geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r554749 - in /geronimo/server/trunk/modules/geronimo-openejb: ./ src/main/java/org/apache/geronimo/openejb/
Date Mon, 09 Jul 2007 19:54:07 GMT
Author: djencks
Date: Mon Jul  9 12:54:06 2007
New Revision: 554749

URL: http://svn.apache.org/viewvc?view=rev&rev=554749
Log:
OPENEJB-605 related, a remote openejb-protocol login module to get the identification principal,
and changes to the SecurityService and IdentityService to use it

Added:
    geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenejbRemoteLoginModule.java
  (with props)
    geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/ServerIdentityToken.java
  (with props)
Modified:
    geronimo/server/trunk/modules/geronimo-openejb/pom.xml
    geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoIdentityResolver.java
    geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoSecurityService.java

Modified: geronimo/server/trunk/modules/geronimo-openejb/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-openejb/pom.xml?view=diff&rev=554749&r1=554748&r2=554749
==============================================================================
--- geronimo/server/trunk/modules/geronimo-openejb/pom.xml (original)
+++ geronimo/server/trunk/modules/geronimo-openejb/pom.xml Mon Jul  9 12:54:06 2007
@@ -71,6 +71,10 @@
                 <groupId>stax</groupId>
                 <artifactId>stax-api</artifactId>
               </exclusion>
+                <exclusion>
+                    <groupId>org.apache.openjpa</groupId>
+                    <artifactId>openjpa-persistence-jdbc</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 

Modified: geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoIdentityResolver.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoIdentityResolver.java?view=diff&rev=554749&r1=554748&r2=554749
==============================================================================
--- geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoIdentityResolver.java
(original)
+++ geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoIdentityResolver.java
Mon Jul  9 12:54:06 2007
@@ -35,12 +35,11 @@
             return null;
         }
 
-        Set<IdentificationPrincipal> identificationPrincipals = subject.getPrincipals(IdentificationPrincipal.class);
-        if (identificationPrincipals.isEmpty()) {
+        Set<ServerIdentityToken> ids = subject.getPrivateCredentials(ServerIdentityToken.class);
+        if (ids.isEmpty()) {
             return null;
         }
-
-        IdentificationPrincipal principal = identificationPrincipals.iterator().next();
-        return principal.getId();
+        ServerIdentityToken id = ids.iterator().next();
+        return id.getId();
     }
 }

Modified: geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoSecurityService.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoSecurityService.java?view=diff&rev=554749&r1=554748&r2=554749
==============================================================================
--- geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoSecurityService.java
(original)
+++ geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoSecurityService.java
Mon Jul  9 12:54:06 2007
@@ -17,6 +17,18 @@
  */
 package org.apache.geronimo.openejb;
 
+import java.lang.reflect.Method;
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
+import java.security.Permission;
+import java.security.Principal;
+import java.util.Properties;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.security.jacc.EJBMethodPermission;
+
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.security.SubjectId;
 import org.apache.openejb.InterfaceType;
@@ -25,17 +37,6 @@
 import org.apache.openejb.core.security.jaas.UsernamePasswordCallbackHandler;
 import org.apache.openejb.spi.SecurityService;
 
-import javax.security.auth.Subject;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-import javax.security.jacc.EJBMethodPermission;
-import java.lang.reflect.Method;
-import java.security.AccessControlContext;
-import java.security.AccessControlException;
-import java.security.Permission;
-import java.security.Principal;
-import java.util.Properties;
-
 /**
  * @version $Rev$ $Date$
  */
@@ -44,7 +45,11 @@
     }
 
     public Object login(String user, String pass) throws LoginException {
-        LoginContext context = new LoginContext("OpenEJB", new UsernamePasswordCallbackHandler(user,
pass));
+        return login("OpenEJB", user, pass);
+    }
+
+    public Object login(String securityRealm, String user, String pass) throws LoginException
{
+        LoginContext context = new LoginContext(securityRealm, new UsernamePasswordCallbackHandler(user,
pass));
         context.login();
 
         Subject subject = context.getSubject();
@@ -90,7 +95,7 @@
 
             InterfaceType type = deploymentInfo.getInterfaceType(method.getDeclaringClass());
 
-            String name = (type == null)? null: type.getSpecName();
+            String name = (type == null) ? null : type.getSpecName();
 
             Permission permission = new EJBMethodPermission(ejbName, name, method);
 

Added: geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenejbRemoteLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenejbRemoteLoginModule.java?view=auto&rev=554749
==============================================================================
--- geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenejbRemoteLoginModule.java
(added)
+++ geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenejbRemoteLoginModule.java
Mon Jul  9 12:54:06 2007
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.openejb;
+
+import java.util.Map;
+import java.io.IOException;
+import java.net.URI;
+
+import javax.security.auth.spi.LoginModule;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.openejb.client.ClientSecurity;
+import org.apache.openejb.client.ServerMetaData;
+import org.apache.geronimo.security.SubjectId;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class OpenejbRemoteLoginModule implements LoginModule {
+    private static final String SECURITY_REALM_KEY = "org.apache.geronimo.openejb.OpenejbRemoteLoginModule.RemoteSecurityRealm";
+    private static final String SERVER_URI_KEY = "org.apache.geronimo.openejb.OpenejbRemoteLoginModule.ServerURI";
+
+    private Subject subject;
+    private CallbackHandler callbackHandler;
+    private String securityRealm;
+    private URI serverURI;
+    private SubjectId identity;
+    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,
?> sharedState, Map<String, ?> options) {
+        this.subject = subject;
+        this.callbackHandler = callbackHandler;
+        securityRealm = (String) options.get(SECURITY_REALM_KEY);
+        serverURI = URI.create((String) options.get(SERVER_URI_KEY));
+    }
+
+    public boolean login() throws LoginException {
+        Callback[] callbacks = new Callback[] {new NameCallback("username"), new PasswordCallback("passsword",
false)};
+        try {
+            callbackHandler.handle(callbacks);
+        } catch (IOException e) {
+            throw (LoginException)new LoginException("Could not execute callbacks").initCause(e);
+        } catch (UnsupportedCallbackException e) {
+            throw (LoginException)new LoginException("Could not execute callbacks").initCause(e);
+        }
+        String userName = ((NameCallback)callbacks[0]).getName();
+        String password = new String(((PasswordCallback)callbacks[1]).getPassword());
+        identity = (SubjectId) ClientSecurity.directAuthentication(securityRealm, userName,
password, new ServerMetaData(serverURI));
+        return true;
+    }
+
+    public boolean commit() throws LoginException {
+        subject.getPrivateCredentials().add(new ServerIdentityToken(serverURI, identity));
+        return true;
+    }
+
+    public boolean  abort() throws LoginException {
+        subject.getPrivateCredentials().remove(identity);
+        return true;
+    }
+
+    public boolean logout() throws LoginException {
+        //TODO what?
+        return false;
+    }
+}

Propchange: geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenejbRemoteLoginModule.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenejbRemoteLoginModule.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenejbRemoteLoginModule.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/ServerIdentityToken.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/ServerIdentityToken.java?view=auto&rev=554749
==============================================================================
--- geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/ServerIdentityToken.java
(added)
+++ geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/ServerIdentityToken.java
Mon Jul  9 12:54:06 2007
@@ -0,0 +1,68 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.openejb;
+
+import java.net.URI;
+
+import org.apache.geronimo.security.SubjectId;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class ServerIdentityToken {
+    private final URI server;
+    private final SubjectId id;
+
+
+    public ServerIdentityToken(URI server, SubjectId id) {
+        this.server = server;
+        this.id = id;
+    }
+
+
+    public URI getServer() {
+        return server;
+    }
+
+    public SubjectId getId() {
+        return id;
+    }
+
+
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+
+        ServerIdentityToken that = (ServerIdentityToken) o;
+
+        if (id != null ? !id.equals(that.id) : that.id != null) return false;
+        if (server != null ? !server.equals(that.server) : that.server != null) return false;
+
+        return true;
+    }
+
+    public int hashCode() {
+        int result;
+        result = (server != null ? server.hashCode() : 0);
+        result = 31 * result + (id != null ? id.hashCode() : 0);
+        return result;
+    }
+}

Propchange: geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/ServerIdentityToken.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/ServerIdentityToken.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/ServerIdentityToken.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain



Mime
View raw message