geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r545781 [3/5] - in /geronimo/server/trunk: configs/ configs/axis/ configs/axis2/ configs/client-deployer/src/plan/ configs/cxf/ configs/j2ee-corba-yoko/src/plan/ configs/j2ee-deployer/src/plan/ configs/j2ee-security/src/plan/ configs/jasper...
Date Sat, 09 Jun 2007 17:44:07 GMT
Modified: geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/GeronimoSecurityBuilderImpl.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/GeronimoSecurityBuilderImpl.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/GeronimoSecurityBuilderImpl.java (original)
+++ geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/GeronimoSecurityBuilderImpl.java Sat Jun  9 10:44:02 2007
@@ -17,61 +17,60 @@
 
 package org.apache.geronimo.security.deployment;
 
-import java.util.Map;
+import java.security.Principal;
 import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Set;
 import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
 
-import javax.security.auth.Subject;
-import javax.security.auth.x500.X500Principal;
 import javax.xml.namespace.QName;
 
-import org.apache.xmlbeans.XmlObject;
-import org.apache.xmlbeans.QNameSet;
-import org.apache.xmlbeans.XmlException;
+import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.deployment.DeploymentContext;
+import org.apache.geronimo.deployment.NamespaceDrivenBuilder;
 import org.apache.geronimo.deployment.xmlbeans.XmlBeansUtil;
-import org.apache.geronimo.common.DeploymentException;
-import org.apache.geronimo.security.deploy.Security;
-import org.apache.geronimo.security.deploy.Role;
-import org.apache.geronimo.security.deploy.RealmPrincipalInfo;
+import org.apache.geronimo.gbean.AbstractName;
+import org.apache.geronimo.gbean.GBeanData;
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+import org.apache.geronimo.gbean.AbstractNameQuery;
+import org.apache.geronimo.j2ee.deployment.EARContext;
+import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.kernel.GBeanAlreadyExistsException;
+import org.apache.geronimo.kernel.Naming;
+import org.apache.geronimo.kernel.repository.Environment;
 import org.apache.geronimo.security.deploy.LoginDomainPrincipalInfo;
 import org.apache.geronimo.security.deploy.PrincipalInfo;
-import org.apache.geronimo.security.deploy.DistinguishedName;
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
-import org.apache.geronimo.security.util.ConfigurationUtil;
-import org.apache.geronimo.security.jaas.NamedUsernamePasswordCredential;
-import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
+import org.apache.geronimo.security.deploy.RealmPrincipalInfo;
+import org.apache.geronimo.security.deploy.Role;
+import org.apache.geronimo.security.deploy.Security;
+import org.apache.geronimo.security.deploy.SubjectInfo;
 import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
-import org.apache.geronimo.xbeans.geronimo.security.GerSecurityType;
-import org.apache.geronimo.xbeans.geronimo.security.GerRoleMappingsType;
-import org.apache.geronimo.xbeans.geronimo.security.GerRoleType;
-import org.apache.geronimo.xbeans.geronimo.security.GerDistinguishedNameType;
-import org.apache.geronimo.xbeans.geronimo.security.GerDefaultPrincipalType;
-import org.apache.geronimo.xbeans.geronimo.security.GerNamedUsernamePasswordCredentialType;
-import org.apache.geronimo.xbeans.geronimo.security.GerRealmPrincipalType;
+import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
+import org.apache.geronimo.security.util.ConfigurationUtil;
 import org.apache.geronimo.xbeans.geronimo.security.GerLoginDomainPrincipalType;
 import org.apache.geronimo.xbeans.geronimo.security.GerPrincipalType;
+import org.apache.geronimo.xbeans.geronimo.security.GerRealmPrincipalType;
+import org.apache.geronimo.xbeans.geronimo.security.GerRoleMappingsType;
+import org.apache.geronimo.xbeans.geronimo.security.GerRoleType;
 import org.apache.geronimo.xbeans.geronimo.security.GerSecurityDocument;
-import org.apache.geronimo.gbean.GBeanData;
-import org.apache.geronimo.gbean.AbstractName;
-import org.apache.geronimo.gbean.GBeanInfo;
-import org.apache.geronimo.gbean.GBeanInfoBuilder;
-import org.apache.geronimo.kernel.Naming;
-import org.apache.geronimo.kernel.GBeanAlreadyExistsException;
-import org.apache.geronimo.kernel.repository.Environment;
-import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
-import org.apache.geronimo.j2ee.deployment.SecurityBuilder;
-import org.apache.geronimo.j2ee.deployment.EARContext;
+import org.apache.geronimo.xbeans.geronimo.security.GerSecurityType;
+import org.apache.geronimo.xbeans.geronimo.security.GerSubjectInfoType;
+import org.apache.xmlbeans.QNameSet;
+import org.apache.xmlbeans.XmlException;
+import org.apache.xmlbeans.XmlObject;
 
 /**
  * @version $Rev$ $Date$
  */
-public class GeronimoSecurityBuilderImpl implements SecurityBuilder {
+public class GeronimoSecurityBuilderImpl implements NamespaceDrivenBuilder {
     private static final QName SECURITY_QNAME = GerSecurityDocument.type.getDocumentElementName();
     private static final QNameSet SECURITY_QNAME_SET = QNameSet.singleton(SECURITY_QNAME);
+    private final AbstractNameQuery credentialStoreName;
 
+    public GeronimoSecurityBuilderImpl(AbstractNameQuery credentialStoreName) {
+        this.credentialStoreName = credentialStoreName;
+    }
 
     public void buildEnvironment(XmlObject container, Environment environment) throws DeploymentException {
     }
@@ -93,17 +92,17 @@
             ClassLoader classLoader = applicationContext.getClassLoader();
             SecurityConfiguration securityConfiguration = buildSecurityConfiguration(security, classLoader);
             earContext.setSecurityConfiguration(securityConfiguration);
-        }
+//        }
         //add the JACC gbean if there is a principal-role mapping and we are on the correct module
-        if (earContext.getSecurityConfiguration() != null && applicationContext == moduleContext) {
+//        if (earContext.getSecurityConfiguration() != null && applicationContext == moduleContext) {
             Naming naming = earContext.getNaming();
-            GBeanData roleMapperData = configureRoleMapper(naming, earContext.getModuleName(), earContext.getSecurityConfiguration());
+            GBeanData roleMapperData = configureRoleMapper(naming, earContext.getModuleName(), securityConfiguration);
             try {
                 earContext.addGBean(roleMapperData);
             } catch (GBeanAlreadyExistsException e) {
                 throw new DeploymentException("Role mapper gbean already present", e);
             }
-            GBeanData jaccBeanData = configureApplicationPolicyManager(naming, earContext.getModuleName(), earContext.getContextIDToPermissionsMap(), earContext.getSecurityConfiguration());
+            GBeanData jaccBeanData = configureApplicationPolicyManager(naming, earContext.getModuleName(), earContext.getContextIDToPermissionsMap(), securityConfiguration);
             jaccBeanData.setReferencePattern("PrincipalRoleMapper", roleMapperData.getAbstractName());
             try {
                 earContext.addGBean(jaccBeanData);
@@ -115,25 +114,23 @@
     }
 
     private static SecurityConfiguration buildSecurityConfiguration(Security security, ClassLoader classLoader) {
-        Map roleDesignates = new HashMap();
-        Map principalRoleMap = new HashMap();
-        Map roleToPrincipalMap = new HashMap();
-        GeronimoSecurityBuilderImpl.buildRolePrincipalMap(security, roleDesignates, roleToPrincipalMap, classLoader);
-        GeronimoSecurityBuilderImpl.invertMap(roleToPrincipalMap, principalRoleMap);
-        return new SecurityConfiguration(principalRoleMap, roleDesignates, security.getDefaultPrincipal(), security.getDefaultRole(), security.isDoAsCurrentCaller(), security.isUseContextHandler());
-    }
-
-    private static Map invertMap(Map roleToPrincipalMap, Map principalRoleMapping) {
-        for (Iterator roles = roleToPrincipalMap.entrySet().iterator(); roles.hasNext();) {
-            Map.Entry entry = (Map.Entry) roles.next();
-            String role = (String) entry.getKey();
-            Set principals = (Set) entry.getValue();
-            for (Iterator iter = principals.iterator(); iter.hasNext();) {
-                java.security.Principal principal = (java.security.Principal) iter.next();
+        Map<String, SubjectInfo> roleDesignates = security.getRoleSubjectMappings();
+        Map<Principal, Set<String>> principalRoleMap = new HashMap<Principal, Set<String>>();
+        Map<String, Set<Principal>> roleToPrincipalMap = new HashMap<String, Set<Principal>>();
+        buildRolePrincipalMap(security, roleToPrincipalMap, classLoader);
+        invertMap(roleToPrincipalMap, principalRoleMap);
+        return new SecurityConfiguration(principalRoleMap, roleDesignates, security.getDefaultSubjectInfo(), security.getDefaultRole(), security.isDoAsCurrentCaller(), security.isUseContextHandler());
+    }
 
-                HashSet roleSet = (HashSet) principalRoleMapping.get(principal);
+    private static Map invertMap(Map<String, Set<Principal>> roleToPrincipalMap, Map<Principal, Set<String>> principalRoleMapping) {
+        for (Map.Entry<String, Set<java.security.Principal>> entry : roleToPrincipalMap.entrySet()) {
+            String role = entry.getKey();
+            Set<Principal> principals = entry.getValue();
+            for (Principal principal : principals) {
+
+                Set<String> roleSet = principalRoleMapping.get(principal);
                 if (roleSet == null) {
-                    roleSet = new HashSet();
+                    roleSet = new HashSet<String>();
                     principalRoleMapping.put(principal, roleSet);
                 }
                 roleSet.add(role);
@@ -145,67 +142,46 @@
     /**
      * non-interface, used in some jetty/tomcat tests
      *
-     * @param security
-     * @param roleDesignates
-     * @param roleToPrincipalMap
-     * @param classLoader
+     * @param security Security object holding security info as it is extracted
+     * @param roleToPrincipalMap role to set of Principals mapping
+     * @param classLoader application classloader in case we need to load some principal classes.
      */
-    public static void buildRolePrincipalMap(Security security, Map roleDesignates, Map roleToPrincipalMap, ClassLoader classLoader) {
+    public static void buildRolePrincipalMap(Security security, Map<String, Set<Principal>> roleToPrincipalMap, ClassLoader classLoader) {
 
-        Iterator roleMappings = security.getRoleMappings().values().iterator();
-        while (roleMappings.hasNext()) {
-            Role role = (Role) roleMappings.next();
+        for (Object o : security.getRoleMappings().values()) {
+            Role role = (Role) o;
 
             String roleName = role.getRoleName();
-            Subject roleDesignate = new Subject();
-            Set principalSet = new HashSet();
+            Set<Principal> principalSet = new HashSet<Principal>();
 
-            Iterator realmPrincipals = role.getRealmPrincipals().iterator();
-            while (realmPrincipals.hasNext()) {
-                RealmPrincipalInfo realmPrincipal = (RealmPrincipalInfo) realmPrincipals.next();
-                java.security.Principal principal = ConfigurationUtil.generateRealmPrincipal(realmPrincipal.getRealm(), realmPrincipal.getDomain(), realmPrincipal, classLoader);
+            for (Object o1 : role.getRealmPrincipals()) {
+                RealmPrincipalInfo realmPrincipal = (RealmPrincipalInfo) o1;
+                Principal principal = ConfigurationUtil.generateRealmPrincipal(realmPrincipal.getRealm(), realmPrincipal.getDomain(), realmPrincipal, classLoader);
 
                 principalSet.add(principal);
-                if (realmPrincipal.isDesignatedRunAs()) roleDesignate.getPrincipals().add(principal);
             }
 
-            Iterator domainPrincipals = role.getLoginDomainPrincipals().iterator();
-            while (domainPrincipals.hasNext()) {
-                LoginDomainPrincipalInfo domainPrincipal = (LoginDomainPrincipalInfo) domainPrincipals.next();
-                java.security.Principal principal = ConfigurationUtil.generateDomainPrincipal(domainPrincipal.getDomain(), domainPrincipal, classLoader);
+            for (Object o2 : role.getLoginDomainPrincipals()) {
+                LoginDomainPrincipalInfo domainPrincipal = (LoginDomainPrincipalInfo) o2;
+                Principal principal = ConfigurationUtil.generateDomainPrincipal(domainPrincipal.getDomain(), domainPrincipal, classLoader);
 
                 principalSet.add(principal);
-                if (domainPrincipal.isDesignatedRunAs()) roleDesignate.getPrincipals().add(principal);
             }
 
-            Iterator principals = role.getPrincipals().iterator();
-            while (principals.hasNext()) {
-                PrincipalInfo plainPrincipalInfo = (PrincipalInfo) principals.next();
-                java.security.Principal principal = ConfigurationUtil.generatePrincipal(plainPrincipalInfo, classLoader);
+            for (Object o3 : role.getPrincipals()) {
+                PrincipalInfo plainPrincipalInfo = (PrincipalInfo) o3;
+                Principal principal = ConfigurationUtil.generatePrincipal(plainPrincipalInfo, classLoader);
 
                 principalSet.add(principal);
-                if (plainPrincipalInfo.isDesignatedRunAs()) roleDesignate.getPrincipals().add(principal);
-            }
-
-            for (Iterator names = role.getDistinguishedNames().iterator(); names.hasNext();) {
-                DistinguishedName dn = (DistinguishedName) names.next();
-
-                X500Principal x500Principal = ConfigurationUtil.generateX500Principal(dn.getName());
-
-                principalSet.add(x500Principal);
-                if (dn.isDesignatedRunAs()) roleDesignate.getPrincipals().add(x500Principal);
             }
 
-            Set roleMapping = (Set) roleToPrincipalMap.get(roleName);
+            Set<Principal> roleMapping = roleToPrincipalMap.get(roleName);
             if (roleMapping == null) {
-                roleMapping = new HashSet();
+                roleMapping = new HashSet<Principal>();
                 roleToPrincipalMap.put(roleName, roleMapping);
             }
             roleMapping.addAll(principalSet);
 
-            if (roleDesignate.getPrincipals().size() > 0) {
-                roleDesignates.put(roleName, roleDesignate);
-            }
         }
     }
 
@@ -232,6 +208,11 @@
                 String roleName = roleType.getRoleName().trim();
                 role.setRoleName(roleName);
 
+                if (roleType.isSetRunAsSubject()) {
+                    SubjectInfo subjectInfo = buildSubjectInfo(roleType.getRunAsSubject());
+                    security.getRoleSubjectMappings().put(roleName, subjectInfo);
+                }
+
                 for (int j = 0; j < roleType.sizeOfRealmPrincipalArray(); j++) {
                     role.getRealmPrincipals().add(GeronimoSecurityBuilderImpl.buildRealmPrincipal(roleType.getRealmPrincipalArray(j)));
                 }
@@ -244,76 +225,56 @@
                     role.getPrincipals().add(buildPrincipal(roleType.getPrincipalArray(j)));
                 }
 
-                for (int j = 0; j < roleType.sizeOfDistinguishedNameArray(); j++) {
-                    GerDistinguishedNameType dnType = roleType.getDistinguishedNameArray(j);
-
-                    role.getDistinguishedNames().add(new DistinguishedName(dnType.getName().trim(), dnType.getDesignatedRunAs()));
-                }
-
                 security.getRoleMappings().put(roleName, role);
             }
         }
 
-        security.setDefaultPrincipal(buildDefaultPrincipal(securityType.getDefaultPrincipal()));
+        security.setDefaultSubjectInfo(buildSubjectInfo(securityType.getDefaultSubject()));
 
         return security;
     }
 
-    //used from app client builder
-    public DefaultPrincipal buildDefaultPrincipal(XmlObject xmlObject) {
-        GerDefaultPrincipalType defaultPrincipalType = (GerDefaultPrincipalType) xmlObject;
-        DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
-
-        if(defaultPrincipalType.isSetPrincipal()) {
-            defaultPrincipal.setPrincipal(buildPrincipal(defaultPrincipalType.getPrincipal()));
-        } else if(defaultPrincipalType.isSetLoginDomainPrincipal()) {
-            defaultPrincipal.setPrincipal(buildDomainPrincipal(defaultPrincipalType.getLoginDomainPrincipal()));
-        } else if(defaultPrincipalType.isSetRealmPrincipal()) {
-            defaultPrincipal.setPrincipal(buildRealmPrincipal(defaultPrincipalType.getRealmPrincipal()));
-        } else {
-            throw new IllegalStateException("default-principal does not contain a principal, login-domain-principal, or realm-principal");
-        }
-        GerNamedUsernamePasswordCredentialType[] namedCredentials = defaultPrincipalType.getNamedUsernamePasswordCredentialArray();
-        if (namedCredentials.length > 0) {
-            Set defaultCredentialSet = new HashSet();
-            for (int i = 0; i < namedCredentials.length; i++) {
-                GerNamedUsernamePasswordCredentialType namedCredentialType = namedCredentials[i];
-                NamedUsernamePasswordCredential namedCredential = new NamedUsernamePasswordCredential(namedCredentialType.getUsername().trim(), namedCredentialType.getPassword().trim().toCharArray(), namedCredentialType.getName().trim());
-                defaultCredentialSet.add(namedCredential);
-            }
-            defaultPrincipal.setNamedUserPasswordCredentials(defaultCredentialSet);
+    private SubjectInfo buildSubjectInfo(GerSubjectInfoType defaultSubject) {
+        if (defaultSubject == null) {
+            return null;
         }
-        return defaultPrincipal;
+        String realmName = defaultSubject.getRealm().trim();
+        String id = defaultSubject.getId().trim();
+        return new SubjectInfo(realmName, id);
     }
 
     private static RealmPrincipalInfo buildRealmPrincipal(GerRealmPrincipalType realmPrincipalType) {
-        return new RealmPrincipalInfo(realmPrincipalType.getRealmName().trim(), realmPrincipalType.getDomainName().trim(), realmPrincipalType.getClass1().trim(), realmPrincipalType.getName().trim(), realmPrincipalType.isSetDesignatedRunAs());
+        return new RealmPrincipalInfo(realmPrincipalType.getRealmName().trim(), realmPrincipalType.getDomainName().trim(), realmPrincipalType.getClass1().trim(), realmPrincipalType.getName().trim());
     }
 
     private static LoginDomainPrincipalInfo buildDomainPrincipal(GerLoginDomainPrincipalType domainPrincipalType) {
-        return new LoginDomainPrincipalInfo(domainPrincipalType.getDomainName().trim(), domainPrincipalType.getClass1().trim(), domainPrincipalType.getName().trim(), domainPrincipalType.isSetDesignatedRunAs());
+        return new LoginDomainPrincipalInfo(domainPrincipalType.getDomainName().trim(), domainPrincipalType.getClass1().trim(), domainPrincipalType.getName().trim());
     }
 
     //used from TSSConfigEditor
     public PrincipalInfo buildPrincipal(XmlObject xmlObject) {
         GerPrincipalType principalType = (GerPrincipalType) xmlObject;
-        return new PrincipalInfo(principalType.getClass1().trim(), principalType.getName().trim(), principalType.isSetDesignatedRunAs());
+        return new PrincipalInfo(principalType.getClass1().trim(), principalType.getName().trim());
     }
 
-    public GBeanData configureRoleMapper(Naming naming, AbstractName moduleName, Object securityConfiguration) {
+    protected GBeanData configureRoleMapper(Naming naming, AbstractName moduleName, SecurityConfiguration securityConfiguration) {
         AbstractName roleMapperName = naming.createChildName(moduleName, "RoleMapper", "RoleMapper");
         GBeanData roleMapperData = new GBeanData(roleMapperName, ApplicationPrincipalRoleConfigurationManager.GBEAN_INFO);
-        roleMapperData.setAttribute("principalRoleMap", ((SecurityConfiguration) securityConfiguration).getPrincipalRoleMap());
+        roleMapperData.setAttribute("principalRoleMap", securityConfiguration.getPrincipalRoleMap());
         return roleMapperData;
     }
 
-    public GBeanData configureApplicationPolicyManager(Naming naming, AbstractName moduleName, Map contextIDToPermissionsMap, Object securityConfiguration) {
+    protected GBeanData configureApplicationPolicyManager(Naming naming, AbstractName moduleName, Map contextIDToPermissionsMap, SecurityConfiguration securityConfiguration) {
         AbstractName jaccBeanName = naming.createChildName(moduleName, NameFactory.JACC_MANAGER, NameFactory.JACC_MANAGER);
         GBeanData jaccBeanData = new GBeanData(jaccBeanName, ApplicationPolicyConfigurationManager.GBEAN_INFO);
         jaccBeanData.setAttribute("contextIdToPermissionsMap", contextIDToPermissionsMap);
-        jaccBeanData.setAttribute("roleDesignates", ((SecurityConfiguration) securityConfiguration).getRoleDesignates());
+        Map<String, SubjectInfo> roleDesignates = securityConfiguration.getRoleDesignates();
+        jaccBeanData.setAttribute("roleDesignates", roleDesignates);
+        jaccBeanData.setAttribute("defaultSubjectInfo", securityConfiguration.getDefaultSubjectInfo());
+        if ((roleDesignates != null && !roleDesignates.isEmpty()) || securityConfiguration.getDefaultSubjectInfo() != null) {
+            jaccBeanData.setReferencePattern("CredentialStore", credentialStoreName);
+        }
         return jaccBeanData;
-
     }
 
     public QNameSet getSpecQNameSet() {
@@ -329,8 +290,8 @@
     static {
         GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(GeronimoSecurityBuilderImpl.class, NameFactory.MODULE_BUILDER);
 
-        infoFactory.addInterface(SecurityBuilder.class);
-
+        infoFactory.addAttribute("credentialStoreName", AbstractNameQuery.class, true, true);
+        infoFactory.setConstructor(new String[] {"credentialStoreName"});
 
         GBEAN_INFO = infoFactory.getBeanInfo();
     }

Modified: geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/LoginConfigBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/LoginConfigBuilder.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/LoginConfigBuilder.java (original)
+++ geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/LoginConfigBuilder.java Sat Jun  9 10:44:02 2007
@@ -23,12 +23,16 @@
 import java.util.List;
 import java.util.Properties;
 import java.util.Set;
+import java.util.Map;
+import java.util.HashMap;
 
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.deployment.DeploymentContext;
 import org.apache.geronimo.deployment.service.SingleGBeanBuilder;
 import org.apache.geronimo.deployment.service.XmlReferenceBuilder;
+import org.apache.geronimo.deployment.service.XmlAttributeBuilder;
 import org.apache.geronimo.deployment.xbeans.PatternType;
+import org.apache.geronimo.deployment.xbeans.XmlAttributeType;
 import org.apache.geronimo.gbean.AbstractName;
 import org.apache.geronimo.gbean.AbstractNameQuery;
 import org.apache.geronimo.gbean.GBeanData;
@@ -36,6 +40,7 @@
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.gbean.GReferenceInfo;
 import org.apache.geronimo.gbean.ReferencePatterns;
+import org.apache.geronimo.gbean.ReferenceMap;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.kernel.GBeanAlreadyExistsException;
 import org.apache.geronimo.kernel.Naming;
@@ -60,13 +65,25 @@
     public static final String LOGIN_CONFIG_NAMESPACE = GerLoginConfigDocument.type.getDocumentElementName().getNamespaceURI();
 
     private final Naming naming;
+    private final Map xmlAttributeBuilderMap;
 
-    public LoginConfigBuilder(Kernel kernel) {
-        this.naming = kernel.getNaming();
+    public LoginConfigBuilder(Kernel kernel, Collection xmlAttributeBuilderMap) {
+        this(kernel.getNaming(), xmlAttributeBuilderMap);
     }
 
-    public LoginConfigBuilder(Naming naming) {
+    public LoginConfigBuilder(Naming naming, Collection xmlAttributeBuilders) {
         this.naming = naming;
+        if (xmlAttributeBuilders != null) {
+            ReferenceMap.Key key = new ReferenceMap.Key() {
+
+                public Object getKey(Object object) {
+                    return ((XmlAttributeBuilder) object).getNamespace();
+                }
+            };
+            xmlAttributeBuilderMap = new ReferenceMap(xmlAttributeBuilders, new HashMap(), key);
+        } else {
+            xmlAttributeBuilderMap = new HashMap();
+        }
     }
 
     public String getNamespace() {
@@ -140,6 +157,24 @@
                         String value = trim(gerOptionType.getStringValue());
                         options.setProperty(key, value);
                     }
+                    XmlAttributeType[] xmlOptionArray = loginModule.getXmlOptionArray();
+                    if (xmlOptionArray != null) {
+                        for (int i = 0; i < xmlOptionArray.length; i++) {
+                            XmlAttributeType xmlOptionType = xmlOptionArray[i];
+                            String key = xmlOptionType.getName().trim();
+                            XmlObject[] anys = xmlOptionType.selectChildren(XmlAttributeType.type.qnameSetForWildcardElements());
+                            if (anys.length != 1) {
+                                throw new DeploymentException("Unexpected count of xs:any elements in xml-attribute " + anys.length + " qnameset: " + XmlAttributeType.type.qnameSetForWildcardElements());
+                            }
+                            String namespace = xmlObject.getDomNode().getNamespaceURI();
+                            XmlAttributeBuilder builder = (XmlAttributeBuilder) xmlAttributeBuilderMap.get(namespace);
+                            if (builder == null) {
+                                throw new DeploymentException("No attribute builder deployed for namespace: " + namespace);
+                            }
+                            Object value = builder.getValue(xmlObject, null, classLoader);
+                            options.put(key, value);
+                        }
+                    }
                     loginModuleName = naming.createChildName(parentName, name, NameFactory.LOGIN_MODULE);
                     loginModuleReferencePatterns = new ReferencePatterns(loginModuleName);
                     GBeanData loginModuleGBeanData = new GBeanData(loginModuleName, LoginModuleGBean.GBEAN_INFO);
@@ -187,7 +222,8 @@
     static {
         GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic(LoginConfigBuilder.class, "XmlReferenceBuilder");
         infoBuilder.addAttribute("kernel", Kernel.class, false, false);
-        infoBuilder.setConstructor(new String[] {"kernel"});
+        infoBuilder.addReference("xmlAttributeBuilders", XmlAttributeBuilder.class, "XmlAttributeBuilder");
+        infoBuilder.setConstructor(new String[] {"kernel", "xmlAttributeBuilders"});
         infoBuilder.addInterface(XmlReferenceBuilder.class);
         GBEAN_INFO = infoBuilder.getBeanInfo();
 

Modified: geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/SecurityConfiguration.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/SecurityConfiguration.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/SecurityConfiguration.java (original)
+++ geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/SecurityConfiguration.java Sat Jun  9 10:44:02 2007
@@ -18,7 +18,7 @@
 
 import java.util.Map;
 
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
+import org.apache.geronimo.security.deploy.SubjectInfo;
 
 /**
  * @version $Rev$ $Date$
@@ -26,16 +26,16 @@
 public class SecurityConfiguration {
 
     private final Map principalRoleMap;
-    private final Map roleDesignates;
-    private final DefaultPrincipal defaultPrincipal;
+    private final Map<String, SubjectInfo> roleDesignates;
+    private final SubjectInfo defaultSubjectInfo;
     private final String defaultRole;
     private final boolean doAsCurrentCaller;
     private final boolean isUseContextHandler;
 
-    public SecurityConfiguration(Map principalRoleMap, Map roleDesignates, DefaultPrincipal defaultPrincipal, String defaultRole, boolean doAsCurrentCaller, boolean useContextHandler) {
+    public SecurityConfiguration(Map principalRoleMap, Map<String, SubjectInfo> roleDesignates, SubjectInfo defaultSubjectInfo, String defaultRole, boolean doAsCurrentCaller, boolean useContextHandler) {
         this.principalRoleMap = principalRoleMap;
         this.roleDesignates = roleDesignates;
-        this.defaultPrincipal = defaultPrincipal;
+        this.defaultSubjectInfo = defaultSubjectInfo;
         this.defaultRole = defaultRole;
         this.doAsCurrentCaller = doAsCurrentCaller;
         isUseContextHandler = useContextHandler;
@@ -45,12 +45,20 @@
         return principalRoleMap;
     }
 
-    public Map getRoleDesignates() {
+    public Map<String, SubjectInfo> getRoleDesignates() {
         return roleDesignates;
     }
 
-    public DefaultPrincipal getDefaultPrincipal() {
-        return defaultPrincipal;
+    public SubjectInfo getDefaultSubjectInfo() {
+        return defaultSubjectInfo;
+    }
+
+    public String getDefaultSubjectRealm() {
+        return defaultSubjectInfo == null? null: defaultSubjectInfo.getRealm();
+    }
+
+    public String getDefaultSubjectId() {
+        return defaultSubjectInfo == null? null: defaultSubjectInfo.getId();
     }
 
     public String getDefaultRole() {

Added: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-credential-store-1.0.xsd
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-credential-store-1.0.xsd?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-credential-store-1.0.xsd (added)
+++ geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-credential-store-1.0.xsd Sat Jun  9 10:44:02 2007
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+
+<!-- $Rev$ $Date$ -->
+
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+            xmlns:cs="http://geronimo.apache.org/xml/ns/credentialstore-1.0"
+            targetNamespace="http://geronimo.apache.org/xml/ns/credentialstore-1.0"
+            elementFormDefault="qualified" attributeFormDefault="unqualified"
+            version="1.0">
+
+    <xsd:annotation>
+        <xsd:documentation>
+            This is an XML Schema Definition for credential store configuration.
+            CredentialStore configuration is
+            specified by the element credential-store with namespace
+            specified as xmlns =
+            "http://geronimo.apache.org/xml/ns/credentialstore-1.0".
+        </xsd:documentation>
+    </xsd:annotation>
+
+    <xsd:element name="credential-store" type="cs:credential-storeType">
+        <xsd:annotation>
+            <xsd:documentation>
+                The root element for Geronimo credential store configuration. This
+                is a tree structure of realm, id, and sets of credentials such as name and password
+            </xsd:documentation>
+        </xsd:annotation>
+    </xsd:element>
+
+    <xsd:complexType name="credential-storeType">
+        <xsd:annotation>
+            <xsd:documentation>
+                Defines the list of realms
+            </xsd:documentation>
+        </xsd:annotation>
+        <xsd:sequence>
+            <xsd:element name="realm" type="cs:realmType" minOccurs="0" maxOccurs="unbounded">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        The realm element contains the credentials for subjects in that realm.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+        </xsd:sequence>
+    </xsd:complexType>
+
+    <xsd:complexType name="realmType">
+        <xsd:sequence>
+            <xsd:element name="subject" type="cs:subjectType" minOccurs="0" maxOccurs="unbounded"/>
+        </xsd:sequence>
+        <xsd:attribute name="name" type="xsd:string" use="required">
+            <xsd:annotation>
+                <xsd:documentation>
+                    The name attribute specifies the login realm name
+                </xsd:documentation>
+            </xsd:annotation>
+        </xsd:attribute>
+    </xsd:complexType>
+
+    <xsd:complexType name="subjectType">
+        <xsd:sequence>
+            <xsd:element name="id" type="xsd:string">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        The id element serves to identify the subject externally. For subjects with meaningful
+                        names it might be convenient to use the name as id.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="credential" type="cs:credentialType" minOccurs="0" maxOccurs="unbounded"/>
+        </xsd:sequence>
+    </xsd:complexType>
+
+    <xsd:complexType name="credentialType">
+        <xsd:sequence>
+            <xsd:element name="type" type="xsd:string">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Class name or alias of the callback handler that will accept this credential
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="value" type="xsd:string">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        credential value as a string.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+        </xsd:sequence>
+    </xsd:complexType>
+
+
+</xsd:schema>

Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-credential-store-1.0.xsd
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-credential-store-1.0.xsd
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-credential-store-1.0.xsd
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Modified: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-login-config-1.2.xsd
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-login-config-1.2.xsd?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-login-config-1.2.xsd (original)
+++ geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-login-config-1.2.xsd Sat Jun  9 10:44:02 2007
@@ -241,6 +241,7 @@
                             </xsd:documentation>
                         </xsd:annotation>
                     </xsd:element>
+                    <xsd:element name="xml-option" type="sys:xml-attributeType" minOccurs="0" maxOccurs="unbounded"/>
                 </xsd:sequence>
                 <xsd:attribute name="server-side" type="xsd:boolean"
                     use="required">

Added: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd (added)
+++ geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd Sat Jun  9 10:44:02 2007
@@ -0,0 +1,160 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+
+<!-- $Rev$ $Date$ -->
+
+<xsd:schema
+    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+    xmlns:j2ee="http://java.sun.com/xml/ns/j2ee"
+    xmlns:geronimo="http://geronimo.apache.org/xml/ns/security-2.0"
+    targetNamespace="http://geronimo.apache.org/xml/ns/security-2.0"
+    xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-1.2"
+    elementFormDefault="qualified"
+    attributeFormDefault="unqualified"
+    version="2.0">
+
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+    <xsd:import namespace="http://geronimo.apache.org/xml/ns/j2ee/application-1.2" schemaLocation="geronimo-application-1.2.xsd"/>
+
+    <xsd:element name="security" type="geronimo:securityType"  substitutionGroup="app:security"/>
+    <xsd:element name="default-subject" type="geronimo:subject-infoType"/>
+
+    <xsd:complexType name="securityType">
+        <xsd:annotation>
+            <xsd:documentation>
+                Security entries
+
+                If this element is present, all web and EJB modules MUST make the
+                appropriate access checks as outlined in the JACC spec.
+            </xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexContent>
+            <xsd:extension base="app:abstract-securityType">
+
+        <xsd:sequence>
+            <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
+            <xsd:element name="default-subject" type="geronimo:subject-infoType" minOccurs="0"/>
+            <xsd:element name="role-mappings" type="geronimo:role-mappingsType" minOccurs="0"/>
+        </xsd:sequence>
+        <xsd:attribute name="doas-current-caller" type="xsd:boolean" default="false">
+            <xsd:annotation>
+                <xsd:documentation>
+                    Set this attribute to "true" if the work is to be performed
+                    as the calling Subject.
+                </xsd:documentation>
+            </xsd:annotation>
+        </xsd:attribute>
+        <xsd:attribute name="use-context-handler" type="xsd:boolean" default="false">
+            <xsd:annotation>
+                <xsd:documentation>
+                    Set this attribute to "true" if the installed JACC policy
+                    contexts will use PolicyContextHandlers.
+                </xsd:documentation>
+            </xsd:annotation>
+        </xsd:attribute>
+        <xsd:attribute name="default-role" type="xsd:string">
+            <xsd:annotation>
+                <xsd:documentation>
+                    Used by the the Deployer to assign method permissions for
+                    all of the unspecified methods, either by assigning them
+                    to security roles, or by marking them as unchecked.  If
+                    the value of default-role is empty, then the unspecified
+                    methods are marked unchecked
+                </xsd:documentation>
+            </xsd:annotation>
+        </xsd:attribute>
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
+
+    <xsd:complexType name="descriptionType">
+        <xsd:simpleContent>
+            <xsd:extension base="xsd:string">
+                <xsd:attribute ref="xml:lang"/>
+            </xsd:extension>
+        </xsd:simpleContent>
+    </xsd:complexType>
+
+    <xsd:complexType name="named-username-password-credentialType">
+        <xsd:sequence>
+            <xsd:element name="name" type="xsd:string"/>
+            <xsd:element name="username" type="xsd:string"/>
+            <xsd:element name="password" type="xsd:string"/>
+        </xsd:sequence>
+    </xsd:complexType>
+
+    <xsd:complexType name="role-mappingsType">
+        <xsd:sequence>
+            <xsd:element name="role" type="geronimo:roleType" minOccurs="1" maxOccurs="unbounded"/>
+        </xsd:sequence>
+    </xsd:complexType>
+
+    <xsd:complexType name="roleType">
+        <xsd:sequence>
+            <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
+            <xsd:element name="run-as-subject" type="geronimo:subject-infoType" minOccurs="0"/>
+            <xsd:element name="realm-principal" type="geronimo:realmPrincipalType" minOccurs="0" maxOccurs="unbounded"/>
+            <xsd:element name="login-domain-principal" type="geronimo:loginDomainPrincipalType" minOccurs="0" maxOccurs="unbounded"/>
+            <xsd:element name="principal" type="geronimo:principalType" minOccurs="0" maxOccurs="unbounded"/>
+            <xsd:element name="distinguished-name" type="geronimo:distinguishedNameType" minOccurs="0" maxOccurs="unbounded"/>
+        </xsd:sequence>
+        <xsd:attribute name="role-name" type="xsd:string" use="required"/>
+    </xsd:complexType>
+
+    <xsd:complexType name="realmPrincipalType">
+        <xsd:complexContent>
+            <xsd:extension base="geronimo:loginDomainPrincipalType">
+                <xsd:attribute name="realm-name" type="xsd:string" use="required"/>
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
+
+    <xsd:complexType name="loginDomainPrincipalType">
+        <xsd:complexContent>
+            <xsd:extension base="geronimo:principalType">
+                <xsd:attribute name="domain-name" type="xsd:string" use="required"/>
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
+
+    <xsd:complexType name="principalType">
+        <xsd:sequence>
+            <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
+        </xsd:sequence>
+        <xsd:attribute name="class" type="xsd:string" use="required"/>
+        <xsd:attribute name="name" type="xsd:string" use="required"/>
+    </xsd:complexType>
+
+    <xsd:complexType name="distinguishedNameType">
+        <xsd:sequence>
+            <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
+        </xsd:sequence>
+        <xsd:attribute name="name" type="xsd:string" use="required"/>
+    </xsd:complexType>
+
+    <xsd:complexType name="subject-infoType">
+        <xsd:sequence>
+            <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
+            <xsd:element name="realm" type="xsd:string"/>
+            <xsd:element name="id" type="xsd:string"/>
+        </xsd:sequence>
+    </xsd:complexType>
+
+
+</xsd:schema>

Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-subject-info-1.0.xsd
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-subject-info-1.0.xsd?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-subject-info-1.0.xsd (added)
+++ geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-subject-info-1.0.xsd Sat Jun  9 10:44:02 2007
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+
+<!-- $Rev$ $Date$ -->
+
+<xsd:schema
+    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+    xmlns:j2ee="http://java.sun.com/xml/ns/j2ee"
+    xmlns:geronimo="http://geronimo.apache.org/xml/ns/subject-info-1.0"
+    targetNamespace="http://geronimo.apache.org/xml/ns/subject-info-1.0"
+    xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-1.2"
+    elementFormDefault="qualified"
+    attributeFormDefault="unqualified"
+    version="2.0">
+    
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+    <xsd:import namespace="http://geronimo.apache.org/xml/ns/j2ee/application-1.2" schemaLocation="geronimo-application-1.2.xsd"/>
+
+    <xsd:element name="security" type="geronimo:securityType"  substitutionGroup="app:security"/>
+    <xsd:element name="default-subject" type="geronimo:default-subjectType"/>
+
+    <xsd:complexType name="securityType">
+        <xsd:annotation>
+            <xsd:documentation>
+                Security entries
+
+                If this element is present, all web and EJB modules MUST make the
+                appropriate access checks as outlined in the JACC spec.
+            </xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexContent>
+            <xsd:extension base="app:abstract-securityType">
+
+        <xsd:sequence>
+            <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
+            <xsd:element name="default-subject" type="geronimo:default-subjectType"/>
+            <xsd:element name="role-mappings" type="geronimo:role-subject-mappingsType" minOccurs="0"/>
+        </xsd:sequence>
+        <xsd:attribute name="doas-current-caller" type="xsd:boolean" default="false">
+            <xsd:annotation>
+                <xsd:documentation>
+                    Set this attribute to "true" if the work is to be performed
+                    as the calling Subject.
+                </xsd:documentation>
+            </xsd:annotation>
+        </xsd:attribute>
+        <xsd:attribute name="use-context-handler" type="xsd:boolean" default="false">
+            <xsd:annotation>
+                <xsd:documentation>
+                    Set this attribute to "true" if the installed JACC policy
+                    contexts will use PolicyContextHandlers.
+                </xsd:documentation>
+            </xsd:annotation>
+        </xsd:attribute>
+        <xsd:attribute name="default-role" type="xsd:string">
+            <xsd:annotation>
+                <xsd:documentation>
+                    Used by the the Deployer to assign method permissions for
+                    all of the unspecified methods, either by assigning them
+                    to security roles, or by marking them as unchecked.  If
+                    the value of default-role is empty, then the unspecified
+                    methods are marked unchecked
+                </xsd:documentation>
+            </xsd:annotation>
+        </xsd:attribute>
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
+
+    <xsd:complexType name="descriptionType">
+        <xsd:simpleContent>
+            <xsd:extension base="xsd:string">
+                <xsd:attribute ref="xml:lang"/>
+            </xsd:extension>
+        </xsd:simpleContent>
+    </xsd:complexType>
+
+
+    <xsd:complexType name="default-subjectType">
+        <xsd:sequence>
+            <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
+            <xsd:element name="realm" type="xsd:string"/>
+            <xsd:element name="id" type="xsd:string"/>
+        </xsd:sequence>
+    </xsd:complexType>
+
+
+    <xsd:complexType name="role-subject-mappingsType">
+        <xsd:sequence>
+            <xsd:element name="role" type="geronimo:roleType" minOccurs="0" maxOccurs="unbounded"/>
+        </xsd:sequence>
+    </xsd:complexType>
+
+    <xsd:complexType name="roleType">
+        <xsd:sequence>
+            <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
+            <xsd:element name="realm" type="xsd:string"/>
+            <xsd:element name="id" type="xsd:string"/>
+        </xsd:sequence>
+        <xsd:attribute name="role-name" type="xsd:string" use="required"/>
+    </xsd:complexType>
+
+</xsd:schema>

Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-subject-info-1.0.xsd
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-subject-info-1.0.xsd
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-subject-info-1.0.xsd
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Modified: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/xmlconfig.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/xmlconfig.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/xmlconfig.xml (original)
+++ geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/xmlconfig.xml Sat Jun  9 10:44:02 2007
@@ -16,7 +16,17 @@
 -->
 <xb:config xmlns:xb="http://www.bea.com/2002/09/xbean/config">
 
-    <xb:namespace uri="http://geronimo.apache.org/xml/ns/security-1.2">
+    <!--<xb:namespace uri="http://geronimo.apache.org/xml/ns/security-1.2">-->
+        <!--<xb:package>org.apache.geronimo.xbeans.geronimo.security</xb:package>-->
+        <!--<xb:prefix>Ger</xb:prefix>-->
+    <!--</xb:namespace>-->
+
+    <xb:namespace uri="http://geronimo.apache.org/xml/ns/subject-info-1.0">
+        <xb:package>org.apache.geronimo.xbeans.geronimo.security.subjectinfo</xb:package>
+        <xb:prefix>Ger</xb:prefix>
+    </xb:namespace>
+
+    <xb:namespace uri="http://geronimo.apache.org/xml/ns/security-2.0">
         <xb:package>org.apache.geronimo.xbeans.geronimo.security</xb:package>
         <xb:prefix>Ger</xb:prefix>
     </xb:namespace>
@@ -24,6 +34,10 @@
     <xb:namespace uri="http://geronimo.apache.org/xml/ns/loginconfig-1.2">
         <xb:package>org.apache.geronimo.xbeans.geronimo.loginconfig</xb:package>
         <xb:prefix>Ger</xb:prefix>
+    </xb:namespace>
+
+    <xb:namespace uri="http://geronimo.apache.org/xml/ns/credentialstore-1.0">
+        <xb:package>org.apache.geronimo.xbeans.geronimo.credentialstore</xb:package>
     </xb:namespace>
 
 </xb:config>

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ContextManager.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ContextManager.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ContextManager.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ContextManager.java Sat Jun  9 10:44:02 2007
@@ -25,10 +25,12 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.Principal;
 import java.security.PrivilegedAction;
-import java.util.Hashtable;
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.IdentityHashMap;
 import java.util.Map;
 import java.util.Set;
+
 import javax.crypto.Mac;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
@@ -42,10 +44,11 @@
  * @version $Rev$ $Date$
  */
 public class ContextManager {
-    private static ThreadLocal currentCallerId = new ThreadLocal();
-    private static final ThreadLocal callers = new ThreadLocal();
-    private static Map subjectContexts = new IdentityHashMap();
-    private static Map subjectIds = new Hashtable();
+
+    private static ThreadLocal<Serializable> currentCallerId = new ThreadLocal<Serializable>();
+    private static final ThreadLocal<Callers> callers = new ThreadLocal<Callers>();
+    private static Map<Subject, Context> subjectContexts = new IdentityHashMap<Subject, Context>();
+    private static Map<SubjectId, Subject> subjectIds =  Collections.synchronizedMap(new HashMap<SubjectId, Subject>());
     private static long nextSubjectId = System.currentTimeMillis();
 
     private static SecretKey key;
@@ -59,19 +62,27 @@
         password = "secret";
         ContextManager.setAlgorithm("HmacSHA1");
     }
+    public final static Subject EMPTY = new Subject();
+    static {
+        EMPTY.setReadOnly();
+        registerSubject(EMPTY);
+    }
+
 
     /**
      * After a login, the client is left with a relatively empty Subject, while
      * the Subject used by the server has more important contents.  This method
      * lets a server-side component acting as an authentication client (such
      * as Tocmat/Jetty) access the fully populated server-side Subject.
+     * @param clientSideSubject client simplification of actual subject
+     * @return full server side subject
      */
     public static Subject getServerSideSubject(Subject clientSideSubject) {
-        Set set = clientSideSubject.getPrincipals(IdentificationPrincipal.class);
+        Set<IdentificationPrincipal> set = clientSideSubject.getPrincipals(IdentificationPrincipal.class);
         if(set == null || set.size() == 0) {
             return null;
         }
-        IdentificationPrincipal idp = (IdentificationPrincipal)set.iterator().next();
+        IdentificationPrincipal idp = set.iterator().next();
         return getRegisteredSubject(idp.getId());
     }
 
@@ -86,7 +97,7 @@
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(GET_CONTEXT);
 
-        return (Serializable) currentCallerId.get();
+        return currentCallerId.get();
     }
 
     public static void setCallers(Subject currentCaller, Subject nextCaller) {
@@ -105,14 +116,14 @@
     public static Callers getCallers() {
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(GET_CONTEXT);
-        return (Callers) callers.get();
+        return callers.get();
     }
 
     public static Callers setNextCaller(Subject nextCaller) {
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(SET_CONTEXT);
         assert nextCaller != null;
-        Callers oldCallers = (Callers) callers.get();
+        Callers oldCallers = callers.get();
         assert oldCallers != null;
         Callers newCallers = new Callers(oldCallers.getNextCaller(), nextCaller);
         callers.set(newCallers);
@@ -122,9 +133,9 @@
     public static Callers pushNextCaller(Subject nextCaller) {
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(SET_CONTEXT);
-        Callers oldCallers = (Callers) callers.get();
+        Callers oldCallers = callers.get();
         Subject oldNextCaller = oldCallers == null? null: oldCallers.getNextCaller();
-        Subject newNextCaller = nextCaller == null? oldNextCaller : nextCaller;
+        Subject newNextCaller = (nextCaller == null || nextCaller == EMPTY)? oldNextCaller : nextCaller;
         Callers newCallers = new Callers(oldNextCaller, newNextCaller);
         callers.set(newCallers);
         return oldCallers;
@@ -140,7 +151,7 @@
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(GET_CONTEXT);
 
-        Callers callers = (Callers) ContextManager.callers.get();
+        Callers callers = ContextManager.callers.get();
         return callers == null? null: callers.getCurrentCaller();
     }
 
@@ -148,7 +159,7 @@
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(GET_CONTEXT);
 
-        Callers callers = (Callers) ContextManager.callers.get();
+        Callers callers = ContextManager.callers.get();
         return callers == null? null: callers.getNextCaller();
     }
 
@@ -156,11 +167,11 @@
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(GET_CONTEXT);
 
-        Callers threadLocalCallers = (Callers) callers.get();
+        Callers threadLocalCallers = callers.get();
         assert threadLocalCallers != null : "No current callers";
         Subject currentSubject = threadLocalCallers.getCurrentCaller();
         assert currentSubject != null : "No current caller";
-        Context context = (Context) subjectContexts.get(currentSubject);
+        Context context = subjectContexts.get(currentSubject);
 
         assert context != null : "No registered context";
 
@@ -178,7 +189,7 @@
                 }
             };
         }
-        Context context = (Context) subjectContexts.get(callerSubject);
+        Context context = subjectContexts.get(callerSubject);
 
         assert context != null : "No registered context";
 
@@ -189,11 +200,11 @@
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(GET_CONTEXT);
 
-        Callers threadLocalCallers = (Callers) callers.get();
+        Callers threadLocalCallers = callers.get();
         assert threadLocalCallers != null : "No current callers";
         Subject currentSubject = threadLocalCallers.getCurrentCaller();
         assert currentSubject != null : "No current caller";
-        Context context = (Context) subjectContexts.get(currentSubject);
+        Context context = subjectContexts.get(currentSubject);
 
         assert context != null : "No registered context";
 
@@ -204,7 +215,7 @@
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(GET_CONTEXT);
 
-        Context context = (Context) subjectContexts.get(subject);
+        Context context = subjectContexts.get(subject);
 
         return (context != null ? context.id : null);
     }
@@ -214,7 +225,7 @@
         if (role == null) throw new IllegalArgumentException("Role must not be null");
 
         try {
-            Callers currentCallers = (Callers)callers.get();
+            Callers currentCallers = callers.get();
             if (currentCallers == null) {
                 return false;
             }
@@ -223,7 +234,7 @@
                 return false;
             }
 
-            Context context = (Context) subjectContexts.get(currentSubject);
+            Context context = subjectContexts.get(currentSubject);
 
             assert context != null : "No registered context";
 
@@ -235,7 +246,7 @@
     }
 
     public static Subject getRegisteredSubject(SubjectId id) {
-        return (Subject) subjectIds.get(id);
+        return subjectIds.get(id);
     }
 
     public static synchronized SubjectId registerSubject(Subject subject) {
@@ -253,17 +264,17 @@
         Context context = new Context();
         context.subject = subject;
         context.context = acc;
-        Set principals = subject.getPrincipals((Class)GeronimoCallerPrincipal.class);
+        Set<? extends Principal> principals = subject.getPrincipals(GeronimoCallerPrincipal.class);
         if (!principals.isEmpty()) {
-            context.principal = (Principal) principals.iterator().next();
+            context.principal = principals.iterator().next();
         } else if (!(principals = subject.getPrincipals(PrimaryRealmPrincipal.class)).isEmpty()) {
-            context.principal = (PrimaryRealmPrincipal) principals.iterator().next();
+            context.principal = principals.iterator().next();
         } else if (!(principals = subject.getPrincipals(RealmPrincipal.class)).isEmpty()) {
-            context.principal = (RealmPrincipal) principals.iterator().next();
+            context.principal = principals.iterator().next();
         } else if (!(principals = subject.getPrincipals()).isEmpty()) {
-            context.principal = (Principal) principals.iterator().next();
+            context.principal = principals.iterator().next();
         }
-        Long id = new Long(nextSubjectId++);
+        Long id = nextSubjectId++;
         context.id = new SubjectId(id, hash(id));
 
         subjectIds.put(context.id, subject);
@@ -278,7 +289,7 @@
 
         if (subject == null) throw new IllegalArgumentException("Subject must not be null");
 
-        Context context = (Context) subjectContexts.get(subject);
+        Context context = subjectContexts.get(subject);
         if (context == null) return;
 
         subjectIds.remove(context.id);
@@ -359,7 +370,7 @@
     }
 
     private static byte[] hash(Long id) {
-        long n = id.longValue();
+        long n = id;
         byte[] bytes = new byte[8];
         for (int i = 7; i >= 0; i--) {
             bytes[i] = (byte) (n);
@@ -373,7 +384,9 @@
 
             return mac.doFinal();
         } catch (NoSuchAlgorithmException e) {
+            //shouldn't happen
         } catch (InvalidKeyException e) {
+            //shouldn't happen
         }
         assert false : "Should never have reached here";
         return null;

Added: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/CredentialStore.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/CredentialStore.java?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/CredentialStore.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/CredentialStore.java Sat Jun  9 10:44:02 2007
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.security.credentialstore;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public interface CredentialStore {
+
+    CredentialStore NULL = new CredentialStore() {
+
+        public Subject getSubject(String realm, String id) throws LoginException {
+            return null;
+        }
+    };
+
+    Subject getSubject(String realm, String id) throws LoginException;
+}

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/CredentialStore.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/CredentialStore.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/CredentialStore.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/DirectConfigurationCredentialStoreImpl.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/DirectConfigurationCredentialStoreImpl.java?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/DirectConfigurationCredentialStoreImpl.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/DirectConfigurationCredentialStoreImpl.java Sat Jun  9 10:44:02 2007
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.security.credentialstore;
+
+import java.util.Map;
+import java.util.HashMap;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+
+import org.apache.geronimo.common.DeploymentException;
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+
+/**
+ * Hopefully this will only be used for tests where you need to set up a simple credential store
+ * but don't want to set up a login configuration
+ *
+ * @version $Rev:$ $Date:$
+ */
+public class DirectConfigurationCredentialStoreImpl implements CredentialStore {
+
+    private final Map<String, Map<String, Subject>> subjectStore = new HashMap<String, Map<String, Subject>>();
+
+    public DirectConfigurationCredentialStoreImpl(Map<String, Map<String, Map<String, String>>> subjectInfo, ClassLoader cl) throws DeploymentException, ClassNotFoundException, NoSuchMethodException, IllegalAccessException, InvocationTargetException, InstantiationException {
+        if (cl == null) {
+            cl = getClass().getClassLoader();
+        }
+        for (Map.Entry<String, Map<String, Map<String, String>>> realmEntry: subjectInfo.entrySet()) {
+            Map<String, Subject> realm = new HashMap<String, Subject>();
+            for (Map.Entry<String, Map<String, String>> subjectEntry: realmEntry.getValue().entrySet()) {
+                String id = subjectEntry.getKey();
+                Map<String, String> principals = subjectEntry.getValue();
+                Subject subject = new Subject();
+                for (Map.Entry<String, String> principalInfo: principals.entrySet()) {
+                    String className = principalInfo.getKey();
+                    String principalName = principalInfo.getValue();
+                    Class<? extends Principal> clazz = (Class<? extends Principal>) cl.loadClass(className);
+                    Constructor<? extends Principal> c = clazz.getConstructor(new Class[] {String.class});
+                    Principal p = c.newInstance(new Object[] {principalName});
+                    subject.getPrincipals().add(p);
+                }
+                realm.put(id, subject);
+            }
+            subjectStore.put(realmEntry.getKey(), realm);
+        }
+    }
+
+    public Subject getSubject(String realm, String id) throws LoginException {
+        Map<String, Subject> realmMap = subjectStore.get(realm);
+        if (realmMap == null) {
+            throw new LoginException("Unknown realm : " + realm);
+        }
+        Subject subject = realmMap.get(id);
+        if (subject == null) {
+            throw new LoginException("Unknown id: " + id + " in realm: " + realm);
+        }
+        return subject;
+    }
+
+    public static final GBeanInfo GBEAN_INFO;
+
+    static {
+        GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic(DirectConfigurationCredentialStoreImpl.class);
+
+        infoBuilder.addAttribute("credentialStore", Map.class, true);
+        infoBuilder.addAttribute("classLoader", ClassLoader.class, false);
+
+        infoBuilder.setConstructor(new String[]{"credentialStore", "classLoader"});
+
+        GBEAN_INFO = infoBuilder.getBeanInfo();
+    }
+
+    public static GBeanInfo getGBeanInfo() {
+        return GBEAN_INFO;
+    }
+
+}

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/DirectConfigurationCredentialStoreImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/DirectConfigurationCredentialStoreImpl.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/DirectConfigurationCredentialStoreImpl.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/NameCallbackHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/NameCallbackHandler.java?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/NameCallbackHandler.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/NameCallbackHandler.java Sat Jun  9 10:44:02 2007
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.security.credentialstore;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.NameCallback;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class NameCallbackHandler implements SingleCallbackHandler {
+
+    private final String name;
+
+    public NameCallbackHandler(String name) {
+        this.name = name;
+    }
+
+    public void handle(Callback callback) {
+        ((NameCallback)callback).setName(name);
+    }
+
+    public String getCallbackType() {
+        return NameCallback.class.getName();
+    }
+}

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/NameCallbackHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/NameCallbackHandler.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/NameCallbackHandler.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/PasswordCallbackHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/PasswordCallbackHandler.java?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/PasswordCallbackHandler.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/PasswordCallbackHandler.java Sat Jun  9 10:44:02 2007
@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.security.credentialstore;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.PasswordCallback;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class PasswordCallbackHandler implements SingleCallbackHandler {
+
+    private final char[] password;
+
+    public PasswordCallbackHandler(char[] password) {
+        this.password = password;
+    }
+    public PasswordCallbackHandler(String password) {
+        this.password = password.toCharArray();
+    }
+
+    public void handle(Callback callback) {
+        ((PasswordCallback)callback).setPassword(password);
+    }
+
+    public String getCallbackType() {
+        return PasswordCallback.class.getName();
+    }
+}

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/PasswordCallbackHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/PasswordCallbackHandler.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/PasswordCallbackHandler.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java Sat Jun  9 10:44:02 2007
@@ -0,0 +1,137 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.security.credentialstore;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.lang.reflect.Constructor;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+import org.apache.geronimo.security.ContextManager;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class SimpleCredentialStoreImpl implements CredentialStore {
+
+    private final Map<String, Map<String, Map<String, SingleCallbackHandler>>> credentialStore = new HashMap<String, Map<String, Map<String, SingleCallbackHandler>>>();
+
+    public SimpleCredentialStoreImpl(Map<String, Map<String, Map<String, String>>> credentials, ClassLoader cl) {
+        if (credentials != null) {
+            for (Map.Entry<String, Map<String, Map<String, String>>> realmData: credentials.entrySet()) {
+                String realmName = realmData.getKey();
+                Map<String, Map<String, SingleCallbackHandler>> realm = getRealm(realmName);
+                for  (Map.Entry<String, Map<String, String>> subjectData: realmData.getValue().entrySet()) {
+                    String subjectId = subjectData.getKey();
+                    Map<String, SingleCallbackHandler> subject = getSubject(realm, subjectId);
+                    for (Map.Entry<String, String> credentialData: subjectData.getValue().entrySet()) {
+                        String handlerType = credentialData.getKey();
+                        String value = credentialData.getValue();
+                        try {
+                            Class<? extends SingleCallbackHandler> clazz = (Class<? extends SingleCallbackHandler>) cl.loadClass(handlerType);
+                            Constructor<? extends SingleCallbackHandler> c = clazz.getConstructor(String.class);
+                            SingleCallbackHandler handler = c.newInstance(value);
+                            String callbackType = handler.getCallbackType();
+                            subject.put(callbackType, handler);
+                        } catch (Exception e) {
+                            throw new IllegalArgumentException("Could not construct SingleCallbackHandler of type: " + handlerType + " and value: " + value + " for subjectId: " + subjectId + " and realm: " + realmName, e);
+                        }
+                    }
+                }
+
+            }
+        }
+    }
+
+    public Subject getSubject(String realm, String id) throws LoginException {
+        Map<String, Map<String, SingleCallbackHandler>> idMap = credentialStore.get(realm);
+        if (idMap == null) {
+            throw new LoginException("Unknown realm: " + realm);
+        }
+        final Map<String, SingleCallbackHandler> callbackInfos = idMap.get(id);
+        if (callbackInfos == null) {
+            throw new LoginException("Unknown id: " + id + " in realm: " + realm);
+        }
+        Subject subject = new Subject();
+        LoginContext loginContext = new LoginContext(realm, subject, new CallbackHandler() {
+
+            public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
+                for (Callback callback: callbacks) {
+                    if (!callbackInfos.containsKey(callback.getClass().getName())) {
+                        throw new UnsupportedCallbackException(callback);
+                    }
+                    SingleCallbackHandler singleCallbackHandler = callbackInfos.get(callback.getClass().getName());
+                    singleCallbackHandler.handle(callback);
+                }
+            }
+        });
+        loginContext.login();
+        return ContextManager.getServerSideSubject(subject);
+    }
+
+    public void addEntry(String realm, String id, Map<String, SingleCallbackHandler> callbackInfos) {
+        Map<String, Map<String, SingleCallbackHandler>> idMap = getRealm(realm);
+        idMap.put(id, callbackInfos);
+    }
+
+    private Map<String, Map<String, SingleCallbackHandler>> getRealm(String realm) {
+        Map<String, Map<String, SingleCallbackHandler>> idMap = credentialStore.get(realm);
+        if (idMap == null) {
+            idMap = new HashMap<String, Map<String, SingleCallbackHandler>>();
+            credentialStore.put(realm, idMap);
+        }
+        return idMap;
+    }
+
+    private Map<String, SingleCallbackHandler> getSubject(Map<String, Map<String, SingleCallbackHandler>> realm, String subjectId) {
+        Map<String, SingleCallbackHandler> subject = realm.get(subjectId);
+        if (subject == null) {
+            subject = new HashMap<String, SingleCallbackHandler>();
+            realm.put(subjectId, subject);
+        }
+        return subject;
+    }
+
+    public static final GBeanInfo GBEAN_INFO;
+
+    static {
+        GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic(SimpleCredentialStoreImpl.class);
+
+        infoBuilder.addAttribute("credentialStore", Map.class, true);
+        infoBuilder.addAttribute("classLoader", ClassLoader.class, false);
+
+        infoBuilder.setConstructor(new String[]{"credentialStore", "classLoader"});
+
+        GBEAN_INFO = infoBuilder.getBeanInfo();
+    }
+
+    public static GBeanInfo getGBeanInfo() {
+        return GBEAN_INFO;
+    }
+}

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SingleCallbackHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SingleCallbackHandler.java?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SingleCallbackHandler.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SingleCallbackHandler.java Sat Jun  9 10:44:02 2007
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.security.credentialstore;
+
+import java.io.Serializable;
+
+import javax.security.auth.callback.Callback;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public interface SingleCallbackHandler extends Serializable {
+    void handle(Callback callback);
+    String getCallbackType();
+}



Mime
View raw message