager.getCurrentCaller();
+        Callers oldCallers = ContextManager.getCallers();
         try {
             super.dispatch(pathInContext, request, response, servletHolder, type);
         } finally {
-            ContextManager.setCurrentCaller(currentCaller);
+            ContextManager.popCallers(oldCallers);
         }
 
     }

Modified: geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java (original)
+++ geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java Wed Aug 16 11:30:56 2006
@@ -21,19 +21,12 @@
 import java.security.AccessControlException;
 import java.security.PermissionCollection;
 import java.security.Principal;
+
 import javax.security.auth.Subject;
 import javax.security.jacc.PolicyContext;
 import javax.security.jacc.WebResourcePermission;
 import javax.security.jacc.WebUserDataPermission;
 
-import org.mortbay.http.Authenticator;
-import org.mortbay.http.HttpException;
-import org.mortbay.http.HttpRequest;
-import org.mortbay.http.HttpResponse;
-import org.mortbay.http.SecurityConstraint;
-import org.mortbay.jetty.servlet.FormAuthenticator;
-import org.mortbay.jetty.servlet.ServletHttpRequest;
-
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.jetty.JAASJettyPrincipal;
@@ -44,6 +37,13 @@
 import org.apache.geronimo.security.SubjectId;
 import org.apache.geronimo.security.deploy.DefaultPrincipal;
 import org.apache.geronimo.security.util.ConfigurationUtil;
+import org.mortbay.http.Authenticator;
+import org.mortbay.http.HttpException;
+import org.mortbay.http.HttpRequest;
+import org.mortbay.http.HttpResponse;
+import org.mortbay.http.SecurityConstraint;
+import org.mortbay.jetty.servlet.FormAuthenticator;
+import org.mortbay.jetty.servlet.ServletHttpRequest;
 
 
 /**

Modified: geronimo/branches/1.1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java (original)
+++ geronimo/branches/1.1.1/modules/jetty/src/test/org/apache/geronimo/jetty/AbstractWebModuleTest.java Wed Aug 16 11:30:56 2006
@@ -16,6 +16,14 @@
  */
 package org.apache.geronimo.jetty;
 
+import java.net.URL;
+import java.security.PermissionCollection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
 import junit.framework.TestCase;
 import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
 import org.apache.geronimo.jetty.connector.HTTPConnector;
@@ -27,9 +35,8 @@
 import org.apache.geronimo.security.jaas.LoginModuleGBean;
 import org.apache.geronimo.security.jaas.server.JaasLoginService;
 import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
-import org.apache.geronimo.security.jacc.ComponentPermissions;
-import org.apache.geronimo.security.jacc.RoleDesignateSource;
 import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
+import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.geronimo.security.jacc.PrincipalRoleMapper;
 import org.apache.geronimo.security.realm.GenericSecurityRealm;
 import org.apache.geronimo.system.serverinfo.BasicServerInfo;
@@ -40,19 +47,11 @@
 import org.mortbay.http.Authenticator;
 import org.mortbay.jetty.servlet.FormAuthenticator;
 
-import java.net.URL;
-import java.security.PermissionCollection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-
-
 /**
  * @version $Rev$ $Date$
  */
 public class AbstractWebModuleTest extends TestCase {
+    
     protected ClassLoader cl;
     protected final static String securityRealmName = "demo-properties-realm";
     private HTTPConnector connector;
@@ -80,12 +79,11 @@
                 Collections.singleton("/"),
                 null,
                 null,
-                null,
                 webModule);
 
     }
 
-    protected JettyWebAppContext setUpAppContext(String realmName, String securityRealmName, Authenticator authenticator, String policyContextId, RoleDesignateSource roleDesignateSource, PermissionCollection excludedPermissions, DefaultPrincipal defaultPrincipal, PermissionCollection checkedPermissions, String uriString) throws Exception {
+    protected JettyWebAppContext setUpAppContext(String realmName, String securityRealmName, Authenticator authenticator, String policyContextId, PermissionCollection excludedPermissions, DefaultPrincipal defaultPrincipal, PermissionCollection checkedPermissions, String uriString) throws Exception {
 
         JettyWebAppContext app = new JettyWebAppContext(null,
                 null,
@@ -117,7 +115,6 @@
                 transactionContextManager,
                 connectionTrackingCoordinator,
                 container,
-                roleDesignateSource,
                 null,
                 null,
                 null);
@@ -141,7 +138,6 @@
                 "demo-properties-realm",
                 formAuthenticator,
                 policyContextId,
-                jacc,
                 componentPermissions.getExcludedPermissions(),
                 defaultPrincipal,
                 checked, "war3/");

Modified: geronimo/branches/1.1.1/modules/jetty/src/test/org/apache/geronimo/jetty/ApplicationTest.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/jetty/src/test/org/apache/geronimo/jetty/ApplicationTest.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/jetty/src/test/org/apache/geronimo/jetty/ApplicationTest.java (original)
+++ geronimo/branches/1.1.1/modules/jetty/src/test/org/apache/geronimo/jetty/ApplicationTest.java Wed Aug 16 11:30:56 2006
@@ -28,7 +28,7 @@
 public class ApplicationTest extends AbstractWebModuleTest {
 
     public void testApplication() throws Exception {
-        JettyWebAppContext app = setUpAppContext(null, null, null, null, null, null, null, null, "war1/");
+        JettyWebAppContext app = setUpAppContext(null, null, null, null, null, null, null, "war1/");
 
         setUpStaticContentServlet(app);
 

Modified: geronimo/branches/1.1.1/modules/jetty/src/test/org/apache/geronimo/jetty/ContainerTest.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/jetty/src/test/org/apache/geronimo/jetty/ContainerTest.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/jetty/src/test/org/apache/geronimo/jetty/ContainerTest.java (original)
+++ geronimo/branches/1.1.1/modules/jetty/src/test/org/apache/geronimo/jetty/ContainerTest.java Wed Aug 16 11:30:56 2006
@@ -17,22 +17,12 @@
 
 package org.apache.geronimo.jetty;
 
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.util.HashSet;
-import java.util.Set;
 import java.io.BufferedReader;
 import java.io.InputStreamReader;
-import javax.management.ObjectName;
+import java.net.HttpURLConnection;
+import java.net.URL;
 
-import junit.framework.TestCase;
-import org.apache.geronimo.gbean.GBeanData;
-import org.apache.geronimo.jetty.connector.HTTPConnector;
 import org.apache.geronimo.jetty.app.MockWebServiceContainer;
-import org.apache.geronimo.kernel.KernelFactory;
-import org.apache.geronimo.kernel.Kernel;
-import org.apache.geronimo.kernel.management.State;
-import org.apache.geronimo.webservices.WebServiceContainer;
 
 /**
  * @version $Rev$ $Date$

Modified: geronimo/branches/1.1.1/modules/security/src/java/org/apache/geronimo/security/ContextManager.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/security/src/java/org/apache/geronimo/security/ContextManager.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/security/src/java/org/apache/geronimo/security/ContextManager.java (original)
+++ geronimo/branches/1.1.1/modules/security/src/java/org/apache/geronimo/security/ContextManager.java Wed Aug 16 11:30:56 2006
@@ -43,8 +43,7 @@
  */
 public class ContextManager {
     private static ThreadLocal currentCallerId = new ThreadLocal();
-    private static ThreadLocal currentCaller = new ThreadLocal();
-    private static ThreadLocal nextCaller = new ThreadLocal();
+    private static final ThreadLocal callers = new ThreadLocal();
     private static Map subjectContexts = new IdentityHashMap();
     private static Map subjectIds = new Hashtable();
     private static long nextSubjectId = System.currentTimeMillis();
@@ -90,39 +89,65 @@
         return (Serializable) currentCallerId.get();
     }
 
-    public static void setNextCaller(Subject subject) {
+    public static void setCallers(Subject currentCaller, Subject nextCaller) {
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(SET_CONTEXT);
+        assert currentCaller != null;
+        assert nextCaller != null;
+        Callers newCallers = new Callers(currentCaller, nextCaller);
+        callers.set(newCallers);
+    }
 
-        nextCaller.set(subject);
+    public static void clearCallers() {
+        callers.set(null);
     }
 
-    public static Subject getNextCaller() {
+    public static Callers getCallers() {
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(GET_CONTEXT);
+        return (Callers) callers.get();
+    }
 
-        return (Subject) nextCaller.get();
+    public static Callers setNextCaller(Subject nextCaller) {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) sm.checkPermission(SET_CONTEXT);
+        assert nextCaller != null;
+        Callers oldCallers = (Callers) callers.get();
+        Callers newCallers = new Callers(oldCallers.getNextCaller(), nextCaller);
+        callers.set(newCallers);
+        return oldCallers;
     }
 
-    public static void setCurrentCaller(Subject subject) {
+    public static Callers pushNextCaller(Subject nextCaller) {
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(SET_CONTEXT);
+        Callers oldCallers = (Callers) callers.get();
+        Subject oldNextCaller = oldCallers == null? null: oldCallers.getNextCaller();
+        Subject newNextCaller = nextCaller == null? oldNextCaller : nextCaller;
+        Callers newCallers = new Callers(oldNextCaller, newNextCaller);
+        callers.set(newCallers);
+        return oldCallers;
+    }
 
-        currentCaller.set(subject);
+    public static void popCallers(Callers oldCallers) {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) sm.checkPermission(SET_CONTEXT);
+        callers.set(oldCallers);
     }
 
     public static Subject getCurrentCaller() {
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(GET_CONTEXT);
 
-        return (Subject) currentCaller.get();
+        Callers callers = (Callers) ContextManager.callers.get();
+        return callers == null? null: callers.getCurrentCaller();
     }
 
     public static AccessControlContext getCurrentContext() {
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(GET_CONTEXT);
 
-        Subject currentSubject = (Subject) currentCaller.get();
+        Subject currentSubject = ((Callers) callers.get()).getCurrentCaller();
         assert currentSubject != null : "No current caller";
         Context context = (Context) subjectContexts.get(currentSubject);
 
@@ -153,7 +178,8 @@
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(GET_CONTEXT);
 
-        Context context = (Context) subjectContexts.get(currentCaller.get());
+        Subject currentSubject = ((Callers) callers.get()).getCurrentCaller();
+        Context context = (Context) subjectContexts.get(currentSubject);
 
         assert context != null : "No registered context";
 
@@ -174,10 +200,10 @@
         if (role == null) throw new IllegalArgumentException("Role must not be null");
 
         try {
-            Object caller = currentCaller.get();
-            if (caller == null) return false;
+            Subject currentSubject = ((Callers) callers.get()).getCurrentCaller();
+            if (currentSubject == null) return false;
 
-            Context context = (Context) subjectContexts.get(currentCaller.get());
+            Context context = (Context) subjectContexts.get(currentSubject);
 
             assert context != null : "No registered context";
 

Modified: geronimo/branches/1.1.1/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java (original)
+++ geronimo/branches/1.1.1/modules/security/src/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java Wed Aug 16 11:30:56 2006
@@ -39,7 +39,7 @@
 /**
  * @version $Rev$ $Date$
  */
-public class ApplicationPolicyConfigurationManager implements GBeanLifecycle, RoleDesignateSource {
+public class ApplicationPolicyConfigurationManager implements GBeanLifecycle {
 
     private final Map contextIdToPolicyConfigurationMap = new HashMap();
     private final Map roleDesignates;
@@ -138,10 +138,6 @@
 
     }
 
-    public Map getRoleDesignateMap() {
-        return roleDesignates;
-    }
-
     public static final GBeanInfo GBEAN_INFO;
 
     static {
@@ -149,7 +145,6 @@
         infoBuilder.addAttribute("contextIdToPermissionsMap", Map.class, true);
         infoBuilder.addAttribute("roleDesignates", Map.class, true);
         infoBuilder.addAttribute("classLoader", ClassLoader.class, false);
-        infoBuilder.addInterface(RoleDesignateSource.class);
         infoBuilder.addReference("PrincipalRoleMapper", PrincipalRoleMapper.class, NameFactory.JACC_MANAGER);
         infoBuilder.setConstructor(new String[] {"contextIdToPermissionsMap", "roleDesignates", "classLoader", "PrincipalRoleMapper"});
         GBEAN_INFO = infoBuilder.getBeanInfo();

Modified: geronimo/branches/1.1.1/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java (original)
+++ geronimo/branches/1.1.1/modules/tomcat-builder/src/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java Wed Aug 16 11:30:56 2006
@@ -416,7 +416,6 @@
                 }
 
                 webModuleData.setAttribute("securityHolder", securityHolder);
-                webModuleData.setReferencePattern("RoleDesignateSource", earContext.getJaccManagerName());
             }
 
             moduleContext.addGBean(webModuleData);

Modified: geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java (original)
+++ geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java Wed Aug 16 11:30:56 2006
@@ -141,7 +141,7 @@
                     defaultSubject.getPrincipals().add(new IdentificationPrincipal(id));
                 }
 
-                interceptor = new PolicyContextBeforeAfter(interceptor, index++, securityHolder.getPolicyContextID());
+                interceptor = new PolicyContextBeforeAfter(interceptor, index++, index++, securityHolder.getPolicyContextID());
             }
         }
         

Modified: geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java (original)
+++ geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java Wed Aug 16 11:30:56 2006
@@ -17,6 +17,20 @@
 
 package org.apache.geronimo.tomcat;
 
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Hashtable;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.management.MalformedObjectNameException;
+import javax.management.ObjectName;
+import javax.naming.directory.DirContext;
+
 import org.apache.catalina.Context;
 import org.apache.catalina.Manager;
 import org.apache.catalina.Realm;
@@ -34,10 +48,9 @@
 import org.apache.geronimo.kernel.ObjectNameUtil;
 import org.apache.geronimo.management.J2EEApplication;
 import org.apache.geronimo.management.J2EEServer;
-import org.apache.geronimo.management.geronimo.WebModule;
-import org.apache.geronimo.management.geronimo.WebContainer;
 import org.apache.geronimo.management.geronimo.WebConnector;
-import org.apache.geronimo.security.jacc.RoleDesignateSource;
+import org.apache.geronimo.management.geronimo.WebContainer;
+import org.apache.geronimo.management.geronimo.WebModule;
 import org.apache.geronimo.tomcat.cluster.CatalinaClusterGBean;
 import org.apache.geronimo.tomcat.util.SecurityHolder;
 import org.apache.geronimo.transaction.TrackedConnectionAssociator;
@@ -45,20 +58,6 @@
 import org.apache.geronimo.transaction.context.TransactionContextManager;
 import org.apache.naming.resources.DirContextURLStreamHandler;
 
-import javax.management.ObjectName;
-import javax.management.MalformedObjectNameException;
-import javax.naming.directory.DirContext;
-
-import java.net.URI;
-import java.net.URL;
-import java.net.MalformedURLException;
-import java.util.ArrayList;
-import java.util.Hashtable;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.HashMap;
-
 /**
  * Wrapper for a WebApplicationContext that sets up its J2EE environment.
  *
@@ -104,8 +103,6 @@
 
     private final TransactionContextManager transactionContextManager;
 
-    private final RoleDesignateSource roleDesignateSource;
-
     private final SecurityHolder securityHolder;
 
     private final J2EEServer server;
@@ -134,7 +131,6 @@
             TransactionContextManager transactionContextManager,
             TrackedConnectionAssociator trackedConnectionAssociator,
             TomcatContainer container,
-            RoleDesignateSource roleDesignateSource,
             ObjectRetriever tomcatRealm,
             ValveGBean tomcatValveChain,
             CatalinaClusterGBean cluster,
@@ -176,7 +172,6 @@
         this.applicationManagedSecurityResources = applicationManagedSecurityResources;
         this.trackedConnectionAssociator = trackedConnectionAssociator;
 
-        this.roleDesignateSource = roleDesignateSource;
         this.server = server;
         this.application = application;
 
@@ -230,11 +225,6 @@
             verifyObjectName(myObjectName);
         }
 
-        if (securityHolder != null){
-            if (roleDesignateSource == null) {
-                throw new IllegalArgumentException("RoleDesignateSource must be supplied for a secure web app");
-            }
-        }
         userTransaction.setUp(transactionContextManager,
                 trackedConnectionAssociator);
 
@@ -450,14 +440,14 @@
         // super.start();
         //register the classloader <> dir context association so that tomcat's jndi based getResources works.
         DirContext resources = context.getResources();
-        DirContextURLStreamHandler.bind((ClassLoader) classLoader, resources);
+        DirContextURLStreamHandler.bind(classLoader, resources);
 
         log.debug("TomcatWebAppContext started for " + path);
     }
 
     public void doStop() throws Exception {
         container.removeContext(this);
-        DirContextURLStreamHandler.unbind((ClassLoader) classLoader);
+        DirContextURLStreamHandler.unbind(classLoader);
  
         // No more logging will occur for this ClassLoader. Inform the LogFactory to avoid a memory leak.
 //        LogFactory.release(classLoader);
@@ -496,7 +486,6 @@
         infoBuilder.addReference("TrackedConnectionAssociator", TrackedConnectionAssociator.class, NameFactory.JCA_CONNECTION_TRACKER);
 
         infoBuilder.addReference("Container", TomcatContainer.class, NameFactory.GERONIMO_SERVICE);
-        infoBuilder.addReference("RoleDesignateSource", RoleDesignateSource.class, NameFactory.JACC_MANAGER);
         infoBuilder.addReference("TomcatRealm", ObjectRetriever.class);
         infoBuilder.addReference("TomcatValveChain", ValveGBean.class);
         infoBuilder.addReference("Cluster", CatalinaClusterGBean.class, CatalinaClusterGBean.J2EE_TYPE);
@@ -524,7 +513,6 @@
                 "TransactionContextManager",
                 "TrackedConnectionAssociator",
                 "Container",
-                "RoleDesignateSource",
                 "TomcatRealm",
                 "TomcatValveChain",
                 "Cluster",

Modified: geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java (original)
+++ geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java Wed Aug 16 11:30:56 2006
@@ -16,38 +16,38 @@
  */
 package org.apache.geronimo.tomcat.interceptor;
 
-import javax.security.auth.Subject;
 import javax.security.jacc.PolicyContext;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 
+import org.apache.geronimo.security.Callers;
 import org.apache.geronimo.security.ContextManager;
 
 public class PolicyContextBeforeAfter implements BeforeAfter{
-    
+
     private final BeforeAfter next;
     private final String policyContextID;
     private final int policyContextIDIndex;
+    private final int callersIndex;
 
-    public PolicyContextBeforeAfter(BeforeAfter next, int policyContextIDIndex, String policyContextID) {
+    public PolicyContextBeforeAfter(BeforeAfter next, int policyContextIDIndex, int callersIndex, String policyContextID) {
         this.next = next;
         this.policyContextIDIndex = policyContextIDIndex;
+        this.callersIndex = callersIndex;
         this.policyContextID = policyContextID;
     }
 
     public void before(Object[] context, ServletRequest httpRequest, ServletResponse httpResponse) {
-        
+
         //Save the old
-        PolicyHolder policyHolder = new PolicyHolder();
-        policyHolder.setContextId(PolicyContext.getContextID());
-        policyHolder.setSubject(ContextManager.getCurrentCaller());
-        
-        context[policyContextIDIndex] = policyHolder;
-        
+
+        context[policyContextIDIndex] = PolicyContext.getContextID();
+        context[callersIndex] = ContextManager.getCallers();
+
         //Set the new
         PolicyContext.setContextID(policyContextID);
         PolicyContext.setHandlerData(httpRequest);
-        
+
         if (next != null) {
             next.before(context, httpRequest, httpResponse);
         }
@@ -57,30 +57,10 @@
         if (next != null) {
             next.after(context, httpRequest, httpResponse);
         }
-        
+
         //Replace the old
-        PolicyHolder policyHolder = (PolicyHolder)context[policyContextIDIndex];
-        PolicyContext.setContextID(policyHolder.getContextId());
-        ContextManager.setCurrentCaller(policyHolder.getSubject());
-    }
-    
-    class PolicyHolder{
-        
-        private Subject subject;
-        private String contextId;
-        
-        public String getContextId() {
-            return contextId;
-        }
-        public void setContextId(String contextId) {
-            this.contextId = contextId;
-        }
-        public Subject getSubject() {
-            return subject;
-        }
-        public void setSubject(Subject subject) {
-            this.subject = subject;
-        }
+        PolicyContext.setContextID((String)context[policyContextIDIndex]);
+        ContextManager.popCallers((Callers) context[callersIndex]);
     }
 
 }

Modified: geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/DefaultSubjectValve.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/DefaultSubjectValve.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/DefaultSubjectValve.java (original)
+++ geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/DefaultSubjectValve.java Wed Aug 16 11:30:56 2006
@@ -25,6 +25,7 @@
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
 import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.Callers;
 
 /**
  * @version $Rev$ $Date$
@@ -38,15 +39,18 @@
     }
 
     public void invoke(Request request, Response response) throws IOException, ServletException {
-        boolean setSubject = ContextManager.getCurrentCaller() == null;
+        Callers oldCallers = null;
+        boolean setSubject = false;
+        if (defaultSubject != null) {
+            oldCallers = ContextManager.getCallers();
+            setSubject = oldCallers == null || oldCallers.getCurrentCaller() == null;
+        }
         if (setSubject) {
-            ContextManager.setCurrentCaller(defaultSubject);
-            ContextManager.setNextCaller(defaultSubject);
+            ContextManager.setCallers(defaultSubject, defaultSubject);
             try {
                 getNext().invoke(request, response);
             } finally {
-                ContextManager.setCurrentCaller(null);
-                ContextManager.setNextCaller(null);
+                ContextManager.popCallers(oldCallers);
             }
         } else {
             getNext().invoke(request, response);

Modified: geronimo/branches/1.1.1/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java (original)
+++ geronimo/branches/1.1.1/modules/tomcat/src/test/org/apache/geronimo/tomcat/AbstractWebModuleTest.java Wed Aug 16 11:30:56 2006
@@ -33,9 +33,8 @@
 import org.apache.geronimo.security.jaas.LoginModuleGBean;
 import org.apache.geronimo.security.jaas.server.JaasLoginService;
 import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
-import org.apache.geronimo.security.jacc.ComponentPermissions;
-import org.apache.geronimo.security.jacc.RoleDesignateSource;
 import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
+import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.geronimo.security.jacc.PrincipalRoleMapper;
 import org.apache.geronimo.security.realm.GenericSecurityRealm;
 import org.apache.geronimo.system.serverinfo.BasicServerInfo;
@@ -61,7 +60,7 @@
     protected static final String POLICY_CONTEXT_ID = "securetest";
     private GeronimoLoginConfiguration loginConfiguration;
 
-    protected TomcatWebAppContext setUpInsecureAppContext(URI relativeWebAppRoot, URL configurationBaseURL, SecurityHolder securityHolder, RoleDesignateSource roleDesignateSource, ObjectRetriever tomcatRealm, ValveGBean valveChain) throws Exception {
+    protected TomcatWebAppContext setUpInsecureAppContext(URI relativeWebAppRoot, URL configurationBaseURL, SecurityHolder securityHolder, ObjectRetriever tomcatRealm, ValveGBean valveChain) throws Exception {
 
         TomcatWebAppContext app = new TomcatWebAppContext(cl,
                 null,
@@ -76,7 +75,6 @@
                 transactionContextManager,
                 connectionTrackingCoordinator,
                 container,
-                roleDesignateSource,
                 tomcatRealm,
                 valveChain,
                 null,
@@ -103,7 +101,6 @@
         return setUpInsecureAppContext(new File("target/var/catalina/webapps/war3/").toURI(),
                 configurationBaseURL,
                 securityHolder,
-                jacc,
                 realm,
                 null);
     }

Modified: geronimo/branches/1.1.1/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java?rev=431975&r1=431974&r2=431975&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java (original)
+++ geronimo/branches/1.1.1/modules/tomcat/src/test/org/apache/geronimo/tomcat/ApplicationTest.java Wed Aug 16 11:30:56 2006
@@ -24,14 +24,13 @@
 
 
 /**
- * @version $Rev: 387050 $ $Date$
+ * @version $Rev$ $Date$
  */
 public class ApplicationTest extends AbstractWebModuleTest {
 
     public void testApplication() throws Exception {
         setUpInsecureAppContext(new File("target/var/catalina/webapps/war1/").toURI(),
                 new File("target/var/catalina/webapps/war1/WEB-INF/web.xml").toURL(),
-                null,
                 null,
                 null,
                 null);



Mime
View raw message