Return-Path: Delivered-To: apmail-geronimo-scm-archive@www.apache.org Received: (qmail 80593 invoked from network); 13 Apr 2007 14:45:37 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 13 Apr 2007 14:45:37 -0000 Received: (qmail 88254 invoked by uid 500); 13 Apr 2007 14:45:43 -0000 Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org Received: (qmail 88108 invoked by uid 500); 13 Apr 2007 14:45:43 -0000 Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list scm@geronimo.apache.org Received: (qmail 88097 invoked by uid 99); 13 Apr 2007 14:45:42 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Apr 2007 07:45:42 -0700 X-ASF-Spam-Status: No, hits=-99.5 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Apr 2007 07:45:35 -0700 Received: by eris.apache.org (Postfix, from userid 65534) id 6C8081A9838; Fri, 13 Apr 2007 07:45:14 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r528505 - in /geronimo/server/trunk/modules: geronimo-j2ee-builder/ geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/ geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/annotation/ gero... Date: Fri, 13 Apr 2007 14:45:14 -0000 To: scm@geronimo.apache.org From: djencks@apache.org X-Mailer: svnmailer-1.1.0 Message-Id: <20070413144514.6C8081A9838@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: djencks Date: Fri Apr 13 07:45:12 2007 New Revision: 528505 URL: http://svn.apache.org/viewvc?view=rev&rev=528505 Log: GERONIMO-3081 Deal with security role and run-as annotations for servlets Added: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/SecurityAnnotationHelper.java (with props) geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/annotation/SecurityAnnotationTest.java (with props) geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-expected-1.xml (with props) geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-expected.xml (with props) geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-src.xml (with props) Modified: geronimo/server/trunk/modules/geronimo-j2ee-builder/pom.xml geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedApp.java geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedApplicationClient.java geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedEjbJar.java geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedWebApp.java geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotationHelperTest.java geronimo/server/trunk/modules/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java Modified: geronimo/server/trunk/modules/geronimo-j2ee-builder/pom.xml URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-j2ee-builder/pom.xml?view=diff&rev=528505&r1=528504&r2=528505 ============================================================================== --- geronimo/server/trunk/modules/geronimo-j2ee-builder/pom.xml (original) +++ geronimo/server/trunk/modules/geronimo-j2ee-builder/pom.xml Fri Apr 13 07:45:12 2007 @@ -77,6 +77,10 @@ geronimo-jpa_3.0_spec + + org.apache.geronimo.specs + geronimo-servlet_2.5_spec + Modified: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedApp.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedApp.java?view=diff&rev=528505&r1=528504&r2=528505 ============================================================================== --- geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedApp.java (original) +++ geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedApp.java Fri Apr 13 07:45:12 2007 @@ -28,7 +28,9 @@ import org.apache.geronimo.xbeans.javaee.PersistenceUnitRefType; import org.apache.geronimo.xbeans.javaee.ResourceEnvRefType; import org.apache.geronimo.xbeans.javaee.ResourceRefType; +import org.apache.geronimo.xbeans.javaee.SecurityRoleType; import org.apache.geronimo.xbeans.javaee.ServiceRefType; +import org.apache.geronimo.xbeans.javaee.ServletType; /** * Many of the classes generated from the JEE schemas have methods with identical signatures (see @@ -130,4 +132,10 @@ PersistenceUnitRefType[] getPersistenceUnitRefArray(); PersistenceUnitRefType addNewPersistenceUnitRef(); + + SecurityRoleType[] getSecurityRoleArray(); + SecurityRoleType addNewSecurityRole(); + + ServletType[] getServletArray(); + ServletType addNewServlet(); } Modified: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedApplicationClient.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedApplicationClient.java?view=diff&rev=528505&r1=528504&r2=528505 ============================================================================== --- geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedApplicationClient.java (original) +++ geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedApplicationClient.java Fri Apr 13 07:45:12 2007 @@ -32,7 +32,9 @@ import org.apache.geronimo.xbeans.javaee.PersistenceUnitRefType; import org.apache.geronimo.xbeans.javaee.ResourceEnvRefType; import org.apache.geronimo.xbeans.javaee.ResourceRefType; +import org.apache.geronimo.xbeans.javaee.SecurityRoleType; import org.apache.geronimo.xbeans.javaee.ServiceRefType; +import org.apache.geronimo.xbeans.javaee.ServletType; /** * Wrapper class to encapsulate the ApplicationClientType class with an interface that the various @@ -195,6 +197,22 @@ public PersistenceUnitRefType addNewPersistenceUnitRef() { return applicationClient.addNewPersistenceUnitRef(); + } + + public SecurityRoleType[] getSecurityRoleArray() { + return null; // Not supported by app clients + } + + public SecurityRoleType addNewSecurityRole() { + return null; // Not supported by app clients + } + + public ServletType[] getServletArray() { + return null; // Not supported by app clients + } + + public ServletType addNewServlet() { + return null; // Not supported by app clients } } Modified: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedEjbJar.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedEjbJar.java?view=diff&rev=528505&r1=528504&r2=528505 ============================================================================== --- geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedEjbJar.java (original) +++ geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedEjbJar.java Fri Apr 13 07:45:12 2007 @@ -33,7 +33,9 @@ import org.apache.geronimo.xbeans.javaee.PersistenceUnitRefType; import org.apache.geronimo.xbeans.javaee.ResourceEnvRefType; import org.apache.geronimo.xbeans.javaee.ResourceRefType; +import org.apache.geronimo.xbeans.javaee.SecurityRoleType; import org.apache.geronimo.xbeans.javaee.ServiceRefType; +import org.apache.geronimo.xbeans.javaee.ServletType; import org.apache.geronimo.xbeans.javaee.SessionBeanType; import org.apache.xmlbeans.XmlObject; @@ -167,6 +169,22 @@ return delegate.addNewPersistenceUnitRef(); } + public SecurityRoleType[] getSecurityRoleArray() { + return null; // Not supported by EJB Jar types + } + + public SecurityRoleType addNewSecurityRole() { + return null; // Not supported by EJB Jar types + } + + public ServletType[] getServletArray() { + return null; // Not supported by EJB Jar types + } + + public ServletType addNewServlet() { + return null; // Not supported by EJB Jar types + } + /** * ejbJar getter * @@ -323,6 +341,23 @@ public PersistenceUnitRefType addNewPersistenceUnitRef() { return bean.addNewPersistenceUnitRef(); } + + + public SecurityRoleType[] getSecurityRoleArray() { + return null; // Not supported by EJB Jar types + } + + public SecurityRoleType addNewSecurityRole() { + return null; // Not supported by EJB Jar types + } + + public ServletType[] getServletArray() { + return null; // Not supported by EJB Jar types + } + + public ServletType addNewServlet() { + return null; // Not supported by EJB Jar types + } } public static class MessageDriveBean implements AnnotatedApp { @@ -451,6 +486,23 @@ public PersistenceUnitRefType addNewPersistenceUnitRef() { return bean.addNewPersistenceUnitRef(); } + + + public SecurityRoleType[] getSecurityRoleArray() { + return null; // Not supported by EJB Jar types + } + + public SecurityRoleType addNewSecurityRole() { + return null; // Not supported by EJB Jar types + } + + public ServletType[] getServletArray() { + return null; // Not supported by EJB Jar types + } + + public ServletType addNewServlet() { + return null; // Not supported by EJB Jar types + } } public static class SessionBean implements AnnotatedApp { @@ -578,6 +630,23 @@ public PersistenceUnitRefType addNewPersistenceUnitRef() { return bean.addNewPersistenceUnitRef(); + } + + + public SecurityRoleType[] getSecurityRoleArray() { + return null; // Not supported by EJB Jar types + } + + public SecurityRoleType addNewSecurityRole() { + return null; // Not supported by EJB Jar types + } + + public ServletType[] getServletArray() { + return null; // Not supported by EJB Jar types + } + + public ServletType addNewServlet() { + return null; // Not supported by EJB Jar types } } } Modified: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedWebApp.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedWebApp.java?view=diff&rev=528505&r1=528504&r2=528505 ============================================================================== --- geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedWebApp.java (original) +++ geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotatedWebApp.java Fri Apr 13 07:45:12 2007 @@ -31,7 +31,9 @@ import org.apache.geronimo.xbeans.javaee.PersistenceUnitRefType; import org.apache.geronimo.xbeans.javaee.ResourceEnvRefType; import org.apache.geronimo.xbeans.javaee.ResourceRefType; +import org.apache.geronimo.xbeans.javaee.SecurityRoleType; import org.apache.geronimo.xbeans.javaee.ServiceRefType; +import org.apache.geronimo.xbeans.javaee.ServletType; import org.apache.geronimo.xbeans.javaee.WebAppType; /** @@ -197,4 +199,21 @@ public PersistenceUnitRefType addNewPersistenceUnitRef() { return webApp.addNewPersistenceUnitRef(); } + + public SecurityRoleType[] getSecurityRoleArray() { + return webApp.getSecurityRoleArray(); + } + + public SecurityRoleType addNewSecurityRole() { + return webApp.addNewSecurityRole(); + } + + public ServletType[] getServletArray() { + return webApp.getServletArray(); + } + + public ServletType addNewServlet() { + return webApp.addNewServlet(); + } + } Added: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/SecurityAnnotationHelper.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/SecurityAnnotationHelper.java?view=auto&rev=528505 ============================================================================== --- geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/SecurityAnnotationHelper.java (added) +++ geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/SecurityAnnotationHelper.java Fri Apr 13 07:45:12 2007 @@ -0,0 +1,243 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.geronimo.j2ee.deployment.annotation; + +import java.util.List; + +import javax.annotation.security.DeclareRoles; +import javax.annotation.security.RunAs; +import javax.servlet.Servlet; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.geronimo.common.DeploymentException; +import org.apache.geronimo.xbeans.javaee.RoleNameType; +import org.apache.geronimo.xbeans.javaee.RunAsType; +import org.apache.geronimo.xbeans.javaee.SecurityRoleType; +import org.apache.geronimo.xbeans.javaee.ServletType; +import org.apache.geronimo.xbeans.javaee.ServletNameType; +import org.apache.geronimo.xbeans.javaee.FullyQualifiedClassType; +import org.apache.xbean.finder.ClassFinder; + + +/** + * Static helper class used to encapsulate all the functions related to the translation of + * @DeclareRoles and @RunAs annotations to deployment + * descriptor tags. The SecurityAnnotationHelper class can be used as part of the deployment of a + * module into the Geronimo server. It performs the following major functions: + * + *
    + *
  1. Translates annotations into corresponding deployment descriptor elements (so that the + * actual deployment descriptor in the module can be updated or even created if necessary) + *
+ * + *

Note(s): + *

    + *
  • Supports only servlets + *
  • The user is responsible for invoking change to metadata-complete + *
  • This helper class will validate any changes it makes to the deployment descriptor. An + * exception will be thrown if it fails to parse + *
+ * + * @version $Rev $Date + * @since 04-2007 + */ +public final class SecurityAnnotationHelper extends AnnotationHelper { + + // Private instance variables + private static final Log log = LogFactory.getLog(SecurityAnnotationHelper.class); + + // Private constructor to prevent instantiation + private SecurityAnnotationHelper() { + } + + /** + * Update the deployment descriptor from the DeclareRoles and RunAs annotations + * + * @param annotatedApp Access to the spec dd + * @param classFinder Access to the classes of interest + * @throws DeploymentException if parsing or validation error + */ + public static void processAnnotations(AnnotatedApp annotatedApp, ClassFinder classFinder) throws DeploymentException { + if (annotatedApp != null) { + if (classFinder.isAnnotationPresent(DeclareRoles.class)) { + processDeclareRoles(annotatedApp, classFinder); + } + if (classFinder.isAnnotationPresent(RunAs.class)) { + processRunAs(annotatedApp, classFinder); + } + } + } + + + /** + * Process @DeclareRole annotations (for servlets only) + * + * @param annotatedApp Access to the spec dd + * @param classFinder Access to the classes of interest + * @throws DeploymentException if parsing or validation error + */ + private static void processDeclareRoles(AnnotatedApp annotatedApp, ClassFinder classFinder) throws DeploymentException { + log.debug("processDeclareRoles(): Entry: AnnotatedApp: " + annotatedApp.toString()); + + List classesWithDeclareRoles = classFinder.findAnnotatedClasses(DeclareRoles.class); + + // Class-level annotation + for (Class cls : classesWithDeclareRoles) { + DeclareRoles declareRoles = (DeclareRoles) cls.getAnnotation(DeclareRoles.class); + if (declareRoles != null && Servlet.class.isAssignableFrom(cls)) { + addDeclareRoles(annotatedApp, declareRoles, cls); + } + } + + // Validate deployment descriptor to ensure it's still okay + validateDD(annotatedApp); + + log.debug("processDeclareRoles(): Exit: AnnotatedApp: " + annotatedApp.toString()); + } + + + /** + * Process @RunAs annotations (for servlets only) + * + * @param annotatedApp Access to the spec dd + * @param classFinder Access to the classes of interest + * @throws DeploymentException if parsing or validation error + */ + private static void processRunAs(AnnotatedApp annotatedApp, ClassFinder classFinder) throws DeploymentException { + log.debug("processRunAs(): Entry: AnnotatedApp: " + annotatedApp.toString()); + + List classesWithRunAs = classFinder.findAnnotatedClasses(RunAs.class); + + // Class-level annotation + for (Class cls : classesWithRunAs) { + RunAs runAs = (RunAs) cls.getAnnotation(RunAs.class); + if (runAs != null && Servlet.class.isAssignableFrom(cls)) { + addRunAs(annotatedApp, runAs, cls); + } + } + + // Validate deployment descriptor to ensure it's still okay + validateDD(annotatedApp); + + log.debug("processRunAs(): Exit: AnnotatedApp: " + annotatedApp.toString()); + } + + + /** + * Add @DeclareRoles annotations to the deployment descriptor. XMLBeans are used to read and + * manipulate the deployment descriptor as necessary. The DeclareRoles annotation(s) will be + * converted to one of the following deployment descriptors: + * + *
    + *
  1. -- Describes a single security role + *
+ * + *

Note(s): + *

    + *
  • The deployment descriptor is the authoritative source so this method ensures that + * existing elements in it are not overwritten by annoations + *
+ * + * @param annotatedApp Access to the spec dd + * @param annotation @DeclareRoles annotation + * @param cls Class name with the @DeclareRoles annoation + */ + private static void addDeclareRoles(AnnotatedApp annotatedApp, DeclareRoles annotation, Class cls) { + log.debug("addDeclareRoles( [annotatedApp] " + annotatedApp.toString() + "," + '\n' + + "[annotation] " + annotation.toString() + "," + '\n' + + "[cls] " + (cls != null ? cls.getName() : null) + "): Entry"); + + // Get all the tags from the deployment descriptor + SecurityRoleType[] securityRoles = annotatedApp.getSecurityRoleArray(); + + String[] annotationRoleNames = annotation.value(); + for (String annotationRoleName : annotationRoleNames) { + if (!annotationRoleName.equals("")) { + boolean exists = false; + for (SecurityRoleType securityRole : securityRoles) { + if (securityRole.getRoleName().getStringValue().trim().equals(annotationRoleName)) { + exists = true; + break; + } + } + if (exists) { + log.debug("addDeclareRoles: entry found: " + annotationRoleName); + } + else { + log.debug("addDeclareRoles: entry NOT found: " + annotationRoleName); + SecurityRoleType securityRole = annotatedApp.addNewSecurityRole(); + RoleNameType roleName = securityRole.addNewRoleName(); + roleName.setStringValue(annotationRoleName); + } + } + } + + log.debug("addDeclareRoles(): Exit"); + } + + + /** + * Add @RunAs annotations to the deployment descriptor. XMLBeans are used to read and manipulate + * the deployment descriptor as necessary. The DeclareRoles annotation(s) will be converted to + * one of the following deployment descriptors: + * + *
    + *
  1. -- Describes a run-as security identity to be used for the execution of a + * component + *
+ * + *

Note(s): + *

    + *
  • The deployment descriptor is the authoritative source so this method ensures that + * existing elements in it are not overwritten by annoations + *
+ * + * @param annotatedApp Access to the spec dd + * @param annotation @RunAs annotation + * @param cls Class name with the @RunAs annoation + */ + private static void addRunAs(AnnotatedApp annotatedApp, RunAs annotation, Class cls) { + log.debug("addRunAs( [annotatedApp] " + annotatedApp.toString() + "," + '\n' + + "[annotation] " + annotation.toString() + "," + '\n' + + "[cls] " + (cls != null ? cls.getName() : null) + "): Entry"); + + String annotationRunAs = annotation.value(); + if (!annotationRunAs.equals("")) { + ServletType[] servlets = annotatedApp.getServletArray(); + boolean exists = false; + for (ServletType servlet : servlets) { + if (servlet.getServletClass().getStringValue().trim().equals(cls.getName())) { + if (!servlet.isSetRunAs()) { + RunAsType runAsType = servlet.addNewRunAs(); + RoleNameType roleName = runAsType.addNewRoleName(); + roleName.setStringValue(annotationRunAs); + } + exists = true; + break; + } + } + if (!exists) { + log.warn("RunAs servlet not found in annotatedApp: " + cls.getName()); + } + } + + log.debug("addRunAs(): Exit"); + } + +} Propchange: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/SecurityAnnotationHelper.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/SecurityAnnotationHelper.java ------------------------------------------------------------------------------ svn:keywords = Date Revision Propchange: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/annotation/SecurityAnnotationHelper.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Modified: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotationHelperTest.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotationHelperTest.java?view=diff&rev=528505&r1=528504&r2=528505 ============================================================================== --- geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotationHelperTest.java (original) +++ geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/annotation/AnnotationHelperTest.java Fri Apr 13 07:45:12 2007 @@ -24,6 +24,8 @@ import java.util.Arrays; import java.util.List; +import javax.annotation.security.DeclareRoles; +import javax.annotation.security.RunAs; import javax.ejb.EJB; import javax.ejb.EJBs; import javax.jws.HandlerChain; @@ -51,7 +53,7 @@ private Class[] classes = {EJBAnnotationTest.class, HandlerChainAnnotationTest.class, PersistenceContextAnnotationTest.class, PersistenceUnitAnnotationTest.class, - WebServiceRefAnnotationTest.class}; + WebServiceRefAnnotationTest.class, SecurityAnnotationTest.class}; private ClassFinder classFinder = new ClassFinder(classes); private ClassLoader classLoader = this.getClass().getClassLoader(); @@ -260,6 +262,55 @@ log.debug("[@WebServiceRef Expected XML]" + '\n' + expected.toString() + '\n'); List problems = new ArrayList(); boolean ok = compareXmlObjects(webApp, expected, problems); + assertTrue("Differences: " + problems, ok); + } + + + public void testSecurityAnnotationHelper() throws Exception { + + //------------------------------------------------- + // Ensure annotations are discovered correctly + //------------------------------------------------- + List annotatedClasses = classFinder.findAnnotatedClasses(DeclareRoles.class); + assertNotNull(annotatedClasses); + assertEquals(1, annotatedClasses.size()); + assertTrue(annotatedClasses.contains(SecurityAnnotationTest.class)); + + annotatedClasses.clear(); + annotatedClasses = classFinder.findAnnotatedClasses(RunAs.class); + assertNotNull(annotatedClasses); + assertEquals(1, annotatedClasses.size()); + assertTrue(annotatedClasses.contains(SecurityAnnotationTest.class)); + + //------------------------------------------------- + // Ensure annotations are processed correctly + //------------------------------------------------- + URL srcXML = classLoader.getResource("annotation/empty-web-src.xml"); + XmlObject xmlObject = XmlObject.Factory.parse(srcXML, options); + WebAppDocument webAppDoc = (WebAppDocument) xmlObject.changeType(WebAppDocument.type); + WebAppType webApp = webAppDoc.getWebApp(); + AnnotatedWebApp annotatedWebApp = new AnnotatedWebApp(webApp); + SecurityAnnotationHelper.processAnnotations(annotatedWebApp, classFinder); + URL expectedXML = classLoader.getResource("annotation/security-expected.xml"); + XmlObject expected = XmlObject.Factory.parse(expectedXML); + log.debug("[Security Source XML] " + '\n' + webApp.toString() + '\n'); + log.debug("[Security Expected XML]" + '\n' + expected.toString() + '\n'); + List problems = new ArrayList(); + boolean ok = compareXmlObjects(webApp, expected, problems); + assertTrue("Differences: " + problems, ok); + + srcXML = classLoader.getResource("annotation/security-src.xml"); + xmlObject = XmlObject.Factory.parse(srcXML, options); + webAppDoc = (WebAppDocument) xmlObject.changeType(WebAppDocument.type); + webApp = webAppDoc.getWebApp(); + annotatedWebApp = new AnnotatedWebApp(webApp); + SecurityAnnotationHelper.processAnnotations(annotatedWebApp, classFinder); + expectedXML = classLoader.getResource("annotation/security-expected-1.xml"); + expected = XmlObject.Factory.parse(expectedXML); + log.debug("[Security Source XML] " + '\n' + webApp.toString() + '\n'); + log.debug("[Security Expected XML]" + '\n' + expected.toString() + '\n'); + problems = new ArrayList(); + ok = compareXmlObjects(webApp, expected, problems); assertTrue("Differences: " + problems, ok); } } Added: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/annotation/SecurityAnnotationTest.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/annotation/SecurityAnnotationTest.java?view=auto&rev=528505 ============================================================================== --- geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/annotation/SecurityAnnotationTest.java (added) +++ geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/annotation/SecurityAnnotationTest.java Fri Apr 13 07:45:12 2007 @@ -0,0 +1,109 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.geronimo.j2ee.deployment.annotation; + +import javax.annotation.security.DeclareRoles; +import javax.annotation.security.RunAs; + +import java.io.IOException; +import java.io.PrintWriter; +import javax.servlet.ServletException; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +@DeclareRoles( {"securityRole1", "securityRole2", "securityRole3"} ) +@RunAs("securityRole4") +public class SecurityAnnotationTest extends HttpServlet { + + public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { + + response.setContentType("text/html"); + + PrintWriter out = response.getWriter(); + out.println(""); + out.println(""); + out.println(""); + + String title = "cookies.title"; + out.println("" + title + ""); + out.println(""); + out.println(""); + + // relative links + + // XXX + // making these absolute till we work out the + // addition of a PathInfo issue + + out.println(""); + out.println("\"view"); + out.println(""); + out.println("\"return\""); + + out.println("

" + title + "

"); + + Cookie[] cookies = request.getCookies(); + if ((cookies != null) && (cookies.length > 0)) { + out.println("cookies.cookies" + "
"); + for (int i = 0; i < cookies.length; i++) { + Cookie cookie = cookies[i]; + out.print("Cookie Name: " + cookie.getName() + "
"); + out.println(" Cookie Value: " + cookie.getValue() + "

"); + } + } + else { + out.println("cookies.no-cookies"); + } + + String cookieName = request.getParameter("cookiename"); + String cookieValue = request.getParameter("cookievalue"); + if (cookieName != null && cookieValue != null) { + Cookie cookie = new Cookie(cookieName, cookieValue); + response.addCookie(cookie); + out.println("

"); + out.println("cookies.set" + "
"); + out.print("cookies.name" + " " + cookieName + "
"); + out.print("cookies.value" + " "+ cookieValue); + } + + out.println("

"); + out.println("cookies.make-cookie" + "
"); + out.print("

"); + out.print("cookies.name" + " "); + out.println("
"); + out.print("cookies.value" + " "); + out.println("
"); + out.println("
"); + + + out.println(""); + out.println(""); + } + + public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { + doGet(request, response); + } + +} Propchange: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/annotation/SecurityAnnotationTest.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/annotation/SecurityAnnotationTest.java ------------------------------------------------------------------------------ svn:keywords = Date Revision Propchange: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/annotation/SecurityAnnotationTest.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-expected-1.xml URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-expected-1.xml?view=auto&rev=528505 ============================================================================== --- geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-expected-1.xml (added) +++ geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-expected-1.xml Fri Apr 13 07:45:12 2007 @@ -0,0 +1,43 @@ + + + + + + Empty web application + Empty web application + + SecurityAnnotationTest + org.apache.geronimo.j2ee.deployment.annotation.SecurityAnnotationTest + + securityRole4 + + + + securityRole1 + + + securityRole2 + + + securityRole3 + + + Propchange: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-expected-1.xml ------------------------------------------------------------------------------ svn:eol-style = native Propchange: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-expected-1.xml ------------------------------------------------------------------------------ svn:keywords = Date Revision Propchange: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-expected-1.xml ------------------------------------------------------------------------------ svn:mime-type = text/xml Added: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-expected.xml URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-expected.xml?view=auto&rev=528505 ============================================================================== --- geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-expected.xml (added) +++ geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-expected.xml Fri Apr 13 07:45:12 2007 @@ -0,0 +1,36 @@ + + + + + + Empty web application + Empty web application + + securityRole1 + + + securityRole2 + + + securityRole3 + + + Propchange: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-expected.xml ------------------------------------------------------------------------------ svn:eol-style = native Propchange: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-expected.xml ------------------------------------------------------------------------------ svn:keywords = Date Revision Propchange: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-expected.xml ------------------------------------------------------------------------------ svn:mime-type = text/xml Added: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-src.xml URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-src.xml?view=auto&rev=528505 ============================================================================== --- geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-src.xml (added) +++ geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-src.xml Fri Apr 13 07:45:12 2007 @@ -0,0 +1,31 @@ + + + + + + Empty web application + Empty web application + + SecurityAnnotationTest + org.apache.geronimo.j2ee.deployment.annotation.SecurityAnnotationTest + + + Propchange: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-src.xml ------------------------------------------------------------------------------ svn:eol-style = native Propchange: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-src.xml ------------------------------------------------------------------------------ svn:keywords = Date Revision Propchange: geronimo/server/trunk/modules/geronimo-j2ee-builder/src/test/resources/annotation/security-src.xml ------------------------------------------------------------------------------ svn:mime-type = text/xml Modified: geronimo/server/trunk/modules/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java?view=diff&rev=528505&r1=528504&r2=528505 ============================================================================== --- geronimo/server/trunk/modules/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java (original) +++ geronimo/server/trunk/modules/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java Fri Apr 13 07:45:12 2007 @@ -67,6 +67,7 @@ import org.apache.geronimo.j2ee.deployment.WebModule; import org.apache.geronimo.j2ee.deployment.WebServiceBuilder; import org.apache.geronimo.j2ee.deployment.annotation.AnnotatedWebApp; +import org.apache.geronimo.j2ee.deployment.annotation.SecurityAnnotationHelper; import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory; import org.apache.geronimo.jetty6.Host; import org.apache.geronimo.jetty6.JettyDefaultServletHolder; @@ -476,10 +477,16 @@ configureSecurityRealm(earContext, webApp, jettyWebApp, webModuleData, securityRoles, rolePermissions); } + if (servletTypes.length > 0) { + // Process security annotations for servlets only (before MBEs run) + SecurityAnnotationHelper.processAnnotations(webModule.getAnnotatedApp(), webModule.getClassFinder()); + } + //TODO this may definitely not be the best place for this! for (ModuleBuilderExtension mbe : moduleBuilderExtensions) { mbe.addGBeans(earContext, module, cl, repository); } + //not truly metadata complete until MBEs have run if (!webApp.getMetadataComplete()) { webApp.setMetadataComplete(true);