geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r545781 [5/5] - in /geronimo/server/trunk: configs/ configs/axis/ configs/axis2/ configs/client-deployer/src/plan/ configs/cxf/ configs/j2ee-corba-yoko/src/plan/ configs/j2ee-deployer/src/plan/ configs/j2ee-security/src/plan/ configs/jasper...
Date Sat, 09 Jun 2007 17:44:07 GMT
Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/RunAsInstanceListener.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/RunAsInstanceListener.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/RunAsInstanceListener.java
(original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/RunAsInstanceListener.java
Sat Jun  9 10:44:02 2007
@@ -17,12 +17,11 @@
 package org.apache.geronimo.tomcat.listener;
 
 import javax.security.auth.Subject;
-import javax.servlet.Servlet;
-import javax.servlet.ServletConfig;
 
 import org.apache.catalina.Container;
 import org.apache.catalina.InstanceEvent;
 import org.apache.catalina.InstanceListener;
+import org.apache.catalina.Wrapper;
 import org.apache.geronimo.security.Callers;
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.tomcat.GeronimoStandardContext;
@@ -37,10 +36,9 @@
             Container parent = event.getWrapper().getParent();
             if (parent instanceof GeronimoStandardContext) {
                 GeronimoStandardContext context = (GeronimoStandardContext)parent;
-                Servlet servlet = event.getServlet();
-                ServletConfig config = servlet.getServletConfig();
-                String servletName = config.getServletName();
-                Subject runAsSubject = context.getRoleDesignate(servletName);
+                Wrapper wrapper = event.getWrapper();
+                String runAsRole = wrapper.getRunAs();
+                Subject runAsSubject = context.getSubjectForRole(runAsRole);
                 if (runAsSubject != null) {
                     Callers oldCallers = ContextManager.getCallers();
                     ContextManager.registerSubject(runAsSubject);

Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/SecurityHolder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/SecurityHolder.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/SecurityHolder.java
(original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/SecurityHolder.java
Sat Jun  9 10:44:02 2007
@@ -22,7 +22,8 @@
 
 import javax.security.auth.Subject;
 
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
+import org.apache.geronimo.security.deploy.SubjectInfo;
+import org.apache.geronimo.security.jacc.RunAsSource;
 
 public class SecurityHolder implements Serializable
 {
@@ -30,23 +31,12 @@
     private static final long serialVersionUID = 3761404231197734961L;
 
     private String policyContextID;
-    private DefaultPrincipal defaultPrincipal;
+    private Subject defaultSubject;
     private PermissionCollection checked;
     private PermissionCollection excluded;
     private String securityRealm;
     private boolean security;
-    private Map<String, Subject> roleDesignates;
-
-    public SecurityHolder()
-    {
-        policyContextID = null;
-        defaultPrincipal = null;
-        checked = null;
-        excluded = null;
-        securityRealm = null;
-        security = false;
-        roleDesignates = null;
-    }
+    private RunAsSource runAsSource;
 
     public String getSecurityRealm() {
         return securityRealm;
@@ -66,14 +56,14 @@
         this.checked = checked;
     }
 
-    public DefaultPrincipal getDefaultPrincipal()
+    public Subject getDefaultSubject()
     {
-        return defaultPrincipal;
+        return defaultSubject;
     }
 
-    public void setDefaultPrincipal(DefaultPrincipal defaultPrincipal)
+    public void setDefaultSubject(Subject defaultSubject)
     {
-        this.defaultPrincipal = defaultPrincipal;
+        this.defaultSubject = defaultSubject;
     }
 
     public PermissionCollection getExcluded()
@@ -104,12 +94,12 @@
         this.security = security;
     }
 
-    public Map<String, Subject> getRoleDesignates() {
-        return roleDesignates;
+    public RunAsSource getRunAsSource() {
+        return runAsSource;
     }
 
-    public void setRoleDesignates(Map<String, Subject> roleDesignates) {
-        this.roleDesignates = roleDesignates;
+    public void setRunAsSource(RunAsSource runAsSource) {
+        this.runAsSource = runAsSource;
     }
-    
+
 }

Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/AbstractWebModuleTest.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
(original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/AbstractWebModuleTest.java
Sat Jun  9 10:44:02 2007
@@ -31,6 +31,7 @@
 import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
 import org.apache.geronimo.connector.outbound.connectiontracking.GeronimoTransactionListener;
 import org.apache.geronimo.security.SecurityServiceImpl;
+import org.apache.geronimo.security.credentialstore.CredentialStore;
 import org.apache.geronimo.security.deploy.PrincipalInfo;
 import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration;
 import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
@@ -40,6 +41,7 @@
 import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.geronimo.security.jacc.PrincipalRoleMapper;
+import org.apache.geronimo.security.jacc.RunAsSource;
 import org.apache.geronimo.security.realm.GenericSecurityRealm;
 import org.apache.geronimo.system.serverinfo.BasicServerInfo;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
@@ -63,7 +65,7 @@
     protected static final String POLICY_CONTEXT_ID = "securetest";
     private GeronimoLoginConfiguration loginConfiguration;
 
-    protected TomcatWebAppContext setUpInsecureAppContext(URI relativeWebAppRoot, URL configurationBaseURL,
SecurityHolder securityHolder, ObjectRetriever tomcatRealm, ValveGBean valveChain) throws
Exception {
+    protected TomcatWebAppContext setUpInsecureAppContext(URI relativeWebAppRoot, URL configurationBaseURL,
SecurityHolder securityHolder, RunAsSource runAsSource, ObjectRetriever tomcatRealm, ValveGBean
valveChain) throws Exception {
 
         TomcatWebAppContext app = new TomcatWebAppContext(cl,
                 null,
@@ -77,6 +79,7 @@
                 transactionManager,
                 connectionTrackingCoordinator,
                 container,
+                runAsSource,
                 tomcatRealm,
                 valveChain,
                 null,
@@ -94,17 +97,18 @@
         return app;
     }
 
-    protected TomcatWebAppContext setUpSecureAppContext(Map roleDesignates, Map principalRoleMap,
ComponentPermissions componentPermissions, RealmGBean realm, SecurityHolder securityHolder)
throws Exception {
+    protected TomcatWebAppContext setUpSecureAppContext(Map roleDesignates, Map principalRoleMap,
ComponentPermissions componentPermissions, RealmGBean realm, SecurityHolder securityHolder,
CredentialStore credentialStore) throws Exception {
         PrincipalRoleMapper roleMapper = new ApplicationPrincipalRoleConfigurationManager(principalRoleMap);
         Map contextIDToPermissionsMap = new HashMap();
         contextIDToPermissionsMap.put(POLICY_CONTEXT_ID, componentPermissions);
-        ApplicationPolicyConfigurationManager jacc = new ApplicationPolicyConfigurationManager(contextIDToPermissionsMap,
roleDesignates, cl, roleMapper);
+        ApplicationPolicyConfigurationManager jacc = new ApplicationPolicyConfigurationManager(contextIDToPermissionsMap,
null, roleDesignates, cl, credentialStore, roleMapper);
         jacc.doStart();
 
         URL configurationBaseURL = new File(BASEDIR, "target/var/catalina/webapps/war3/WEB-INF/web.xml").toURL();
         return setUpInsecureAppContext(new File(BASEDIR, "target/var/catalina/webapps/war3/").toURI(),
                 configurationBaseURL,
                 securityHolder,
+                jacc,
                 realm,
                 null);
     }
@@ -129,8 +133,8 @@
         JaasLoginService loginService = new JaasLoginService("HmacSHA1", "secret", cl, null);
 
         PrincipalInfo.PrincipalEditor principalEditor = new PrincipalInfo.PrincipalEditor();
-        principalEditor.setAsText("metro,org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal,false");
-        GenericSecurityRealm realm = new GenericSecurityRealm(domainName, loginModuleUse,
true, true, (PrincipalInfo) principalEditor.getValue(), serverInfo, cl, null, loginService);
+        principalEditor.setAsText("metro,org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
+        GenericSecurityRealm realm = new GenericSecurityRealm(domainName, loginModuleUse,
true, true, serverInfo, cl, null, loginService);
 
         loginService.setRealms(Collections.singleton(realm));
         loginService.doStart();

Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ApplicationTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ApplicationTest.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ApplicationTest.java
(original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ApplicationTest.java
Sat Jun  9 10:44:02 2007
@@ -34,6 +34,7 @@
                 new File(basedir, "target/var/catalina/webapps/war1/WEB-INF/web.xml").toURL(),
                 null,
                 null,
+                null,
                 null);
 
         HttpURLConnection connection = (HttpURLConnection) new URL(connector.getConnectUrl()
+  "/test/hello.txt").openConnection();

Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JAASSecurityTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JAASSecurityTest.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JAASSecurityTest.java
(original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JAASSecurityTest.java
Sat Jun  9 10:44:02 2007
@@ -29,6 +29,7 @@
 
 import org.apache.geronimo.tomcat.util.SecurityHolder;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
+import org.apache.geronimo.security.credentialstore.CredentialStore;
 
 /**
  * Tests the JAAS security for Tomcat
@@ -159,11 +160,13 @@
         //Force a new realm name and ignore the application name
         SecurityHolder securityHolder = new SecurityHolder();
         securityHolder.setSecurityRealm(securityRealmName);
+        CredentialStore credentialStore = null;
         setUpSecureAppContext(new HashMap(),
                 new HashMap(),
                 componentPermissions,
                 realm,
-                securityHolder);
+                securityHolder,
+                credentialStore);
     }
 
     protected void stopWebApp() throws Exception {

Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java
(original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java
Sat Jun  9 10:44:02 2007
@@ -23,6 +23,7 @@
 import java.net.URL;
 import java.security.PermissionCollection;
 import java.security.Permissions;
+import java.security.Principal;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
@@ -33,12 +34,13 @@
 import javax.security.jacc.WebResourcePermission;
 import javax.security.jacc.WebUserDataPermission;
 
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
 import org.apache.geronimo.security.deploy.PrincipalInfo;
 import org.apache.geronimo.security.deploy.Role;
 import org.apache.geronimo.security.deploy.Security;
+import org.apache.geronimo.security.deploy.SubjectInfo;
 import org.apache.geronimo.security.deployment.GeronimoSecurityBuilderImpl;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
+import org.apache.geronimo.security.credentialstore.CredentialStore;
 import org.apache.geronimo.tomcat.util.SecurityHolder;
 
 
@@ -61,15 +63,14 @@
         Security securityConfig = new Security();
         securityConfig.setUseContextHandler(false);
 
-        DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
-        PrincipalInfo principalInfo = new PrincipalInfo("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal",
"izumi", false);
-        defaultPrincipal.setPrincipal(principalInfo);
-
-        securityConfig.setDefaultPrincipal(defaultPrincipal);
+        String securityRealmName = "demo-properties-realm";
+        String defaultPrincipalId = "izumi";
+        SubjectInfo defaultSubjectInfo = new SubjectInfo(securityRealmName, defaultPrincipalId);
+        securityConfig.setDefaultSubjectInfo(defaultSubjectInfo);
 
         Role role = new Role();
         role.setRoleName("content-administrator");
-        principalInfo = new PrincipalInfo("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal",
"it", false);
+        PrincipalInfo principalInfo = new PrincipalInfo("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal",
"it");
         role.getPrincipals().add(principalInfo);
 
         securityConfig.getRoleMappings().put(role.getRoleName(), role);
@@ -94,7 +95,7 @@
         ComponentPermissions componentPermissions = new ComponentPermissions(excludedPermissions,
uncheckedPermissions, rolePermissions);
 
         startWebApp(roleDesignates, principalRoleMap, componentPermissions,
-                defaultPrincipal, permissions);
+                defaultSubjectInfo, permissions);
 
         //Begin the test
         HttpURLConnection connection = (HttpURLConnection) new URL(connector.getConnectUrl()
+ "/test/protected/hello.txt").openConnection();
@@ -168,7 +169,7 @@
             Map roleDesignates,
             Map principalRoleMap,
             ComponentPermissions componentPermissions,
-            DefaultPrincipal defaultPrincipal,
+            SubjectInfo defaultPrincipal,
             PermissionCollection checked) throws Exception {
 
         SecurityHolder securityHolder = new SecurityHolder();
@@ -176,25 +177,27 @@
         securityHolder.setChecked(checked);
         securityHolder.setExcluded(componentPermissions.getExcludedPermissions());
         securityHolder.setPolicyContextID(POLICY_CONTEXT_ID);
-        securityHolder.setDefaultPrincipal(defaultPrincipal);
+//        securityHolder.setDefaultSubject(defaultPrincipal);
         securityHolder.setSecurityRealm(securityRealmName);
+        CredentialStore credentialStore = null;
         return setUpSecureAppContext(roleDesignates,
                 principalRoleMap,
                 componentPermissions,
                 null,
-                securityHolder);
+                securityHolder,
+                credentialStore);
     }
 
     protected void stopWebApp() throws Exception {
     }
 
-    public void buildPrincipalRoleMap(Security security, Map roleDesignates, Map principalRoleMap)
{
+    public void buildPrincipalRoleMap(Security security, Map<String, SubjectInfo> roleDesignates,
Map<String, Set<Principal>> principalRoleMap) {
         Map roleToPrincipalMap = new HashMap();
-        GeronimoSecurityBuilderImpl.buildRolePrincipalMap(security, roleDesignates, roleToPrincipalMap,
getClass().getClassLoader());
+        GeronimoSecurityBuilderImpl.buildRolePrincipalMap(security, roleToPrincipalMap, getClass().getClassLoader());
         invertMap(roleToPrincipalMap, principalRoleMap);
     }
 
-    private static Map invertMap(Map roleToPrincipalMap, Map principalRoleMapping) {
+    private static Map invertMap(Map<String, Set<Principal>> roleToPrincipalMap,
Map principalRoleMapping) {
         for (Iterator roles = roleToPrincipalMap.entrySet().iterator(); roles.hasNext();)
{
             Map.Entry entry = (Map.Entry) roles.next();
             String role = (String) entry.getKey();

Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/StatTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/StatTest.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/StatTest.java
(original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/StatTest.java
Sat Jun  9 10:44:02 2007
@@ -36,7 +36,7 @@
     public void testStats() throws Exception {
         TomcatWebAppContext webModule;
         webModule = setUpInsecureAppContext(new File(BASEDIR, "target/var/catalina/webapps/war1/").toURI(),
new File(
-                BASEDIR, "target/var/catalina/webapps/war1/WEB-INF/web.xml").toURL(), null,
null, null);
+                BASEDIR, "target/var/catalina/webapps/war1/WEB-INF/web.xml").toURL(), null,
null, null, null);
 
             HttpURLConnection connection = (HttpURLConnection) new URL(connector.getConnectUrl()
+ "/test/hello.txt")
                     .openConnection();

Modified: geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java
(original)
+++ geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java
Sat Jun  9 10:44:02 2007
@@ -66,6 +66,7 @@
 import org.apache.geronimo.j2ee.deployment.NamingBuilder;
 import org.apache.geronimo.j2ee.deployment.WebModule;
 import org.apache.geronimo.j2ee.deployment.WebServiceBuilder;
+import org.apache.geronimo.j2ee.deployment.annotation.SecurityAnnotationHelper;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.kernel.Kernel;
 import org.apache.geronimo.kernel.Naming;
@@ -729,7 +730,6 @@
         for (String roleName : unmappedRoles) {
             addPermissionToRole(roleName, new WebRoleRefPermission(servletName, roleName),
rolePermissions);
         }
-//        servletData.setAttribute("webRoleRefPermissions", webRoleRefPermissions);
     }
 
     protected ClassFinder createWebAppClassFinder(WebAppType webApp, WebModule webModule)
throws DeploymentException {
@@ -801,6 +801,7 @@
             // Create a classfinder and populate it for the naming builder(s). The absence
of a
             // classFinder in the module will convey whether metadata-complete is set (or
not)
             webModule.setClassFinder(createWebAppClassFinder(webApp, webModule));
+            SecurityAnnotationHelper.processAnnotations(webApp, webModule.getClassFinder());
         }
         //N.B. we use the ear context which has all the gbeans we could possibly be looking
up from this ear.
         //nope, persistence units can be in the war.

Modified: geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-post.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-post.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-post.xml
(original)
+++ geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-post.xml
Sat Jun  9 10:44:02 2007
@@ -16,7 +16,7 @@
    limitations under the License.
 -->
 
-<xml-fragment xmlns:tom="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.2" xmlns:nam="http://geronimo.apache.org/xml/ns/naming-1.2"
xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.2" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2">
+<xml-fragment xmlns:tom="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.2" xmlns:nam="http://geronimo.apache.org/xml/ns/naming-1.2"
xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2">
     <dep:environment>
         <dep:moduleId>
             <dep:groupId>test</dep:groupId>
@@ -40,12 +40,13 @@
     </nam:resource-ref>
     <tom:security-realm-name>jetspeed-realm</tom:security-realm-name>
     <sec:security>
-        <sec:default-principal>
-            <sec:principal class="org.apache.jetspeed.security.impl.UserPrincipalImpl"
name="guest"/>
-        </sec:default-principal>
+        <sec:default-subject>
+            <sec:realm>foo</sec:realm>
+            <sec:id>guest</sec:id>
+        </sec:default-subject>
         <sec:role-mappings>
             <sec:role role-name="admin">
-                <sec:principal class="org.apache.jetspeed.security.impl.RolePrincipalImpl"
name="admin" designated-run-as="true"/>
+                <sec:principal class="org.apache.jetspeed.security.impl.RolePrincipalImpl"
name="admin"/>
             </sec:role>
         </sec:role-mappings>
     </sec:security>

Modified: geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre.xml
(original)
+++ geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre.xml
Sat Jun  9 10:44:02 2007
@@ -44,12 +44,13 @@
     </resource-ref>
     <security-realm-name>jetspeed-realm</security-realm-name>
     <security>
-        <default-principal>
-            <principal class="org.apache.jetspeed.security.impl.UserPrincipalImpl" name="guest"/>
-        </default-principal>
+        <default-subject>
+            <realm>foo</realm>
+            <id>guest</id>
+        </default-subject>
         <role-mappings>
             <role role-name="admin">
-                <principal class="org.apache.jetspeed.security.impl.RolePrincipalImpl"
name="admin" designated-run-as="true"/>
+                <principal class="org.apache.jetspeed.security.impl.RolePrincipalImpl"
name="admin"/>
             </role>
         </role-mappings>
     </security>

Modified: geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre2.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre2.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre2.xml
(original)
+++ geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre2.xml
Sat Jun  9 10:44:02 2007
@@ -44,12 +44,13 @@
     </resource-ref>
     <security-realm-name>jetspeed-realm</security-realm-name>
     <security>
-        <default-principal>
-            <principal class="org.apache.jetspeed.security.impl.UserPrincipalImpl" name="guest"/>
-        </default-principal>
+        <default-subject>
+            <realm>foo</realm>
+            <id>guest</id>
+        </default-subject>
         <role-mappings>
             <role role-name="admin">
-                <principal class="org.apache.jetspeed.security.impl.RolePrincipalImpl"
name="admin" designated-run-as="true"/>
+                <principal class="org.apache.jetspeed.security.impl.RolePrincipalImpl"
name="admin"/>
             </role>
         </role-mappings>
     </security>

Modified: geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre3.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre3.xml?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre3.xml
(original)
+++ geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/plans/tomcat-pre3.xml
Sat Jun  9 10:44:02 2007
@@ -44,12 +44,13 @@
     </resource-ref>
     <security-realm-name>jetspeed-realm</security-realm-name>
     <security>
-        <default-principal>
-            <principal class="org.apache.jetspeed.security.impl.UserPrincipalImpl" name="guest"/>
-        </default-principal>
+        <default-subject>
+            <realm>foo</realm>
+            <id>guest</id>
+        </default-subject>
         <role-mappings>
             <role role-name="admin">
-                <principal class="org.apache.jetspeed.security.impl.RolePrincipalImpl"
name="admin" designated-run-as="true"/>
+                <principal class="org.apache.jetspeed.security.impl.RolePrincipalImpl"
name="admin"/>
             </role>
         </role-mappings>
     </security>

Modified: geronimo/server/trunk/modules/geronimo-yoko/src/main/java/org/apache/geronimo/yoko/ORBConfigAdapter.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-yoko/src/main/java/org/apache/geronimo/yoko/ORBConfigAdapter.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-yoko/src/main/java/org/apache/geronimo/yoko/ORBConfigAdapter.java
(original)
+++ geronimo/server/trunk/modules/geronimo-yoko/src/main/java/org/apache/geronimo/yoko/ORBConfigAdapter.java
Sat Jun  9 10:44:02 2007
@@ -19,7 +19,6 @@
 import java.lang.reflect.Method;
 import java.util.ArrayList;
 import java.util.Enumeration;
-import java.util.HashMap;
 import java.util.List;
 import java.util.Properties;
 
@@ -34,11 +33,7 @@
 import org.apache.geronimo.corba.security.config.tss.TSSConfig;
 import org.apache.geronimo.corba.security.config.tss.TSSSSLTransportConfig;
 import org.apache.geronimo.corba.security.config.tss.TSSTransportMechConfig;
-import org.apache.geronimo.corba.util.Util;
 import org.apache.geronimo.gbean.GBeanLifecycle;
-import org.apache.geronimo.security.deploy.DefaultDomainPrincipal;
-import org.apache.geronimo.security.deploy.DefaultPrincipal;
-import org.apache.geronimo.security.deploy.DefaultRealmPrincipal;
 import org.apache.yoko.orb.CosNaming.tnaming.TransientNameService;
 import org.apache.yoko.orb.CosNaming.tnaming.TransientServiceException;
 import org.apache.yoko.orb.OB.ZERO_PORT_POLICY_ID;
@@ -227,25 +222,26 @@
      */
     private String[] translateToArgs(CORBABean server) throws ConfigException {
         ArrayList<String> list = new ArrayList<String>();
-
-        TSSConfig config = server.getTssConfig();
+//TODO GERONIMO-2687, I don't think it makes sense to associate a default principal with
 a tss config, but if we need it
+        //here's the disfunctional code.
+//        TSSConfig config = server.getTssConfig();
 
         // if the TSSConfig includes principal information, we need to add argument values
         // for this information.
-        DefaultPrincipal principal = config.getDefaultPrincipal();
-        if (principal != null) {
-            if (principal instanceof DefaultRealmPrincipal) {
-                DefaultRealmPrincipal realmPrincipal = (DefaultRealmPrincipal) principal;
-                list.add("default-realm-principal::" + realmPrincipal.getRealm() + ":" +
realmPrincipal.getDomain() + ":"
-                         + realmPrincipal.getPrincipal().getClassName() + ":" + realmPrincipal.getPrincipal().getPrincipalName());
-            } else if (principal instanceof DefaultDomainPrincipal) {
-                DefaultDomainPrincipal domainPrincipal = (DefaultDomainPrincipal) principal;
-                list.add("default-domain-principal::" + domainPrincipal.getDomain() + ":"
-                         + domainPrincipal.getPrincipal().getClassName() + ":" + domainPrincipal.getPrincipal().getPrincipalName());
-            } else {
-                list.add("default-principal::" + principal.getPrincipal().getClassName()
+ ":" + principal.getPrincipal().getPrincipalName());
-            }
-        }
+//        DefaultPrincipal principal = config.getDefaultPrincipal();
+//        if (principal != null) {
+//            if (principal instanceof DefaultRealmPrincipal) {
+//                DefaultRealmPrincipal realmPrincipal = (DefaultRealmPrincipal) principal;
+//                list.add("default-realm-principal::" + realmPrincipal.getRealm() + ":"
+ realmPrincipal.getDomain() + ":"
+//                         + realmPrincipal.getPrincipal().getClassName() + ":" + realmPrincipal.getPrincipal().getPrincipalName());
+//            } else if (principal instanceof DefaultDomainPrincipal) {
+//                DefaultDomainPrincipal domainPrincipal = (DefaultDomainPrincipal) principal;
+//                list.add("default-domain-principal::" + domainPrincipal.getDomain() + ":"
+//                         + domainPrincipal.getPrincipal().getClassName() + ":" + domainPrincipal.getPrincipal().getPrincipalName());
+//            } else {
+//                list.add("default-principal::" + principal.getPrincipal().getClassName()
+ ":" + principal.getPrincipal().getPrincipalName());
+//            }
+//        }
 
         // enable the connection plugin
         enableSocketFactory(server.getURI(), list);

Modified: geronimo/server/trunk/modules/geronimo-yoko/src/test/java/org/apache/geronimo/yoko/TSSConfigEditorTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-yoko/src/test/java/org/apache/geronimo/yoko/TSSConfigEditorTest.java?view=diff&rev=545781&r1=545780&r2=545781
==============================================================================
--- geronimo/server/trunk/modules/geronimo-yoko/src/test/java/org/apache/geronimo/yoko/TSSConfigEditorTest.java
(original)
+++ geronimo/server/trunk/modules/geronimo-yoko/src/test/java/org/apache/geronimo/yoko/TSSConfigEditorTest.java
Sat Jun  9 10:44:02 2007
@@ -51,9 +51,6 @@
     }
 
     private static final String TEST_XML4 = "            <tss:tss xmlns:tss=\"http://openejb.apache.org/xml/ns/corba-tss-config-2.1\"
xmlns:sec=\"http://geronimo.apache.org/xml/ns/security-1.2\">\n" +
-                                            "                <tss:default-principal>\n"
+
-                                            "                    <sec:principal class=\"org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal\"
name=\"guest\"/>\n" +
-                                            "                </tss:default-principal>\n"
+
                                             "                <tss:SSL port=\"6685\" hostname=\"localhost\">\n"
+
                                             "                    <tss:supports>Integrity
Confidentiality EstablishTrustInTarget EstablishTrustInClient</tss:supports>\n" +
                                             "                    <tss:requires>Integrity
Confidentiality EstablishTrustInClient</tss:requires>\n" +



Mime
View raw message