geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r545781 [2/5] - in /geronimo/server/trunk: configs/ configs/axis/ configs/axis2/ configs/client-deployer/src/plan/ configs/cxf/ configs/j2ee-corba-yoko/src/plan/ configs/j2ee-deployer/src/plan/ configs/j2ee-security/src/plan/ configs/jasper...
Date Sat, 09 Jun 2007 17:44:07 GMT
Modified: geronimo/server/trunk/modules/geronimo-j2ee-schema/src/main/java/org/apache/geronimo/schema/SecurityElementConverter.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-j2ee-schema/src/main/java/org/apache/geronimo/schema/SecurityElementConverter.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-j2ee-schema/src/main/java/org/apache/geronimo/schema/SecurityElementConverter.java (original)
+++ geronimo/server/trunk/modules/geronimo-j2ee-schema/src/main/java/org/apache/geronimo/schema/SecurityElementConverter.java Sat Jun  9 10:44:02 2007
@@ -25,9 +25,10 @@
  */
 public class SecurityElementConverter implements ElementConverter {
 
-    public static final String GERONIMO_SECURITY_NAMESPACE = "http://geronimo.apache.org/xml/ns/security-1.2";
+    public static final String GERONIMO_SECURITY_NAMESPACE = "http://geronimo.apache.org/xml/ns/security-2.0";
     private static final QName PRINCIPAL_QNAME = new QName(GERONIMO_SECURITY_NAMESPACE, "principal");
     private static final QName REALM_NAME_QNAME = new QName("realm-name");
+    private static final QName DESIGNATED_RUN_AS = new QName("designated-run-as");
 
     public void convertElement(XmlCursor cursor, XmlCursor end) {
         cursor.push();
@@ -46,32 +47,40 @@
         cursor.pop();
         XmlCursor source = null;
         try {
-        while (cursor.hasNextToken() && cursor.isLeftOf(end)) {
-            if (cursor.isStart()) {
-                String localPart = cursor.getName().getLocalPart();
-                if (localPart.equals("realm")) {
-                    if (source == null) {
-                        source = cursor.newCursor();
-                    } else {
-                        source.toCursor(cursor);
-                    }
-                    cursor.push();
-                    cursor.toEndToken();
-                    cursor.toNextToken();
+            while (cursor.hasNextToken() && cursor.isLeftOf(end)) {
+                if (cursor.isStart()) {
+                    String localPart = cursor.getName().getLocalPart();
+                    if (localPart.equals("realm")) {
+                        if (source == null) {
+                            source = cursor.newCursor();
+                        } else {
+                            source.toCursor(cursor);
+                        }
+                        cursor.push();
+                        cursor.toEndToken();
+                        cursor.toNextToken();
                         if (source.toChild(PRINCIPAL_QNAME)) {
                             do {
+                                source.removeAttribute(DESIGNATED_RUN_AS);
                                 source.copyXml(cursor);
                             } while (source.toNextSibling(PRINCIPAL_QNAME));
                         }
 
-                    cursor.pop();
-                    cursor.removeXml();
-                } else if (localPart.equals("default-principal")) {
-                    cursor.removeAttribute(REALM_NAME_QNAME);
+                        cursor.pop();
+                        cursor.removeXml();
+                    } else if (localPart.equals("default-subject")) {
+//                    cursor.removeAttribute(REALM_NAME_QNAME);
+                        cursor.toEndToken();
+                    } else if (localPart.equals("default-principal")) {
+                        cursor.removeXml();
+                    } else if (localPart.equals("principal")) {
+                        cursor.removeAttribute(DESIGNATED_RUN_AS);
+                    } else if (localPart.equals("run-as-subject")) {
+                        cursor.toEndToken();
+                    }
                 }
+                cursor.toNextToken();
             }
-            cursor.toNextToken();
-        }
         } finally {
             if (source != null) {
                 source.dispose();

Modified: geronimo/server/trunk/modules/geronimo-j2ee-schema/src/test/resources/geronimo/security-post.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-j2ee-schema/src/test/resources/geronimo/security-post.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-j2ee-schema/src/test/resources/geronimo/security-post.xml (original)
+++ geronimo/server/trunk/modules/geronimo-j2ee-schema/src/test/resources/geronimo/security-post.xml Sat Jun  9 10:44:02 2007
@@ -16,10 +16,7 @@
    limitations under the License.
 -->
 
-<security xmlns="http://geronimo.apache.org/xml/ns/security-1.2">
-    <default-principal>
-        <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="supplier"/>
-    </default-principal>
+<security xmlns="http://geronimo.apache.org/xml/ns/security-2.0">
     <role-mappings>
         <role role-name="administrator">
             <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="supplier"/>
@@ -28,6 +25,10 @@
             <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="y"/>
         </role>
         <role role-name="user">
+            <run-as-subject>
+                <realm>foo-realm</realm>
+                <id>run-as-user</id>
+            </run-as-subject>
             <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="supplier"/>
             <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="buyer"/>
             <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="x"/>

Modified: geronimo/server/trunk/modules/geronimo-j2ee-schema/src/test/resources/geronimo/security-pre.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-j2ee-schema/src/test/resources/geronimo/security-pre.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-j2ee-schema/src/test/resources/geronimo/security-pre.xml (original)
+++ geronimo/server/trunk/modules/geronimo-j2ee-schema/src/test/resources/geronimo/security-pre.xml Sat Jun  9 10:44:02 2007
@@ -23,7 +23,7 @@
     <role-mappings>
         <role role-name="administrator">
             <realm realm-name="petstore-realm">
-                <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="supplier"/>
+                <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="supplier" designated-run-as="true"/>
                 <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="buyer"/>
             </realm>
             <realm realm-name="foo-realm">
@@ -32,6 +32,10 @@
             </realm>
         </role>
         <role role-name="user">
+            <run-as-subject>
+                <realm>foo-realm</realm>
+                <id>run-as-user</id>
+            </run-as-subject>
             <realm realm-name="petstore-realm">
                 <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="supplier"/>
                 <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="buyer"/>

Modified: geronimo/server/trunk/modules/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java (original)
+++ geronimo/server/trunk/modules/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java Sat Jun  9 10:44:02 2007
@@ -82,7 +82,7 @@
 import org.apache.geronimo.naming.deployment.ENCConfigBuilder;
 import org.apache.geronimo.naming.deployment.GBeanResourceEnvironmentBuilder;
 import org.apache.geronimo.naming.deployment.ResourceEnvironmentSetter;
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
+import org.apache.geronimo.security.deploy.SubjectInfo;
 import org.apache.geronimo.security.deployment.SecurityConfiguration;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.geronimo.web.deployment.GenericToSpecificPlanConverter;
@@ -466,7 +466,6 @@
             }
 
             //set up servlet gbeans.
-
             ServletType[] servletTypes = webApp.getServletArray();
             addServlets(moduleName, webModule, servletTypes, servletMappings, securityRoles, rolePermissions, moduleContext);
 
@@ -474,11 +473,6 @@
                 configureSecurityRealm(earContext, webApp, jettyWebApp, webModuleData, securityRoles, rolePermissions);
             }
 
-            if (servletTypes.length > 0) {
-                // Process security annotations for servlets only (before MBEs run)
-                SecurityAnnotationHelper.processAnnotations(webApp, webModule.getClassFinder());
-            }
-
             //TODO this may definitely not be the best place for this!
             for (ModuleBuilderExtension mbe : moduleBuilderExtensions) {
                 mbe.addGBeans(earContext, module, cl, repository);
@@ -519,6 +513,7 @@
         }
         String securityRealmName = jettyWebApp.getSecurityRealmName().trim();
         webModuleData.setAttribute("securityRealmName", securityRealmName);
+        webModuleData.setReferencePattern("RunAsSource", earContext.getJaccManagerName());
 
         /**
          * TODO - go back to commented version when possible.
@@ -530,8 +525,6 @@
         ComponentPermissions componentPermissions = buildSpecSecurityConfig(webApp, securityRoles, rolePermissions);
 
         earContext.addSecurityContext(policyContextID, componentPermissions);
-        DefaultPrincipal defaultPrincipal = ((SecurityConfiguration) earContext.getSecurityConfiguration()).getDefaultPrincipal();
-        webModuleData.setAttribute("defaultPrincipal", defaultPrincipal);
     }
 
     private void addDefaultServletsGBeans(EARContext earContext, EARContext moduleContext, AbstractName moduleName, Set knownServletMappings) throws GBeanNotFoundException, GBeanAlreadyExistsException {
@@ -986,11 +979,7 @@
         //run-as
         if (servletType.isSetRunAs()) {
             String runAsRole = servletType.getRunAs().getRoleName().getStringValue().trim();
-            //TODO implement role to id mapping
-            //Or go back to direct subject construction.
-            //See GERONIMO-2687
-            String runAsId = null;
-            servletData.setAttribute("runAsId", runAsId);
+            servletData.setAttribute("runAsRole", runAsRole);
         }
 
         processRoleRefPermissions(servletType, securityRoles, rolePermissions);

Modified: geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilderTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilderTest.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilderTest.java (original)
+++ geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilderTest.java Sat Jun  9 10:44:02 2007
@@ -272,6 +272,7 @@
                 new Integer(1800),
                 Collections.EMPTY_LIST,
                 new AbstractNameQuery(containerName),
+                //new AbstractNameQuery(containerName),
                 null, defaultServlets,
                 defaultFilters,
                 defaultFilterMappings,
@@ -280,7 +281,7 @@
                 pojoWebServiceTemplate,
                 Collections.singleton(webServiceBuilder),
                 null,
-                Collections.singleton(new GeronimoSecurityBuilderImpl()),
+                Collections.singleton(new GeronimoSecurityBuilderImpl(null)),
                 Collections.singleton(new GBeanBuilder(null, null)),
                 new NamingBuilderCollection(null, null),
                 moduleBuilderExtensions,

Modified: geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/java/org/apache/geronimo/jetty6/deployment/PlanParsingTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/java/org/apache/geronimo/jetty6/deployment/PlanParsingTest.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/java/org/apache/geronimo/jetty6/deployment/PlanParsingTest.java (original)
+++ geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/java/org/apache/geronimo/jetty6/deployment/PlanParsingTest.java Sat Jun  9 10:44:02 2007
@@ -61,6 +61,7 @@
     private Artifact baseId = new Artifact("test", "base", "1", "car");
     private AbstractName baseRootName = naming.createRootName(baseId, "root", NameFactory.SERVICE_MODULE);
     private AbstractNameQuery jettyContainerObjectName = new AbstractNameQuery(naming.createChildName(baseRootName, "jettyContainer", NameFactory.GERONIMO_SERVICE));
+    private AbstractNameQuery credentialStoreName = new AbstractNameQuery(naming.createChildName(baseRootName, "CredentialStore", NameFactory.GERONIMO_SERVICE));
     private AbstractName pojoWebServiceTemplate = null;
     private WebServiceBuilder webServiceBuilder = null;
     private Environment defaultEnvironment = new Environment();
@@ -80,7 +81,7 @@
                 pojoWebServiceTemplate,
                 Collections.singleton(webServiceBuilder),
                 null,
-                Collections.singleton(new GeronimoSecurityBuilderImpl()),
+                Collections.singleton(new GeronimoSecurityBuilderImpl(null)),
                 Collections.singleton(new GBeanBuilder(null, null)),
                 new NamingBuilderCollection(null, null),
                 null,

Modified: geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/resources/plans/plan1.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/resources/plans/plan1.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/resources/plans/plan1.xml (original)
+++ geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/resources/plans/plan1.xml Sat Jun  9 10:44:02 2007
@@ -32,27 +32,27 @@
     </resource-ref>
     <security-realm-name>public-properties-realm</security-realm-name>
     <security default-role="UNASSIGNED" doas-current-caller="true">
-        <default-principal>
-            <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
-        </default-principal>
+        <default-subject>
+            <realm>foo</realm>
+            <id>bar</id>
+        </default-subject>
 
         <role-mappings>
             <role role-name="UNASSIGNED">
-                <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest" designated-run-as="true"/>
+                <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
             </role>
 
             <role role-name="LOW">
-                <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="acct" designated-run-as="true"/>
-                <distinguished-name name="CN=Duke, OU=Java Software, O=Sun Microsystems\, Inc., L=Palo Alto, ST=CA, C=US"/>
+                <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="acct"/>
             </role>
 
             <role role-name="MEDIUM">
                 <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="it"/>
-                <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="george" designated-run-as="true"/>
+                <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="george"/>
             </role>
 
             <role role-name="HIGH">
-                <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="mgmt" designated-run-as="true"/>
+                <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="mgmt"/>
                 <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="dain"/>
                 <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="david"/>
             </role>

Modified: geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/resources/services/local.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/resources/services/local.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/resources/services/local.xml (original)
+++ geronimo/server/trunk/modules/geronimo-jetty6-builder/src/test/resources/services/local.xml Sat Jun  9 10:44:02 2007
@@ -18,7 +18,7 @@
     <gbean class="org.apache.geronimo.jetty6.JettyContainerImpl" objectName="geronimo.web:type=WebContainer,container=Jetty">
     </gbean>
 
-    <gbean class="org.apache.geronimo.jetty6.connector.HTTPConnector" objectName="geronimo.web:type=WebConnector,container=Jetty,port=8080">
+    <gbean class="org.apache.geronimo.jetty6.connector.HTTPSocketConnector" objectName="geronimo.web:type=WebConnector,container=Jetty,port=8080">
         <default attribute="Port">5678</default>
         <endpoint name="JettyContainer">
             <pattern><gbean-name>geronimo.web:type=WebContainer,container=Jetty</gbean-name></pattern>

Modified: geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyDefaultServletHolder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyDefaultServletHolder.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyDefaultServletHolder.java (original)
+++ geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyDefaultServletHolder.java Sat Jun  9 10:44:02 2007
@@ -25,6 +25,7 @@
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.security.deploy.SubjectInfo;
 import org.mortbay.jetty.servlet.ServletHolder;
 
 /**
@@ -35,8 +36,8 @@
     public JettyDefaultServletHolder() {
     }
 
-    public JettyDefaultServletHolder(String objectName, String servletName, String servletClassName, String jspFile, Map initParams, Integer loadOnStartup, Set servletMappings, String runAsId, JettyServletRegistration context) throws Exception {
-        super(objectName, servletName, servletClassName, jspFile, initParams, loadOnStartup, servletMappings, runAsId, context);
+    public JettyDefaultServletHolder(String objectName, String servletName, String servletClassName, String jspFile, Map initParams, Integer loadOnStartup, Set servletMappings, String runAsRole, JettyServletRegistration context) throws Exception {
+        super(objectName, servletName, servletClassName, jspFile, initParams, loadOnStartup, servletMappings, runAsRole, context);
     }
 
     public static final GBeanInfo GBEAN_INFO;

Modified: geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyServletHolder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyServletHolder.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyServletHolder.java (original)
+++ geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyServletHolder.java Sat Jun  9 10:44:02 2007
@@ -18,7 +18,6 @@
 
 import java.util.Map;
 import java.util.Set;
-import java.util.List;
 
 import javax.security.auth.Subject;
 
@@ -26,7 +25,6 @@
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.gbean.GBeanLifecycle;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
-import org.apache.geronimo.j2ee.annotation.Injection;
 import org.apache.geronimo.management.Servlet;
 import org.mortbay.jetty.servlet.ServletHolder;
 
@@ -61,11 +59,11 @@
             String jspFile,
             Map initParams,
             Integer loadOnStartup,
-            Set servletMappings,
-            String runAsId,
+            Set<String> servletMappings,
+            String runAsRole,
             JettyServletRegistration context) throws Exception {
         servletRegistration = context;
-        Subject runAsSubject = getSubjectFromId(runAsId);
+        Subject runAsSubject = context == null? null: context.getSubjectForRole(runAsRole);
         servletHolder = new InternalJettyServletHolder(context == null? null: context.getLifecycleChain(), runAsSubject, servletRegistration);
         servletHolder.setName(servletName);
         servletHolder.setClassName(servletClassName);
@@ -76,7 +74,7 @@
             servletHolder.setForcedPath(jspFile);
             if (loadOnStartup != null) {
                 //This has no effect on the actual start order, the gbean references "previous" control that.
-                servletHolder.setInitOrder(loadOnStartup.intValue());
+                servletHolder.setInitOrder(loadOnStartup);
             }
             //this now starts the servlet in the appropriate context
             context.registerServletHolder(servletHolder, servletName, servletMappings, objectName);
@@ -84,12 +82,6 @@
         this.objectName = objectName;
     }
 
-    private Subject getSubjectFromId(String runAsId) {
-        //TODO implement this.
-        //See GERONIMO-2687
-        return null;
-    }
-
     public String getServletName() {
         return servletHolder.getName();
     }
@@ -143,7 +135,7 @@
         infoBuilder.addAttribute("initParams", Map.class, true);
         infoBuilder.addAttribute("loadOnStartup", Integer.class, true);
         infoBuilder.addAttribute("servletMappings", Set.class, true);
-        infoBuilder.addAttribute("runAsId", String.class, true);
+        infoBuilder.addAttribute("runAsRole", String.class, true);
         infoBuilder.addAttribute("objectName", String.class, false);
         infoBuilder.addInterface(Servlet.class);
 
@@ -156,7 +148,7 @@
                 "initParams",
                 "loadOnStartup",
                 "servletMappings",
-                "runAsId",
+                "runAsRole",
                 "JettyServletRegistration"});
 
         GBEAN_INFO = infoBuilder.getBeanInfo();

Modified: geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyServletRegistration.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyServletRegistration.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyServletRegistration.java (original)
+++ geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyServletRegistration.java Sat Jun  9 10:44:02 2007
@@ -21,10 +21,13 @@
 import java.lang.reflect.InvocationTargetException;
 
 import javax.naming.Context;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
 
 import org.mortbay.jetty.servlet.ServletHandler;
 import org.mortbay.jetty.servlet.ServletHolder;
 import org.apache.geronimo.jetty6.handler.AbstractImmutableHandler;
+import org.apache.geronimo.security.deploy.SubjectInfo;
 
 /**
  * @version $Rev$ $Date$
@@ -44,4 +47,6 @@
     Object newInstance(String className) throws InstantiationException, IllegalAccessException;
 
     void destroyInstance(Object o) throws Exception;
+
+    Subject getSubjectForRole(String role) throws LoginException;
 }

Modified: geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyWebAppContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyWebAppContext.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyWebAppContext.java (original)
+++ geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyWebAppContext.java Sat Jun  9 10:44:02 2007
@@ -19,7 +19,6 @@
 
 import java.net.MalformedURLException;
 import java.net.URL;
-import java.security.PermissionCollection;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.EventListener;
@@ -29,10 +28,11 @@
 import java.util.Map;
 import java.util.Set;
 
-//import javax.faces.FactoryFinder;
 import javax.management.MalformedObjectNameException;
 import javax.management.ObjectName;
 import javax.naming.Context;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
 import javax.transaction.TransactionManager;
 
 import org.apache.commons.logging.Log;
@@ -61,7 +61,7 @@
 import org.apache.geronimo.management.geronimo.WebContainer;
 import org.apache.geronimo.management.geronimo.WebModule;
 import org.apache.geronimo.naming.enc.EnterpriseNamingContext;
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
+import org.apache.geronimo.security.jacc.RunAsSource;
 import org.apache.geronimo.transaction.GeronimoUserTransaction;
 import org.mortbay.jetty.MimeTypes;
 import org.mortbay.jetty.handler.AbstractHandler;
@@ -99,6 +99,7 @@
     private final AbstractImmutableHandler lifecycleChain;
     private final Context componentContext;
     private final Holder holder;
+    private final RunAsSource runAsSource;
 
     private final Set<String> servletNames = new HashSet<String>();
 
@@ -126,9 +127,8 @@
 
             String policyContextID,
             String securityRealmName,
-            DefaultPrincipal defaultPrincipal,
 
-            Holder holder,
+            RunAsSource runAsSource, Holder holder,
 
             Host host,
             TransactionManager transactionManager,
@@ -149,6 +149,8 @@
 
         this.holder = holder == null ? Holder.EMPTY : holder;
 
+        this.runAsSource = runAsSource == null? RunAsSource.NULL: runAsSource;
+
         SessionHandler sessionHandler;
         if (null != handlerFactory) {
             if (null == preHandlerFactory) {
@@ -164,7 +166,8 @@
             InternalJAASJettyRealm internalJAASJettyRealm = jettyContainer.addRealm(securityRealmName);
             //wrap jetty realm with something that knows the dumb realmName
             JAASJettyRealm realm = new JAASJettyRealm(realmName, internalJAASJettyRealm);
-            securityHandler = new JettySecurityHandler(authenticator, realm, policyContextID, defaultPrincipal, classLoader);
+            Subject defaultSubject =  this.runAsSource.getDefaultSubject();
+            securityHandler = new JettySecurityHandler(authenticator, realm, policyContextID, defaultSubject);
         }
 
         ServletHandler servletHandler = new ServletHandler();
@@ -327,6 +330,10 @@
         return lifecycleChain;
     }
 
+    public Subject getSubjectForRole(String role) throws LoginException {
+        return runAsSource.getSubjectForRole(role);
+    }
+
     public Object newInstance(String className) throws InstantiationException, IllegalAccessException {
         if (className == null) {
             throw new InstantiationException("no class loaded");
@@ -591,7 +598,7 @@
 
         infoBuilder.addAttribute("policyContextID", String.class, true);
         infoBuilder.addAttribute("securityRealmName", String.class, true);
-        infoBuilder.addAttribute("defaultPrincipal", DefaultPrincipal.class, true);
+        infoBuilder.addReference("RunAsSource", RunAsSource.class, NameFactory.JACC_MANAGER);
 
         infoBuilder.addAttribute("holder", Holder.class, true);
 
@@ -632,7 +639,7 @@
 
                 "policyContextID",
                 "securityRealmName",
-                "defaultPrincipal",
+                "RunAsSource",
 
                 "holder",
 

Modified: geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java (original)
+++ geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java Sat Jun  9 10:44:02 2007
@@ -19,7 +19,6 @@
 import java.io.IOException;
 import java.security.AccessControlContext;
 import java.security.AccessControlException;
-import java.security.PermissionCollection;
 import java.security.Principal;
 
 import javax.security.auth.Subject;
@@ -30,24 +29,18 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.jetty6.JAASJettyPrincipal;
 import org.apache.geronimo.jetty6.JAASJettyRealm;
 import org.apache.geronimo.jetty6.JettyContainer;
 import org.apache.geronimo.security.Callers;
 import org.apache.geronimo.security.ContextManager;
-import org.apache.geronimo.security.IdentificationPrincipal;
-import org.apache.geronimo.security.SubjectId;
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
-import org.apache.geronimo.security.util.ConfigurationUtil;
 import org.mortbay.jetty.HttpException;
 import org.mortbay.jetty.Request;
 import org.mortbay.jetty.Response;
 import org.mortbay.jetty.security.Authenticator;
 import org.mortbay.jetty.security.FormAuthenticator;
 import org.mortbay.jetty.security.SecurityHandler;
-import org.mortbay.jetty.security.UserRealm;
 
 public class JettySecurityHandler extends SecurityHandler {
 
@@ -62,8 +55,7 @@
     public JettySecurityHandler(Authenticator authenticator,
             JAASJettyRealm userRealm,
             String policyContextID,
-            DefaultPrincipal defaultPrincipal,
-            ClassLoader classLoader) {
+            Subject defaultSubject) {
         setAuthenticator(authenticator);
         this.policyContextID = policyContextID;
 
@@ -80,12 +72,11 @@
         /**
          * Register our default principal with the ContextManager
          */
-        this.defaultPrincipal = generateDefaultPrincipal(defaultPrincipal, classLoader);
+        if (defaultSubject == null) {
+            defaultSubject = ContextManager.EMPTY;
+        }
+        this.defaultPrincipal = generateDefaultPrincipal(defaultSubject);
 
-        Subject defaultSubject = this.defaultPrincipal.getSubject();
-        ContextManager.registerSubject(defaultSubject);
-        SubjectId id = ContextManager.getSubjectId(defaultSubject);
-        defaultSubject.getPrincipals().add(new IdentificationPrincipal(id));
         setUserRealm(userRealm);
         this.realm = userRealm;
         assert realm != null;
@@ -100,8 +91,6 @@
             super.doStop();
         }
         finally {
-            Subject defaultSubject = this.defaultPrincipal.getSubject();
-            ContextManager.unregisterSubject(defaultSubject);
             jettyContainer.removeRealm(realm.getSecurityRealmName());
         }
     }
@@ -249,32 +238,24 @@
     /**
      * Generate the default principal from the security config.
      *
-     * @param defaultPrincipal The Geronimo security configuration.
-     * @param classLoader to load principals for the default subject
+     * @param defaultSubject The default subject.
      * @return the default principal
-     * @throws org.apache.geronimo.common.GeronimoSecurityException if the default principal cannot be constructed
+     * @throws org.apache.geronimo.common.GeronimoSecurityException
+     *          if the default principal cannot be constructed
      */
-    protected JAASJettyPrincipal generateDefaultPrincipal(
-            DefaultPrincipal defaultPrincipal, ClassLoader classLoader)
+    protected JAASJettyPrincipal generateDefaultPrincipal(Subject defaultSubject)
             throws GeronimoSecurityException {
 
-        if (defaultPrincipal == null) {
+        if (defaultSubject == null) {
             throw new GeronimoSecurityException(
                     "Unable to generate default principal");
         }
 
-        try {
-            JAASJettyPrincipal result = new JAASJettyPrincipal("default");
-            Subject defaultSubject = ConfigurationUtil.generateDefaultSubject(
-                    defaultPrincipal, classLoader);
+        JAASJettyPrincipal result = new JAASJettyPrincipal("default");
 
-            result.setSubject(defaultSubject);
+        result.setSubject(defaultSubject);
 
-            return result;
-        } catch (DeploymentException de) {
-            throw new GeronimoSecurityException(
-                    "Unable to generate default principal", de);
-        }
+        return result;
     }
 
 }

Modified: geronimo/server/trunk/modules/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/AbstractWebModuleTest.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/AbstractWebModuleTest.java (original)
+++ geronimo/server/trunk/modules/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/AbstractWebModuleTest.java Sat Jun  9 10:44:02 2007
@@ -29,10 +29,10 @@
 
 import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
 import org.apache.geronimo.connector.outbound.connectiontracking.GeronimoTransactionListener;
-import org.apache.geronimo.jetty6.connector.HTTPSelectChannelConnector;
+import org.apache.geronimo.jetty6.connector.HTTPSocketConnector;
 import org.apache.geronimo.security.SecurityServiceImpl;
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
 import org.apache.geronimo.security.deploy.PrincipalInfo;
+import org.apache.geronimo.security.deploy.SubjectInfo;
 import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration;
 import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
 import org.apache.geronimo.security.jaas.LoginModuleGBean;
@@ -41,6 +41,7 @@
 import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.geronimo.security.jacc.PrincipalRoleMapper;
+import org.apache.geronimo.security.jacc.RunAsSource;
 import org.apache.geronimo.security.realm.GenericSecurityRealm;
 import org.apache.geronimo.system.serverinfo.BasicServerInfo;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
@@ -56,7 +57,7 @@
 public class AbstractWebModuleTest extends TestSupport {
     protected ClassLoader cl;
     protected final static String securityRealmName = "demo-properties-realm";
-    private HTTPSelectChannelConnector connector;
+    private HTTPSocketConnector connector;
     protected JettyContainerImpl container;
     private TransactionManager transactionManager;
     private ConnectionTrackingCoordinator connectionTrackingCoordinator;
@@ -85,11 +86,11 @@
 
     }
 
-    protected JettyWebAppContext setUpAppContext(String realmName, String securityRealmName, Authenticator authenticator, String policyContextId, PermissionCollection excludedPermissions, DefaultPrincipal defaultPrincipal, PermissionCollection checkedPermissions, String uriString) throws Exception {
+    protected JettyWebAppContext setUpAppContext(String realmName, String securityRealmName, Authenticator authenticator, String policyContextId, PermissionCollection excludedPermissions, RunAsSource runAsSource, PermissionCollection checkedPermissions, String uriString) throws Exception {
 
         JettyWebAppContext app = new JettyWebAppContext(null,
                 null,
-                Collections.EMPTY_MAP,
+                Collections.<String, Object>emptyMap(),
                 cl,
                 new URL(configurationBaseURL, uriString),
                 null,
@@ -110,7 +111,7 @@
                 preHandlerFactory,
                 policyContextId,
                 securityRealmName,
-                defaultPrincipal,
+                runAsSource,
                 null,
                 null,
                 transactionManager,
@@ -125,24 +126,25 @@
         return app;
     }
 
-    protected JettyWebAppContext setUpSecureAppContext(Map roleDesignates, Map principalRoleMap, ComponentPermissions componentPermissions, DefaultPrincipal defaultPrincipal, PermissionCollection checked, Set securityRoles) throws Exception {
+    protected JettyWebAppContext setUpSecureAppContext(String securityRealmName, Map roleDesignates, Map principalRoleMap, ComponentPermissions componentPermissions, SubjectInfo defaultSubjectInfo, PermissionCollection checked, Set securityRoles) throws Exception {
         String policyContextId = "TEST";
         PrincipalRoleMapper roleMapper = new ApplicationPrincipalRoleConfigurationManager(principalRoleMap);
-        Map contextIDToPermissionsMap = new HashMap();
+        Map<String, ComponentPermissions> contextIDToPermissionsMap = new HashMap<String, ComponentPermissions>();
         contextIDToPermissionsMap.put(policyContextId, componentPermissions);
-        ApplicationPolicyConfigurationManager jacc = new ApplicationPolicyConfigurationManager(contextIDToPermissionsMap, roleDesignates, cl, roleMapper);
+        ApplicationPolicyConfigurationManager jacc = new ApplicationPolicyConfigurationManager(contextIDToPermissionsMap, null, roleDesignates, cl, null, roleMapper);
         jacc.doStart();
 
         FormAuthenticator formAuthenticator = new FormAuthenticator();
         formAuthenticator.setLoginPage("/auth/logon.html?param=test");
         formAuthenticator.setErrorPage("/auth/logonError.html?param=test");
         return setUpAppContext("Test JAAS Realm",
-                "demo-properties-realm",
+                securityRealmName,
                 formAuthenticator,
                 policyContextId,
                 componentPermissions.getExcludedPermissions(),
-                defaultPrincipal,
-                checked, "war3/");
+                jacc,
+                checked,
+                "war3/");
 
     }
 
@@ -166,8 +168,8 @@
         JaasLoginService loginService = new JaasLoginService("HmacSHA1", "secret", cl, null);
 
         PrincipalInfo.PrincipalEditor principalEditor = new PrincipalInfo.PrincipalEditor();
-        principalEditor.setAsText("metro,org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal,false");
-        GenericSecurityRealm realm = new GenericSecurityRealm(domainName, loginModuleUse, true, true, (PrincipalInfo) principalEditor.getValue(), serverInfo,  cl, null, loginService);
+        principalEditor.setAsText("metro,org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
+        GenericSecurityRealm realm = new GenericSecurityRealm(domainName, loginModuleUse, true, true, serverInfo,  cl, null, loginService);
 
         loginService.setRealms(Collections.singleton(realm));
         loginService.doStart();
@@ -188,7 +190,7 @@
 
         container = new JettyContainerImpl("test:name=JettyContainer", null);
         container.doStart();
-        connector = new HTTPSelectChannelConnector(container, null);
+        connector = new HTTPSocketConnector(container, null);
         connector.setPort(5678);
         connector.setMaxThreads(50);
 //        connector.setMinThreads(10);

Modified: geronimo/server/trunk/modules/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/SecurityTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/SecurityTest.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/SecurityTest.java (original)
+++ geronimo/server/trunk/modules/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/SecurityTest.java Sat Jun  9 10:44:02 2007
@@ -32,10 +32,10 @@
 import javax.security.jacc.WebResourcePermission;
 import javax.security.jacc.WebUserDataPermission;
 
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
 import org.apache.geronimo.security.deploy.PrincipalInfo;
 import org.apache.geronimo.security.deploy.Role;
 import org.apache.geronimo.security.deploy.Security;
+import org.apache.geronimo.security.deploy.SubjectInfo;
 import org.apache.geronimo.security.deployment.GeronimoSecurityBuilderImpl;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
 
@@ -46,6 +46,7 @@
  * @version $Rev$ $Date$
  */
 public class SecurityTest extends AbstractWebModuleTest {
+
     /**
      * Test the explicit map feature.  Only Alan should be able to log in.
      *
@@ -55,15 +56,14 @@
         Security securityConfig = new Security();
         securityConfig.setUseContextHandler(false);
 
-        DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
-        PrincipalInfo principalInfo = new PrincipalInfo("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal", "izumi", false);
-        defaultPrincipal.setPrincipal(principalInfo);
-
-        securityConfig.setDefaultPrincipal(defaultPrincipal);
+        String securityRealmName = "demo-properties-realm";
+        String defaultPrincipalId = "izumi";
+        SubjectInfo defaultSubjectInfo = new SubjectInfo(securityRealmName, defaultPrincipalId);
+        securityConfig.setDefaultSubjectInfo(defaultSubjectInfo);
 
         Role role = new Role();
         role.setRoleName("content-administrator");
-        principalInfo = new PrincipalInfo("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal", "it", false);
+        PrincipalInfo principalInfo = new PrincipalInfo("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal", "it");
         role.getPrincipals().add(principalInfo);
 
         securityConfig.getRoleMappings().put(role.getRoleName(), role);
@@ -91,7 +91,7 @@
 
         ComponentPermissions componentPermissions = new ComponentPermissions(excludedPermissions, uncheckedPermissions, rolePermissions);
 
-        startWebApp(roleDesignates, principalRoleMap, componentPermissions, defaultPrincipal, permissions, securityRoles);
+        startWebApp(roleDesignates, principalRoleMap, componentPermissions, defaultSubjectInfo, permissions, securityRoles);
 
         HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678/test/protected/hello.txt").openConnection();
         connection.setInstanceFollowRedirects(false);
@@ -158,8 +158,8 @@
         stopWebApp();
     }
 
-    protected void startWebApp(Map roleDesignates, Map principalRoleMap, ComponentPermissions componentPermissions, DefaultPrincipal defaultPrincipal, PermissionCollection checked, Set securityRoles) throws Exception {
-        JettyWebAppContext app = setUpSecureAppContext(roleDesignates, principalRoleMap, componentPermissions, defaultPrincipal, checked, securityRoles);
+    protected void startWebApp(Map roleDesignates, Map principalRoleMap, ComponentPermissions componentPermissions, SubjectInfo defaultSubjectInfo, PermissionCollection checked, Set securityRoles) throws Exception {
+        JettyWebAppContext app = setUpSecureAppContext(securityRealmName, roleDesignates, principalRoleMap, componentPermissions, defaultSubjectInfo, checked, securityRoles);
         setUpStaticContentServlet(app);
 //        start(appName, app);
     }
@@ -181,7 +181,7 @@
     //copied from SecurityBuilder
     public void buildPrincipalRoleMap(Security security, Map roleDesignates, Map principalRoleMap) {
         Map roleToPrincipalMap = new HashMap();
-        GeronimoSecurityBuilderImpl.buildRolePrincipalMap(security, roleDesignates, roleToPrincipalMap, getClass().getClassLoader());
+        GeronimoSecurityBuilderImpl.buildRolePrincipalMap(security, roleToPrincipalMap, getClass().getClassLoader());
         invertMap(roleToPrincipalMap, principalRoleMap);
     }
 

Modified: geronimo/server/trunk/modules/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/EjbDeploymentBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/EjbDeploymentBuilder.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/EjbDeploymentBuilder.java (original)
+++ geronimo/server/trunk/modules/geronimo-openejb-builder/src/main/java/org/apache/geronimo/openejb/deployment/EjbDeploymentBuilder.java Sat Jun  9 10:44:02 2007
@@ -17,8 +17,8 @@
  */
 package org.apache.geronimo.openejb.deployment;
 
-import java.security.Permissions;
 import java.security.PermissionCollection;
+import java.security.Permissions;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
@@ -26,8 +26,6 @@
 import java.util.Map;
 import java.util.TreeMap;
 
-import javax.security.auth.Subject;
-
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.connector.outbound.connectiontracking.TrackedConnectionAssociator;
 import org.apache.geronimo.gbean.AbstractName;
@@ -143,7 +141,7 @@
                     gbean.setAttribute(EjbInterface.LOCAL_HOME.getAttributeName(), localHomeInterfaceName);
                 }
 
-                if (enterpriseBean instanceof SessionBean && ((SessionBean)enterpriseBean).getSessionType() == SessionType.STATELESS ) {
+                if (enterpriseBean instanceof SessionBean && ((SessionBean) enterpriseBean).getSessionType() == SessionType.STATELESS) {
                     SessionBean statelessBean = (SessionBean) enterpriseBean;
                     gbean.setAttribute(EjbInterface.SERVICE_ENDPOINT.getAttributeName(), statelessBean.getServiceEndpoint());
                 }
@@ -170,7 +168,7 @@
     }
 
     public ComponentPermissions buildComponentPermissions() throws DeploymentException {
-        ComponentPermissions componentPermissions = new ComponentPermissions(new Permissions(), new Permissions(), new HashMap());
+        ComponentPermissions componentPermissions = new ComponentPermissions(new Permissions(), new Permissions(), new HashMap<String, PermissionCollection>());
         for (EnterpriseBean enterpriseBean : ejbModule.getEjbJar().getEnterpriseBeans()) {
             addSecurityData(enterpriseBean, componentPermissions);
         }
@@ -178,15 +176,15 @@
     }
 
     private void addSecurityData(EnterpriseBean enterpriseBean, ComponentPermissions componentPermissions) throws DeploymentException {
-        GBeanData gbean = getEjbGBean(enterpriseBean.getEjbName());
-        if (enterpriseBean instanceof RemoteBean) {
-            RemoteBean remoteBean = (RemoteBean) enterpriseBean;
+        SecurityConfiguration securityConfiguration = (SecurityConfiguration) earContext.getSecurityConfiguration();
+        if (securityConfiguration != null) {
+            GBeanData gbean = getEjbGBean(enterpriseBean.getEjbName());
+            if (enterpriseBean instanceof RemoteBean) {
+                RemoteBean remoteBean = (RemoteBean) enterpriseBean;
 
-            SecurityBuilder securityBuilder = new SecurityBuilder();
-            PermissionCollection permissions = new Permissions();
+                SecurityBuilder securityBuilder = new SecurityBuilder();
+                PermissionCollection permissions = new Permissions();
 
-            SecurityConfiguration securityConfiguration = (SecurityConfiguration) earContext.getSecurityConfiguration();
-            if (securityConfiguration != null) {
                 securityBuilder.addToPermissions(permissions,
                         remoteBean.getEjbName(),
                         EjbInterface.HOME.getJaccInterfaceName(),
@@ -209,18 +207,18 @@
                         ejbModule.getClassLoader());
                 if (remoteBean instanceof SessionBean) {
                     securityBuilder.addToPermissions(permissions,
-                        remoteBean.getEjbName(),
-                        EjbInterface.SERVICE_ENDPOINT.getJaccInterfaceName(),
-                            ((SessionBean)remoteBean).getServiceEndpoint(),
+                            remoteBean.getEjbName(),
+                            EjbInterface.SERVICE_ENDPOINT.getJaccInterfaceName(),
+                            ((SessionBean) remoteBean).getServiceEndpoint(),
                             ejbModule.getClassLoader());
                 }
                 if (remoteBean.getBusinessRemote() != null && !remoteBean.getBusinessRemote().isEmpty()) {
-                    for (String businessRemote: remoteBean.getBusinessRemote()) {
+                    for (String businessRemote : remoteBean.getBusinessRemote()) {
                         securityBuilder.addToPermissions(permissions,
-                            remoteBean.getEjbName(),
-                            EjbInterface.REMOTE.getJaccInterfaceName(),
-                            businessRemote,
-                            ejbModule.getClassLoader());
+                                remoteBean.getEjbName(),
+                                EjbInterface.REMOTE.getJaccInterfaceName(),
+                                businessRemote,
+                                ejbModule.getClassLoader());
                     }
                     securityBuilder.addToPermissions(componentPermissions.getUncheckedPermissions(),
                             remoteBean.getEjbName(),
@@ -229,12 +227,12 @@
                             ejbModule.getClassLoader());
                 }
                 if (remoteBean.getBusinessLocal() != null && !remoteBean.getBusinessLocal().isEmpty()) {
-                    for (String businessLocal: remoteBean.getBusinessLocal()) {
+                    for (String businessLocal : remoteBean.getBusinessLocal()) {
                         securityBuilder.addToPermissions(permissions,
-                            remoteBean.getEjbName(),
-                            EjbInterface.LOCAL.getJaccInterfaceName(),
-                            businessLocal,
-                            ejbModule.getClassLoader());
+                                remoteBean.getEjbName(),
+                                EjbInterface.LOCAL.getJaccInterfaceName(),
+                                businessLocal,
+                                ejbModule.getClassLoader());
                     }
                     securityBuilder.addToPermissions(componentPermissions.getUncheckedPermissions(),
                             remoteBean.getEjbName(),
@@ -251,23 +249,18 @@
                         remoteBean.getSecurityRoleRef(),
                         componentPermissions);
 
-                // RunAs subject
-                SecurityIdentity securityIdentity = remoteBean.getSecurityIdentity();
-                if (securityIdentity != null && securityIdentity.getRunAs() != null) {
-                    String runAsName = securityIdentity.getRunAs();
-                    if (runAsName != null) {
-                        Subject runAsSubject = (Subject) securityConfiguration.getRoleDesignates().get(runAsName);
-                        if (runAsSubject == null) {
-                            throw new DeploymentException("No role designate found for run-as name: " + runAsName);
-                        }
-                        gbean.setAttribute("runAs", runAsSubject);
-                    }
+            }
+            // RunAs subject
+            SecurityIdentity securityIdentity = enterpriseBean.getSecurityIdentity();
+            if (securityIdentity != null && securityIdentity.getRunAs() != null) {
+                String runAsName = securityIdentity.getRunAs();
+                if (runAsName != null) {
+                    gbean.setAttribute("runAsRole", runAsName);
                 }
-
-                // Default principal
-                gbean.setAttribute("defaultPrincipal", securityConfiguration.getDefaultPrincipal());
-                gbean.setAttribute("securityEnabled", true);
             }
+
+            gbean.setAttribute("securityEnabled", true);
+            gbean.setReferencePattern("RunAsSource", earContext.getJaccManagerName());
         }
     }
 

Modified: geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/EjbDeployment.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/EjbDeployment.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/EjbDeployment.java (original)
+++ geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/EjbDeployment.java Sat Jun  9 10:44:02 2007
@@ -17,18 +17,20 @@
  */
 package org.apache.geronimo.openejb;
 
-import java.util.Set;
-import java.util.ArrayList;
 import java.lang.reflect.Method;
+import java.util.Set;
+
 import javax.ejb.EJBHome;
 import javax.ejb.EJBLocalHome;
 import javax.ejb.EJBObject;
 import javax.naming.Context;
 import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
 
 import org.apache.geronimo.connector.outbound.connectiontracking.TrackedConnectionAssociator;
 import org.apache.geronimo.management.EJB;
 import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.jacc.RunAsSource;
 import org.apache.openejb.BeanType;
 import org.apache.openejb.Container;
 import org.apache.openejb.InterfaceType;
@@ -65,29 +67,30 @@
 
     private Context javaCompSubContext;
 
-    public EjbDeployment() {
+    public EjbDeployment() throws LoginException {
         this(null, null, null, null, null, null, null, null, null, null,
-             false, null, null, null, null, null, null, null);
+             false, null, null, null, null, null, null, null, null);
     }
 
     public EjbDeployment(String objectName,
-                         String deploymentId,
-                         String ejbName,
-                         String homeInterfaceName,
-                         String remoteInterfaceName,
-                         String localHomeInterfaceName,
-                         String localInterfaceName,
-                         String serviceEndpointInterfaceName,
-                         String beanClassName,
-                         ClassLoader classLoader,
-                         boolean securityEnabled,
-                         Subject defaultSubject,
-                         Subject runAs,
-                         Context componentContext,
-                         Set unshareableResources,
-                         Set applicationManagedSecurityResources,
-                         TrackedConnectionAssociator trackedConnectionAssociator,
-                         OpenEjbSystem openEjbSystem) {
+            String deploymentId,
+            String ejbName,
+            String homeInterfaceName,
+            String remoteInterfaceName,
+            String localHomeInterfaceName,
+            String localInterfaceName,
+            String serviceEndpointInterfaceName,
+            String beanClassName,
+            ClassLoader classLoader,
+            boolean securityEnabled,
+            String defaultRole,
+            String runAsRole,
+            RunAsSource runAsSource,
+            Context componentContext,
+            Set unshareableResources,
+            Set applicationManagedSecurityResources,
+            TrackedConnectionAssociator trackedConnectionAssociator,
+            OpenEjbSystem openEjbSystem) throws LoginException {
         this.objectName = objectName;
         this.deploymentId = deploymentId;
         this.ejbName = ejbName;
@@ -99,8 +102,11 @@
         this.beanClassName = beanClassName;
         this.classLoader = classLoader;
         this.securityEnabled = securityEnabled;
-        this.defaultSubject = defaultSubject;
-        this.runAs = runAs;
+        if (runAsSource == null) {
+            runAsSource = RunAsSource.NULL;
+        }
+        this.defaultSubject = defaultRole == null? runAsSource.getDefaultSubject(): runAsSource.getSubjectForRole(defaultRole);
+        this.runAs = runAsSource.getSubjectForRole(runAsRole);
         this.componentContext = componentContext;
         this.unshareableResources = unshareableResources;
         this.applicationManagedSecurityResources = applicationManagedSecurityResources;

Modified: geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/EjbDeploymentGBean.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/EjbDeploymentGBean.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/EjbDeploymentGBean.java (original)
+++ geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/EjbDeploymentGBean.java Sat Jun  9 10:44:02 2007
@@ -19,16 +19,13 @@
 
 import java.util.Map;
 import java.util.Set;
-import javax.security.auth.Subject;
 
-import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.gbean.GBeanLifecycle;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.naming.enc.EnterpriseNamingContext;
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
-import org.apache.geronimo.security.util.ConfigurationUtil;
+import org.apache.geronimo.security.jacc.RunAsSource;
 import org.apache.geronimo.transaction.manager.GeronimoTransactionManager;
 import org.apache.geronimo.connector.outbound.connectiontracking.TrackedConnectionAssociator;
 import org.apache.geronimo.kernel.Kernel;
@@ -45,8 +42,9 @@
             String beanClassName,
             ClassLoader classLoader,
             boolean securityEnabled,
-            DefaultPrincipal defaultPrincipal,
-            Subject runAs,
+            String defaultRole,
+            String runAsRole,
+            RunAsSource runAsSource,
             Map componentContext,
             Set unshareableResources,
             Set applicationManagedSecurityResources,
@@ -65,8 +63,9 @@
                 beanClassName,
                 classLoader,
                 securityEnabled,
-                generateDefaultSubject(defaultPrincipal, classLoader),
-                runAs,
+                defaultRole,
+                runAsRole,
+                runAsSource,
                 EnterpriseNamingContext.createEnterpriseNamingContext(componentContext, transactionManager, kernel, classLoader),
                 unshareableResources,
                 applicationManagedSecurityResources,
@@ -74,14 +73,6 @@
                 openEjbSystem);
     }
 
-    private static Subject generateDefaultSubject(DefaultPrincipal defaultPrincipal, ClassLoader classLoader) throws DeploymentException {
-        if (defaultPrincipal != null) {
-            return ConfigurationUtil.generateDefaultSubject(defaultPrincipal, classLoader);
-        } else {
-            return null;
-        }
-    }
-
     public void doStart() throws Exception {
         start();
     }
@@ -113,8 +104,9 @@
         infoFactory.addAttribute("classLoader", ClassLoader.class, false);
 
         infoFactory.addAttribute("securityEnabled", boolean.class, true);
-        infoFactory.addAttribute("defaultPrincipal", DefaultPrincipal.class, true);
-        infoFactory.addAttribute("runAs", Subject.class, true);
+        infoFactory.addAttribute("defaultRole", String.class, true);
+        infoFactory.addAttribute("runAsRole", String.class, true);
+        infoFactory.addReference("RunAsSource", RunAsSource.class, NameFactory.JACC_MANAGER);
 
         infoFactory.addAttribute("componentContextMap", Map.class, true);
 
@@ -141,8 +133,9 @@
                 "classLoader",
 
                 "securityEnabled",
-                "defaultPrincipal",
-                "runAs",
+                "defaultRole",
+                "runAsRole",
+                "RunAsSource",
 
                 "componentContextMap",
 

Modified: geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenEjbSystem.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenEjbSystem.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenEjbSystem.java (original)
+++ geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenEjbSystem.java Sat Jun  9 10:44:02 2007
@@ -20,6 +20,8 @@
 import java.util.Properties;
 import javax.ejb.spi.HandleDelegate;
 import javax.naming.NamingException;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
 
 import org.apache.openejb.Container;
 import org.apache.openejb.DeploymentInfo;

Modified: geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenEjbSystemGBean.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenEjbSystemGBean.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenEjbSystemGBean.java (original)
+++ geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenEjbSystemGBean.java Sat Jun  9 10:44:02 2007
@@ -18,32 +18,31 @@
 
 import java.io.IOException;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.Map;
 import java.util.Properties;
 import java.util.Set;
 import java.util.TreeSet;
-import java.util.Iterator;
-import java.util.Collections;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 
 import javax.ejb.spi.HandleDelegate;
 import javax.management.ObjectName;
 import javax.naming.NamingException;
+import javax.persistence.EntityManagerFactory;
 import javax.resource.spi.ResourceAdapter;
 import javax.transaction.TransactionManager;
-import javax.persistence.EntityManagerFactory;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.geronimo.connector.ResourceAdapterWrapper;
 import org.apache.geronimo.gbean.AbstractName;
+import org.apache.geronimo.gbean.AbstractNameQuery;
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.gbean.ReferenceCollection;
 import org.apache.geronimo.gbean.ReferenceCollectionEvent;
 import org.apache.geronimo.gbean.ReferenceCollectionListener;
-import org.apache.geronimo.gbean.AbstractNameQuery;
 import org.apache.geronimo.kernel.GBeanNotFoundException;
 import org.apache.geronimo.kernel.Kernel;
 import org.apache.geronimo.persistence.PersistenceUnitGBean;
@@ -57,11 +56,11 @@
 import org.apache.openejb.assembler.classic.ClientInfo;
 import org.apache.openejb.assembler.classic.ContainerInfo;
 import org.apache.openejb.assembler.classic.EjbJarInfo;
+import org.apache.openejb.assembler.classic.LinkResolver;
 import org.apache.openejb.assembler.classic.MdbContainerInfo;
 import org.apache.openejb.assembler.classic.ProxyFactoryInfo;
 import org.apache.openejb.assembler.classic.SecurityServiceInfo;
 import org.apache.openejb.assembler.classic.TransactionServiceInfo;
-import org.apache.openejb.assembler.classic.LinkResolver;
 import org.apache.openejb.assembler.classic.UniqueDefaultLinkResolver;
 import org.apache.openejb.assembler.dynamic.PassthroughFactory;
 import org.apache.openejb.config.AppModule;
@@ -74,7 +73,6 @@
 import org.apache.openejb.spi.ContainerSystem;
 import org.apache.openejb.spi.SecurityService;
 import org.apache.openejb.util.proxy.Jdk13ProxyFactory;
-
 import org.omg.CORBA.ORB;
 
 /**
@@ -104,7 +102,6 @@
         } else {
             this.persistenceUnitGBeans = persistenceUnitGBeans;
         }
-
         System.setProperty("duct tape","");
         System.setProperty("admin.disabled", "true");
         SystemInstance systemInstance = SystemInstance.get();

Modified: geronimo/server/trunk/modules/geronimo-security-builder/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/pom.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/pom.xml (original)
+++ geronimo/server/trunk/modules/geronimo-security-builder/pom.xml Sat Jun  9 10:44:02 2007
@@ -55,7 +55,7 @@
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>xmlbeans-maven-plugin</artifactId>
                 <configuration>
-                    <sourceSchemas>geronimo-security-1.2.xsd,geronimo-login-config-1.2.xsd</sourceSchemas>
+                    <sourceSchemas>geronimo-subject-info-1.0.xsd,geronimo-security-2.0.xsd,geronimo-credential-store-1.0.xsd,geronimo-login-config-1.2.xsd</sourceSchemas>
                 </configuration>
             </plugin>
             

Added: geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/CredentialStoreBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/CredentialStoreBuilder.java?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/CredentialStoreBuilder.java (added)
+++ geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/CredentialStoreBuilder.java Sat Jun  9 10:44:02 2007
@@ -0,0 +1,90 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.security.deployment;
+
+import java.util.Map;
+import java.util.HashMap;
+import java.util.Set;
+import java.util.Iterator;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
+
+import org.apache.geronimo.deployment.service.XmlAttributeBuilder;
+import org.apache.geronimo.deployment.service.XmlReferenceBuilder;
+import org.apache.geronimo.common.DeploymentException;
+import org.apache.geronimo.xbeans.geronimo.credentialstore.CredentialStoreDocument;
+import org.apache.geronimo.xbeans.geronimo.credentialstore.CredentialStoreType;
+import org.apache.geronimo.xbeans.geronimo.credentialstore.RealmType;
+import org.apache.geronimo.xbeans.geronimo.credentialstore.SubjectType;
+import org.apache.geronimo.xbeans.geronimo.credentialstore.CredentialType;
+import org.apache.geronimo.security.credentialstore.SingleCallbackHandler;
+import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GReferenceInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+import org.apache.geronimo.kernel.Kernel;
+import org.apache.xmlbeans.XmlObject;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class CredentialStoreBuilder implements XmlAttributeBuilder {
+
+    private static final String NAMESPACE = CredentialStoreDocument.type.getDocumentElementName().getNamespaceURI();
+
+    public String getNamespace() {
+        return NAMESPACE;
+    }
+
+    public Object getValue(XmlObject xmlObject, String type, ClassLoader cl) throws DeploymentException {
+        Map<String, Map<String, Map<String, String>>> credentialStore = new HashMap<String, Map<String, Map<String, String>>>();
+        CredentialStoreType cst = (CredentialStoreType) xmlObject.copy().changeType(CredentialStoreType.type);
+        for (RealmType realmType: cst.getRealmArray()) {
+            String realmName = realmType.getName().trim();
+            Map<String, Map<String, String>> realm = new HashMap<String, Map<String, String>>();
+            credentialStore.put(realmName, realm);
+            for (SubjectType subjectType: realmType.getSubjectArray()) {
+                String id = subjectType.getId().trim();
+                Map<String, String> subject = new HashMap<String, String>();
+                realm.put(id, subject);
+                for (CredentialType credentialType: subjectType.getCredentialArray()) {
+                    String handlerType = credentialType.getType().trim();
+                    String value = credentialType.getValue().trim();
+                    subject.put(handlerType, value);
+                }
+
+            }
+        }
+        return credentialStore;
+    }
+
+
+    public static final GBeanInfo GBEAN_INFO;
+
+    static {
+        GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic(CredentialStoreBuilder.class, "XmlAttributeBuilder");
+        GBEAN_INFO = infoBuilder.getBeanInfo();
+    }
+
+    public static GBeanInfo getGBeanInfo() {
+        return GBEAN_INFO;
+    }
+}

Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/CredentialStoreBuilder.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/CredentialStoreBuilder.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/CredentialStoreBuilder.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain



Mime
View raw message