geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r549098 - in /geronimo/server/trunk/modules: geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/ geronimo-security-builder/src/main/schema/ geronimo-service-builder/src/main/java/org/apache/geronimo/deployment/s...
Date Wed, 20 Jun 2007 12:58:52 GMT
Author: djencks
Date: Wed Jun 20 05:58:51 2007
New Revision: 549098

URL: http://svn.apache.org/viewvc?view=rev&rev=549098
Log:
GERONIMO-2687 Allow security element to specify a non-default credential-store

Modified:
    geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/GeronimoSecurityBuilderImpl.java
    geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd
    geronimo/server/trunk/modules/geronimo-service-builder/src/main/java/org/apache/geronimo/deployment/service/SingleGBeanBuilder.java

Modified: geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/GeronimoSecurityBuilderImpl.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/GeronimoSecurityBuilderImpl.java?view=diff&rev=549098&r1=549097&r2=549098
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/GeronimoSecurityBuilderImpl.java
(original)
+++ geronimo/server/trunk/modules/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/GeronimoSecurityBuilderImpl.java
Wed Jun 20 05:58:51 2007
@@ -22,12 +22,15 @@
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
+import java.util.Collections;
 
 import javax.xml.namespace.QName;
 
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.deployment.DeploymentContext;
 import org.apache.geronimo.deployment.NamespaceDrivenBuilder;
+import org.apache.geronimo.deployment.service.SingleGBeanBuilder;
+import org.apache.geronimo.deployment.xbeans.PatternType;
 import org.apache.geronimo.deployment.xmlbeans.XmlBeansUtil;
 import org.apache.geronimo.gbean.AbstractName;
 import org.apache.geronimo.gbean.GBeanData;
@@ -48,6 +51,7 @@
 import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
 import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
 import org.apache.geronimo.security.util.ConfigurationUtil;
+import org.apache.geronimo.security.credentialstore.CredentialStore;
 import org.apache.geronimo.xbeans.geronimo.security.GerLoginDomainPrincipalType;
 import org.apache.geronimo.xbeans.geronimo.security.GerPrincipalType;
 import org.apache.geronimo.xbeans.geronimo.security.GerRealmPrincipalType;
@@ -56,6 +60,7 @@
 import org.apache.geronimo.xbeans.geronimo.security.GerSecurityDocument;
 import org.apache.geronimo.xbeans.geronimo.security.GerSecurityType;
 import org.apache.geronimo.xbeans.geronimo.security.GerSubjectInfoType;
+import org.apache.geronimo.xbeans.geronimo.security.GerCredentialStoreType;
 import org.apache.xmlbeans.QNameSet;
 import org.apache.xmlbeans.XmlException;
 import org.apache.xmlbeans.XmlObject;
@@ -92,9 +97,7 @@
             ClassLoader classLoader = applicationContext.getClassLoader();
             SecurityConfiguration securityConfiguration = buildSecurityConfiguration(security,
classLoader);
             earContext.setSecurityConfiguration(securityConfiguration);
-//        }
-        //add the JACC gbean if there is a principal-role mapping and we are on the correct
module
-//        if (earContext.getSecurityConfiguration() != null && applicationContext
== moduleContext) {
+            
             Naming naming = earContext.getNaming();
             GBeanData roleMapperData = configureRoleMapper(naming, earContext.getModuleName(),
securityConfiguration);
             try {
@@ -102,7 +105,15 @@
             } catch (GBeanAlreadyExistsException e) {
                 throw new DeploymentException("Role mapper gbean already present", e);
             }
-            GBeanData jaccBeanData = configureApplicationPolicyManager(naming, earContext.getModuleName(),
earContext.getContextIDToPermissionsMap(), securityConfiguration);
+            AbstractNameQuery credentialStoreName;
+            if (securityType.isSetCredentialStore()) {
+                GerCredentialStoreType credentialStoreType = securityType.getCredentialStore();
+                PatternType patternType = credentialStoreType.getPattern();
+                credentialStoreName = SingleGBeanBuilder.buildAbstractNameQuery(patternType,
NameFactory.GERONIMO_SERVICE, Collections.singleton(CredentialStore.class.getName()));
+            } else {
+                credentialStoreName = this.credentialStoreName;
+            }
+            GBeanData jaccBeanData = configureApplicationPolicyManager(naming, earContext.getModuleName(),
earContext.getContextIDToPermissionsMap(), securityConfiguration, credentialStoreName);
             jaccBeanData.setReferencePattern("PrincipalRoleMapper", roleMapperData.getAbstractName());
             try {
                 earContext.addGBean(jaccBeanData);
@@ -264,7 +275,7 @@
         return roleMapperData;
     }
 
-    protected GBeanData configureApplicationPolicyManager(Naming naming, AbstractName moduleName,
Map contextIDToPermissionsMap, SecurityConfiguration securityConfiguration) {
+    protected GBeanData configureApplicationPolicyManager(Naming naming, AbstractName moduleName,
Map contextIDToPermissionsMap, SecurityConfiguration securityConfiguration, AbstractNameQuery
credentialStoreName) {
         AbstractName jaccBeanName = naming.createChildName(moduleName, NameFactory.JACC_MANAGER,
NameFactory.JACC_MANAGER);
         GBeanData jaccBeanData = new GBeanData(jaccBeanName, ApplicationPolicyConfigurationManager.GBEAN_INFO);
         jaccBeanData.setAttribute("contextIdToPermissionsMap", contextIDToPermissionsMap);

Modified: geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd?view=diff&rev=549098&r1=549097&r2=549098
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd
(original)
+++ geronimo/server/trunk/modules/geronimo-security-builder/src/main/schema/geronimo-security-2.0.xsd
Wed Jun 20 05:58:51 2007
@@ -20,19 +20,22 @@
 <!-- $Rev$ $Date$ -->
 
 <xsd:schema
-    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
-    xmlns:j2ee="http://java.sun.com/xml/ns/j2ee"
-    xmlns:geronimo="http://geronimo.apache.org/xml/ns/security-2.0"
-    targetNamespace="http://geronimo.apache.org/xml/ns/security-2.0"
-    xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-1.2"
-    elementFormDefault="qualified"
-    attributeFormDefault="unqualified"
-    version="2.0">
+        xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+        xmlns:j2ee="http://java.sun.com/xml/ns/j2ee"
+        xmlns:geronimo="http://geronimo.apache.org/xml/ns/security-2.0"
+        targetNamespace="http://geronimo.apache.org/xml/ns/security-2.0"
+        xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-1.2"
+        xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2"
+        elementFormDefault="qualified"
+        attributeFormDefault="unqualified"
+        version="2.0">
 
     <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
     <xsd:import namespace="http://geronimo.apache.org/xml/ns/j2ee/application-1.2" schemaLocation="geronimo-application-1.2.xsd"/>
+    <xsd:import namespace="http://geronimo.apache.org/xml/ns/deployment-1.2"  schemaLocation="geronimo-module-1.2.xsd"/>
 
-    <xsd:element name="security" type="geronimo:securityType"  substitutionGroup="app:security"/>
+    <xsd:element name="security" type="geronimo:securityType" substitutionGroup="app:security"/>
+    <xsd:element name="credential-store" type="geronimo:credential-storeType"/>
     <xsd:element name="default-subject" type="geronimo:subject-infoType"/>
 
     <xsd:complexType name="securityType">
@@ -47,38 +50,40 @@
         <xsd:complexContent>
             <xsd:extension base="app:abstract-securityType">
 
-        <xsd:sequence>
-            <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0"
maxOccurs="unbounded"/>
-            <xsd:element name="default-subject" type="geronimo:subject-infoType" minOccurs="0"/>
-            <xsd:element name="role-mappings" type="geronimo:role-mappingsType" minOccurs="0"/>
-        </xsd:sequence>
-        <xsd:attribute name="doas-current-caller" type="xsd:boolean" default="false">
-            <xsd:annotation>
-                <xsd:documentation>
-                    Set this attribute to "true" if the work is to be performed
-                    as the calling Subject.
-                </xsd:documentation>
-            </xsd:annotation>
-        </xsd:attribute>
-        <xsd:attribute name="use-context-handler" type="xsd:boolean" default="false">
-            <xsd:annotation>
-                <xsd:documentation>
-                    Set this attribute to "true" if the installed JACC policy
-                    contexts will use PolicyContextHandlers.
-                </xsd:documentation>
-            </xsd:annotation>
-        </xsd:attribute>
-        <xsd:attribute name="default-role" type="xsd:string">
-            <xsd:annotation>
-                <xsd:documentation>
-                    Used by the the Deployer to assign method permissions for
-                    all of the unspecified methods, either by assigning them
-                    to security roles, or by marking them as unchecked.  If
-                    the value of default-role is empty, then the unspecified
-                    methods are marked unchecked
-                </xsd:documentation>
-            </xsd:annotation>
-        </xsd:attribute>
+                <xsd:sequence>
+                    <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0"
+                                 maxOccurs="unbounded"/>
+                    <xsd:element name="credential-store" type="geronimo:credential-storeType"
minOccurs="0"/>
+                    <xsd:element name="default-subject" type="geronimo:subject-infoType"
minOccurs="0"/>
+                    <xsd:element name="role-mappings" type="geronimo:role-mappingsType"
minOccurs="0"/>
+                </xsd:sequence>
+                <xsd:attribute name="doas-current-caller" type="xsd:boolean" default="false">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            Set this attribute to "true" if the work is to be performed
+                            as the calling Subject.
+                        </xsd:documentation>
+                    </xsd:annotation>
+                </xsd:attribute>
+                <xsd:attribute name="use-context-handler" type="xsd:boolean" default="false">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            Set this attribute to "true" if the installed JACC policy
+                            contexts will use PolicyContextHandlers.
+                        </xsd:documentation>
+                    </xsd:annotation>
+                </xsd:attribute>
+                <xsd:attribute name="default-role" type="xsd:string">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            Used by the the Deployer to assign method permissions for
+                            all of the unspecified methods, either by assigning them
+                            to security roles, or by marking them as unchecked. If
+                            the value of default-role is empty, then the unspecified
+                            methods are marked unchecked
+                        </xsd:documentation>
+                    </xsd:annotation>
+                </xsd:attribute>
             </xsd:extension>
         </xsd:complexContent>
     </xsd:complexType>
@@ -110,9 +115,11 @@
             <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0"
maxOccurs="unbounded"/>
             <xsd:element name="run-as-subject" type="geronimo:subject-infoType" minOccurs="0"/>
             <xsd:element name="realm-principal" type="geronimo:realmPrincipalType" minOccurs="0"
maxOccurs="unbounded"/>
-            <xsd:element name="login-domain-principal" type="geronimo:loginDomainPrincipalType"
minOccurs="0" maxOccurs="unbounded"/>
+            <xsd:element name="login-domain-principal" type="geronimo:loginDomainPrincipalType"
minOccurs="0"
+                         maxOccurs="unbounded"/>
             <xsd:element name="principal" type="geronimo:principalType" minOccurs="0"
maxOccurs="unbounded"/>
-            <xsd:element name="distinguished-name" type="geronimo:distinguishedNameType"
minOccurs="0" maxOccurs="unbounded"/>
+            <xsd:element name="distinguished-name" type="geronimo:distinguishedNameType"
minOccurs="0"
+                         maxOccurs="unbounded"/>
         </xsd:sequence>
         <xsd:attribute name="role-name" type="xsd:string" use="required"/>
     </xsd:complexType>
@@ -156,5 +163,19 @@
         </xsd:sequence>
     </xsd:complexType>
 
+    <xsd:complexType name="credential-storeType">
+        <xsd:sequence>
+            <xsd:element name="pattern" type="sys:patternType">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        The pattern element defines a components of the
+                        abstract name of GBean referred. It (optionally) includes
+                        the groupId, artifactId, version,
+                        module, type, and name of the GBean module.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+        </xsd:sequence>
+    </xsd:complexType>
 
 </xsd:schema>

Modified: geronimo/server/trunk/modules/geronimo-service-builder/src/main/java/org/apache/geronimo/deployment/service/SingleGBeanBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-service-builder/src/main/java/org/apache/geronimo/deployment/service/SingleGBeanBuilder.java?view=diff&rev=549098&r1=549097&r2=549098
==============================================================================
--- geronimo/server/trunk/modules/geronimo-service-builder/src/main/java/org/apache/geronimo/deployment/service/SingleGBeanBuilder.java
(original)
+++ geronimo/server/trunk/modules/geronimo-service-builder/src/main/java/org/apache/geronimo/deployment/service/SingleGBeanBuilder.java
Wed Jun 20 05:58:51 2007
@@ -157,6 +157,12 @@
     }
 
     public static AbstractNameQuery buildAbstractNameQuery(PatternType pattern, GReferenceInfo
referenceInfo) {
+        String nameTypeName = referenceInfo == null? null: referenceInfo.getNameTypeName();
+        Set interfaceTypes = referenceInfo == null? null: Collections.singleton(referenceInfo.getReferenceType());
+        return buildAbstractNameQuery(pattern, nameTypeName, interfaceTypes);
+    }
+
+    public static AbstractNameQuery buildAbstractNameQuery(PatternType pattern, String nameTypeName,
Set interfaceTypes) {
         String groupId = pattern.isSetGroupId() ? pattern.getGroupId().trim() : null;
         String artifactid = pattern.isSetArtifactId() ? pattern.getArtifactId().trim() :
null;
         String version = pattern.isSetVersion() ? pattern.getVersion().trim() : null;
@@ -166,8 +172,8 @@
 
         Artifact artifact = artifactid != null? new Artifact(groupId, artifactid, version,
"car"): null;
         //get the type from the gbean info if not supplied explicitly
-        if (type == null && referenceInfo != null) {
-            type = referenceInfo.getNameTypeName();
+        if (type == null) {
+            type = nameTypeName;
         }
         Map nameMap = new HashMap();
         if (name != null) {
@@ -179,7 +185,6 @@
         if (module != null) {
             nameMap.put("J2EEModule", module);
         }
-        Set interfaceTypes = referenceInfo == null? null: Collections.singleton(referenceInfo.getReferenceType());
         return new AbstractNameQuery(artifact, nameMap, interfaceTypes);
     }
 



Mime
View raw message