Return-Path: Delivered-To: apmail-geronimo-scm-archive@www.apache.org Received: (qmail 76478 invoked from network); 12 Jun 2007 00:48:17 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 12 Jun 2007 00:48:17 -0000 Received: (qmail 62715 invoked by uid 500); 12 Jun 2007 00:48:20 -0000 Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org Received: (qmail 62680 invoked by uid 500); 12 Jun 2007 00:48:20 -0000 Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list scm@geronimo.apache.org Received: (qmail 62669 invoked by uid 99); 12 Jun 2007 00:48:20 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Jun 2007 17:48:20 -0700 X-ASF-Spam-Status: No, hits=-99.5 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Jun 2007 17:48:15 -0700 Received: by eris.apache.org (Postfix, from userid 65534) id 938BD1A981A; Mon, 11 Jun 2007 17:47:55 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r546336 - in /geronimo/server/trunk/modules: geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/ geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/ geronimo-tomcat6/src/test/java/org/apache/geronimo/to... Date: Tue, 12 Jun 2007 00:47:55 -0000 To: scm@geronimo.apache.org From: djencks@apache.org X-Mailer: svnmailer-1.1.0 Message-Id: <20070612004755.938BD1A981A@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: djencks Date: Mon Jun 11 17:47:54 2007 New Revision: 546336 URL: http://svn.apache.org/viewvc?view=rev&rev=546336 Log: GERONIMO-3154 Clean up tomcat security checks, removing unused and unnecessary non-jacc permission info Modified: geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/SecurityHolder.java geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java Modified: geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java?view=diff&rev=546336&r1=546335&r2=546336 ============================================================================== --- geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java (original) +++ geronimo/server/trunk/modules/geronimo-tomcat6-builder/src/main/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilder.java Mon Jun 11 17:47:54 2007 @@ -22,13 +22,9 @@ import java.io.FileWriter; import java.io.IOException; import java.net.URL; -import java.security.Permission; import java.security.PermissionCollection; -import java.security.Permissions; import java.util.Collection; -import java.util.Enumeration; import java.util.HashMap; -import java.util.Iterator; import java.util.Map; import java.util.Set; import java.util.concurrent.atomic.AtomicBoolean; @@ -59,7 +55,6 @@ import org.apache.geronimo.j2ee.deployment.WebModule; import org.apache.geronimo.j2ee.deployment.WebServiceBuilder; import org.apache.geronimo.j2ee.deployment.annotation.AnnotatedWebApp; -import org.apache.geronimo.j2ee.deployment.annotation.SecurityAnnotationHelper; import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory; import org.apache.geronimo.kernel.Kernel; import org.apache.geronimo.kernel.Naming; @@ -89,8 +84,6 @@ import org.apache.geronimo.xbeans.javaee.PersistenceUnitRefType; import org.apache.geronimo.xbeans.javaee.ResourceEnvRefType; import org.apache.geronimo.xbeans.javaee.ResourceRefType; -import org.apache.geronimo.xbeans.javaee.SecurityConstraintType; -import org.apache.geronimo.xbeans.javaee.SecurityRoleType; import org.apache.geronimo.xbeans.javaee.ServiceRefType; import org.apache.geronimo.xbeans.javaee.ServletType; import org.apache.geronimo.xbeans.javaee.WebAppDocument; @@ -115,7 +108,7 @@ public TomcatModuleBuilder(Environment defaultEnvironment, AbstractNameQuery tomcatContainerName, - Collection webServiceBuilder, + Collection webServiceBuilder, Collection securityBuilders, Collection serviceBuilders, NamingBuilder namingBuilders, @@ -212,6 +205,7 @@ warName = "$root-dir$"; } } catch (IOException e) { + //really? } } idBuilder.resolve(environment, warName, "war"); @@ -315,8 +309,8 @@ configureBasicWebModuleAttributes(webApp, tomcatWebApp, moduleContext, earContext, webModule, webModuleData); try { moduleContext.addGBean(webModuleData); - Set securityRoles = collectRoleNames(webApp); - Map rolePermissions = new HashMap(); + Set securityRoles = collectRoleNames(webApp); + Map rolePermissions = new HashMap(); webModuleData.setAttribute("contextPath", webModule.getContextRoot()); // unsharableResources, applicationManagedSecurityResources GBeanResourceEnvironmentBuilder rebuilder = new GBeanResourceEnvironmentBuilder(webModuleData); @@ -362,20 +356,17 @@ AbstractName managerName = earContext.getNaming().createChildName(moduleName, manager, ManagerGBean.J2EE_TYPE); webModuleData.setReferencePattern("Manager", managerName); } - Map portMap = webModule.getSharedContext(); //Handle the role permissions and webservices on the servlets. ServletType[] servletTypes = webApp.getServletArray(); - Map webServices = new HashMap(); + Map webServices = new HashMap(); Class baseServletClass; try { baseServletClass = webClassLoader.loadClass(Servlet.class.getName()); } catch (ClassNotFoundException e) { throw new DeploymentException("Could not load javax.servlet.Servlet in web classloader", e); // TODO identify web app in message } - for (int i = 0; i < servletTypes.length; i++) { - ServletType servletType = servletTypes[i]; - + for (ServletType servletType : servletTypes) { //Handle the Role Ref Permissions processRoleRefPermissions(servletType, securityRoles, rolePermissions); @@ -396,8 +387,7 @@ //let the web service builder deal with configuring the gbean with the web service stack //Here we just extract the factory reference boolean configured = false; - for (Iterator iterator = webServiceBuilder.iterator(); iterator.hasNext();) { - WebServiceBuilder serviceBuilder = (WebServiceBuilder) iterator.next(); + for (WebServiceBuilder serviceBuilder : webServiceBuilder) { if (serviceBuilder.configurePOJO(servletData, servletName, module, servletClassName, moduleContext)) { configured = true; break; @@ -438,19 +428,9 @@ securityHolder.setPolicyContextID(policyContextID); ComponentPermissions componentPermissions = buildSpecSecurityConfig(webApp, securityRoles, rolePermissions); - securityHolder.setExcluded(componentPermissions.getExcludedPermissions()); - PermissionCollection checkedPermissions = new Permissions(); - for (Iterator iterator = rolePermissions.values().iterator(); iterator.hasNext();) { - PermissionCollection permissionsForRole = (PermissionCollection) iterator.next(); - for (Enumeration iterator2 = permissionsForRole.elements(); iterator2.hasMoreElements();) { - Permission permission = (Permission) iterator2.nextElement(); - checkedPermissions.add(permission); - } - } - securityHolder.setChecked(checkedPermissions); earContext.addSecurityContext(policyContextID, componentPermissions); //TODO WTF is this for? - securityHolder.setSecurity(true); + securityHolder.setSecurity(true); webModuleData.setAttribute("securityHolder", securityHolder); } Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/SecurityHolder.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/SecurityHolder.java?view=diff&rev=546336&r1=546335&r2=546336 ============================================================================== --- geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/SecurityHolder.java (original) +++ geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/util/SecurityHolder.java Mon Jun 11 17:47:54 2007 @@ -17,12 +17,9 @@ package org.apache.geronimo.tomcat.util; import java.io.Serializable; -import java.security.PermissionCollection; -import java.util.Map; import javax.security.auth.Subject; -import org.apache.geronimo.security.deploy.SubjectInfo; import org.apache.geronimo.security.jacc.RunAsSource; public class SecurityHolder implements Serializable @@ -32,8 +29,6 @@ private String policyContextID; private Subject defaultSubject; - private PermissionCollection checked; - private PermissionCollection excluded; private String securityRealm; private boolean security; private RunAsSource runAsSource; @@ -46,16 +41,6 @@ this.securityRealm = securityRealm; } - public PermissionCollection getChecked() - { - return checked; - } - - public void setChecked(PermissionCollection checked) - { - this.checked = checked; - } - public Subject getDefaultSubject() { return defaultSubject; @@ -64,16 +49,6 @@ public void setDefaultSubject(Subject defaultSubject) { this.defaultSubject = defaultSubject; - } - - public PermissionCollection getExcluded() - { - return excluded; - } - - public void setExcluded(PermissionCollection excluded) - { - this.excluded = excluded; } public String getPolicyContextID() Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java?view=diff&rev=546336&r1=546335&r2=546336 ============================================================================== --- geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java (original) +++ geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java Mon Jun 11 17:47:54 2007 @@ -174,8 +174,6 @@ SecurityHolder securityHolder = new SecurityHolder(); securityHolder.setSecurity(true); - securityHolder.setChecked(checked); - securityHolder.setExcluded(componentPermissions.getExcludedPermissions()); securityHolder.setPolicyContextID(POLICY_CONTEXT_ID); // securityHolder.setDefaultSubject(defaultPrincipal); securityHolder.setSecurityRealm(securityRealmName);