geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r545781 [1/5] - in /geronimo/server/trunk: configs/ configs/axis/ configs/axis2/ configs/client-deployer/src/plan/ configs/cxf/ configs/j2ee-corba-yoko/src/plan/ configs/j2ee-deployer/src/plan/ configs/j2ee-security/src/plan/ configs/jasper...
Date Sat, 09 Jun 2007 17:44:07 GMT
Author: djencks
Date: Sat Jun  9 10:44:02 2007
New Revision: 545781

URL: http://svn.apache.org/viewvc?view=rev&rev=545781
Log:
GERONIMO-2687.  Don't construct default and run-as subjects, get them from a login module. Also creates a separate server-security-config for the security config stuff you probably want to change.  Also fixes lots of security problems, including mdb run-as handling.

Added:
    geronimo/server/trunk/configs/server-security-config/
      - copied from r543630, geronimo/server/trunk/configs/j2ee-security/
    geronimo/server/trunk/configs/server-security-config/LICENSE.txt
      - copied unchanged from r545777, geronimo/server/trunk/configs/j2ee-security/LICENSE.txt
    geronimo/server/trunk/configs/server-security-config/NOTICE.txt
      - copied unchanged from r545777, geronimo/server/trunk/configs/j2ee-security/NOTICE.txt
    geronimo/server/trunk/configs/server-security-config/pom.xml
      - copied, changed from r545777, geronimo/server/trunk/configs/j2ee-security/pom.xml
    geronimo/server/trunk/configs/server-security-config/src/
      - copied from r545777, geronimo/server/trunk/configs/j2ee-security/src/
    geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/CredentialStoreBuilder.java   (with props)
    geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-credential-store-1.0.xsd   (with props)
    geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd   (with props)
    geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-subject-info-1.0.xsd   (with props)
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/CredentialStore.java   (with props)
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/DirectConfigurationCredentialStoreImpl.java   (with props)
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/NameCallbackHandler.java   (with props)
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/PasswordCallbackHandler.java   (with props)
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java   (with props)
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SingleCallbackHandler.java   (with props)
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/SubjectInfo.java   (with props)
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jacc/RunAsSource.java   (with props)
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModule.java   (with props)
    geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/credentialstore/
    geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImplTest.java   (with props)
    geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/realm/
    geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/realm/providers/
    geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModuleTest.java   (with props)
Removed:
    geronimo/server/trunk/modules/geronimo-j2ee-builder/src/main/java/org/apache/geronimo/j2ee/deployment/SecurityBuilder.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/DefaultDomainPrincipal.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/DefaultPrincipal.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/DefaultRealmPrincipal.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/AutoMapAssistant.java
Modified:
    geronimo/server/trunk/configs/axis/pom.xml
    geronimo/server/trunk/configs/axis2/pom.xml
    geronimo/server/trunk/configs/client-deployer/src/plan/plan.xml
    geronimo/server/trunk/configs/cxf/pom.xml
    geronimo/server/trunk/configs/j2ee-corba-yoko/src/plan/plan.xml
    geronimo/server/trunk/configs/j2ee-deployer/src/plan/plan.xml
    geronimo/server/trunk/configs/j2ee-security/src/plan/plan.xml
    geronimo/server/trunk/configs/jasper/pom.xml
    geronimo/server/trunk/configs/jetty6/pom.xml
    geronimo/server/trunk/configs/jsp-examples-jetty/src/plan/plan.xml
    geronimo/server/trunk/configs/jsp-examples-tomcat/src/plan/plan.xml
    geronimo/server/trunk/configs/ldap-demo-jetty/src/plan/plan.xml
    geronimo/server/trunk/configs/ldap-demo-tomcat/src/plan/plan.xml
    geronimo/server/trunk/configs/ldap-realm/pom.xml
    geronimo/server/trunk/configs/openejb/pom.xml
    geronimo/server/trunk/configs/pom.xml
    geronimo/server/trunk/configs/remote-deploy-jetty/src/plan/plan.xml
    geronimo/server/trunk/configs/remote-deploy-tomcat/src/plan/plan.xml
    geronimo/server/trunk/configs/server-security-config/src/plan/plan.xml
    geronimo/server/trunk/configs/servlet-examples-jetty/src/plan/plan.xml
    geronimo/server/trunk/configs/servlet-examples-tomcat/src/plan/plan.xml
    geronimo/server/trunk/configs/tomcat6/pom.xml
    geronimo/server/trunk/configs/webconsole-jetty6/src/plan/plan.xml
    geronimo/server/trunk/configs/webconsole-tomcat/src/plan/plan.xml
    geronimo/server/trunk/modules/geronimo-client-builder/src/main/java/org/apache/geronimo/client/builder/AppClientModuleBuilder.java
    geronimo/server/trunk/modules/geronimo-client-builder/src/main/schema/geronimo-application-client-1.2.xsd
    geronimo/server/trunk/modules/geronimo-client-builder/src/test/java/org/apache/geronimo/client/builder/PlanParsingTest.java
    geronimo/server/trunk/modules/geronimo-client/src/main/java/org/apache/geronimo/client/AppClientContainer.java
    geronimo/server/trunk/modules/geronimo-corba-builder/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSConfigEditor.java
    geronimo/server/trunk/modules/geronimo-corba-builder/src/main/schema/corba-tss-config-2.1.xsd
    geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/SecurityInitializer.java
    geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/ServerSecurityInterceptor.java
    geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSConfig.java
    geronimo/server/trunk/modules/geronimo-deployment/src/main/java/org/apache/geronimo/deployment/xmlbeans/XmlBeansUtil.java
    geronimo/server/trunk/modules/geronimo-j2ee-schema/src/main/java/org/apache/geronimo/schema/SchemaConversionUtils.java
    geronimo/server/trunk/modules/geronimo-j2ee-schema/src/main/java/org/apache/geronimo/schema/SecurityElementConverter.java
    geronimo/server/trunk/modules/geronimo-j2ee-schema/src/test/resources/geronimo/security-post.xml
    geronimo/server/trunk/modules/geronimo-j2ee-schema/src/test/resources/geronimo/security-pre.xml
    geronimo/server/trunk/modules/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java
    geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilderTest.java
    geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/java/org/apache/geronimo/jetty6/deployment/PlanParsingTest.java
    geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/resources/plans/plan1.xml
    geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/resources/services/local.xml
    geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyDefaultServletHolder.java
    geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyServletHolder.java
    geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyServletRegistration.java
    geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyWebAppContext.java
    geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java
    geronimo/server/trunk/modules/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/AbstractWebModuleTest.java
    geronimo/server/trunk/modules/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/SecurityTest.java
    geronimo/server/trunk/modules/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/EjbDeploymentBuilder.java
    geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/EjbDeployment.java
    geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/EjbDeploymentGBean.java
    geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenEjbSystem.java
    geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenEjbSystemGBean.java
    geronimo/server/trunk/modules/geronimo-security-builder/pom.xml
    geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/GeronimoSecurityBuilderImpl.java
    geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/LoginConfigBuilder.java
    geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/SecurityConfiguration.java
    geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-login-config-1.2.xsd
    geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/xmlconfig.xml
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ContextManager.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/LoginDomainPrincipalInfo.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/PrincipalInfo.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/RealmPrincipalInfo.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/Role.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/Security.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/server/WrappingLoginModuleProxy.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/CertificateChainLoginModule.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/CertificatePropertiesFileLoginModule.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoCallerPrincipal.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/ConfigurationUtil.java
    geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java
    geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/PlanParsingTest.java
    geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java
    geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/test/resources/deployables/war4/WEB-INF/geronimo-web.xml
    geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
    geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContext.java
    geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java
    geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
    geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/RunAsInstanceListener.java
    geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/SecurityHolder.java
    geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
    geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ApplicationTest.java
    geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JAASSecurityTest.java
    geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java
    geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/StatTest.java
    geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java
    geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-post.xml
    geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre.xml
    geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre2.xml
    geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre3.xml
    geronimo/server/trunk/modules/geronimo-yoko/src/main/java/org/apache/geronimo/yoko/ORBConfigAdapter.java
    geronimo/server/trunk/modules/geronimo-yoko/src/test/java/org/apache/geronimo/yoko/TSSConfigEditorTest.java

Modified: geronimo/server/trunk/configs/axis/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/axis/pom.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/axis/pom.xml (original)
+++ geronimo/server/trunk/configs/axis/pom.xml Sat Jun  9 10:44:02 2007
@@ -44,7 +44,7 @@
 
         <dependency>
             <groupId>org.apache.geronimo.configs</groupId>
-            <artifactId>j2ee-security</artifactId>
+            <artifactId>server-security-config</artifactId>
             <version>${version}</version>
             <type>car</type>
         </dependency>

Modified: geronimo/server/trunk/configs/axis2/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/axis2/pom.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/axis2/pom.xml (original)
+++ geronimo/server/trunk/configs/axis2/pom.xml Sat Jun  9 10:44:02 2007
@@ -44,7 +44,7 @@
 
         <dependency>
             <groupId>org.apache.geronimo.configs</groupId>
-            <artifactId>j2ee-security</artifactId>
+            <artifactId>server-security-config</artifactId>
             <version>${version}</version>
             <type>car</type>
         </dependency>

Modified: geronimo/server/trunk/configs/client-deployer/src/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/client-deployer/src/plan/plan.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/client-deployer/src/plan/plan.xml (original)
+++ geronimo/server/trunk/configs/client-deployer/src/plan/plan.xml Sat Jun  9 10:44:02 2007
@@ -22,12 +22,13 @@
         <attribute name="transactionManagerObjectName">?name=TransactionManager</attribute>
         <attribute name="connectionTrackerObjectName">?name=ConnectionTracker</attribute>
         <attribute name="corbaGBeanObjectName">?name=Server</attribute>
+        <attribute name="credentialStoreName">?name=CredentialStore</attribute>
         <reference name="Repositories">
             <!--<gbean-name>*:name=Repository,*</gbean-name>-->
         </reference>
-        <reference name="SecurityBuilder">
-            <name>SecurityBuilder</name>
-        </reference>
+        <!--<reference name="SecurityBuilder">-->
+            <!--<name>SecurityBuilder</name>-->
+        <!--</reference>-->
         <reference name="ServiceBuilders">
             <name>GBeanBuilder</name>
         </reference>

Modified: geronimo/server/trunk/configs/cxf/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/cxf/pom.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/cxf/pom.xml (original)
+++ geronimo/server/trunk/configs/cxf/pom.xml Sat Jun  9 10:44:02 2007
@@ -44,7 +44,7 @@
 
         <dependency>
             <groupId>org.apache.geronimo.configs</groupId>
-            <artifactId>j2ee-security</artifactId>
+            <artifactId>server-security-config</artifactId>
             <version>${version}</version>
             <type>car</type>
         </dependency>

Modified: geronimo/server/trunk/configs/j2ee-corba-yoko/src/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/j2ee-corba-yoko/src/plan/plan.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/j2ee-corba-yoko/src/plan/plan.xml (original)
+++ geronimo/server/trunk/configs/j2ee-corba-yoko/src/plan/plan.xml Sat Jun  9 10:44:02 2007
@@ -67,9 +67,9 @@
         </reference>
         <xml-attribute name="tssConfig">
             <tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/security-${geronimoSchemaVersion}">
-                <tss:default-principal>
-                    <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
-                </tss:default-principal>
+                <!--<tss:default-principal>-->
+                    <!--<sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>-->
+                <!--</tss:default-principal>-->
                 <tss:SSL port="${PlanORBSSLPort}" hostname="${PlanORBSSLHost}">
                     <tss:supports>Integrity Confidentiality EstablishTrustInTarget</tss:supports>
                     <tss:requires>Integrity Confidentiality</tss:requires>
@@ -103,9 +103,9 @@
         </reference>
         <xml-attribute name="tssConfig">
             <tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/security-${geronimoSchemaVersion}">
-                <tss:default-principal>
-                    <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
-                </tss:default-principal>
+                <!--<tss:default-principal>-->
+                    <!--<sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>-->
+                <!--</tss:default-principal>-->
                 <tss:compoundSecMechTypeList>
                     <tss:compoundSecMech>
                         <tss:GSSUP required="true" targetName="default"/>

Modified: geronimo/server/trunk/configs/j2ee-deployer/src/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/j2ee-deployer/src/plan/plan.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/j2ee-deployer/src/plan/plan.xml (original)
+++ geronimo/server/trunk/configs/j2ee-deployer/src/plan/plan.xml Sat Jun  9 10:44:02 2007
@@ -89,10 +89,15 @@
         </references>
     </gbean>
 
-    <gbean name="SecurityBuilder" class="org.apache.geronimo.security.deployment.GeronimoSecurityBuilderImpl"/>
+    <gbean name="SecurityBuilder" class="org.apache.geronimo.security.deployment.GeronimoSecurityBuilderImpl">
+        <attribute name="credentialStoreName">?name=CredentialStore#</attribute>
+    </gbean>
 
     <gbean name="LoginConfigurationBuilder" class="org.apache.geronimo.security.deployment.LoginConfigBuilder"/>
 
+    <gbean name="CredentialStoreBuilder" class="org.apache.geronimo.security.deployment.CredentialStoreBuilder"/>
+
+    <!-- TODO remove or document why SecurityService is here -->
     <gbean name="SecurityService" class="org.apache.geronimo.security.SecurityServiceImpl">
         <attribute name="policyConfigurationFactory">
             org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory</attribute>

Modified: geronimo/server/trunk/configs/j2ee-security/src/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/j2ee-security/src/plan/plan.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/j2ee-security/src/plan/plan.xml (original)
+++ geronimo/server/trunk/configs/j2ee-security/src/plan/plan.xml Sat Jun  9 10:44:02 2007
@@ -61,42 +61,6 @@
         </reference>
     </gbean>
 
-
-    <!-- Default security realm using properties files -->
-    <gbean name="properties-login"
-        class="org.apache.geronimo.security.jaas.LoginModuleGBean">
-        <attribute name="loginModuleClass">org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</attribute>
-        <attribute name="serverSide">true</attribute>
-        <attribute name="options">
-            usersURI=var/security/users.properties
-            groupsURI=var/security/groups.properties
-        </attribute>
-        <attribute name="loginDomainName">geronimo-admin</attribute>
-    </gbean>
-
-    <gbean name="geronimo-admin"
-        class="org.apache.geronimo.security.realm.GenericSecurityRealm">
-        <attribute name="realmName">geronimo-admin</attribute>
-        <reference name="LoginModuleConfiguration">
-            <name>properties-login</name>
-        </reference>
-        <reference name="ServerInfo"><name>ServerInfo</name></reference>
-        <reference name="LoginService"><name>JaasLoginService</name></reference>
-    </gbean>
-
-    <gbean name="properties-login" class="org.apache.geronimo.security.jaas.JaasLoginModuleUse">
-         <attribute name="controlFlag">REQUIRED</attribute>
-         <reference name="LoginModule">
-             <name>properties-login</name>
-         </reference>
-     </gbean>
-
-    <gbean name="JMX" class="org.apache.geronimo.security.jaas.ServerRealmConfigurationEntry">
-        <attribute name="applicationConfigName">JMX</attribute>
-        <attribute name="realmName">geronimo-admin</attribute>
-        <reference name="LoginService"><name>JaasLoginService</name></reference>
-    </gbean>
-
     <gbean name="KeystoreManager" class="org.apache.geronimo.security.keystore.FileKeystoreManager">
         <attribute name="keystoreDir">var/security/keystores</attribute>
         <reference name="ServerInfo"><name>ServerInfo</name></reference>
@@ -105,14 +69,6 @@
             <type>Keystore</type>
           </pattern>
         </references>
-    </gbean>
-    
-    <gbean name="geronimo-default" class="org.apache.geronimo.security.keystore.FileKeystoreInstance">
-        <attribute name="keystoreName">geronimo-default</attribute>
-        <attribute name="keystorePath">var/security/keystores/geronimo-default</attribute>
-        <attribute name="keystorePassword">secret</attribute>
-        <attribute name="keyPasswords">geronimo=secret</attribute>
-        <reference name="ServerInfo"><name>ServerInfo</name></reference>
     </gbean>
     
 </module>

Modified: geronimo/server/trunk/configs/jasper/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/jasper/pom.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/jasper/pom.xml (original)
+++ geronimo/server/trunk/configs/jasper/pom.xml Sat Jun  9 10:44:02 2007
@@ -44,7 +44,7 @@
 
         <dependency>
             <groupId>org.apache.geronimo.configs</groupId>
-            <artifactId>j2ee-security</artifactId>
+            <artifactId>server-security-config</artifactId>
             <version>${version}</version>
             <type>car</type>
         </dependency>

Modified: geronimo/server/trunk/configs/jetty6/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/jetty6/pom.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/jetty6/pom.xml (original)
+++ geronimo/server/trunk/configs/jetty6/pom.xml Sat Jun  9 10:44:02 2007
@@ -44,7 +44,7 @@
 
         <dependency>
             <groupId>org.apache.geronimo.configs</groupId>
-            <artifactId>j2ee-security</artifactId>
+            <artifactId>server-security-config</artifactId>
             <version>${version}</version>
             <type>car</type>
         </dependency>

Modified: geronimo/server/trunk/configs/jsp-examples-jetty/src/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/jsp-examples-jetty/src/plan/plan.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/jsp-examples-jetty/src/plan/plan.xml (original)
+++ geronimo/server/trunk/configs/jsp-examples-jetty/src/plan/plan.xml Sat Jun  9 10:44:02 2007
@@ -23,9 +23,10 @@
     <context-root>/jsp-examples</context-root>
     <security-realm-name>geronimo-admin</security-realm-name>
     <security>
-        <default-principal>
-            <principal name="anonymous" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
-        </default-principal>
+        <default-subject>
+            <realm>geronimo-admin</realm>
+            <id>anonymous</id>
+        </default-subject>
         <role-mappings>
             <role role-name="tomcat">
                 <principal name="admin" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" />

Modified: geronimo/server/trunk/configs/jsp-examples-tomcat/src/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/jsp-examples-tomcat/src/plan/plan.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/jsp-examples-tomcat/src/plan/plan.xml (original)
+++ geronimo/server/trunk/configs/jsp-examples-tomcat/src/plan/plan.xml Sat Jun  9 10:44:02 2007
@@ -23,9 +23,10 @@
     <context-root>/jsp-examples</context-root>
     <security-realm-name>geronimo-admin</security-realm-name>
     <security>
-        <default-principal>
-            <principal name="anonymous" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
-        </default-principal>
+        <default-subject>
+            <realm>geronimo-admin</realm>
+            <id>anonymous</id>
+        </default-subject>
         <role-mappings>
             <role role-name="tomcat">
                 <principal name="admin" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>

Modified: geronimo/server/trunk/configs/ldap-demo-jetty/src/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/ldap-demo-jetty/src/plan/plan.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/ldap-demo-jetty/src/plan/plan.xml (original)
+++ geronimo/server/trunk/configs/ldap-demo-jetty/src/plan/plan.xml Sat Jun  9 10:44:02 2007
@@ -23,19 +23,20 @@
     <context-root>/ldap-demo</context-root>
     <security-realm-name>ldap-realm</security-realm-name>
     <security>
-        <default-principal realm-name="ldap-realm">
-            <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/>
-        </default-principal>
+        <default-subject>
+            <realm>geronimo-admin</realm>
+            <id>system</id>
+        </default-subject>
         <role-mappings>
             <role role-name="content-administrator">
                 <realm realm-name="ldap-realm">
-                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="admin" designated-run-as="true"/>
+                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="admin"/>
                     <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/>
                 </realm>
             </role>
             <role role-name="guest">
                 <realm realm-name="ldap-realm">
-                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="guest" designated-run-as="true"/>
+                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="guest"/>
                     <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="user1"/>
                     <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="user2"/>
                 </realm>

Modified: geronimo/server/trunk/configs/ldap-demo-tomcat/src/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/ldap-demo-tomcat/src/plan/plan.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/ldap-demo-tomcat/src/plan/plan.xml (original)
+++ geronimo/server/trunk/configs/ldap-demo-tomcat/src/plan/plan.xml Sat Jun  9 10:44:02 2007
@@ -23,19 +23,20 @@
     <context-root>/ldap-demo</context-root>
     <security-realm-name>ldap-realm</security-realm-name>
     <security>
-        <default-principal realm-name="ldap-realm">
-            <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/>
-        </default-principal>
+        <default-subject>
+            <realm>geronimo-admin</realm>
+            <id>system</id>
+        </default-subject>
         <role-mappings>
             <role role-name="content-administrator">
                 <realm realm-name="ldap-realm">
-                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="admin" designated-run-as="true"/>
+                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="admin"/>
                     <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/>
                 </realm>
             </role>
             <role role-name="guest">
                 <realm realm-name="ldap-realm">
-                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="guest" designated-run-as="true"/>
+                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="guest"/>
                     <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="user1"/>
                     <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="user2"/>
                 </realm>

Modified: geronimo/server/trunk/configs/ldap-realm/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/ldap-realm/pom.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/ldap-realm/pom.xml (original)
+++ geronimo/server/trunk/configs/ldap-realm/pom.xml Sat Jun  9 10:44:02 2007
@@ -37,7 +37,7 @@
         
         <dependency>
             <groupId>org.apache.geronimo.configs</groupId>
-            <artifactId>j2ee-security</artifactId>
+            <artifactId>server-security-config</artifactId>
             <version>${version}</version>
             <type>car</type>
         </dependency>

Modified: geronimo/server/trunk/configs/openejb/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/openejb/pom.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/openejb/pom.xml (original)
+++ geronimo/server/trunk/configs/openejb/pom.xml Sat Jun  9 10:44:02 2007
@@ -44,7 +44,7 @@
 
         <dependency>
             <groupId>org.apache.geronimo.configs</groupId>
-            <artifactId>j2ee-security</artifactId>
+            <artifactId>server-security-config</artifactId>
             <version>${version}</version>
             <type>car</type>
         </dependency>

Modified: geronimo/server/trunk/configs/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/pom.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/pom.xml (original)
+++ geronimo/server/trunk/configs/pom.xml Sat Jun  9 10:44:02 2007
@@ -128,6 +128,7 @@
         <module>j2ee-corba-yoko</module>
         <module>j2ee-deployer</module>
         <module>j2ee-security</module>
+        <module>server-security-config</module>
         <module>j2ee-server</module>
         <module>j2ee-system</module>
         <module>javamail</module>

Modified: geronimo/server/trunk/configs/remote-deploy-jetty/src/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/remote-deploy-jetty/src/plan/plan.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/remote-deploy-jetty/src/plan/plan.xml (original)
+++ geronimo/server/trunk/configs/remote-deploy-jetty/src/plan/plan.xml Sat Jun  9 10:44:02 2007
@@ -23,14 +23,14 @@
     <context-root>/remote-deploy</context-root>
     <security-realm-name>geronimo-admin</security-realm-name>
     <sec:security>
-        <sec:default-principal>
-            <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
-                           name="anonymous"/>
-        </sec:default-principal>
+        <!--<sec:default-subject>-->
+            <!--<sec:realm>geronimo-admin</sec:realm>-->
+            <!--<sec:id>anonymous</sec:id>-->
+        <!--</sec:default-subject>-->
         <sec:role-mappings>
             <sec:role role-name="admin">
                 <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
-                               name="admin" designated-run-as="true"/>
+                               name="admin"/>
             </sec:role>
         </sec:role-mappings>
     </sec:security>

Modified: geronimo/server/trunk/configs/remote-deploy-tomcat/src/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/remote-deploy-tomcat/src/plan/plan.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/remote-deploy-tomcat/src/plan/plan.xml (original)
+++ geronimo/server/trunk/configs/remote-deploy-tomcat/src/plan/plan.xml Sat Jun  9 10:44:02 2007
@@ -23,14 +23,14 @@
     <context-root>/remote-deploy</context-root>
     <security-realm-name>geronimo-admin</security-realm-name>
     <sec:security>
-        <sec:default-principal>
-            <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
-                           name="anonymous"/>
-        </sec:default-principal>
+        <!--<sec:default-subject>-->
+            <!--<sec:realm>geronimo-admin</sec:realm>-->
+            <!--<sec:id>anonymous</sec:id>-->
+        <!--</sec:default-subject>-->
         <sec:role-mappings>
             <sec:role role-name="admin">
                 <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
-                               name="admin" designated-run-as="true"/>
+                               name="admin"/>
             </sec:role>
         </sec:role-mappings>
     </sec:security>

Copied: geronimo/server/trunk/configs/server-security-config/pom.xml (from r545777, geronimo/server/trunk/configs/j2ee-security/pom.xml)
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/server-security-config/pom.xml?view=diff&rev=545781&p1=geronimo/server/trunk/configs/j2ee-security/pom.xml&r1=545777&p2=geronimo/server/trunk/configs/server-security-config/pom.xml&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/j2ee-security/pom.xml (original)
+++ geronimo/server/trunk/configs/server-security-config/pom.xml Sat Jun  9 10:44:02 2007
@@ -29,9 +29,8 @@
         <relativePath>../pom.xml</relativePath>
     </parent>
     
-    <!-- change this to server-security -->
-    <artifactId>j2ee-security</artifactId>
-    <name>Geronimo Configs :: J2EE Security</name>
+    <artifactId>server-security-config</artifactId>
+    <name>Geronimo Configs :: Server Security Configuration</name>
     <packaging>car</packaging>
     
     <dependencies>
@@ -39,26 +38,12 @@
         <!-- parent -->
         <dependency>
             <groupId>org.apache.geronimo.configs</groupId>
-            <artifactId>rmi-naming</artifactId>
+            <artifactId>j2ee-security</artifactId>
             <version>${version}</version>
             <type>car</type>
         </dependency>
         
-        <dependency>
-            <groupId>org.apache.geronimo.modules</groupId>
-            <artifactId>geronimo-security</artifactId>
-            <version>${version}</version>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.geronimo.modules</groupId>
-            <artifactId>geronimo-jmx-remoting</artifactId>
-            <version>${version}</version>
-        </dependency>
-        
     </dependencies>
-    
-<!--
     <build>
         <plugins>
             <plugin>
@@ -67,11 +52,11 @@
                 <configuration>
                     <deploymentConfigs>
                         <deploymentConfig>${gbeanDeployer}</deploymentConfig>
+                        <deploymentConfig>${j2eeDeployer}</deploymentConfig>
                     </deploymentConfigs>
                 </configuration>
             </plugin>
         </plugins>
     </build>
--->
 
 </project>

Modified: geronimo/server/trunk/configs/server-security-config/src/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/server-security-config/src/plan/plan.xml?view=diff&rev=545781&r1=545777&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/server-security-config/src/plan/plan.xml (original)
+++ geronimo/server/trunk/configs/server-security-config/src/plan/plan.xml Sat Jun  9 10:44:02 2007
@@ -20,45 +20,24 @@
 
 <module xmlns="http://geronimo.apache.org/xml/ns/deployment-${geronimoSchemaVersion}">
 
-    <!--runtime dependencies-->
-    <gbean name="SecurityService" class="org.apache.geronimo.security.SecurityServiceImpl">
-        <reference name="ServerInfo"><name>ServerInfo</name></reference>
-        <attribute name="policyConfigurationFactory">org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory</attribute>
-        <attribute name="policyProvider">org.apache.geronimo.security.jacc.GeronimoPolicy</attribute>
-    </gbean>
-
-    <!-- Register GeronimoLoginConfiguration as the LoginConfiguration handler -->
-    <gbean name="LoginConfiguration" class="org.apache.geronimo.security.jaas.GeronimoLoginConfiguration">
-        <references name="Configurations">
-            <pattern><type>SecurityRealm</type></pattern>
-            <pattern><type>ConfigurationEntry</type></pattern>
-        </references>
-    </gbean>
-
-    <gbean name="JaasLoginService" class="org.apache.geronimo.security.jaas.server.JaasLoginService">
-        <reference name="Realms"></reference>
-        <!--        <attribute name="reclaimPeriod">100000</attribute>-->
-        <attribute name="algorithm">HmacSHA1</attribute>
-        <attribute name="password">secret</attribute>
-    </gbean>
-
-    <gbean name="JaasLoginServiceRemotingServer" class="org.apache.geronimo.security.remoting.jmx.JaasLoginServiceRemotingServer">
-        <attribute name="protocol">tcp</attribute>
-        <attribute name="host">${PlanServerHostname}</attribute>
-        <attribute name="port">${PlanRemoteLoginPort}</attribute>
-        <reference name="LoginService"><name>JaasLoginService</name></reference>
-    </gbean>
-
-    <!-- JMX Remoting -->
-    <gbean name="JMXService" class="org.apache.geronimo.jmxremoting.JMXConnector">
-        <attribute name="protocol">rmi</attribute>
-        <attribute name="host">${PlanServerHostname}</attribute>
-        <attribute name="port">${PlanJMXPort}</attribute>
-        <attribute name="urlPath">/jndi/rmi://${PlanServerHostname}:${PlanNamingPort}/JMXConnector</attribute>
-        <attribute name="applicationConfigName">JMX</attribute>
-        <reference name="MBeanServerReference">
-            <name>MBeanServerReference</name>
-        </reference>
+    <gbean name="CredentialStore" class="org.apache.geronimo.security.credentialstore.SimpleCredentialStoreImpl">
+        <xml-attribute name="credentialStore">
+            <credential-store xmlns="http://geronimo.apache.org/xml/ns/credentialstore-1.0">
+                <realm name="geronimo-admin">
+                    <subject>
+                        <id>default</id>
+                        <credential>
+                            <type>org.apache.geronimo.security.credentialstore.NameCallbackHandler</type>
+                            <value>system</value>
+                        </credential>
+                        <credential>
+                            <type>org.apache.geronimo.security.credentialstore.PasswordCallbackHandler</type>
+                            <value>manager</value>
+                        </credential>
+                    </subject>
+                </realm>
+            </credential-store>
+        </xml-attribute>
     </gbean>
 
 
@@ -97,16 +76,6 @@
         <reference name="LoginService"><name>JaasLoginService</name></reference>
     </gbean>
 
-    <gbean name="KeystoreManager" class="org.apache.geronimo.security.keystore.FileKeystoreManager">
-        <attribute name="keystoreDir">var/security/keystores</attribute>
-        <reference name="ServerInfo"><name>ServerInfo</name></reference>
-        <references name="KeystoreInstances">
-          <pattern>
-            <type>Keystore</type>
-          </pattern>
-        </references>
-    </gbean>
-    
     <gbean name="geronimo-default" class="org.apache.geronimo.security.keystore.FileKeystoreInstance">
         <attribute name="keystoreName">geronimo-default</attribute>
         <attribute name="keystorePath">var/security/keystores/geronimo-default</attribute>

Modified: geronimo/server/trunk/configs/servlet-examples-jetty/src/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/servlet-examples-jetty/src/plan/plan.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/servlet-examples-jetty/src/plan/plan.xml (original)
+++ geronimo/server/trunk/configs/servlet-examples-jetty/src/plan/plan.xml Sat Jun  9 10:44:02 2007
@@ -23,9 +23,10 @@
     <context-root>/servlets-examples</context-root>
     <security-realm-name>geronimo-admin</security-realm-name>
     <security>
-        <default-principal>
-            <principal name="anonymous" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
-        </default-principal>
+        <default-subject>
+            <realm>geronimo-admin</realm>
+            <id>anonymous</id>
+        </default-subject>
         <role-mappings>
             <role role-name="tomcat">
                 <principal name="admin" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" />

Modified: geronimo/server/trunk/configs/servlet-examples-tomcat/src/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/servlet-examples-tomcat/src/plan/plan.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/servlet-examples-tomcat/src/plan/plan.xml (original)
+++ geronimo/server/trunk/configs/servlet-examples-tomcat/src/plan/plan.xml Sat Jun  9 10:44:02 2007
@@ -23,9 +23,10 @@
     <context-root>/servlets-examples</context-root>
     <security-realm-name>geronimo-admin</security-realm-name>
     <security>
-        <default-principal>
-            <principal name="anonymous" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
-        </default-principal>
+        <default-subject>
+            <realm>geronimo-admin</realm>
+            <id>anonymous</id>
+        </default-subject>
         <role-mappings>
             <role role-name="tomcat">
                 <principal name="admin" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" />

Modified: geronimo/server/trunk/configs/tomcat6/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/tomcat6/pom.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/tomcat6/pom.xml (original)
+++ geronimo/server/trunk/configs/tomcat6/pom.xml Sat Jun  9 10:44:02 2007
@@ -44,7 +44,7 @@
 
         <dependency>
             <groupId>org.apache.geronimo.configs</groupId>
-            <artifactId>j2ee-security</artifactId>
+            <artifactId>server-security-config</artifactId>
             <version>${version}</version>
             <type>car</type>
         </dependency>

Modified: geronimo/server/trunk/configs/webconsole-jetty6/src/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/webconsole-jetty6/src/plan/plan.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/webconsole-jetty6/src/plan/plan.xml (original)
+++ geronimo/server/trunk/configs/webconsole-jetty6/src/plan/plan.xml Sat Jun  9 10:44:02 2007
@@ -387,13 +387,14 @@
     </module>
 
     <security>
-        <default-principal realm-name="geronimo-admin">
-            <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/>
-        </default-principal>
+        <default-subject>
+            <realm>geronimo-admin</realm>
+            <id>default</id>
+        </default-subject>
         <role-mappings>
             <role role-name="admin">
                 <realm realm-name="geronimo-admin">
-                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="admin" designated-run-as="true"/>
+                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="admin"/>
                 </realm>
             </role>
         </role-mappings>

Modified: geronimo/server/trunk/configs/webconsole-tomcat/src/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/configs/webconsole-tomcat/src/plan/plan.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/configs/webconsole-tomcat/src/plan/plan.xml (original)
+++ geronimo/server/trunk/configs/webconsole-tomcat/src/plan/plan.xml Sat Jun  9 10:44:02 2007
@@ -389,16 +389,15 @@
     </module>
 
     <security xmlns="http://geronimo.apache.org/xml/ns/security-${geronimoSchemaVersion}">
-    	<default-principal>
-    		<principal
-    			class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
-    			name="system" />
-    	</default-principal>
+        <!--<default-subject>-->
+            <!--<realm>geronimo-admin</realm>-->
+            <!--<id>system</id>-->
+        <!--</default-subject>-->
     	<role-mappings>
     		<role role-name="admin">
     				<principal
     					class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
-    					name="admin" designated-run-as="true" />
+    					name="admin"/>
     		</role>
     	</role-mappings>
     </security>

Modified: geronimo/server/trunk/modules/geronimo-client-builder/src/main/java/org/apache/geronimo/client/builder/AppClientModuleBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-client-builder/src/main/java/org/apache/geronimo/client/builder/AppClientModuleBuilder.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-client-builder/src/main/java/org/apache/geronimo/client/builder/AppClientModuleBuilder.java (original)
+++ geronimo/server/trunk/modules/geronimo-client-builder/src/main/java/org/apache/geronimo/client/builder/AppClientModuleBuilder.java Sat Jun  9 10:44:02 2007
@@ -39,6 +39,7 @@
 import org.apache.geronimo.client.AppClientContainer;
 import org.apache.geronimo.client.StaticJndiContextPlugin;
 import org.apache.geronimo.common.DeploymentException;
+import org.apache.geronimo.deployment.ClassPathList;
 import org.apache.geronimo.deployment.DeploymentContext;
 import org.apache.geronimo.deployment.ModuleIDBuilder;
 import org.apache.geronimo.deployment.NamespaceDrivenBuilder;
@@ -61,11 +62,9 @@
 import org.apache.geronimo.j2ee.deployment.EARContext;
 import org.apache.geronimo.j2ee.deployment.Module;
 import org.apache.geronimo.j2ee.deployment.ModuleBuilder;
+import org.apache.geronimo.j2ee.deployment.ModuleBuilderExtension;
 import org.apache.geronimo.j2ee.deployment.NamingBuilder;
 import org.apache.geronimo.j2ee.deployment.NamingBuilderCollection;
-import org.apache.geronimo.j2ee.deployment.SecurityBuilder;
-import org.apache.geronimo.j2ee.deployment.ModuleBuilderExtension;
-import org.apache.geronimo.deployment.ClassPathList;
 import org.apache.geronimo.j2ee.deployment.annotation.AnnotatedApplicationClient;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.j2ee.management.impl.J2EEAppClientModuleImpl;
@@ -79,11 +78,13 @@
 import org.apache.geronimo.kernel.repository.Environment;
 import org.apache.geronimo.kernel.repository.Repository;
 import org.apache.geronimo.schema.SchemaConversionUtils;
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
+import org.apache.geronimo.security.deploy.SubjectInfo;
+import org.apache.geronimo.security.deployment.SecurityConfiguration;
 import org.apache.geronimo.xbeans.geronimo.client.GerApplicationClientDocument;
 import org.apache.geronimo.xbeans.geronimo.client.GerApplicationClientType;
 import org.apache.geronimo.xbeans.geronimo.client.GerResourceType;
 import org.apache.geronimo.xbeans.geronimo.naming.GerAbstractNamingEntryDocument;
+import org.apache.geronimo.xbeans.geronimo.security.GerSubjectInfoType;
 import org.apache.geronimo.xbeans.javaee.ApplicationClientDocument;
 import org.apache.geronimo.xbeans.javaee.ApplicationClientType;
 import org.apache.geronimo.xbeans.javaee.FullyQualifiedClassType;
@@ -106,8 +107,8 @@
 
     private final AbstractNameQuery transactionManagerObjectName;
     private final AbstractNameQuery connectionTrackerObjectName;
+    private final AbstractNameQuery credentialStoreName;
     private final SingleElementCollection connectorModuleBuilder;
-    private final SingleElementCollection securityBuilder;
     private final NamespaceDrivenBuilderCollection serviceBuilder;
     private final NamingBuilderCollection namingBuilders;
     private final Collection<ModuleBuilderExtension> moduleBuilderExtensions;
@@ -121,9 +122,8 @@
             AbstractNameQuery transactionManagerObjectName,
             AbstractNameQuery connectionTrackerObjectName,
             AbstractNameQuery corbaGBeanObjectName,
-            Collection<Repository> repositories,
+            AbstractNameQuery credentialStoreName, Collection<Repository> repositories,
             ModuleBuilder connectorModuleBuilder,
-            NamespaceDrivenBuilder securityBuilder,
             NamespaceDrivenBuilder serviceBuilder,
             Collection<NamingBuilder> namingBuilders,
             Collection<ModuleBuilderExtension> moduleBuilderExtensions) {
@@ -132,8 +132,7 @@
                 transactionManagerObjectName,
                 connectionTrackerObjectName,
                 corbaGBeanObjectName,
-                repositories, new SingleElementCollection(connectorModuleBuilder),
-                new SingleElementCollection(securityBuilder),
+                credentialStoreName, repositories, new SingleElementCollection(connectorModuleBuilder),
                 serviceBuilder == null ? Collections.EMPTY_SET : Collections.singleton(serviceBuilder),
                 namingBuilders == null ? Collections.EMPTY_SET : namingBuilders,
                 moduleBuilderExtensions);
@@ -142,9 +141,8 @@
     public AppClientModuleBuilder(AbstractNameQuery transactionManagerObjectName,
             AbstractNameQuery connectionTrackerObjectName,
             AbstractNameQuery corbaGBeanObjectName,
-            Collection<Repository> repositories,
+            AbstractNameQuery credentialStoreName, Collection<Repository> repositories,
             Collection connectorModuleBuilder,
-            Collection securityBuilder,
             Collection<NamespaceDrivenBuilder> serviceBuilder,
             Collection<NamingBuilder> namingBuilders,
             Collection<ModuleBuilderExtension> moduleBuilderExtensions,
@@ -156,9 +154,8 @@
                 transactionManagerObjectName,
                 connectionTrackerObjectName,
                 corbaGBeanObjectName,
-                repositories,
+                credentialStoreName, repositories,
                 new SingleElementCollection(connectorModuleBuilder),
-                new SingleElementCollection(securityBuilder),
                 serviceBuilder,
                 namingBuilders,
                 moduleBuilderExtensions);
@@ -169,9 +166,9 @@
             AbstractNameQuery transactionManagerObjectName,
             AbstractNameQuery connectionTrackerObjectName,
             AbstractNameQuery corbaGBeanObjectName,
+            AbstractNameQuery credentialStoreName,
             Collection<Repository> repositories,
             SingleElementCollection connectorModuleBuilder,
-            SingleElementCollection securityBuilder,
             Collection<NamespaceDrivenBuilder> serviceBuilder,
             Collection<NamingBuilder> namingBuilders,
             Collection<ModuleBuilderExtension> moduleBuilderExtensions) {
@@ -180,9 +177,9 @@
         this.corbaGBeanObjectName = corbaGBeanObjectName;
         this.transactionManagerObjectName = transactionManagerObjectName;
         this.connectionTrackerObjectName = connectionTrackerObjectName;
+        this.credentialStoreName = credentialStoreName;
         this.repositories = repositories;
         this.connectorModuleBuilder = connectorModuleBuilder;
-        this.securityBuilder = securityBuilder;
         this.serviceBuilder = new NamespaceDrivenBuilderCollection(serviceBuilder, GBeanBuilder.SERVICE_QNAME);
         this.namingBuilders = new NamingBuilderCollection(namingBuilders, GerAbstractNamingEntryDocument.type.getDocumentElementName());
         this.moduleBuilderExtensions = moduleBuilderExtensions;
@@ -197,10 +194,6 @@
         return (ModuleBuilder) connectorModuleBuilder.getElement();
     }
 
-    private org.apache.geronimo.j2ee.deployment.SecurityBuilder getSecurityBuilder() {
-        return (SecurityBuilder) securityBuilder.getElement();
-    }
-
     public Module createModule(File plan, JarFile moduleFile, Naming naming, ModuleIDBuilder idBuilder) throws DeploymentException {
         return createModule(plan, moduleFile, "app-client", null, null, null, naming, idBuilder);
     }
@@ -210,10 +203,10 @@
     }
 
     private Module createModule(Object plan, JarFile moduleFile, String targetPath, URL specDDUrl, Environment earEnvironment, AbstractName earName, Naming naming, ModuleIDBuilder idBuilder) throws DeploymentException {
-        assert moduleFile != null: "moduleFile is null";
-        assert targetPath != null: "targetPath is null";
-        assert !targetPath.endsWith("/"): "targetPath must not end with a '/'";
-        assert (earName == null) == (earEnvironment == null): "if earName is not null you must supply earEnvironment as well";
+        assert moduleFile != null : "moduleFile is null";
+        assert targetPath != null : "targetPath is null";
+        assert !targetPath.endsWith("/") : "targetPath must not end with a '/'";
+        assert (earName == null) == (earEnvironment == null) : "if earName is not null you must supply earEnvironment as well";
 
         boolean standAlone = earEnvironment == null;
 
@@ -238,7 +231,7 @@
         }
 
         String specDD;
-        ApplicationClientType appClient  = null;
+        ApplicationClientType appClient = null;
         try {
             if (specDDUrl == null) {
                 specDDUrl = DeploymentUtil.createJarURL(moduleFile, "META-INF/application-client.xml");
@@ -297,7 +290,7 @@
         }
 
         //always use the artifactId of the app client as the name component of the module name (on the server).
-        AbstractName  moduleName = naming.createChildName(earName, clientEnvironment.getConfigId().toString(), NameFactory.APP_CLIENT_MODULE);
+        AbstractName moduleName = naming.createChildName(earName, clientEnvironment.getConfigId().toString(), NameFactory.APP_CLIENT_MODULE);
         AbstractName clientBaseName = naming.createRootName(clientEnvironment.getConfigId(), clientEnvironment.getConfigId().toString(), NameFactory.J2EE_APPLICATION);
 
         //start installing the resource adapters in the client.
@@ -388,7 +381,7 @@
     }
 
     private GerApplicationClientType createDefaultPlan(String name, ApplicationClientType appClient, boolean standAlone, Environment environment) {
-        String id = appClient == null? null: appClient.getId();
+        String id = appClient == null ? null : appClient.getId();
         if (id == null) {
             id = name;
             if (id.endsWith(".jar")) {
@@ -417,7 +410,7 @@
 
     static ApplicationClientDocument convertToApplicationClientSchema(XmlObject xmlObject) throws XmlException {
         if (ApplicationClientDocument.type.equals(xmlObject.schemaType())) {
-            ApplicationClientType appClient = ((ApplicationClientDocument)xmlObject).getApplicationClient();
+            ApplicationClientType appClient = ((ApplicationClientDocument) xmlObject).getApplicationClient();
             if ("5.0".equals(appClient.getVersion())) {
                 appClient.setVersion("5");
             }
@@ -515,7 +508,7 @@
             }
             ClassPathList libClasspath = (ClassPathList) earContext.getGeneralData().get(ClassPathList.class);
             if (libClasspath != null) {
-                for (String libEntryPath: libClasspath) {
+                for (String libEntryPath : libClasspath) {
                     try {
                         NestedJarFile library = new NestedJarFile(earFile, libEntryPath);
                         appClientDeploymentContext.addIncludeAsPackedJar(URI.create(libEntryPath), library);
@@ -538,7 +531,7 @@
     }
 
     public void initContext(EARContext earContext, Module clientModule, ClassLoader cl) throws DeploymentException {
-        namingBuilders.buildEnvironment(clientModule.getSpecDD(), clientModule.getVendorDD(), ((AppClientModule)clientModule).getEnvironment());
+        namingBuilders.buildEnvironment(clientModule.getSpecDD(), clientModule.getVendorDD(), ((AppClientModule) clientModule).getEnvironment());
 
         AppClientModule appClientModule = ((AppClientModule) clientModule);
         for (ConnectorModule connectorModule : appClientModule.getResourceModules()) {
@@ -584,7 +577,7 @@
         Map<Object, Object> generalData = earContext.getGeneralData();
         for (Map.Entry<Object, Object> entry : generalData.entrySet()) {
             Object key = entry.getKey();
-            if (key instanceof Class && ((Class)key).getName().equals("org.apache.geronimo.openejb.deployment.EjbModuleBuilder$EarData")) {
+            if (key instanceof Class && ((Class) key).getName().equals("org.apache.geronimo.openejb.deployment.EjbModuleBuilder$EarData")) {
                 appClientDeploymentContext.getGeneralData().put(key, entry.getValue());
                 break;
             }
@@ -656,8 +649,8 @@
                 } catch (DeploymentException e) {
                     throw e;
                 } catch (Exception e) {
-                    throw new DeploymentException("Unable to construct jndi context for AppClientModule GBean "+
-                    		appClientModule.getName(), e);
+                    throw new DeploymentException("Unable to construct jndi context for AppClientModule GBean " +
+                            appClientModule.getName(), e);
                 }
                 appClientDeploymentContext.addGBean(jndiContextGBeanData);
 
@@ -684,9 +677,20 @@
                     if (realmName != null) {
                         appClientContainerGBeanData.setAttribute("realmName", realmName);
                         appClientContainerGBeanData.setAttribute("callbackHandlerClassName", callbackHandlerClassName);
-                    } else if (geronimoAppClient.isSetDefaultPrincipal()) {
-                        DefaultPrincipal defaultPrincipal = getSecurityBuilder().buildDefaultPrincipal(geronimoAppClient.getDefaultPrincipal());
-                        appClientContainerGBeanData.setAttribute("defaultPrincipal", defaultPrincipal);
+                    } else if (geronimoAppClient.isSetDefaultSubject()) {
+                        GerSubjectInfoType subjectInfoType = geronimoAppClient.getDefaultSubject();
+                        SubjectInfo subjectInfo = buildSubjectInfo(subjectInfoType);
+                        appClientContainerGBeanData.setAttribute("defaultSubject", subjectInfo);
+                        appClientContainerGBeanData.setReferencePattern("CredentialStore", credentialStoreName);
+                    } else if (earContext.getSecurityConfiguration() != null) {
+                        //beware a linkage error if we cast this to SubjectInfo
+                        String realm = ((SecurityConfiguration) earContext.getSecurityConfiguration()).getDefaultSubjectRealm();
+                        String id = ((SecurityConfiguration) earContext.getSecurityConfiguration()).getDefaultSubjectId();
+                        if (realm != null) {
+                            SubjectInfo subjectInfo = new SubjectInfo(realm, id);
+                            appClientContainerGBeanData.setAttribute("defaultSubject", subjectInfo);
+                            appClientContainerGBeanData.setReferencePattern("CredentialStore", credentialStoreName);
+                        }
                     }
                     appClientContainerGBeanData.setReferencePattern("JNDIContext", jndiContextName);
                     appClientContainerGBeanData.setAttribute("holder", holder);
@@ -769,6 +773,12 @@
         return new ClassFinder(classes);
     }
 
+    private SubjectInfo buildSubjectInfo(GerSubjectInfoType defaultSubject) {
+        String realmName = defaultSubject.getRealm().trim();
+        String id = defaultSubject.getId().trim();
+        return new SubjectInfo(realmName, id);
+    }
+
     public String getSchemaNamespace() {
         return GERAPPCLIENT_NAMESPACE;
     }
@@ -863,9 +873,9 @@
         infoBuilder.addAttribute("transactionManagerObjectName", AbstractNameQuery.class, true);
         infoBuilder.addAttribute("connectionTrackerObjectName", AbstractNameQuery.class, true);
         infoBuilder.addAttribute("corbaGBeanObjectName", AbstractNameQuery.class, true);
+        infoBuilder.addAttribute("credentialStoreName", AbstractNameQuery.class, true);
         infoBuilder.addReference("Repositories", Repository.class, "Repository");
         infoBuilder.addReference("ConnectorModuleBuilder", ModuleBuilder.class, NameFactory.MODULE_BUILDER);
-        infoBuilder.addReference("SecurityBuilder", SecurityBuilder.class, NameFactory.MODULE_BUILDER);
         infoBuilder.addReference("ServiceBuilders", NamespaceDrivenBuilder.class, NameFactory.MODULE_BUILDER);
         infoBuilder.addReference("NamingBuilders", NamingBuilder.class, NameFactory.MODULE_BUILDER);
         infoBuilder.addReference("ModuleBuilderExtensions", ModuleBuilderExtension.class, NameFactory.MODULE_BUILDER);
@@ -875,9 +885,9 @@
         infoBuilder.setConstructor(new String[]{"transactionManagerObjectName",
                 "connectionTrackerObjectName",
                 "corbaGBeanObjectName",
+                "credentialStoreName",
                 "Repositories",
                 "ConnectorModuleBuilder",
-                "SecurityBuilder",
                 "ServiceBuilders",
                 "NamingBuilders",
                 "ModuleBuilderExtensions",

Modified: geronimo/server/trunk/modules/geronimo-client-builder/src/main/schema/geronimo-application-client-1.2.xsd
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-client-builder/src/main/schema/geronimo-application-client-1.2.xsd?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-client-builder/src/main/schema/geronimo-application-client-1.2.xsd (original)
+++ geronimo/server/trunk/modules/geronimo-client-builder/src/main/schema/geronimo-application-client-1.2.xsd Sat Jun  9 10:44:02 2007
@@ -23,7 +23,7 @@
     targetNamespace="http://geronimo.apache.org/xml/ns/j2ee/application-client-1.2"
     xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.2"
     xmlns:connector="http://geronimo.apache.org/xml/ns/j2ee/connector-1.2"
-    xmlns:security="http://geronimo.apache.org/xml/ns/security-1.2"
+    xmlns:security="http://geronimo.apache.org/xml/ns/security-2.0"
     xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2"
     xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified"
     attributeFormDefault="unqualified" version="1.0">
@@ -56,7 +56,7 @@
             </xs:documentation>
         </xs:annotation>
     </xs:import>
-    <xs:import namespace="http://geronimo.apache.org/xml/ns/security-1.2"
+    <xs:import namespace="http://geronimo.apache.org/xml/ns/security-2.0"
         schemaLocation="geronimo-security-1.2.xsd">
         <xs:annotation>
             <xs:documentation>
@@ -175,11 +175,12 @@
                 </xs:annotation>
             </xs:element>
 
-            <xs:element ref="security:default-principal" minOccurs="0">
+            <xs:element ref="security:default-subject" minOccurs="0">
                 <xs:annotation>
                     <xs:documentation>
-                        Reference to default-principal element defined in
-                        imported "geronimo-security-1.2.xsd"
+                        Reference to default-subject element defined in
+                        imported "geronimo-security-2.0.xsd"
+                        This is the subject run under if you are not logged in.
                     </xs:documentation>
                 </xs:annotation>
             </xs:element>

Modified: geronimo/server/trunk/modules/geronimo-client-builder/src/test/java/org/apache/geronimo/client/builder/PlanParsingTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-client-builder/src/test/java/org/apache/geronimo/client/builder/PlanParsingTest.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-client-builder/src/test/java/org/apache/geronimo/client/builder/PlanParsingTest.java (original)
+++ geronimo/server/trunk/modules/geronimo-client-builder/src/test/java/org/apache/geronimo/client/builder/PlanParsingTest.java Sat Jun  9 10:44:02 2007
@@ -36,7 +36,7 @@
     private AppClientModuleBuilder builder;
 
     protected void setUp() throws Exception {
-        builder = new AppClientModuleBuilder(new Environment(), null, null, null, null, Collections.EMPTY_LIST, null, null, null, null, Collections.EMPTY_LIST);
+        builder = new AppClientModuleBuilder(new Environment(), null, null, null, null, null, Collections.EMPTY_LIST, null, null, null, Collections.EMPTY_LIST);
     }
 
     public void testResourceRef() throws Exception {

Modified: geronimo/server/trunk/modules/geronimo-client/src/main/java/org/apache/geronimo/client/AppClientContainer.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-client/src/main/java/org/apache/geronimo/client/AppClientContainer.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-client/src/main/java/org/apache/geronimo/client/AppClientContainer.java (original)
+++ geronimo/server/trunk/modules/geronimo-client/src/main/java/org/apache/geronimo/client/AppClientContainer.java Sat Jun  9 10:44:02 2007
@@ -39,8 +39,8 @@
 import org.apache.geronimo.kernel.Kernel;
 import org.apache.geronimo.security.Callers;
 import org.apache.geronimo.security.ContextManager;
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
-import org.apache.geronimo.security.util.ConfigurationUtil;
+import org.apache.geronimo.security.credentialstore.CredentialStore;
+import org.apache.geronimo.security.deploy.SubjectInfo;
 import org.apache.xbean.recipe.ObjectRecipe;
 import org.apache.xbean.recipe.Option;
 import org.apache.xbean.recipe.StaticRecipe;
@@ -69,9 +69,10 @@
             AbstractName appClientModuleName,
             String realmName,
             String callbackHandlerClassName,
-            DefaultPrincipal defaultPrincipal,
+            SubjectInfo defaultSubject,
             Holder holder,
             AppClientPlugin jndiContext,
+            CredentialStore credentialStore,
             ClassLoader classLoader,
             Kernel kernel
     ) throws Exception {
@@ -86,10 +87,10 @@
         this.realmName = realmName;
         this.callbackHandlerClass = callbackHandlerClassName;
 
-        if (defaultPrincipal != null) {
-            defaultSubject = ConfigurationUtil.generateDefaultSubject(defaultPrincipal, classLoader);
+        if (defaultSubject != null) {
+            this.defaultSubject = credentialStore.getSubject(defaultSubject.getRealm(), defaultSubject.getId());
         } else {
-            defaultSubject = null;
+            this.defaultSubject = null;
         }
         this.holder = holder == null ? Holder.EMPTY : holder;
         this.classLoader = classLoader;
@@ -243,10 +244,11 @@
         infoFactory.addAttribute("appClientModuleName", AbstractName.class, true);
         infoFactory.addAttribute("realmName", String.class, true);
         infoFactory.addAttribute("callbackHandlerClassName", String.class, true);
-        infoFactory.addAttribute("defaultPrincipal", DefaultPrincipal.class, true);
+        infoFactory.addAttribute("defaultSubject", SubjectInfo.class, true);
         infoFactory.addAttribute("holder", Holder.class, true);
 
         infoFactory.addReference("JNDIContext", AppClientPlugin.class, NameFactory.GERONIMO_SERVICE);
+        infoFactory.addReference("CredentialStore", CredentialStore.class, NameFactory.GERONIMO_SERVICE);
 
         infoFactory.addAttribute("classLoader", ClassLoader.class, false);
         infoFactory.addAttribute("kernel", Kernel.class, false);
@@ -256,9 +258,10 @@
                 "appClientModuleName",
                 "realmName",
                 "callbackHandlerClassName",
-                "defaultPrincipal",
+                "defaultSubject",
                 "holder",
                 "JNDIContext",
+                "CredentialStore",
                 "classLoader",
                 "kernel"
         });

Modified: geronimo/server/trunk/modules/geronimo-corba-builder/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSConfigEditor.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba-builder/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSConfigEditor.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba-builder/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSConfigEditor.java (original)
+++ geronimo/server/trunk/modules/geronimo-corba-builder/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSConfigEditor.java Sat Jun  9 10:44:02 2007
@@ -25,9 +25,6 @@
 import org.apache.geronimo.common.propertyeditor.PropertyEditorException;
 import org.apache.geronimo.deployment.service.XmlAttributeBuilder;
 import org.apache.geronimo.deployment.xmlbeans.XmlBeansUtil;
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
-import org.apache.geronimo.security.deployment.GeronimoSecurityBuilderImpl;
-import org.apache.geronimo.xbeans.geronimo.security.GerDefaultPrincipalType;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.kernel.ClassLoading;
@@ -91,15 +88,6 @@
         TSSConfig tssConfig = new TSSConfig();
 
         tssConfig.setInherit(tss.getInherit());
-
-        if (tss.isSetDefaultPrincipal()) {
-            DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
-            GerDefaultPrincipalType defaultPrincipalType = tss.getDefaultPrincipal();
-
-            defaultPrincipal.setPrincipal(new GeronimoSecurityBuilderImpl().buildPrincipal(defaultPrincipalType.getPrincipal()));
-
-            tssConfig.setDefaultPrincipal(defaultPrincipal);
-        }
 
         if (tss.isSetSSL()) {
             tssConfig.setTransport_mech(extractSSL(tss.getSSL()));

Modified: geronimo/server/trunk/modules/geronimo-corba-builder/src/main/schema/corba-tss-config-2.1.xsd
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba-builder/src/main/schema/corba-tss-config-2.1.xsd?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba-builder/src/main/schema/corba-tss-config-2.1.xsd (original)
+++ geronimo/server/trunk/modules/geronimo-corba-builder/src/main/schema/corba-tss-config-2.1.xsd Sat Jun  9 10:44:02 2007
@@ -32,7 +32,7 @@
     <xsd:complexType name="tssType">
         <xsd:sequence>
             <xsd:element name="description" type="tss:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
-            <xsd:element name="default-principal" type="security:default-principalType" minOccurs="0"/>
+            <!--<xsd:element name="default-principal" type="security:default-principalType" minOccurs="0"/>-->
             <xsd:group ref="tss:transportMechGroup" minOccurs="0"/>
             <xsd:element name="compoundSecMechTypeList" minOccurs="0">
                 <xsd:complexType>

Modified: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/SecurityInitializer.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/SecurityInitializer.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/SecurityInitializer.java (original)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/SecurityInitializer.java Sat Jun  9 10:44:02 2007
@@ -94,19 +94,19 @@
 
             Subject defaultSubject = null;
             String[] strings = info.arguments();
-            for (int i = 0; i < strings.length; i++) {
-                String arg = strings[i];
-                if (arg.startsWith(DEFAULT_REALM_PRINCIPAL)) {
-                    defaultSubject = generateDefaultRealmSubject(arg);
-                    break;
-                } else if (arg.startsWith(DEFAULT_DOMAIN_PRINCIPAL)) {
-                    defaultSubject = generateDefaultDomainSubject(arg);
-                    break;
-                } else if (arg.startsWith(DEFAULT_PRINCIPAL)) {
-                    defaultSubject = generateDefaultSubject(arg);
-                    break;
-                }
-            }
+//            for (int i = 0; i < strings.length; i++) {
+//                String arg = strings[i];
+//                if (arg.startsWith(DEFAULT_REALM_PRINCIPAL)) {
+//                    defaultSubject = generateDefaultRealmSubject(arg);
+//                    break;
+//                } else if (arg.startsWith(DEFAULT_DOMAIN_PRINCIPAL)) {
+//                    defaultSubject = generateDefaultDomainSubject(arg);
+//                    break;
+//                } else if (arg.startsWith(DEFAULT_PRINCIPAL)) {
+//                    defaultSubject = generateDefaultSubject(arg);
+//                    break;
+//                }
+//            }
 
             if (log.isDebugEnabled()) log.debug("Default subject: " + defaultSubject);
             

Modified: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/ServerSecurityInterceptor.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/ServerSecurityInterceptor.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/ServerSecurityInterceptor.java (original)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/ServerSecurityInterceptor.java Sat Jun  9 10:44:02 2007
@@ -122,11 +122,11 @@
                     throw new INTERNAL("The CSIv2 TSS is not supposed to receive a CompleteEstablishContext message.");
 
                 case MTContextError.value:
-                    log.error("The CSIv2 TSS is not supposed to receive a CompleteEstablishContext message.");
+                    log.error("The CSIv2 TSS is not supposed to receive a ContextError message.");
                     throw new INTERNAL("The CSIv2 TSS is not supposed to receive a ContextError message.");
 
                 case MTMessageInContext.value:
-                    log.error("The CSIv2 TSS is not supposed to receive a CompleteEstablishContext message.");
+                    log.error("The CSIv2 TSS is not supposed to receive a MessageInContext message.");
 
                     contextId = contextBody.in_context_msg().client_context_id;
                     throw new SASNoContextException();

Modified: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSConfig.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSConfig.java (original)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSConfig.java Sat Jun  9 10:44:02 2007
@@ -17,18 +17,16 @@
 package org.apache.geronimo.corba.security.config.tss;
 
 import java.io.Serializable;
+
 import javax.net.ssl.SSLSession;
 import javax.security.auth.Subject;
 
+import org.apache.geronimo.corba.security.SASException;
 import org.omg.CORBA.ORB;
 import org.omg.CSI.EstablishContext;
 import org.omg.IOP.Codec;
 import org.omg.IOP.TaggedComponent;
 
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
-
-import org.apache.geronimo.corba.security.SASException;
-
 
 /**
  * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
@@ -36,7 +34,6 @@
 public class TSSConfig implements Serializable {
 
     private boolean inherit;
-    private DefaultPrincipal defaultPrincipal;
     private TSSTransportMechConfig transport_mech;
     private final TSSCompoundSecMechListConfig mechListConfig = new TSSCompoundSecMechListConfig();
 
@@ -48,14 +45,6 @@
         this.inherit = inherit;
     }
 
-    public DefaultPrincipal getDefaultPrincipal() {
-        return defaultPrincipal;
-    }
-
-    public void setDefaultPrincipal(DefaultPrincipal defaultPrincipal) {
-        this.defaultPrincipal = defaultPrincipal;
-    }
-
     public TSSTransportMechConfig getTransport_mech() {
         return transport_mech;
     }
@@ -91,11 +80,6 @@
     void toString(String spaces, StringBuffer buf) {
         String moreSpaces = spaces + "  ";
         buf.append(spaces).append("TSSConfig: [\n");
-        if (defaultPrincipal != null) {
-            buf.append(moreSpaces).append("defaultPrincipal: ").append(defaultPrincipal.toString()).append("\n");
-        } else {
-            buf.append(moreSpaces).append("defaultPrincipal null\n");
-        }
         if (transport_mech != null) {
             transport_mech.toString(moreSpaces, buf);
         } else {

Modified: geronimo/server/trunk/modules/geronimo-deployment/src/main/java/org/apache/geronimo/deployment/xmlbeans/XmlBeansUtil.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-deployment/src/main/java/org/apache/geronimo/deployment/xmlbeans/XmlBeansUtil.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-deployment/src/main/java/org/apache/geronimo/deployment/xmlbeans/XmlBeansUtil.java (original)
+++ geronimo/server/trunk/modules/geronimo-deployment/src/main/java/org/apache/geronimo/deployment/xmlbeans/XmlBeansUtil.java Sat Jun  9 10:44:02 2007
@@ -62,7 +62,8 @@
         NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/naming", "http://geronimo.apache.org/xml/ns/naming-1.2");
         NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/naming-1.1", "http://geronimo.apache.org/xml/ns/naming-1.2");
         NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/security", "http://geronimo.apache.org/xml/ns/security-1.2");
-        NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/security-1.1", "http://geronimo.apache.org/xml/ns/security-1.2");
+        NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/security-1.1", "http://geronimo.apache.org/xml/ns/security-2.0");
+        NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/security-1.2", "http://geronimo.apache.org/xml/ns/security-2.0");
         NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/web", "http://geronimo.apache.org/xml/ns/j2ee/web-1.2");
         NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/j2ee/web-1.1", "http://geronimo.apache.org/xml/ns/j2ee/web-1.2");
         NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/web/jetty", "http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.2");

Modified: geronimo/server/trunk/modules/geronimo-j2ee-schema/src/main/java/org/apache/geronimo/schema/SchemaConversionUtils.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-j2ee-schema/src/main/java/org/apache/geronimo/schema/SchemaConversionUtils.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-j2ee-schema/src/main/java/org/apache/geronimo/schema/SchemaConversionUtils.java (original)
+++ geronimo/server/trunk/modules/geronimo-j2ee-schema/src/main/java/org/apache/geronimo/schema/SchemaConversionUtils.java Sat Jun  9 10:44:02 2007
@@ -42,7 +42,7 @@
     public static final String JAVAEE_NAMESPACE = "http://java.sun.com/xml/ns/javaee";
 
     static final String GERONIMO_NAMING_NAMESPACE = "http://geronimo.apache.org/xml/ns/naming-1.2";
-    private static final String GERONIMO_SECURITY_NAMESPACE = "http://geronimo.apache.org/xml/ns/security-1.2";
+    private static final String GERONIMO_SECURITY_NAMESPACE = "http://geronimo.apache.org/xml/ns/security-2.0";
     private static final String GERONIMO_SERVICE_NAMESPACE = "http://geronimo.apache.org/xml/ns/deployment-1.2";
 
     private static final Map GERONIMO_SCHEMA_CONVERSIONS = new HashMap();
@@ -62,7 +62,7 @@
         GERONIMO_SCHEMA_CONVERSIONS.put("web-container", new NamespaceElementConverter(GERONIMO_NAMING_NAMESPACE));
 
         GERONIMO_SCHEMA_CONVERSIONS.put("security", new SecurityElementConverter());
-        GERONIMO_SCHEMA_CONVERSIONS.put("default-principal", new NamespaceElementConverter(GERONIMO_SECURITY_NAMESPACE));
+        GERONIMO_SCHEMA_CONVERSIONS.put("default-subject", new NamespaceElementConverter(GERONIMO_SECURITY_NAMESPACE));
 
         GERONIMO_SCHEMA_CONVERSIONS.put("gbean", new GBeanElementConverter());
         GERONIMO_SCHEMA_CONVERSIONS.put("environment", new NamespaceElementConverter(GERONIMO_SERVICE_NAMESPACE));



Mime
View raw message