Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/RunAsInstanceListener.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/RunAsInstanceListener.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/RunAsInstanceListener.java
(original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/RunAsInstanceListener.java
Sat Jun 9 10:44:02 2007
@@ -17,12 +17,11 @@
package org.apache.geronimo.tomcat.listener;
import javax.security.auth.Subject;
-import javax.servlet.Servlet;
-import javax.servlet.ServletConfig;
import org.apache.catalina.Container;
import org.apache.catalina.InstanceEvent;
import org.apache.catalina.InstanceListener;
+import org.apache.catalina.Wrapper;
import org.apache.geronimo.security.Callers;
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.tomcat.GeronimoStandardContext;
@@ -37,10 +36,9 @@
Container parent = event.getWrapper().getParent();
if (parent instanceof GeronimoStandardContext) {
GeronimoStandardContext context = (GeronimoStandardContext)parent;
- Servlet servlet = event.getServlet();
- ServletConfig config = servlet.getServletConfig();
- String servletName = config.getServletName();
- Subject runAsSubject = context.getRoleDesignate(servletName);
+ Wrapper wrapper = event.getWrapper();
+ String runAsRole = wrapper.getRunAs();
+ Subject runAsSubject = context.getSubjectForRole(runAsRole);
if (runAsSubject != null) {
Callers oldCallers = ContextManager.getCallers();
ContextManager.registerSubject(runAsSubject);
Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/SecurityHolder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/SecurityHolder.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/SecurityHolder.java
(original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/SecurityHolder.java
Sat Jun 9 10:44:02 2007
@@ -22,7 +22,8 @@
import javax.security.auth.Subject;
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
+import org.apache.geronimo.security.deploy.SubjectInfo;
+import org.apache.geronimo.security.jacc.RunAsSource;
public class SecurityHolder implements Serializable
{
@@ -30,23 +31,12 @@
private static final long serialVersionUID = 3761404231197734961L;
private String policyContextID;
- private DefaultPrincipal defaultPrincipal;
+ private Subject defaultSubject;
private PermissionCollection checked;
private PermissionCollection excluded;
private String securityRealm;
private boolean security;
- private Map<String, Subject> roleDesignates;
-
- public SecurityHolder()
- {
- policyContextID = null;
- defaultPrincipal = null;
- checked = null;
- excluded = null;
- securityRealm = null;
- security = false;
- roleDesignates = null;
- }
+ private RunAsSource runAsSource;
public String getSecurityRealm() {
return securityRealm;
@@ -66,14 +56,14 @@
this.checked = checked;
}
- public DefaultPrincipal getDefaultPrincipal()
+ public Subject getDefaultSubject()
{
- return defaultPrincipal;
+ return defaultSubject;
}
- public void setDefaultPrincipal(DefaultPrincipal defaultPrincipal)
+ public void setDefaultSubject(Subject defaultSubject)
{
- this.defaultPrincipal = defaultPrincipal;
+ this.defaultSubject = defaultSubject;
}
public PermissionCollection getExcluded()
@@ -104,12 +94,12 @@
this.security = security;
}
- public Map<String, Subject> getRoleDesignates() {
- return roleDesignates;
+ public RunAsSource getRunAsSource() {
+ return runAsSource;
}
- public void setRoleDesignates(Map<String, Subject> roleDesignates) {
- this.roleDesignates = roleDesignates;
+ public void setRunAsSource(RunAsSource runAsSource) {
+ this.runAsSource = runAsSource;
}
-
+
}
Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/AbstractWebModuleTest.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
(original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
Sat Jun 9 10:44:02 2007
@@ -31,6 +31,7 @@
import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
import org.apache.geronimo.connector.outbound.connectiontracking.GeronimoTransactionListener;
import org.apache.geronimo.security.SecurityServiceImpl;
+import org.apache.geronimo.security.credentialstore.CredentialStore;
import org.apache.geronimo.security.deploy.PrincipalInfo;
import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration;
import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
@@ -40,6 +41,7 @@
import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
import org.apache.geronimo.security.jacc.ComponentPermissions;
import org.apache.geronimo.security.jacc.PrincipalRoleMapper;
+import org.apache.geronimo.security.jacc.RunAsSource;
import org.apache.geronimo.security.realm.GenericSecurityRealm;
import org.apache.geronimo.system.serverinfo.BasicServerInfo;
import org.apache.geronimo.system.serverinfo.ServerInfo;
@@ -63,7 +65,7 @@
protected static final String POLICY_CONTEXT_ID = "securetest";
private GeronimoLoginConfiguration loginConfiguration;
- protected TomcatWebAppContext setUpInsecureAppContext(URI relativeWebAppRoot, URL configurationBaseURL,
SecurityHolder securityHolder, ObjectRetriever tomcatRealm, ValveGBean valveChain) throws
Exception {
+ protected TomcatWebAppContext setUpInsecureAppContext(URI relativeWebAppRoot, URL configurationBaseURL,
SecurityHolder securityHolder, RunAsSource runAsSource, ObjectRetriever tomcatRealm, ValveGBean
valveChain) throws Exception {
TomcatWebAppContext app = new TomcatWebAppContext(cl,
null,
@@ -77,6 +79,7 @@
transactionManager,
connectionTrackingCoordinator,
container,
+ runAsSource,
tomcatRealm,
valveChain,
null,
@@ -94,17 +97,18 @@
return app;
}
- protected TomcatWebAppContext setUpSecureAppContext(Map roleDesignates, Map principalRoleMap,
ComponentPermissions componentPermissions, RealmGBean realm, SecurityHolder securityHolder)
throws Exception {
+ protected TomcatWebAppContext setUpSecureAppContext(Map roleDesignates, Map principalRoleMap,
ComponentPermissions componentPermissions, RealmGBean realm, SecurityHolder securityHolder,
CredentialStore credentialStore) throws Exception {
PrincipalRoleMapper roleMapper = new ApplicationPrincipalRoleConfigurationManager(principalRoleMap);
Map contextIDToPermissionsMap = new HashMap();
contextIDToPermissionsMap.put(POLICY_CONTEXT_ID, componentPermissions);
- ApplicationPolicyConfigurationManager jacc = new ApplicationPolicyConfigurationManager(contextIDToPermissionsMap,
roleDesignates, cl, roleMapper);
+ ApplicationPolicyConfigurationManager jacc = new ApplicationPolicyConfigurationManager(contextIDToPermissionsMap,
null, roleDesignates, cl, credentialStore, roleMapper);
jacc.doStart();
URL configurationBaseURL = new File(BASEDIR, "target/var/catalina/webapps/war3/WEB-INF/web.xml").toURL();
return setUpInsecureAppContext(new File(BASEDIR, "target/var/catalina/webapps/war3/").toURI(),
configurationBaseURL,
securityHolder,
+ jacc,
realm,
null);
}
@@ -129,8 +133,8 @@
JaasLoginService loginService = new JaasLoginService("HmacSHA1", "secret", cl, null);
PrincipalInfo.PrincipalEditor principalEditor = new PrincipalInfo.PrincipalEditor();
- principalEditor.setAsText("metro,org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal,false");
- GenericSecurityRealm realm = new GenericSecurityRealm(domainName, loginModuleUse,
true, true, (PrincipalInfo) principalEditor.getValue(), serverInfo, cl, null, loginService);
+ principalEditor.setAsText("metro,org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
+ GenericSecurityRealm realm = new GenericSecurityRealm(domainName, loginModuleUse,
true, true, serverInfo, cl, null, loginService);
loginService.setRealms(Collections.singleton(realm));
loginService.doStart();
Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ApplicationTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ApplicationTest.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ApplicationTest.java
(original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ApplicationTest.java
Sat Jun 9 10:44:02 2007
@@ -34,6 +34,7 @@
new File(basedir, "target/var/catalina/webapps/war1/WEB-INF/web.xml").toURL(),
null,
null,
+ null,
null);
HttpURLConnection connection = (HttpURLConnection) new URL(connector.getConnectUrl()
+ "/test/hello.txt").openConnection();
Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JAASSecurityTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JAASSecurityTest.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JAASSecurityTest.java
(original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JAASSecurityTest.java
Sat Jun 9 10:44:02 2007
@@ -29,6 +29,7 @@
import org.apache.geronimo.tomcat.util.SecurityHolder;
import org.apache.geronimo.security.jacc.ComponentPermissions;
+import org.apache.geronimo.security.credentialstore.CredentialStore;
/**
* Tests the JAAS security for Tomcat
@@ -159,11 +160,13 @@
//Force a new realm name and ignore the application name
SecurityHolder securityHolder = new SecurityHolder();
securityHolder.setSecurityRealm(securityRealmName);
+ CredentialStore credentialStore = null;
setUpSecureAppContext(new HashMap(),
new HashMap(),
componentPermissions,
realm,
- securityHolder);
+ securityHolder,
+ credentialStore);
}
protected void stopWebApp() throws Exception {
Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java
(original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java
Sat Jun 9 10:44:02 2007
@@ -23,6 +23,7 @@
import java.net.URL;
import java.security.PermissionCollection;
import java.security.Permissions;
+import java.security.Principal;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
@@ -33,12 +34,13 @@
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebUserDataPermission;
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
import org.apache.geronimo.security.deploy.PrincipalInfo;
import org.apache.geronimo.security.deploy.Role;
import org.apache.geronimo.security.deploy.Security;
+import org.apache.geronimo.security.deploy.SubjectInfo;
import org.apache.geronimo.security.deployment.GeronimoSecurityBuilderImpl;
import org.apache.geronimo.security.jacc.ComponentPermissions;
+import org.apache.geronimo.security.credentialstore.CredentialStore;
import org.apache.geronimo.tomcat.util.SecurityHolder;
@@ -61,15 +63,14 @@
Security securityConfig = new Security();
securityConfig.setUseContextHandler(false);
- DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
- PrincipalInfo principalInfo = new PrincipalInfo("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal",
"izumi", false);
- defaultPrincipal.setPrincipal(principalInfo);
-
- securityConfig.setDefaultPrincipal(defaultPrincipal);
+ String securityRealmName = "demo-properties-realm";
+ String defaultPrincipalId = "izumi";
+ SubjectInfo defaultSubjectInfo = new SubjectInfo(securityRealmName, defaultPrincipalId);
+ securityConfig.setDefaultSubjectInfo(defaultSubjectInfo);
Role role = new Role();
role.setRoleName("content-administrator");
- principalInfo = new PrincipalInfo("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal",
"it", false);
+ PrincipalInfo principalInfo = new PrincipalInfo("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal",
"it");
role.getPrincipals().add(principalInfo);
securityConfig.getRoleMappings().put(role.getRoleName(), role);
@@ -94,7 +95,7 @@
ComponentPermissions componentPermissions = new ComponentPermissions(excludedPermissions,
uncheckedPermissions, rolePermissions);
startWebApp(roleDesignates, principalRoleMap, componentPermissions,
- defaultPrincipal, permissions);
+ defaultSubjectInfo, permissions);
//Begin the test
HttpURLConnection connection = (HttpURLConnection) new URL(connector.getConnectUrl()
+ "/test/protected/hello.txt").openConnection();
@@ -168,7 +169,7 @@
Map roleDesignates,
Map principalRoleMap,
ComponentPermissions componentPermissions,
- DefaultPrincipal defaultPrincipal,
+ SubjectInfo defaultPrincipal,
PermissionCollection checked) throws Exception {
SecurityHolder securityHolder = new SecurityHolder();
@@ -176,25 +177,27 @@
securityHolder.setChecked(checked);
securityHolder.setExcluded(componentPermissions.getExcludedPermissions());
securityHolder.setPolicyContextID(POLICY_CONTEXT_ID);
- securityHolder.setDefaultPrincipal(defaultPrincipal);
+// securityHolder.setDefaultSubject(defaultPrincipal);
securityHolder.setSecurityRealm(securityRealmName);
+ CredentialStore credentialStore = null;
return setUpSecureAppContext(roleDesignates,
principalRoleMap,
componentPermissions,
null,
- securityHolder);
+ securityHolder,
+ credentialStore);
}
protected void stopWebApp() throws Exception {
}
- public void buildPrincipalRoleMap(Security security, Map roleDesignates, Map principalRoleMap)
{
+ public void buildPrincipalRoleMap(Security security, Map<String, SubjectInfo> roleDesignates,
Map<String, Set<Principal>> principalRoleMap) {
Map roleToPrincipalMap = new HashMap();
- GeronimoSecurityBuilderImpl.buildRolePrincipalMap(security, roleDesignates, roleToPrincipalMap,
getClass().getClassLoader());
+ GeronimoSecurityBuilderImpl.buildRolePrincipalMap(security, roleToPrincipalMap, getClass().getClassLoader());
invertMap(roleToPrincipalMap, principalRoleMap);
}
- private static Map invertMap(Map roleToPrincipalMap, Map principalRoleMapping) {
+ private static Map invertMap(Map<String, Set<Principal>> roleToPrincipalMap,
Map principalRoleMapping) {
for (Iterator roles = roleToPrincipalMap.entrySet().iterator(); roles.hasNext();)
{
Map.Entry entry = (Map.Entry) roles.next();
String role = (String) entry.getKey();
Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/StatTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/StatTest.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/StatTest.java
(original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/StatTest.java
Sat Jun 9 10:44:02 2007
@@ -36,7 +36,7 @@
public void testStats() throws Exception {
TomcatWebAppContext webModule;
webModule = setUpInsecureAppContext(new File(BASEDIR, "target/var/catalina/webapps/war1/").toURI(),
new File(
- BASEDIR, "target/var/catalina/webapps/war1/WEB-INF/web.xml").toURL(), null,
null, null);
+ BASEDIR, "target/var/catalina/webapps/war1/WEB-INF/web.xml").toURL(), null,
null, null, null);
HttpURLConnection connection = (HttpURLConnection) new URL(connector.getConnectUrl()
+ "/test/hello.txt")
.openConnection();
Modified: geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java
(original)
+++ geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java
Sat Jun 9 10:44:02 2007
@@ -66,6 +66,7 @@
import org.apache.geronimo.j2ee.deployment.NamingBuilder;
import org.apache.geronimo.j2ee.deployment.WebModule;
import org.apache.geronimo.j2ee.deployment.WebServiceBuilder;
+import org.apache.geronimo.j2ee.deployment.annotation.SecurityAnnotationHelper;
import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
import org.apache.geronimo.kernel.Kernel;
import org.apache.geronimo.kernel.Naming;
@@ -729,7 +730,6 @@
for (String roleName : unmappedRoles) {
addPermissionToRole(roleName, new WebRoleRefPermission(servletName, roleName),
rolePermissions);
}
-// servletData.setAttribute("webRoleRefPermissions", webRoleRefPermissions);
}
protected ClassFinder createWebAppClassFinder(WebAppType webApp, WebModule webModule)
throws DeploymentException {
@@ -801,6 +801,7 @@
// Create a classfinder and populate it for the naming builder(s). The absence
of a
// classFinder in the module will convey whether metadata-complete is set (or
not)
webModule.setClassFinder(createWebAppClassFinder(webApp, webModule));
+ SecurityAnnotationHelper.processAnnotations(webApp, webModule.getClassFinder());
}
//N.B. we use the ear context which has all the gbeans we could possibly be looking
up from this ear.
//nope, persistence units can be in the war.
Modified: geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-post.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-post.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-post.xml
(original)
+++ geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-post.xml
Sat Jun 9 10:44:02 2007
@@ -16,7 +16,7 @@
limitations under the License.
-->
-<xml-fragment xmlns:tom="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.2" xmlns:nam="http://geronimo.apache.org/xml/ns/naming-1.2"
xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.2" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2">
+<xml-fragment xmlns:tom="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.2" xmlns:nam="http://geronimo.apache.org/xml/ns/naming-1.2"
xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2">
<dep:environment>
<dep:moduleId>
<dep:groupId>test</dep:groupId>
@@ -40,12 +40,13 @@
</nam:resource-ref>
<tom:security-realm-name>jetspeed-realm</tom:security-realm-name>
<sec:security>
- <sec:default-principal>
- <sec:principal class="org.apache.jetspeed.security.impl.UserPrincipalImpl"
name="guest"/>
- </sec:default-principal>
+ <sec:default-subject>
+ <sec:realm>foo</sec:realm>
+ <sec:id>guest</sec:id>
+ </sec:default-subject>
<sec:role-mappings>
<sec:role role-name="admin">
- <sec:principal class="org.apache.jetspeed.security.impl.RolePrincipalImpl"
name="admin" designated-run-as="true"/>
+ <sec:principal class="org.apache.jetspeed.security.impl.RolePrincipalImpl"
name="admin"/>
</sec:role>
</sec:role-mappings>
</sec:security>
Modified: geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre.xml
(original)
+++ geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre.xml
Sat Jun 9 10:44:02 2007
@@ -44,12 +44,13 @@
</resource-ref>
<security-realm-name>jetspeed-realm</security-realm-name>
<security>
- <default-principal>
- <principal class="org.apache.jetspeed.security.impl.UserPrincipalImpl" name="guest"/>
- </default-principal>
+ <default-subject>
+ <realm>foo</realm>
+ <id>guest</id>
+ </default-subject>
<role-mappings>
<role role-name="admin">
- <principal class="org.apache.jetspeed.security.impl.RolePrincipalImpl"
name="admin" designated-run-as="true"/>
+ <principal class="org.apache.jetspeed.security.impl.RolePrincipalImpl"
name="admin"/>
</role>
</role-mappings>
</security>
Modified: geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre2.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre2.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre2.xml
(original)
+++ geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre2.xml
Sat Jun 9 10:44:02 2007
@@ -44,12 +44,13 @@
</resource-ref>
<security-realm-name>jetspeed-realm</security-realm-name>
<security>
- <default-principal>
- <principal class="org.apache.jetspeed.security.impl.UserPrincipalImpl" name="guest"/>
- </default-principal>
+ <default-subject>
+ <realm>foo</realm>
+ <id>guest</id>
+ </default-subject>
<role-mappings>
<role role-name="admin">
- <principal class="org.apache.jetspeed.security.impl.RolePrincipalImpl"
name="admin" designated-run-as="true"/>
+ <principal class="org.apache.jetspeed.security.impl.RolePrincipalImpl"
name="admin"/>
</role>
</role-mappings>
</security>
Modified: geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre3.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre3.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre3.xml
(original)
+++ geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre3.xml
Sat Jun 9 10:44:02 2007
@@ -44,12 +44,13 @@
</resource-ref>
<security-realm-name>jetspeed-realm</security-realm-name>
<security>
- <default-principal>
- <principal class="org.apache.jetspeed.security.impl.UserPrincipalImpl" name="guest"/>
- </default-principal>
+ <default-subject>
+ <realm>foo</realm>
+ <id>guest</id>
+ </default-subject>
<role-mappings>
<role role-name="admin">
- <principal class="org.apache.jetspeed.security.impl.RolePrincipalImpl"
name="admin" designated-run-as="true"/>
+ <principal class="org.apache.jetspeed.security.impl.RolePrincipalImpl"
name="admin"/>
</role>
</role-mappings>
</security>
Modified: geronimo/server/trunk/modules/geronimo-yoko/src/main/java/org/apache/geronimo/yoko/ORBConfigAdapter.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-yoko/src/main/java/org/apache/geronimo/yoko/ORBConfigAdapter.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-yoko/src/main/java/org/apache/geronimo/yoko/ORBConfigAdapter.java
(original)
+++ geronimo/server/trunk/modules/geronimo-yoko/src/main/java/org/apache/geronimo/yoko/ORBConfigAdapter.java
Sat Jun 9 10:44:02 2007
@@ -19,7 +19,6 @@
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Enumeration;
-import java.util.HashMap;
import java.util.List;
import java.util.Properties;
@@ -34,11 +33,7 @@
import org.apache.geronimo.corba.security.config.tss.TSSConfig;
import org.apache.geronimo.corba.security.config.tss.TSSSSLTransportConfig;
import org.apache.geronimo.corba.security.config.tss.TSSTransportMechConfig;
-import org.apache.geronimo.corba.util.Util;
import org.apache.geronimo.gbean.GBeanLifecycle;
-import org.apache.geronimo.security.deploy.DefaultDomainPrincipal;
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
-import org.apache.geronimo.security.deploy.DefaultRealmPrincipal;
import org.apache.yoko.orb.CosNaming.tnaming.TransientNameService;
import org.apache.yoko.orb.CosNaming.tnaming.TransientServiceException;
import org.apache.yoko.orb.OB.ZERO_PORT_POLICY_ID;
@@ -227,25 +222,26 @@
*/
private String[] translateToArgs(CORBABean server) throws ConfigException {
ArrayList<String> list = new ArrayList<String>();
-
- TSSConfig config = server.getTssConfig();
+//TODO GERONIMO-2687, I don't think it makes sense to associate a default principal with
a tss config, but if we need it
+ //here's the disfunctional code.
+// TSSConfig config = server.getTssConfig();
// if the TSSConfig includes principal information, we need to add argument values
// for this information.
- DefaultPrincipal principal = config.getDefaultPrincipal();
- if (principal != null) {
- if (principal instanceof DefaultRealmPrincipal) {
- DefaultRealmPrincipal realmPrincipal = (DefaultRealmPrincipal) principal;
- list.add("default-realm-principal::" + realmPrincipal.getRealm() + ":" +
realmPrincipal.getDomain() + ":"
- + realmPrincipal.getPrincipal().getClassName() + ":" + realmPrincipal.getPrincipal().getPrincipalName());
- } else if (principal instanceof DefaultDomainPrincipal) {
- DefaultDomainPrincipal domainPrincipal = (DefaultDomainPrincipal) principal;
- list.add("default-domain-principal::" + domainPrincipal.getDomain() + ":"
- + domainPrincipal.getPrincipal().getClassName() + ":" + domainPrincipal.getPrincipal().getPrincipalName());
- } else {
- list.add("default-principal::" + principal.getPrincipal().getClassName()
+ ":" + principal.getPrincipal().getPrincipalName());
- }
- }
+// DefaultPrincipal principal = config.getDefaultPrincipal();
+// if (principal != null) {
+// if (principal instanceof DefaultRealmPrincipal) {
+// DefaultRealmPrincipal realmPrincipal = (DefaultRealmPrincipal) principal;
+// list.add("default-realm-principal::" + realmPrincipal.getRealm() + ":"
+ realmPrincipal.getDomain() + ":"
+// + realmPrincipal.getPrincipal().getClassName() + ":" + realmPrincipal.getPrincipal().getPrincipalName());
+// } else if (principal instanceof DefaultDomainPrincipal) {
+// DefaultDomainPrincipal domainPrincipal = (DefaultDomainPrincipal) principal;
+// list.add("default-domain-principal::" + domainPrincipal.getDomain() + ":"
+// + domainPrincipal.getPrincipal().getClassName() + ":" + domainPrincipal.getPrincipal().getPrincipalName());
+// } else {
+// list.add("default-principal::" + principal.getPrincipal().getClassName()
+ ":" + principal.getPrincipal().getPrincipalName());
+// }
+// }
// enable the connection plugin
enableSocketFactory(server.getURI(), list);
Modified: geronimo/server/trunk/modules/geronimo-yoko/src/test/java/org/apache/geronimo/yoko/TSSConfigEditorTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-yoko/src/test/java/org/apache/geronimo/yoko/TSSConfigEditorTest.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-yoko/src/test/java/org/apache/geronimo/yoko/TSSConfigEditorTest.java
(original)
+++ geronimo/server/trunk/modules/geronimo-yoko/src/test/java/org/apache/geronimo/yoko/TSSConfigEditorTest.java
Sat Jun 9 10:44:02 2007
@@ -51,9 +51,6 @@
}
private static final String TEST_XML4 = " <tss:tss xmlns:tss=\"http://openejb.apache.org/xml/ns/corba-tss-config-2.1\"
xmlns:sec=\"http://geronimo.apache.org/xml/ns/security-1.2\">\n" +
- " <tss:default-principal>\n"
+
- " <sec:principal class=\"org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal\"
name=\"guest\"/>\n" +
- " </tss:default-principal>\n"
+
" <tss:SSL port=\"6685\" hostname=\"localhost\">\n"
+
" <tss:supports>Integrity
Confidentiality EstablishTrustInTarget EstablishTrustInClient</tss:supports>\n" +
" <tss:requires>Integrity
Confidentiality EstablishTrustInClient</tss:requires>\n" +
|