geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r545781 [4/5] - in /geronimo/server/trunk: configs/ configs/axis/ configs/axis2/ configs/client-deployer/src/plan/ configs/cxf/ configs/j2ee-corba-yoko/src/plan/ configs/j2ee-deployer/src/plan/ configs/j2ee-security/src/plan/ configs/jasper...
Date Sat, 09 Jun 2007 17:44:07 GMT
Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SingleCallbackHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SingleCallbackHandler.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SingleCallbackHandler.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/LoginDomainPrincipalInfo.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/LoginDomainPrincipalInfo.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/LoginDomainPrincipalInfo.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/LoginDomainPrincipalInfo.java Sat Jun  9 10:44:02 2007
@@ -31,8 +31,8 @@
         PropertyEditorManager.registerEditor(LoginDomainPrincipalInfo.class, LoginDomainPrincipalEditor.class);
     }
 
-    public LoginDomainPrincipalInfo(String domainName, String className, String principalName, boolean designatedRunAs) {
-        super(className, principalName, designatedRunAs);
+    public LoginDomainPrincipalInfo(String domainName, String className, String principalName) {
+        super(className, principalName);
         this.domainName = domainName;
     }
 
@@ -47,10 +47,10 @@
         public void setAsText(String text) {
             if (text != null) {
                 String[] parts = text.split(",");
-                if (parts.length != 4) {
-                    throw new PropertyEditorException("Principal should have the form 'domain,class,name,run-as'");
+                if (parts.length != 3) {
+                    throw new PropertyEditorException("Principal should have the form 'domain,class,name'");
                 }
-                LoginDomainPrincipalInfo principal = new LoginDomainPrincipalInfo(parts[0], parts[1], parts[2], Boolean.valueOf(parts[3]).booleanValue());
+                LoginDomainPrincipalInfo principal = new LoginDomainPrincipalInfo(parts[0], parts[1], parts[2]);
                 setValue(principal);
             } else {
                 setValue(null);
@@ -62,7 +62,7 @@
             if (principal == null) {
                 return null;
             }
-            return principal.getPrincipalName() + "," + principal.getClassName() + "," + principal.isDesignatedRunAs() + "," + principal.getDomain();
+            return principal.getPrincipalName() + "," + principal.getClassName() + "," + principal.getDomain();
         }
     }
 }

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/PrincipalInfo.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/PrincipalInfo.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/PrincipalInfo.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/PrincipalInfo.java Sat Jun  9 10:44:02 2007
@@ -34,12 +34,10 @@
 
     private final String className;
     private final String principalName;
-    private final boolean designatedRunAs;
 
-    public PrincipalInfo(String className, String principalName, boolean designatedRunAs) {
+    public PrincipalInfo(String className, String principalName) {
         this.className = className;
         this.principalName = principalName;
-        this.designatedRunAs = designatedRunAs;
     }
 
     public String getClassName() {
@@ -50,19 +48,15 @@
         return principalName;
     }
 
-    public boolean isDesignatedRunAs() {
-        return designatedRunAs;
-    }
-
     public static class PrincipalEditor extends TextPropertyEditorSupport {
 
         public void setAsText(String text) {
             if (text != null) {
                 String[] parts = text.split(",");
-                if (parts.length != 3) {
-                    throw new PropertyEditorException("Principal should have the form 'name,class,run-as'");
+                if (parts.length != 2) {
+                    throw new PropertyEditorException("Principal should have the form 'name,class'");
                 }
-                PrincipalInfo principalInfo = new PrincipalInfo(parts[0], parts[1], Boolean.valueOf(parts[2]).booleanValue());
+                PrincipalInfo principalInfo = new PrincipalInfo(parts[0], parts[1]);
                 setValue(principalInfo);
             } else {
                 setValue(null);
@@ -74,7 +68,7 @@
             if (principalInfo == null) {
                 return null;
             }
-            return principalInfo.getPrincipalName() + "," + principalInfo.getClassName() + "," + principalInfo.isDesignatedRunAs();
+            return principalInfo.getPrincipalName() + "," + principalInfo.getClassName();
         }
     }
 }

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/RealmPrincipalInfo.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/RealmPrincipalInfo.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/RealmPrincipalInfo.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/RealmPrincipalInfo.java Sat Jun  9 10:44:02 2007
@@ -33,8 +33,8 @@
 
     private final String realm;
 
-    public RealmPrincipalInfo(String realm, String domainName, String className, String principalName, boolean designatedRunAs) {
-        super(domainName, className, principalName, designatedRunAs);
+    public RealmPrincipalInfo(String realm, String domainName, String className, String principalName) {
+        super(domainName, className, principalName);
         this.realm = realm;
     }
 
@@ -47,10 +47,10 @@
         public void setAsText(String text) {
             if (text != null) {
                 String[] parts = text.split(",");
-                if (parts.length != 5) {
-                    throw new PropertyEditorException("Principal should have the form 'realm,domain,class,name,run-as'");
+                if (parts.length != 4) {
+                    throw new PropertyEditorException("Principal should have the form 'realm,domain,class,name'");
                 }
-                RealmPrincipalInfo principal = new RealmPrincipalInfo(parts[0], parts[1], parts[2], parts[3], Boolean.valueOf(parts[4]).booleanValue());
+                RealmPrincipalInfo principal = new RealmPrincipalInfo(parts[0], parts[1], parts[2], parts[3]);
                 setValue(principal);
             } else {
                 setValue(null);
@@ -63,7 +63,7 @@
                 return null;
             }
             // output from getAsText() should match with the input expected by setAsText()
-            return principal.getRealm() + "," + principal.getDomain() + "," + principal.getClassName() + "," + principal.getPrincipalName() + "," + principal.isDesignatedRunAs();
+            return principal.getRealm() + "," + principal.getDomain() + "," + principal.getClassName() + "," + principal.getPrincipalName();
         }
     }
 }

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/Role.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/Role.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/Role.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/Role.java Sat Jun  9 10:44:02 2007
@@ -20,6 +20,10 @@
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
+import java.security.Principal;
+
+import org.apache.geronimo.security.RealmPrincipal;
+import org.apache.geronimo.security.DomainPrincipal;
 
 
 /**
@@ -28,10 +32,10 @@
 public class Role implements Serializable {
 
     private String roleName;
-    private final Set realmPrincipals = new HashSet();
-    private final Set domainPrincipals = new HashSet();
-    private final Set principals = new HashSet();
-    private final Set distinguishedNames = new HashSet();
+    private final Set<RealmPrincipalInfo> realmPrincipals = new HashSet<RealmPrincipalInfo>();
+    private final Set<LoginDomainPrincipalInfo> domainPrincipals = new HashSet<LoginDomainPrincipalInfo>();
+    private final Set<PrincipalInfo> principals = new HashSet<PrincipalInfo>();
+    private final Set<DistinguishedName> distinguishedNames = new HashSet<DistinguishedName>();
 
     public String getRoleName() {
         return roleName;
@@ -41,19 +45,19 @@
         this.roleName = roleName;
     }
 
-    public Set getRealmPrincipals() {
+    public Set<RealmPrincipalInfo> getRealmPrincipals() {
         return realmPrincipals;
     }
 
-    public Set getLoginDomainPrincipals() {
+    public Set<LoginDomainPrincipalInfo> getLoginDomainPrincipals() {
         return domainPrincipals;
     }
 
-    public Set getPrincipals() {
+    public Set<PrincipalInfo> getPrincipals() {
         return principals;
     }
 
-    public Set getDistinguishedNames() {
+    public Set<DistinguishedName> getDistinguishedNames() {
         return distinguishedNames;
     }
 }

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/Security.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/Security.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/Security.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/Security.java Sat Jun  9 10:44:02 2007
@@ -18,10 +18,7 @@
 
 import java.io.Serializable;
 import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
 import java.util.Map;
-import java.util.Set;
 
 
 /**
@@ -32,8 +29,9 @@
     private boolean doAsCurrentCaller;
     private boolean useContextHandler;
     private String defaultRole;
-    private DefaultPrincipal defaultPrincipal;
-    private Map roleMappings = new HashMap();
+    private SubjectInfo defaultSubjectInfo;
+    private Map<String, Role> roleMappings = new HashMap<String, Role>();
+    private Map<String, SubjectInfo> roleSubjectMappings = new HashMap<String, SubjectInfo>();
 
     public Security() {
     }
@@ -62,15 +60,19 @@
         this.defaultRole = defaultRole;
     }
 
-    public DefaultPrincipal getDefaultPrincipal() {
-        return defaultPrincipal;
+    public Map<String, Role> getRoleMappings() {
+        return roleMappings;
     }
 
-    public void setDefaultPrincipal(DefaultPrincipal defaultPrincipal) {
-        this.defaultPrincipal = defaultPrincipal;
+    public SubjectInfo getDefaultSubjectInfo() {
+        return defaultSubjectInfo;
     }
 
-    public Map getRoleMappings() {
-        return roleMappings;
+    public void setDefaultSubjectInfo(SubjectInfo defaultSubjectInfo) {
+        this.defaultSubjectInfo = defaultSubjectInfo;
+    }
+
+    public Map<String, SubjectInfo> getRoleSubjectMappings() {
+        return roleSubjectMappings;
     }
 }

Added: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/SubjectInfo.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/SubjectInfo.java?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/SubjectInfo.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/SubjectInfo.java Sat Jun  9 10:44:02 2007
@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.security.deploy;
+
+import java.io.Serializable;
+import java.util.Set;
+import java.util.HashSet;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class SubjectInfo implements Serializable {
+
+    private final String realm;
+    private final String id;
+
+    public SubjectInfo(String realm, String id) {
+        this.realm = realm;
+        this.id = id;
+    }
+
+    public String getRealm() {
+        return realm;
+    }
+
+    public String getId() {
+        return id;
+    }
+}

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/SubjectInfo.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/SubjectInfo.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/deploy/SubjectInfo.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/server/WrappingLoginModuleProxy.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/server/WrappingLoginModuleProxy.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/server/WrappingLoginModuleProxy.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/server/WrappingLoginModuleProxy.java Sat Jun  9 10:44:02 2007
@@ -71,7 +71,7 @@
         }
         localSubject.getPrincipals().addAll(wrapped);
         subject.getPrincipals().addAll(localSubject.getPrincipals());
-
+        subject.getPrivateCredentials().addAll(localSubject.getPrivateCredentials());
         return result;
     }
 

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.java Sat Jun  9 10:44:02 2007
@@ -21,9 +21,10 @@
 import java.security.Policy;
 import java.util.Enumeration;
 import java.util.HashMap;
-import java.util.Iterator;
 import java.util.Map;
+
 import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
 import javax.security.jacc.PolicyConfiguration;
 import javax.security.jacc.PolicyConfigurationFactory;
 import javax.security.jacc.PolicyContextException;
@@ -35,17 +36,23 @@
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.security.IdentificationPrincipal;
 import org.apache.geronimo.security.SubjectId;
+import org.apache.geronimo.security.credentialstore.CredentialStore;
+import org.apache.geronimo.security.deploy.SubjectInfo;
 
 /**
  * @version $Rev$ $Date$
  */
-public class ApplicationPolicyConfigurationManager implements GBeanLifecycle {
+public class ApplicationPolicyConfigurationManager implements GBeanLifecycle, RunAsSource {
 
-    private final Map contextIdToPolicyConfigurationMap = new HashMap();
-    private final Map roleDesignates;
+    private final Map<String, PolicyConfiguration> contextIdToPolicyConfigurationMap = new HashMap<String, PolicyConfiguration>();
+    private final Map<String, Subject> roleDesignates = new HashMap<String, Subject>();
+    private final Subject defaultSubject;
     private final PrincipalRoleMapper principalRoleMapper;
 
-    public ApplicationPolicyConfigurationManager(Map contextIdToPermissionsMap, Map roleDesignates, ClassLoader cl, PrincipalRoleMapper principalRoleMapper) throws PolicyContextException, ClassNotFoundException {
+    public ApplicationPolicyConfigurationManager(Map<String, ComponentPermissions> contextIdToPermissionsMap, SubjectInfo defaultSubjectInfo, Map<String, SubjectInfo> roleDesignates, ClassLoader cl, CredentialStore credentialStore, PrincipalRoleMapper principalRoleMapper) throws PolicyContextException, ClassNotFoundException, LoginException {
+        if (credentialStore == null && (!roleDesignates.isEmpty() || defaultSubjectInfo != null)) {
+            throw new NullPointerException("No CredentialStore supplied to resolve default and run-as subjects");
+        }
         this.principalRoleMapper = principalRoleMapper;
         Thread currentThread = Thread.currentThread();
         ClassLoader oldClassLoader = currentThread.getContextClassLoader();
@@ -57,19 +64,17 @@
             currentThread.setContextClassLoader(oldClassLoader);
         }
 
-        for (Iterator iterator = contextIdToPermissionsMap.entrySet().iterator(); iterator.hasNext();) {
-            Map.Entry entry = (Map.Entry) iterator.next();
-            String contextID = (String) entry.getKey();
-            ComponentPermissions componentPermissions = (ComponentPermissions) entry.getValue();
+        for (Map.Entry<String, ComponentPermissions> entry : contextIdToPermissionsMap.entrySet()) {
+            String contextID = entry.getKey();
+            ComponentPermissions componentPermissions = entry.getValue();
 
             PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration(contextID, true);
             contextIdToPolicyConfigurationMap.put(contextID, policyConfiguration);
             policyConfiguration.addToExcludedPolicy(componentPermissions.getExcludedPermissions());
             policyConfiguration.addToUncheckedPolicy(componentPermissions.getUncheckedPermissions());
-            for (Iterator roleIterator = componentPermissions.getRolePermissions().entrySet().iterator(); roleIterator.hasNext();) {
-                Map.Entry roleEntry = (Map.Entry) roleIterator.next();
-                String roleName = (String) roleEntry.getKey();
-                PermissionCollection rolePermissions = (PermissionCollection) roleEntry.getValue();
+            for (Map.Entry<String, PermissionCollection> roleEntry : componentPermissions.getRolePermissions().entrySet()) {
+                String roleName = roleEntry.getKey();
+                PermissionCollection rolePermissions = roleEntry.getValue();
                 for (Enumeration permissions = rolePermissions.elements(); permissions.hasMoreElements();) {
                     Permission permission = (Permission) permissions.nextElement();
                     policyConfiguration.addToRole(roleName, permission);
@@ -83,10 +88,8 @@
         }
 
         //link everything together
-        for (Iterator iterator = contextIdToPolicyConfigurationMap.values().iterator(); iterator.hasNext();) {
-            PolicyConfiguration policyConfiguration = (PolicyConfiguration) iterator.next();
-            for (Iterator iterator2 = contextIdToPolicyConfigurationMap.values().iterator(); iterator2.hasNext();) {
-                PolicyConfiguration policyConfiguration2 = (PolicyConfiguration) iterator2.next();
+        for (PolicyConfiguration policyConfiguration : contextIdToPolicyConfigurationMap.values()) {
+            for (PolicyConfiguration policyConfiguration2 : contextIdToPolicyConfigurationMap.values()) {
                 if (policyConfiguration != policyConfiguration2) {
                     policyConfiguration.linkConfiguration(policyConfiguration2);
                 }
@@ -94,8 +97,7 @@
         }
 
         //commit
-        for (Iterator iterator = contextIdToPolicyConfigurationMap.values().iterator(); iterator.hasNext();) {
-            PolicyConfiguration policyConfiguration = (PolicyConfiguration) iterator.next();
+        for (PolicyConfiguration policyConfiguration : contextIdToPolicyConfigurationMap.values()) {
             policyConfiguration.commit();
         }
 
@@ -103,14 +105,37 @@
         Policy policy = Policy.getPolicy();
         policy.refresh();
 
-        for (Iterator iterator = roleDesignates.entrySet().iterator(); iterator.hasNext();) {
-            Map.Entry entry = (Map.Entry) iterator.next();
-            Subject roleDesignate = (Subject) entry.getValue();
-            ContextManager.registerSubject(roleDesignate);
-            SubjectId id = ContextManager.getSubjectId(roleDesignate);
-            roleDesignate.getPrincipals().add(new IdentificationPrincipal(id));
+        if (defaultSubjectInfo == null) {
+            defaultSubject = ContextManager.EMPTY;
+        } else {
+            defaultSubject = credentialStore.getSubject(defaultSubjectInfo.getRealm(), defaultSubjectInfo.getId());
+            registerSubject(defaultSubject);
+        }
+
+        for (Map.Entry<String, SubjectInfo> entry : roleDesignates.entrySet()) {
+            String role = entry.getKey();
+            SubjectInfo subjectInfo = entry.getValue();
+            if (subjectInfo == null || credentialStore == null) {
+                throw new NullPointerException("No subjectInfo for role " + role);
+            }
+            Subject roleDesignate = credentialStore.getSubject(subjectInfo.getRealm(), subjectInfo.getId());
+            registerSubject(roleDesignate);
+            this.roleDesignates.put(role, roleDesignate);
         }
-        this.roleDesignates = roleDesignates;
+    }
+
+    private void registerSubject(Subject subject) {
+        ContextManager.registerSubject(subject);
+        SubjectId id = ContextManager.getSubjectId(subject);
+        subject.getPrincipals().add(new IdentificationPrincipal(id));
+    }
+
+    public Subject getDefaultSubject() {
+        return defaultSubject;
+    }
+
+    public Subject getSubjectForRole(String role) {
+        return roleDesignates.get(role);
     }
 
     public void doStart() throws Exception {
@@ -118,18 +143,16 @@
     }
 
     public void doStop() throws Exception {
-        for (Iterator iterator = roleDesignates.entrySet().iterator(); iterator.hasNext();) {
-             Map.Entry entry = (Map.Entry) iterator.next();
-             Subject roleDesignate = (Subject) entry.getValue();
-             ContextManager.unregisterSubject(roleDesignate);
-         }
+        for (Map.Entry<String, Subject> entry : roleDesignates.entrySet()) {
+            Subject roleDesignate = entry.getValue();
+            ContextManager.unregisterSubject(roleDesignate);
+        }
 
         if (principalRoleMapper != null) {
             principalRoleMapper.uninstall();
         }
 
-        for (Iterator iterator = contextIdToPolicyConfigurationMap.values().iterator(); iterator.hasNext();) {
-            PolicyConfiguration policyConfiguration = (PolicyConfiguration) iterator.next();
+        for (PolicyConfiguration policyConfiguration : contextIdToPolicyConfigurationMap.values()) {
             policyConfiguration.delete();
         }
     }
@@ -143,10 +166,12 @@
     static {
         GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic(ApplicationPolicyConfigurationManager.class, NameFactory.JACC_MANAGER);
         infoBuilder.addAttribute("contextIdToPermissionsMap", Map.class, true);
+        infoBuilder.addAttribute("defaultSubjectInfo", SubjectInfo.class, true);
         infoBuilder.addAttribute("roleDesignates", Map.class, true);
         infoBuilder.addAttribute("classLoader", ClassLoader.class, false);
+        infoBuilder.addReference("CredentialStore", CredentialStore.class, NameFactory.GERONIMO_SERVICE);
         infoBuilder.addReference("PrincipalRoleMapper", PrincipalRoleMapper.class, NameFactory.JACC_MANAGER);
-        infoBuilder.setConstructor(new String[] {"contextIdToPermissionsMap", "roleDesignates", "classLoader", "PrincipalRoleMapper"});
+        infoBuilder.setConstructor(new String[] {"contextIdToPermissionsMap", "defaultSubjectInfo", "roleDesignates", "classLoader", "CredentialStore", "PrincipalRoleMapper"});
         GBEAN_INFO = infoBuilder.getBeanInfo();
     }
 

Added: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jacc/RunAsSource.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jacc/RunAsSource.java?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jacc/RunAsSource.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jacc/RunAsSource.java Sat Jun  9 10:44:02 2007
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.security.jacc;
+
+import javax.security.auth.Subject;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public interface RunAsSource {
+    RunAsSource NULL = new RunAsSource() {
+
+        public Subject getDefaultSubject() {
+            return null;
+        }
+
+        public Subject getSubjectForRole(String role) {
+            return null;
+        }
+    };
+
+    Subject getDefaultSubject();
+
+    Subject getSubjectForRole(String role);
+}

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jacc/RunAsSource.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jacc/RunAsSource.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jacc/RunAsSource.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java Sat Jun  9 10:44:02 2007
@@ -66,27 +66,23 @@
     private JaasLoginModuleConfiguration[] config;
     private final Kernel kernel;
 
-    private final PrincipalInfo defaultPrincipalInfo;
-
     private String[] domains;
     private final boolean restrictPrincipalsToServer;
     private final boolean wrapPrincipals;
     private final JaasLoginModuleUse loginModuleUse;
 
     public GenericSecurityRealm(String realmName,
-                                JaasLoginModuleUse loginModuleUse,
-                                boolean restrictPrincipalsToServer,
-                                boolean wrapPrincipals,
-                                PrincipalInfo defaultPrincipalInfo,
-                                ServerInfo serverInfo,
-                                ClassLoader classLoader,
-                                Kernel kernel,
-                                JaasLoginServiceMBean loginService) {
+            JaasLoginModuleUse loginModuleUse,
+            boolean restrictPrincipalsToServer,
+            boolean wrapPrincipals,
+            ServerInfo serverInfo,
+            ClassLoader classLoader,
+            Kernel kernel,
+            JaasLoginServiceMBean loginService) {
         this.realmName = realmName;
         this.kernel = kernel;
         this.restrictPrincipalsToServer = restrictPrincipalsToServer;
         this.wrapPrincipals = wrapPrincipals;
-        this.defaultPrincipalInfo = defaultPrincipalInfo;
         this.loginService = loginService;
         this.loginModuleUse = loginModuleUse;
 
@@ -124,17 +120,6 @@
         return domains;
     }
 
-
-    /**
-     * Provides the default principal to be used when an unauthenticated
-     * subject uses a container.
-     *
-     * @return the default principal
-     */
-    public PrincipalInfo getDefaultPrincipal() {
-        return defaultPrincipalInfo;
-    }
-
     /**
      * A GBean property.  If set to true, the login service will not return
      * principals generated by this realm to clients.  If set to false (the
@@ -185,7 +170,6 @@
         infoFactory.addAttribute("realmName", String.class, true);
         infoFactory.addAttribute("kernel", Kernel.class, false);
         infoFactory.addAttribute("classLoader", ClassLoader.class, false);
-        infoFactory.addAttribute("defaultPrincipal", PrincipalInfo.class, true);
         infoFactory.addAttribute("deploymentSupport", Properties.class, true);
         infoFactory.addAttribute("restrictPrincipalsToServer", boolean.class, true);
         infoFactory.addAttribute("wrapPrincipals", boolean.class, true);
@@ -200,7 +184,6 @@
                                                 "LoginModuleConfiguration",
                                                 "restrictPrincipalsToServer",
                                                 "wrapPrincipals",
-                                                "defaultPrincipal",
                                                 "ServerInfo",
                                                 "classLoader",
                                                 "kernel",

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/CertificateChainLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/CertificateChainLoginModule.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/CertificateChainLoginModule.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/CertificateChainLoginModule.java Sat Jun  9 10:44:02 2007
@@ -35,7 +35,7 @@
 
 
 /**
- * An example LoginModule that reads a list of users and group from a file on disk.
+ * An example LoginModule that reads a list of credentials and group from a file on disk.
  * Authentication is provided by the SSL layer supplying the client certificate.
  * All we check is that it is present.  The
  * file should be formatted using standard Java properties syntax.  Expects
@@ -62,7 +62,7 @@
 //        try {
 //            Kernel kernel = KernelRegistry.getKernel((String)options.get(JaasLoginModuleUse.KERNEL_LM_OPTION));
 //            ServerInfo serverInfo = (ServerInfo) options.get(JaasLoginModuleUse.SERVERINFO_LM_OPTION);
-//            URI usersURI = new URI((String)options.get(USERS_URI));
+//            URI usersURI = new URI((String)options.get(CREDENTIALS_URI));
 //            URI groupsURI = new URI((String)options.get(GROUPS_URI));
 //            loadProperties(kernel, serverInfo, usersURI, groupsURI);
 //        } catch (Exception e) {

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/CertificatePropertiesFileLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/CertificatePropertiesFileLoginModule.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/CertificatePropertiesFileLoginModule.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/CertificatePropertiesFileLoginModule.java Sat Jun  9 10:44:02 2007
@@ -46,7 +46,7 @@
 
 
 /**
- * An example LoginModule that reads a list of users and group from a file on disk.
+ * An example LoginModule that reads a list of credentials and group from a file on disk.
  * Authentication is provided by the SSL layer supplying the client certificate.
  * All we check is that it is present.  The
  * file should be formatted using standard Java properties syntax.  Expects

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoCallerPrincipal.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoCallerPrincipal.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoCallerPrincipal.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoCallerPrincipal.java Sat Jun  9 10:44:02 2007
@@ -16,10 +16,12 @@
  */
 package org.apache.geronimo.security.realm.providers;
 
+import java.security.Principal;
+
 /**
  * This is a marker interface used to indicate that a particular principal should be returned from getCallerPrincipal().
  *
  * @version $Rev$ $Date$
  */
-public interface GeronimoCallerPrincipal {
+public interface GeronimoCallerPrincipal extends Principal {
 }

Added: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModule.java?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModule.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModule.java Sat Jun  9 10:44:02 2007
@@ -0,0 +1,134 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.security.realm.providers;
+
+import java.io.InputStream;
+import java.net.URI;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.geronimo.common.GeronimoSecurityException;
+import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
+import org.apache.geronimo.security.jaas.NamedUsernamePasswordCredential;
+import org.apache.geronimo.system.serverinfo.ServerInfo;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class GeronimoPropertiesFileMappedPasswordCredentialLoginModule implements LoginModule {
+
+    private static final Log log = LogFactory.getLog(GeronimoPropertiesFileMappedPasswordCredentialLoginModule.class);
+    public final static String CREDENTIALS_URI = "credentialsURI";
+    private final static Pattern pattern = Pattern.compile("([^:,=]*):([^:,=]*)=([^:,=]*)");
+
+    private final Set<NamedUsernamePasswordCredential> passwordCredentials = new HashSet<NamedUsernamePasswordCredential>();
+    private final Properties credentials = new Properties();
+
+    private Subject subject;
+    private CallbackHandler callbackHandler;
+
+    public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
+        this.subject = subject;
+        this.callbackHandler = callbackHandler;
+        try {
+            ServerInfo serverInfo = (ServerInfo) options.get(JaasLoginModuleUse.SERVERINFO_LM_OPTION);
+            final String credentials = (String) options.get(CREDENTIALS_URI);
+            if (credentials == null) {
+                throw new IllegalArgumentException(CREDENTIALS_URI + " must be provided!");
+            }
+            URI usersURI = new URI(credentials);
+            loadProperties(serverInfo, usersURI);
+        } catch (Exception e) {
+            log.error("Initialization failed", e);
+            throw new IllegalArgumentException("Unable to configure properties file login module: " + e.getMessage());
+        }
+    }
+
+    private void loadProperties(ServerInfo serverInfo, URI credentialsURI) throws GeronimoSecurityException {
+        try {
+            URI userFile = serverInfo.resolveServer(credentialsURI);
+            InputStream stream = userFile.toURL().openStream();
+            credentials.load(stream);
+            stream.close();
+        } catch (Exception e) {
+            log.error("Properties File Login Module - data load failed", e);
+            throw new GeronimoSecurityException(e);
+        }
+    }
+
+    public boolean login() throws LoginException {
+        Callback[] callbacks = new Callback[1];
+        callbacks[0] = new NameCallback("User name");
+        try {
+            callbackHandler.handle(callbacks);
+        } catch (java.io.IOException e) {
+            throw (LoginException) new LoginException("Unlikely IOException").initCause(e);
+        } catch (UnsupportedCallbackException e) {
+            throw (LoginException) new LoginException("Unlikely UnsupportedCallbackException").initCause(e);
+        }
+        String userName = ((NameCallback) callbacks[0]).getName();
+        String unparsedCredentials = credentials.getProperty(userName);
+        if (unparsedCredentials != null) {
+            parseCredentials(unparsedCredentials, passwordCredentials);
+        }
+        return true;
+    }
+
+    void parseCredentials(String unparsedCredentials, Set<NamedUsernamePasswordCredential> passwordCredentials) {
+        Matcher matcher = pattern.matcher(unparsedCredentials);
+        while (matcher.find()) {
+            String credentialName = matcher.group(1);
+            String credentialUser = matcher.group(2);
+            String credentialPassword = matcher.group(3);
+            NamedUsernamePasswordCredential credential = new NamedUsernamePasswordCredential(credentialUser, credentialPassword.toCharArray(), credentialName);
+            passwordCredentials.add(credential);
+        }
+    }
+
+    public boolean commit() throws LoginException {
+        subject.getPrivateCredentials().addAll(passwordCredentials);
+        return true;
+    }
+
+    public boolean abort() throws LoginException {
+        passwordCredentials.clear();
+        return true;
+    }
+
+    public boolean logout() throws LoginException {
+        passwordCredentials.clear();
+        return true;
+    }
+}

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModule.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModule.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModule.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java Sat Jun  9 10:44:02 2007
@@ -48,7 +48,7 @@
 
 
 /**
- * A LoginModule that reads a list of users and group from files on disk.  The
+ * A LoginModule that reads a list of credentials and group from files on disk.  The
  * files should be formatted using standard Java properties syntax.  Expects
  * to be run by a GenericSecurityRealm (doesn't work on its own).
  *

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java Sat Jun  9 10:44:02 2007
@@ -65,7 +65,7 @@
  * The userSelect query should return 2 values, the username and the password in
  * that order.  It should include one PreparedStatement parameter (a ?) which
  * will be filled in with the username.  In other words, the query should look
- * like: <tt>SELECT user, password FROM users WHERE username=?</tt>
+ * like: <tt>SELECT user, password FROM credentials WHERE username=?</tt>
  * <p>
  * The groupSelect query should return 2 values, the username and the group name in
  * that order (but it may return multiple rows, one per group).  It should include

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/ConfigurationUtil.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/ConfigurationUtil.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/ConfigurationUtil.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/ConfigurationUtil.java Sat Jun  9 10:44:02 2007
@@ -21,23 +21,18 @@
 import java.security.AccessController;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
-import java.util.Set;
-import javax.security.auth.Subject;
+
 import javax.security.auth.x500.X500Principal;
 import javax.security.jacc.PolicyContext;
 import javax.security.jacc.PolicyContextException;
 import javax.security.jacc.PolicyContextHandler;
 
 import org.apache.geronimo.common.DeploymentException;
-import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.security.DomainPrincipal;
 import org.apache.geronimo.security.PrimaryDomainPrincipal;
 import org.apache.geronimo.security.PrimaryPrincipal;
 import org.apache.geronimo.security.PrimaryRealmPrincipal;
 import org.apache.geronimo.security.RealmPrincipal;
-import org.apache.geronimo.security.deploy.DefaultDomainPrincipal;
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
-import org.apache.geronimo.security.deploy.DefaultRealmPrincipal;
 import org.apache.geronimo.security.deploy.PrincipalInfo;
 
 
@@ -209,46 +204,6 @@
             throw new DeploymentException("Unable to create principal", pae.getException());
         }
     }
-
-    /**
-     * Generate the default principal from the security config.
-     *
-     * @param defaultPrincipal
-     * @param classLoader
-     * @return the default principal
-     */
-    public static Subject generateDefaultSubject(DefaultPrincipal defaultPrincipal, ClassLoader classLoader) throws DeploymentException {
-        if (defaultPrincipal == null) {
-            throw new GeronimoSecurityException("No DefaultPrincipal configuration supplied");
-        }
-        Subject defaultSubject = new Subject();
-        java.security.Principal principal;
-        java.security.Principal primaryPrincipal;
-
-        if (defaultPrincipal instanceof DefaultRealmPrincipal) {
-            DefaultRealmPrincipal defaultRealmPrincipal = (DefaultRealmPrincipal) defaultPrincipal;
-            principal = generateRealmPrincipal(defaultRealmPrincipal.getRealm(), defaultRealmPrincipal.getDomain(), defaultRealmPrincipal.getPrincipal(), classLoader);
-            primaryPrincipal = generatePrimaryRealmPrincipal(defaultRealmPrincipal.getRealm(), defaultRealmPrincipal.getDomain(), defaultRealmPrincipal.getPrincipal(), classLoader);
-        } else if (defaultPrincipal instanceof DefaultDomainPrincipal) {
-            DefaultDomainPrincipal defaultDomainPrincipal = (DefaultDomainPrincipal) defaultPrincipal;
-            principal = generateDomainPrincipal(defaultDomainPrincipal.getDomain(), defaultDomainPrincipal.getPrincipal(), classLoader);
-            primaryPrincipal = generatePrimaryDomainPrincipal(defaultDomainPrincipal.getDomain(), defaultDomainPrincipal.getPrincipal(), classLoader);
-        } else {
-            principal = generatePrincipal(defaultPrincipal.getPrincipal(), classLoader);
-            primaryPrincipal = generatePrimaryPrincipal(defaultPrincipal.getPrincipal(), classLoader);
-
-        }
-        defaultSubject.getPrincipals().add(principal);
-        defaultSubject.getPrincipals().add(primaryPrincipal);
-
-        Set namedUserPasswordCredentials = defaultPrincipal.getNamedUserPasswordCredentials();
-        if (namedUserPasswordCredentials != null) {
-            defaultSubject.getPrivateCredentials().addAll(namedUserPasswordCredentials);
-        }
-
-        return defaultSubject;
-    }
-
 
     /**
      * A simple helper method to register PolicyContextHandlers

Added: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImplTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImplTest.java?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImplTest.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImplTest.java Sat Jun  9 10:44:02 2007
@@ -0,0 +1,141 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.security.credentialstore;
+
+import java.util.Properties;
+import java.util.Map;
+import java.util.HashMap;
+import java.io.File;
+
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.Subject;
+
+import org.apache.geronimo.security.AbstractTest;
+import org.apache.geronimo.security.realm.GenericSecurityRealm;
+import org.apache.geronimo.security.jaas.LoginModuleGBean;
+import org.apache.geronimo.security.jaas.DirectConfigurationEntry;
+import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
+import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
+import org.apache.geronimo.gbean.GBeanData;
+import org.apache.geronimo.gbean.AbstractName;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class SimpleCredentialStoreImplTest extends AbstractTest {
+    protected AbstractName clientLM;
+    protected AbstractName clientCE;
+    protected AbstractName testCE;
+    protected AbstractName testRealm;
+
+    public void setUp() throws Exception {
+        needServerInfo = true;
+        needLoginConfiguration = true;
+        super.setUp();
+
+        GBeanData gbean;
+
+        gbean = buildGBeanData("name", "ClientPropertiesLoginModule", LoginModuleGBean.getGBeanInfo());
+        clientLM = gbean.getAbstractName();
+        gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.jaas.client.JaasLoginCoordinator");
+        gbean.setAttribute("serverSide", Boolean.TRUE);
+        Properties props = new Properties();
+        props.put("host", "localhost");
+        props.put("port", "4242");
+        props.put("realm", "properties-realm");
+        gbean.setAttribute("options", props);
+        kernel.loadGBean(gbean, LoginModuleGBean.class.getClassLoader());
+
+        gbean = buildGBeanData("name", "ClientConfigurationEntry", DirectConfigurationEntry.getGBeanInfo());
+        clientCE = gbean.getAbstractName();
+        gbean.setAttribute("applicationConfigName", "properties-client");
+        gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED);
+        gbean.setReferencePattern("Module", clientLM);
+        kernel.loadGBean(gbean, DirectConfigurationEntry.class.getClassLoader());
+
+        gbean = buildGBeanData("name", "PropertiesLoginModule", LoginModuleGBean.getGBeanInfo());
+        testCE = gbean.getAbstractName();
+        gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule");
+        gbean.setAttribute("serverSide", Boolean.TRUE);
+        props = new Properties();
+        props.put("usersURI", new File(BASEDIR, "src/test/data/data/users.properties").toURI().toString());
+        props.put("groupsURI", new File(BASEDIR, "src/test/data/data/groups.properties").toURI().toString());
+        gbean.setAttribute("options", props);
+        gbean.setAttribute("loginDomainName", "TestProperties");
+        gbean.setAttribute("wrapPrincipals", Boolean.TRUE);
+        kernel.loadGBean(gbean, LoginModuleGBean.class.getClassLoader());
+
+        gbean = buildGBeanData("name", "PropertiesLoginModuleUse", JaasLoginModuleUse.getGBeanInfo());
+        AbstractName testUseName = gbean.getAbstractName();
+        gbean.setAttribute("controlFlag", "REQUIRED");
+        gbean.setReferencePattern("LoginModule", testCE);
+        kernel.loadGBean(gbean, JaasLoginModuleUse.class.getClassLoader());
+
+        gbean = buildGBeanData("name", "PropertiesSecurityRealm", GenericSecurityRealm.getGBeanInfo());
+        testRealm = gbean.getAbstractName();
+        gbean.setAttribute("realmName", "properties-realm");
+        gbean.setReferencePattern("LoginModuleConfiguration", testUseName);
+        gbean.setReferencePattern("ServerInfo", serverInfo);
+        gbean.setReferencePattern("LoginService", loginService);
+        kernel.loadGBean(gbean, GenericSecurityRealm.class.getClassLoader());
+
+        kernel.startGBean(loginConfiguration);
+        kernel.startGBean(clientLM);
+        kernel.startGBean(clientCE);
+        kernel.startGBean(testUseName);
+        kernel.startGBean(testCE);
+        kernel.startGBean(testRealm);
+    }
+
+    public void tearDown() throws Exception {
+        kernel.stopGBean(testRealm);
+        kernel.stopGBean(testCE);
+        kernel.stopGBean(clientCE);
+        kernel.stopGBean(clientLM);
+        kernel.stopGBean(loginConfiguration);
+        kernel.stopGBean(serverInfo);
+
+        kernel.unloadGBean(testCE);
+        kernel.unloadGBean(testRealm);
+        kernel.unloadGBean(clientCE);
+        kernel.unloadGBean(clientLM);
+        kernel.unloadGBean(loginConfiguration);
+        kernel.unloadGBean(serverInfo);
+
+        super.tearDown();
+    }
+
+    public void testCredentialStore() throws Exception {
+        Map<String, String> callbackHanders = new HashMap<String, String>();
+        callbackHanders.put(NameCallbackHandler.class.getName(), "izumi" );
+        callbackHanders.put(PasswordCallbackHandler.class.getName(), "violin");
+        Map<String, Map<String, String>> entries = new HashMap<String, Map<String, String>>();
+        entries.put("foo", callbackHanders);
+        Map<String, Map<String, Map<String, String>>> credentials = new HashMap<String, Map<String, Map<String, String>>>();
+        credentials.put("properties-realm", entries);
+        CredentialStore credentialStore = new SimpleCredentialStoreImpl(credentials, getClass().getClassLoader());
+        Subject subject = credentialStore.getSubject("properties-realm", "foo");
+        assertNotNull(subject);
+    }
+
+
+}

Propchange: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImplTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImplTest.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImplTest.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModuleTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModuleTest.java?view=auto&rev=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModuleTest.java (added)
+++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModuleTest.java Sat Jun  9 10:44:02 2007
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.security.realm.providers;
+
+import java.util.Set;
+import java.util.HashSet;
+import java.util.Iterator;
+
+import junit.framework.TestCase;
+import org.apache.geronimo.security.jaas.NamedUsernamePasswordCredential;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class GeronimoPropertiesFileMappedPasswordCredentialLoginModuleTest extends TestCase {
+    private GeronimoPropertiesFileMappedPasswordCredentialLoginModule loginModule;
+    private Set<NamedUsernamePasswordCredential> passwordCredentials;
+
+    protected void setUp() {
+        loginModule = new GeronimoPropertiesFileMappedPasswordCredentialLoginModule();
+        passwordCredentials = new HashSet<NamedUsernamePasswordCredential>();
+    }
+
+    public void testParsingOne() throws Exception {
+        loginModule.parseCredentials("foo:bar=baz", passwordCredentials);
+        assertEquals(1, passwordCredentials.size());
+        NamedUsernamePasswordCredential cred = passwordCredentials.iterator().next();
+        checkCredential(cred, "foo", "bar", "baz");
+    }
+    public void testParsingTwo() throws Exception {
+        loginModule.parseCredentials("foo:bar=baz,foo2:bar2=baz2", passwordCredentials);
+        assertEquals(2, passwordCredentials.size());
+        Iterator<NamedUsernamePasswordCredential> iterator = passwordCredentials.iterator();
+        NamedUsernamePasswordCredential cred = iterator.next();
+        checkCredential(cred, "foo", "bar", "baz");
+        cred = iterator.next();
+        checkCredential(cred, "foo2", "bar2", "baz2");
+    }
+
+    private void checkCredential(NamedUsernamePasswordCredential cred, String name, String user, String pw) {
+        assertEquals(name, cred.getName());
+        assertEquals(user, cred.getUsername());
+        assertEquals(pw, new String(cred.getPassword()));
+    }
+
+}

Propchange: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModuleTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModuleTest.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModuleTest.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java (original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java Sat Jun  9 10:44:02 2007
@@ -68,8 +68,6 @@
 import org.apache.geronimo.naming.deployment.ENCConfigBuilder;
 import org.apache.geronimo.naming.deployment.GBeanResourceEnvironmentBuilder;
 import org.apache.geronimo.naming.deployment.ResourceEnvironmentSetter;
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
-import org.apache.geronimo.security.deployment.SecurityConfiguration;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.geronimo.tomcat.ManagerGBean;
 import org.apache.geronimo.tomcat.RealmGBean;
@@ -81,22 +79,22 @@
 import org.apache.geronimo.xbeans.geronimo.web.tomcat.TomcatWebAppDocument;
 import org.apache.geronimo.xbeans.geronimo.web.tomcat.TomcatWebAppType;
 import org.apache.geronimo.xbeans.geronimo.web.tomcat.config.GerTomcatDocument;
-import org.apache.geronimo.xbeans.javaee.ServletType;
-import org.apache.geronimo.xbeans.javaee.WebAppDocument;
-import org.apache.geronimo.xbeans.javaee.WebAppType;
 import org.apache.geronimo.xbeans.javaee.EjbLocalRefType;
 import org.apache.geronimo.xbeans.javaee.EjbRefType;
 import org.apache.geronimo.xbeans.javaee.EnvEntryType;
-import org.apache.geronimo.xbeans.javaee.MessageDestinationType;
+import org.apache.geronimo.xbeans.javaee.LifecycleCallbackType;
 import org.apache.geronimo.xbeans.javaee.MessageDestinationRefType;
+import org.apache.geronimo.xbeans.javaee.MessageDestinationType;
 import org.apache.geronimo.xbeans.javaee.PersistenceContextRefType;
 import org.apache.geronimo.xbeans.javaee.PersistenceUnitRefType;
-import org.apache.geronimo.xbeans.javaee.LifecycleCallbackType;
 import org.apache.geronimo.xbeans.javaee.ResourceEnvRefType;
 import org.apache.geronimo.xbeans.javaee.ResourceRefType;
-import org.apache.geronimo.xbeans.javaee.ServiceRefType;
 import org.apache.geronimo.xbeans.javaee.SecurityConstraintType;
 import org.apache.geronimo.xbeans.javaee.SecurityRoleType;
+import org.apache.geronimo.xbeans.javaee.ServiceRefType;
+import org.apache.geronimo.xbeans.javaee.ServletType;
+import org.apache.geronimo.xbeans.javaee.WebAppDocument;
+import org.apache.geronimo.xbeans.javaee.WebAppType;
 import org.apache.xmlbeans.XmlCursor;
 import org.apache.xmlbeans.XmlException;
 import org.apache.xmlbeans.XmlObject;
@@ -430,7 +428,8 @@
 
                 SecurityHolder securityHolder = new SecurityHolder();
                 securityHolder.setSecurityRealm(tomcatWebApp.getSecurityRealmName().trim());
-                securityHolder.setRoleDesignates(((SecurityConfiguration) earContext.getSecurityConfiguration()).getRoleDesignates());
+
+                webModuleData.setReferencePattern("RunAsSource", earContext.getJaccManagerName());
 
                 /**
                  * TODO - go back to commented version when possible.
@@ -450,20 +449,12 @@
                 }
                 securityHolder.setChecked(checkedPermissions);
                 earContext.addSecurityContext(policyContextID, componentPermissions);
-                DefaultPrincipal defaultPrincipal = ((SecurityConfiguration) earContext.getSecurityConfiguration()).getDefaultPrincipal();
-                securityHolder.setDefaultPrincipal(defaultPrincipal);
-                if (defaultPrincipal != null) {
+                //TODO WTF is this for?
                     securityHolder.setSecurity(true);
-                }
 
                 webModuleData.setAttribute("securityHolder", securityHolder);
             }
 
-            if (servletTypes.length > 0) {
-                // Process security annotations for servlets only (before MBEs run)
-                SecurityAnnotationHelper.processAnnotations(webApp, webModule.getClassFinder());
-            }
-
             //listeners added directly to the StandardContext will get loaded by the tomcat classloader, not the app classloader!
             //TODO this may definitely not be the best place for this!
             for (ModuleBuilderExtension mbe : moduleBuilderExtensions) {
@@ -485,7 +476,7 @@
              * writing out a web.xml to the deployed location is the only way around this
              * until Tomcat fixes that bug.
              *
-             * For myfaces/jsf, the sped dd may have been updated with a listener.  So, we need to write it out again whether or not
+             * For myfaces/jsf, the spec dd may have been updated with a listener.  So, we need to write it out again whether or not
              * there originally was one. This might not work on windows due to file locking problems.
              */
 
@@ -505,6 +496,7 @@
                 shortWebApp.setServiceRefArray(new ServiceRefType[0]);
                 // TODO Tomcat will fail web services tck tests if the following security settings are set in shortWebApp
                 // need to figure out why...
+                //One clue is that without this stuff tomcat does not install an authenticator.... so there's no security
 //                 shortWebApp.setSecurityConstraintArray(new SecurityConstraintType[0]);
 //                 shortWebApp.setSecurityRoleArray(new SecurityRoleType[0]);
                 File webXml = new File(moduleContext.getBaseDir(), "/WEB-INF/web.xml");

Modified: geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/PlanParsingTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/PlanParsingTest.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/PlanParsingTest.java (original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/PlanParsingTest.java Sat Jun  9 10:44:02 2007
@@ -55,7 +55,7 @@
     private TomcatModuleBuilder builder;
 
     protected void setUp() throws Exception {
-        builder = new TomcatModuleBuilder(defaultEnvironment, tomcatContainerObjectName, Collections.singleton(webServiceBuilder), Collections.singleton(new GeronimoSecurityBuilderImpl()), Collections.singleton(new GBeanBuilder(null, null)), new NamingBuilderCollection(null, null), null, new MockResourceEnvironmentSetter(), null);
+        builder = new TomcatModuleBuilder(defaultEnvironment, tomcatContainerObjectName, Collections.singleton(webServiceBuilder), Collections.singleton(new GeronimoSecurityBuilderImpl(null)), Collections.singleton(new GBeanBuilder(null, null)), new NamingBuilderCollection(null, null), null, new MockResourceEnvironmentSetter(), null);
     }
 
     public void testResourceRef() throws Exception {

Modified: geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java (original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java Sat Jun  9 10:44:02 2007
@@ -19,12 +19,16 @@
 import java.io.File;
 import java.io.IOException;
 import java.net.MalformedURLException;
+import java.net.URI;
 import java.net.URL;
 import java.security.PermissionCollection;
 import java.security.Permissions;
-import java.util.*;
-
-import org.apache.geronimo.testsupport.TestSupport;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
 
 import org.apache.commons.io.FileUtils;
 import org.apache.geronimo.common.DeploymentException;
@@ -39,9 +43,8 @@
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.j2ee.deployment.EARContext;
 import org.apache.geronimo.j2ee.deployment.Module;
-import org.apache.geronimo.j2ee.deployment.WebServiceBuilder;
 import org.apache.geronimo.j2ee.deployment.NamingBuilderCollection;
-import org.apache.geronimo.j2ee.deployment.ModuleBuilderExtension;
+import org.apache.geronimo.j2ee.deployment.WebServiceBuilder;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.j2ee.management.impl.J2EEServerImpl;
 import org.apache.geronimo.kernel.Jsr77Naming;
@@ -68,10 +71,13 @@
 import org.apache.geronimo.kernel.repository.ImportType;
 import org.apache.geronimo.kernel.repository.Repository;
 import org.apache.geronimo.security.SecurityServiceImpl;
+import org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal;
+import org.apache.geronimo.security.credentialstore.DirectConfigurationCredentialStoreImpl;
 import org.apache.geronimo.security.deployment.GeronimoSecurityBuilderImpl;
 import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.geronimo.system.serverinfo.BasicServerInfo;
+import org.apache.geronimo.testsupport.TestSupport;
 import org.apache.geronimo.tomcat.ConnectorGBean;
 import org.apache.geronimo.tomcat.EngineGBean;
 import org.apache.geronimo.tomcat.HostGBean;
@@ -308,6 +314,15 @@
         ctcName = ctc.getAbstractName();
         ctc.setReferencePattern("TransactionManager", tmName);
 
+        GBeanData cs = bootstrap.addGBean("CredentialStore", DirectConfigurationCredentialStoreImpl.GBEAN_INFO);
+        Map<String, Map<String, Map<String, String>>> csd = new HashMap<String, Map<String, Map<String, String>>>();
+        Map<String, Map<String, String>> r = new HashMap<String, Map<String, String>>();
+        csd.put("foo", r);
+        Map<String, String> creds = new HashMap<String, String>();
+        r.put("metro", creds);
+        creds.put(GeronimoUserPrincipal.class.getName(), "metro");
+        cs.setAttribute("credentialStore", csd);
+
         ConfigurationUtil.loadBootstrapConfiguration(kernel, bootstrap, getClass().getClassLoader());
 
         configurationManager = ConfigurationUtil.getEditableConfigurationManager(kernel);
@@ -316,8 +331,7 @@
 
         defaultEnvironment.addDependency(baseId, ImportType.ALL);
         defaultEnvironment.setConfigId(webModuleArtifact);
-        ArrayList naming = new ArrayList();
-        builder = new TomcatModuleBuilder(defaultEnvironment, new AbstractNameQuery(containerName), Collections.singleton(webServiceBuilder), Collections.singleton(new GeronimoSecurityBuilderImpl()), Collections.singleton(new GBeanBuilder(null, null)), new NamingBuilderCollection(null, null), null, new MockResourceEnvironmentSetter(), null);
+        builder = new TomcatModuleBuilder(defaultEnvironment, new AbstractNameQuery(containerName), Collections.singleton(webServiceBuilder), Collections.singleton(new GeronimoSecurityBuilderImpl(new AbstractNameQuery(URI.create("?name=CredentialStore")))), Collections.singleton(new GBeanBuilder(null, null)), new NamingBuilderCollection(null, null), null, new MockResourceEnvironmentSetter(), null);
     }
 
     protected void tearDown() throws Exception {

Modified: geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/test/resources/deployables/war4/WEB-INF/geronimo-web.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/test/resources/deployables/war4/WEB-INF/geronimo-web.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/test/resources/deployables/war4/WEB-INF/geronimo-web.xml (original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/test/resources/deployables/war4/WEB-INF/geronimo-web.xml Sat Jun  9 10:44:02 2007
@@ -39,9 +39,10 @@
 
     <security-realm-name>test</security-realm-name>
     <security>
-        <default-principal>
-            <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="metro"/>
-        </default-principal>
+        <default-subject>
+            <realm>foo</realm>
+            <id>metro</id>
+        </default-subject>
     </security>
 
     <gbean name="TomcatRealm" class="org.apache.geronimo.tomcat.RealmGBean">

Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java (original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java Sat Jun  9 10:44:02 2007
@@ -41,10 +41,7 @@
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.security.ContextManager;
-import org.apache.geronimo.security.IdentificationPrincipal;
-import org.apache.geronimo.security.SubjectId;
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
-import org.apache.geronimo.security.util.ConfigurationUtil;
+import org.apache.geronimo.security.jacc.RunAsSource;
 import org.apache.geronimo.tomcat.interceptor.BeforeAfter;
 import org.apache.geronimo.tomcat.interceptor.ComponentContextBeforeAfter;
 import org.apache.geronimo.tomcat.interceptor.InstanceContextBeforeAfter;
@@ -64,6 +61,7 @@
     private static final long serialVersionUID = 3834587716552831032L;
 
     private Subject defaultSubject = null;
+    private RunAsSource runAsSource = RunAsSource.NULL;
 
     private Map webServiceMap = null;
 
@@ -72,7 +70,6 @@
     private BeforeAfter beforeAfter = null;
     private int contextCount = 0;
     
-    private Map<String,Subject> roleDesignates = null;
 
     public void setContextProperties(TomcatContext ctx) throws DeploymentException {
 
@@ -115,9 +112,9 @@
         //Set a PolicyContext BeforeAfter
         SecurityHolder securityHolder = ctx.getSecurityHolder();
         if (securityHolder != null) {
-            
+
             // save the role designates for mapping servlets to their run-as roles
-            roleDesignates = securityHolder.getRoleDesignates();
+            runAsSource = securityHolder.getRunAsSource();
             
             if (securityHolder.getPolicyContextID() != null) {
 
@@ -126,15 +123,11 @@
                 /**
                  * Register our default subject with the ContextManager
                  */
-                DefaultPrincipal defaultPrincipal = securityHolder.getDefaultPrincipal();
-                if (defaultPrincipal == null) {
-                    throw new GeronimoSecurityException("Unable to generate default principal");
-                }
+                defaultSubject = securityHolder.getDefaultSubject();
 
-                defaultSubject = ConfigurationUtil.generateDefaultSubject(defaultPrincipal, ctx.getClassLoader());
-                ContextManager.registerSubject(defaultSubject);
-                SubjectId id = ContextManager.getSubjectId(defaultSubject);
-                defaultSubject.getPrincipals().add(new IdentificationPrincipal(id));
+                if (defaultSubject == null) {
+                    defaultSubject = ContextManager.EMPTY;
+                }
 
                 interceptor = new PolicyContextBeforeAfter(interceptor, index++, index++, index++, securityHolder.getPolicyContextID(), defaultSubject);
 
@@ -182,7 +175,7 @@
         this.addInstanceListener("org.apache.geronimo.tomcat.listener.DispatchListener");
         
         //Set the run-as listener. listeners must be added before start() is called
-        if (roleDesignates != null) {
+        if (runAsSource != null) {
             this.addInstanceListener(RunAsInstanceListener.class.getName());
         }
     }
@@ -200,8 +193,8 @@
 
                 // if a servlet uses run-as then make sure role desgnates have been provided
                 if (hasRunAsServlet()) {
-                    if (roleDesignates == null) {
-                        throw new GeronimoSecurityException("web.xml or annotation specifies a run-as role but deployment descriptor does not provide a designated-run-as prinicpal for the role");
+                    if (runAsSource == null) {
+                        throw new GeronimoSecurityException("web.xml or annotation specifies a run-as role but no subject configuration supplied for run-as roles");
                     }
                 } else {
                     // optimization
@@ -386,16 +379,11 @@
     }
     
     /**
-     * Get the Subject for the designated Principal of a servlet's run as role 
-     * @return Subject containing designated Prinicpal for the servlet's run-as role, if specified.  otherwise null. 
+     * Get the Subject for the servlet's run-as role
+     * @param runAsRole Name of run as role to get Subject for
+     * @return Subject for the servlet's run-as role, if specified.  otherwise null. 
      */
-    public Subject getRoleDesignate(String servletName) {
-        Subject roleDesignate = null;
-        Wrapper servlet = (Wrapper)findChild(servletName);
-        if (servlet!=null && roleDesignates!=null) {
-            String roleName = servlet.getRunAs();
-            roleDesignate = roleDesignates.get(roleName);
-        }
-        return roleDesignate;
+    public Subject getSubjectForRole(String runAsRole) {
+        return runAsSource.getSubjectForRole(runAsRole);
     }
 }

Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContext.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContext.java (original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContext.java Sat Jun  9 10:44:02 2007
@@ -30,6 +30,7 @@
 import org.apache.geronimo.connector.outbound.connectiontracking.TrackedConnectionAssociator;
 import org.apache.geronimo.kernel.Kernel;
 import org.apache.geronimo.tomcat.util.SecurityHolder;
+import org.apache.geronimo.security.credentialstore.CredentialStore;
 
 /**
  * @version $Rev$ $Date$

Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java (original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatWebAppContext.java Sat Jun  9 10:44:02 2007
@@ -68,6 +68,8 @@
 import org.apache.geronimo.transaction.GeronimoUserTransaction;
 import org.apache.geronimo.webservices.WebServiceContainer;
 import org.apache.geronimo.webservices.WebServiceContainerFactory;
+import org.apache.geronimo.security.credentialstore.CredentialStore;
+import org.apache.geronimo.security.jacc.RunAsSource;
 import org.apache.naming.resources.DirContextURLStreamHandler;
 
 /**
@@ -117,6 +119,8 @@
 
     private final SecurityHolder securityHolder;
 
+    private final RunAsSource runAsSource;
+
     private final J2EEServer server;
 
     private final Map webServices;
@@ -140,7 +144,6 @@
 //  statistics
     private ModuleStats statsProvider;
     private boolean reset = true;
-
     public TomcatWebAppContext(
             ClassLoader classLoader,
             String objectName,
@@ -154,6 +157,7 @@
             TransactionManager transactionManager,
             TrackedConnectionAssociator trackedConnectionAssociator,
             TomcatContainer container,
+            RunAsSource runAsSource,
             ObjectRetriever tomcatRealm,
             ValveGBean tomcatValveChain,
             CatalinaClusterGBean cluster,
@@ -199,6 +203,12 @@
         this.trackedConnectionAssociator = trackedConnectionAssociator;
 
         this.server = server;
+        this.runAsSource = runAsSource == null? RunAsSource.NULL: runAsSource;
+        if (securityHolder != null) {
+            securityHolder.setDefaultSubject(this.runAsSource.getDefaultSubject());
+            securityHolder.setRunAsSource(this.runAsSource);
+        }
+
 
         this.configurationBaseURL = configurationBaseUrl;
 
@@ -216,7 +226,7 @@
 
         //Add the valve list
         if (tomcatValveChain != null){
-            ArrayList chain = new ArrayList();
+            ArrayList<Valve> chain = new ArrayList<Valve>();
             ValveGBean valveGBean = tomcatValveChain;
             while(valveGBean != null){
                 chain.add((Valve)valveGBean.getInternalObject());
@@ -571,6 +581,7 @@
         infoBuilder.addReference("TrackedConnectionAssociator", TrackedConnectionAssociator.class, NameFactory.JCA_CONNECTION_TRACKER);
 
         infoBuilder.addReference("Container", TomcatContainer.class, NameFactory.GERONIMO_SERVICE);
+        infoBuilder.addReference("RunAsSource", RunAsSource.class, NameFactory.JACC_MANAGER);
         infoBuilder.addReference("TomcatRealm", ObjectRetriever.class);
         infoBuilder.addReference("TomcatValveChain", ValveGBean.class);
         infoBuilder.addReference("Cluster", CatalinaClusterGBean.class, CatalinaClusterGBean.J2EE_TYPE);
@@ -599,6 +610,7 @@
                 "TransactionManager",
                 "TrackedConnectionAssociator",
                 "Container",
+                "RunAsSource",
                 "TomcatRealm",
                 "TomcatValveChain",
                 "Cluster",

Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java (original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java Sat Jun  9 10:44:02 2007
@@ -55,8 +55,8 @@
         PolicyContext.setContextID(policyContextID);
         PolicyContext.setHandlerData(httpRequest);
         if (httpRequest != null){
-            httpRequest.setAttribute(DEFAULT_SUBJECT, defaultSubject);
             context[defaultSubjectIndex] = httpRequest.getAttribute(DEFAULT_SUBJECT);
+            httpRequest.setAttribute(DEFAULT_SUBJECT, defaultSubject);
         }
 
 



Mime
View raw message