geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r565657 - in /geronimo/server/trunk/modules: geronimo-client/src/main/java/org/apache/geronimo/client/ geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/ geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/ ger...
Date Tue, 14 Aug 2007 08:25:00 GMT
Author: djencks
Date: Tue Aug 14 01:24:58 2007
New Revision: 565657

URL: http://svn.apache.org/viewvc?view=rev&rev=565657
Log:
GERONIMO-3407 stop using SubjectRegistrationLoginModule

Removed:
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/SubjectRegistrationLoginModule.java
Modified:
    geronimo/server/trunk/modules/geronimo-client/src/main/java/org/apache/geronimo/client/AppClientContainer.java
    geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGSSUPMechConfig.java
    geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/InternalJAASJettyRealm.java
    geronimo/server/trunk/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/Authenticator.java
    geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoSecurityService.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ContextManager.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
    geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java
    geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginKerberosTest.java
    geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java
    geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java
    geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/TimeoutTest.java
    geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
    geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java

Modified: geronimo/server/trunk/modules/geronimo-client/src/main/java/org/apache/geronimo/client/AppClientContainer.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-client/src/main/java/org/apache/geronimo/client/AppClientContainer.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-client/src/main/java/org/apache/geronimo/client/AppClientContainer.java
(original)
+++ geronimo/server/trunk/modules/geronimo-client/src/main/java/org/apache/geronimo/client/AppClientContainer.java
Tue Aug 14 01:24:58 2007
@@ -130,13 +130,7 @@
 
             if (callbackHandlerClass != null) {
                 callbackHandler = (CallbackHandler) holder.newInstance(callbackHandlerClass,
classLoader, componentContext);
-                loginContext = new LoginContext(realmName, callbackHandler);
-                try {
-                    loginContext.login();
-                } catch (LoginException e) {
-                    loginContext = null;
-                    throw e;
-                }
+                loginContext = ContextManager.login(realmName, callbackHandler);
                 clientSubject = loginContext.getSubject();
             }
             ContextManager.setCallers(clientSubject, clientSubject);
@@ -220,7 +214,7 @@
             holder.destroyInstance(callbackHandler);
         }
         if (loginContext != null) {
-            loginContext.logout();
+            ContextManager.logout(loginContext);
         }
         jndiContext.stopClient(appClientModuleName);
     }

Modified: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGSSUPMechConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGSSUPMechConfig.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGSSUPMechConfig.java
(original)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGSSUPMechConfig.java
Tue Aug 14 01:24:58 2007
@@ -105,11 +105,10 @@
                 if (!targetName.equals(tokenTargetName)) throw new SASException(2);
                 String userName = Util.extractUserNameFromScopedName(token.username);
 
-                LoginContext context = new LoginContext(tokenTargetName,
+                LoginContext context = ContextManager.login(tokenTargetName,
                         new UsernamePasswordCallback(userName,
                                 new String(token.password, "UTF8").toCharArray()));
-                context.login();
-                result = ContextManager.getServerSideSubject(context.getSubject());
+                result = context.getSubject();
             }
         } catch (UnsupportedEncodingException e) {
             throw new SASException(1, e);

Modified: geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/InternalJAASJettyRealm.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/InternalJAASJettyRealm.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/InternalJAASJettyRealm.java
(original)
+++ geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/InternalJAASJettyRealm.java
Tue Aug 14 01:24:58 2007
@@ -88,12 +88,10 @@
                 }
 
                 //set up the login context
-                LoginContext loginContext = new LoginContext(securityRealmName, callbackHandler);
-                loginContext.login();
+                LoginContext loginContext = ContextManager.login(securityRealmName, callbackHandler);
                 callbackHandler.clear();
 
                 Subject subject = ContextManager.getServerSideSubject(loginContext.getSubject());
-                //TODO use the run-as subject as nextCaller
                 ContextManager.setCallers(subject, subject);
 
                 //login success

Modified: geronimo/server/trunk/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/Authenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/Authenticator.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/Authenticator.java
(original)
+++ geronimo/server/trunk/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/Authenticator.java
Tue Aug 14 01:24:58 2007
@@ -35,12 +35,13 @@
 public class Authenticator implements JMXAuthenticator, NotificationListener {
     private final String configName;
     private final ClassLoader cl;
-    private ThreadLocal threadContext = new ThreadLocal();
-    private Map contextMap = Collections.synchronizedMap(new HashMap());
+    private ThreadLocal<LoginContext> threadContext = new ThreadLocal<LoginContext>();
+    private Map<String, LoginContext> contextMap = Collections.synchronizedMap(new
HashMap<String, LoginContext>());
 
     /**
      * Constructor indicating which JAAS Application Configuration Entry to use.
      * @param configName the JAAS config name
+     * @param cl classloader to use as TCCL for operations
      */
     public Authenticator(String configName, ClassLoader cl) {
         this.configName = configName;
@@ -48,7 +49,7 @@
     }
 
     public Subject authenticate(Object o) throws SecurityException {
-        if (o instanceof String[] == false) {
+        if (!(o instanceof String[])) {
             throw new IllegalArgumentException("Expected String[2], got " + o == null ? null
: o.getClass().getName());
         }
         String[] params = (String[]) o;
@@ -61,6 +62,8 @@
         Credentials credentials = new Credentials(params[0], params[1]);
         try {
             thread.setContextClassLoader(cl);
+            //TODO consider using ContextManager for login and checking a permission against
the ACC
+            //to do e.g. deployments.
             LoginContext context = new LoginContext(configName, credentials);
             context.login();
             threadContext.set(context);
@@ -80,11 +83,11 @@
             String type = cxNotification.getType();
             String connectionId = cxNotification.getConnectionId();
             if (JMXConnectionNotification.OPENED.equals(type)) {
-                LoginContext context = (LoginContext) threadContext.get();
+                LoginContext context = threadContext.get();
                 threadContext.set(null);
                 contextMap.put(connectionId, context);
             } else {
-                LoginContext context = (LoginContext) contextMap.remove(connectionId);
+                LoginContext context = contextMap.remove(connectionId);
                 if (context != null) {
                     try {
                         context.logout();

Modified: geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoSecurityService.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoSecurityService.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoSecurityService.java
(original)
+++ geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoSecurityService.java
Tue Aug 14 01:24:58 2007
@@ -49,18 +49,16 @@
     }
 
     public Object login(String securityRealm, String user, String pass) throws LoginException
{
-        LoginContext context = new LoginContext(securityRealm, new UsernamePasswordCallbackHandler(user,
pass));
-        context.login();
+        LoginContext context = ContextManager.login(securityRealm, new UsernamePasswordCallbackHandler(user,
pass));
 
         Subject subject = context.getSubject();
-        SubjectId subjectId = ContextManager.registerSubject(subject);
-        return subjectId;
+        return ContextManager.getSubjectId(subject);
     }
 
-    public void logout(Object securityIdentity) {
-        Subject subject = ContextManager.getRegisteredSubject((SubjectId) securityIdentity);
-        ContextManager.unregisterSubject(subject);
-    }
+//    public void logout(Object securityIdentity) {
+//        Subject subject = ContextManager.getRegisteredSubject((SubjectId) securityIdentity);
+//        ContextManager.unregisterSubject(subject);
+//    }
 
     public void associate(Object securityIdentity) throws LoginException {
         if (securityIdentity == null) {

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ContextManager.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ContextManager.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ContextManager.java
(original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ContextManager.java
Tue Aug 14 01:24:58 2007
@@ -35,6 +35,9 @@
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
 import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
 import javax.security.jacc.EJBRoleRefPermission;
 
 import org.apache.geronimo.security.realm.providers.GeronimoCallerPrincipal;
@@ -66,6 +69,22 @@
     static {
         EMPTY.setReadOnly();
         registerSubject(EMPTY);
+    }
+
+    public static LoginContext login(String realm, CallbackHandler callbackHandler) throws
LoginException {
+        Subject subject = new Subject();
+        LoginContext loginContext = new LoginContext(realm, subject, callbackHandler);
+        loginContext.login();
+        SubjectId id = ContextManager.registerSubject(subject);
+        IdentificationPrincipal principal = new IdentificationPrincipal(id);
+        subject.getPrincipals().add(principal);
+        return loginContext;
+    }
+
+    public static void logout(LoginContext loginContext) throws LoginException {
+        Subject subject = loginContext.getSubject();
+        ContextManager.unregisterSubject(subject);
+        loginContext.logout();
     }
 
 

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java
(original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java
Tue Aug 14 01:24:58 2007
@@ -36,7 +36,7 @@
 import org.apache.geronimo.security.ContextManager;
 
 /**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
  */
 public class SimpleCredentialStoreImpl implements CredentialStore {
 
@@ -78,8 +78,7 @@
         if (callbackInfos == null) {
             throw new LoginException("Unknown id: " + id + " in realm: " + realm);
         }
-        Subject subject = new Subject();
-        LoginContext loginContext = new LoginContext(realm, subject, new CallbackHandler()
{
+        LoginContext loginContext = ContextManager.login(realm, new CallbackHandler() {
 
             public void handle(Callback[] callbacks) throws UnsupportedCallbackException
{
                 for (Callback callback: callbacks) {
@@ -91,8 +90,7 @@
                 }
             }
         });
-        loginContext.login();
-        return ContextManager.getServerSideSubject(subject);
+        return loginContext.getSubject();
     }
 
     public void addEntry(String realm, String id, Map<String, SingleCallbackHandler>
callbackInfos) {

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
(original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
Tue Aug 14 01:24:58 2007
@@ -17,7 +17,6 @@
 package org.apache.geronimo.security.realm;
 
 import java.util.ArrayList;
-import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Properties;
@@ -32,7 +31,6 @@
 import org.apache.geronimo.security.jaas.ConfigurationEntryFactory;
 import org.apache.geronimo.security.jaas.JaasLoginModuleChain;
 import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
-import org.apache.geronimo.security.jaas.SubjectRegistrationLoginModule;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
 
 
@@ -81,7 +79,6 @@
 
         if (loginModuleUse != null) {
             loginModuleUse.configure(domainNames, loginModuleConfigurations, realmName, kernel,
serverInfo, classLoader);
-            loginModuleConfigurations.add(new AppConfigurationEntry(SubjectRegistrationLoginModule.class.getName(),
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, Collections.<String, Object>emptyMap()));
         }
 
         domains = domainNames.toArray(new String[domainNames.size()]);

Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java
(original)
+++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java
Tue Aug 14 01:24:58 2007
@@ -67,9 +67,8 @@
         assertEquals("Audit file wasn't cleared", 0, auditlog.length());
 
         // First try with explicit configuration entry
-        LoginContext context = new LoginContext("properties-realm", new AbstractTest.UsernamePasswordCallback("alan",
"starcraft"));
+        LoginContext context = ContextManager.login("properties-realm", new AbstractTest.UsernamePasswordCallback("alan",
"starcraft"));
 
-        context.login();
         Subject subject = context.getSubject();
         Subject clientSubject = subject;
         assertTrue("expected non-null client subject", subject != null);
@@ -87,7 +86,7 @@
         assertTrue("server subject should have seven principals (" + subject.getPrincipals().size()
+ ")", subject.getPrincipals().size() == 7);
         assertTrue("server subject should have one private credential (" + subject.getPrivateCredentials().size()
+ ")", subject.getPrivateCredentials().size() == 1);
 
-        context.logout();
+        ContextManager.logout(context);
 
         assertNull(ContextManager.getRegisteredSubject(idp.getId()));
         assertNull(ContextManager.getServerSideSubject(clientSubject));
@@ -95,9 +94,8 @@
         assertTrue("id of subject should be null", ContextManager.getSubjectId(subject) ==
null);
 
         // next try the automatic configuration entry
-        context = new LoginContext("properties-realm", new AbstractTest.UsernamePasswordCallback("alan",
"starcraft"));
+        context = ContextManager.login("properties-realm", new AbstractTest.UsernamePasswordCallback("alan",
"starcraft"));
 
-        context.login();
         subject = context.getSubject();
         assertTrue("expected non-null client subject", subject != null);
         set = subject.getPrincipals(IdentificationPrincipal.class);
@@ -105,17 +103,14 @@
         IdentificationPrincipal idp2 = (IdentificationPrincipal) set.iterator().next();
         assertNotSame(idp.getId(), idp2.getId());
         assertEquals(idp2.getId(), idp2.getId());
-        subject = ContextManager.getServerSideSubject(subject);
-
-        assertTrue("expected non-null server subject", subject != null);
         assertTrue("server subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size()
== 1);
-        remote = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
+        remote = subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
         assertTrue("server subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId())
!= null);
         assertTrue("server subject should have two realm principals (" + subject.getPrincipals(RealmPrincipal.class).size()
+ ")", subject.getPrincipals(RealmPrincipal.class).size() == 2);
         assertTrue("server subject should have seven principals (" + subject.getPrincipals().size()
+ ")", subject.getPrincipals().size() == 7);
         assertTrue("server subject should have one private credential (" + subject.getPrivateCredentials().size()
+ ")", subject.getPrivateCredentials().size() == 1);
 
-        context.logout();
+        ContextManager.logout(context);
 
         assertTrue("id of subject should be null", ContextManager.getSubjectId(subject) ==
null);
 

Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginKerberosTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginKerberosTest.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginKerberosTest.java
(original)
+++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginKerberosTest.java
Tue Aug 14 01:24:58 2007
@@ -87,18 +87,12 @@
             context.login();
             Subject subject = context.getSubject();
 
-            assertTrue("expected non-null client-side subject", subject != null);
-            subject = ContextManager.getServerSideSubject(subject);
-
-            assertTrue("expected non-null server-side subject", subject != null);
-            assertTrue("id of server-side subject should be non-null", ContextManager.getSubjectId(subject)
!= null);
-            assertEquals("server-side subject should have two principals", 2, subject.getPrincipals().size());
-            assertEquals("server-side subject should have one identification principal",
1, subject.getPrincipals(IdentificationPrincipal.class).size());
+            assertTrue("expected non-null subject", subject != null);
+            assertEquals("server-side subject should have two principals", 1, subject.getPrincipals().size());
             assertEquals("server-side subject should have one kerberos principal", 1, subject.getPrincipals(KerberosPrincipal.class).size());
 
             context.logout();
 
-            assertTrue("id of subject should be null", ContextManager.getSubjectId(subject)
== null);
         } catch (LoginException e) {
             //See GERONIMO-3388.  This seems to be the normal code path.
             e.printStackTrace();

Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java
(original)
+++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java
Tue Aug 14 01:24:58 2007
@@ -103,20 +103,8 @@
         Subject subject = context.getSubject();
 
         assertTrue("expected non-null subject", subject != null);
-        assertTrue("subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size()
== 1);
-        IdentificationPrincipal remote = subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
-        assertTrue("subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId())
!= null);
-        assertEquals("subject should have seven principals (" + subject.getPrincipals().size()
+ ")", 7, subject.getPrincipals().size());
-        assertEquals("subject should have 2 realm principals (" + subject.getPrincipals(RealmPrincipal.class).size()
+ ")", 2, subject.getPrincipals(RealmPrincipal.class).size());
-        assertEquals("subject should have 2 domain principals (" + subject.getPrincipals(DomainPrincipal.class).size()
+ ")", 2, subject.getPrincipals(DomainPrincipal.class).size());
-
-        subject = ContextManager.getServerSideSubject(subject);
-
-        assertTrue("expected non-null subject", subject != null);
-        assertTrue("subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size()
== 1);
-        remote = subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
-        assertTrue("subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId())
!= null);
-        assertEquals("subject should have seven principals (" + subject.getPrincipals().size()
+ ")", 7, subject.getPrincipals().size());
+        assertTrue("subject should have no remote principal", subject.getPrincipals(IdentificationPrincipal.class).size()
== 0);
+        assertEquals("subject should have 6 principals (" + subject.getPrincipals().size()
+ ")", 6, subject.getPrincipals().size());
         assertEquals("subject should have 2 realm principals (" + subject.getPrincipals(RealmPrincipal.class).size()
+ ")", 2, subject.getPrincipals(RealmPrincipal.class).size());
         assertEquals("subject should have 2 domain principals (" + subject.getPrincipals(DomainPrincipal.class).size()
+ ")", 2, subject.getPrincipals(DomainPrincipal.class).size());
 

Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java
(original)
+++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java
Tue Aug 14 01:24:58 2007
@@ -143,16 +143,10 @@
 
         context.login();
         Subject subject = context.getSubject();
-        assertTrue("expected non-null client-side subject", subject != null);
-        subject = ContextManager.getServerSideSubject(subject);
-
-        assertTrue("expected non-null server-side subject", subject != null);
-        assertEquals("server-side subject should have seven principal", 7, subject.getPrincipals().size());
+        assertTrue("expected non-null subject", subject != null);
+        assertEquals("server-side subject should have 6 principal", 6, subject.getPrincipals().size());
         assertEquals("server-side subject should have two realm principals", 2, subject.getPrincipals(RealmPrincipal.class).size());
         assertEquals("server-side subject should have two domain principals", 2, subject.getPrincipals(DomainPrincipal.class).size());
-        assertEquals("server-side subject should have one remote principal", 1, subject.getPrincipals(IdentificationPrincipal.class).size());
-        IdentificationPrincipal principal = subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
-        assertTrue("id of principal should be non-zero", principal.getId().getSubjectId()
!= 0);
 
         context.logout();
     }

Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/TimeoutTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/TimeoutTest.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/TimeoutTest.java
(original)
+++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/TimeoutTest.java
Tue Aug 14 01:24:58 2007
@@ -99,14 +99,11 @@
         kernel.shutdown();
     }
 
-    public void testNothing() {
-    }
 
     public void testTimeout() throws Exception {
 
-        LoginContext context = new LoginContext("properties-realm", new AbstractTest.UsernamePasswordCallback("alan",
"starcraft"));
+        LoginContext context = ContextManager.login("properties-realm", new AbstractTest.UsernamePasswordCallback("alan",
"starcraft"));
 
-        context.login();
         Subject subject = context.getSubject();
         assertTrue("expected non-null client subject", subject != null);
         Set set = subject.getPrincipals(IdentificationPrincipal.class);
@@ -124,11 +121,11 @@
 
         assertTrue("id of server subject should be non-null", ContextManager.getSubjectId(subject)
!= null);
 
-        Thread.sleep(3000); // wait for timeout to kick in
+//        Thread.sleep(3000); // wait for timeout to kick in
+//
+//        assertTrue("id of server subject should be non-null", ContextManager.getSubjectId(subject)
!= null);
 
-        assertTrue("id of server subject should be non-null", ContextManager.getSubjectId(subject)
!= null);
-
-        Thread.sleep(7000); // wait for timeout to kick in
+//        Thread.sleep(7000); // wait for timeout to kick in
         //TODO figure out if we can time out logins!
 //        assertTrue("id of server subject should be null", ContextManager.getSubjectId(subject)
== null);
     }

Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
(original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
Tue Aug 14 01:24:58 2007
@@ -16,6 +16,25 @@
  */
 package org.apache.geronimo.tomcat.realm;
 
+import java.io.IOException;
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.AccountExpiredException;
+import javax.security.auth.login.CredentialExpiredException;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.WebRoleRefPermission;
+import javax.security.jacc.WebUserDataPermission;
+
 import org.apache.catalina.Context;
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.connector.Request;
@@ -32,31 +51,12 @@
 import org.apache.geronimo.tomcat.JAASTomcatPrincipal;
 import org.apache.geronimo.tomcat.interceptor.PolicyContextBeforeAfter;
 
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.AccountExpiredException;
-import javax.security.auth.login.CredentialExpiredException;
-import javax.security.auth.login.FailedLoginException;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-import javax.security.jacc.PolicyContext;
-import javax.security.jacc.PolicyContextException;
-import javax.security.jacc.WebResourcePermission;
-import javax.security.jacc.WebRoleRefPermission;
-import javax.security.jacc.WebUserDataPermission;
-
-import java.io.IOException;
-import java.security.AccessControlContext;
-import java.security.AccessControlException;
-import java.security.Principal;
-import java.security.cert.X509Certificate;
-
 
 public class TomcatGeronimoRealm extends JAASRealm {
 
     private static final Log log = LogFactory.getLog(TomcatGeronimoRealm.class);
 
-    private static ThreadLocal currentRequestWrapperName = new ThreadLocal();
+    private static ThreadLocal<String> currentRequestWrapperName = new ThreadLocal<String>();
 
     /**
      * Descriptive information about this <code>Realm</code> implementation.
@@ -70,10 +70,10 @@
 
     public TomcatGeronimoRealm() {
 
-     }
+    }
 
     public static String setRequestWrapperName(String requestWrapperName) {
-        String old = (String) currentRequestWrapperName.get();
+        String old = currentRequestWrapperName.get();
         currentRequestWrapperName.set(requestWrapperName);
         return old;
     }
@@ -136,10 +136,10 @@
      * Return <code>true</code> if this constraint is satisfied and processing
      * should continue, or <code>false</code> otherwise.
      *
-     * @param request    Request we are processing
-     * @param response   Response we are creating
+     * @param request     Request we are processing
+     * @param response    Response we are creating
      * @param constraints Security constraints we are enforcing
-     * @param context    The Context to which client of this class is attached.
+     * @param context     The Context to which client of this class is attached.
      * @throws java.io.IOException if an input/output error occurs
      */
     public boolean hasResourcePermission(Request request,
@@ -152,7 +152,7 @@
         // and the "j_security_check" action
         LoginConfig config = context.getLoginConfig();
         if ((config != null) &&
-            (org.apache.catalina.realm.Constants.FORM_METHOD.equals(config.getAuthMethod())))
{
+                (org.apache.catalina.realm.Constants.FORM_METHOD.equals(config.getAuthMethod())))
{
             String requestURI = request.getDecodedRequestURI();
             String loginPage = context.getPath() + config.getLoginPage();
             if (loginPage.equals(requestURI)) {
@@ -172,7 +172,7 @@
                 return (true);
             }
         }
-        
+
         //Set the current wrapper name (Servlet mapping)
         currentRequestWrapperName.set(request.getWrapper().getName());
 
@@ -181,7 +181,7 @@
 
         //If we have no principal, then we should use the default.
         if (principal == null) {
-            Subject defaultSubject = (Subject)request.getAttribute(PolicyContextBeforeAfter.DEFAULT_SUBJECT);
+            Subject defaultSubject = (Subject) request.getAttribute(PolicyContextBeforeAfter.DEFAULT_SUBJECT);
             ContextManager.setCallers(defaultSubject, defaultSubject);
         } else {
             Subject currentCaller = ((JAASTomcatPrincipal) principal).getSubject();
@@ -192,7 +192,6 @@
 
             AccessControlContext acc = ContextManager.getCurrentContext();
 
-
             /**
              * JACC v1.0 section 4.1.2
              */
@@ -221,7 +220,7 @@
             return false;
         }
 
-        String name = (String)currentRequestWrapperName.get();
+        String name = currentRequestWrapperName.get();
 
         /**
          * JACC v1.0 secion B.19
@@ -264,7 +263,7 @@
      */
     public Principal authenticate(String username, String credentials) {
 
-        char[] cred = credentials == null? null: credentials.toCharArray();
+        char[] cred = credentials == null ? null : credentials.toCharArray();
         CallbackHandler callbackHandler = new PasswordCallbackHandler(username, cred);
         return authenticate(callbackHandler, username);
     }
@@ -283,95 +282,64 @@
         // Establish a LoginContext to use for authentication
         try {
 
-            if ( (principalName!=null) && (!principalName.equals("")) ) {
-              LoginContext loginContext = null;
-              if (appName == null)
-                  appName = "Tomcat";
-
-              if (log.isDebugEnabled())
-                  log.debug(sm.getString("jaasRealm.beginLogin", principalName, appName));
-
-              // What if the LoginModule is in the container class loader ?
-              ClassLoader ocl = null;
-
-              if (isUseContextClassLoader()) {
-                  ocl = Thread.currentThread().getContextClassLoader();
-                  Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
-              }
-
-              try {
-                  loginContext = new LoginContext(appName, callbackHandler);
-              } catch (Throwable e) {
-                  log.error(sm.getString("jaasRealm.unexpectedError"), e);
-                  return (null);
-              } finally {
-                  if (isUseContextClassLoader()) {
-                      Thread.currentThread().setContextClassLoader(ocl);
-                  }
-              }
-
-              if (log.isDebugEnabled())
-                  log.debug("Login context created " + principalName);
-
-              // Negotiate a login via this LoginContext
-              Subject subject;
-              try {
-                  loginContext.login();
-                  Subject tempSubject = loginContext.getSubject();
-                  if (tempSubject == null) {
-                      if (log.isDebugEnabled())
-                          log.debug(sm.getString("jaasRealm.failedLogin", principalName));
-                      return (null);
-                  }
-
-                  subject = ContextManager.getServerSideSubject(tempSubject);
-                  if (subject == null) {
-                      if (log.isDebugEnabled())
-                          log.debug(sm.getString("jaasRealm.failedLogin", principalName));
-                      return (null);
-                  }
-
-                  ContextManager.setCallers(subject, subject);
-
-              } catch (AccountExpiredException e) {
-                  if (log.isDebugEnabled())
-                      log.debug(sm.getString("jaasRealm.accountExpired", principalName));
-                  return (null);
-              } catch (CredentialExpiredException e) {
-                  if (log.isDebugEnabled())
-                      log.debug(sm.getString("jaasRealm.credentialExpired", principalName));
-                  return (null);
-              } catch (FailedLoginException e) {
-                  if (log.isDebugEnabled())
-                      log.debug(sm.getString("jaasRealm.failedLogin", principalName));
-                  return (null);
-              } catch (LoginException e) {
-                  log.warn(sm.getString("jaasRealm.loginException", principalName), e);
-                  return (null);
-              } catch (Throwable e) {
-                  log.error(sm.getString("jaasRealm.unexpectedError"), e);
-                  return (null);
-              }
-
-              if (log.isDebugEnabled())
-                  log.debug(sm.getString("jaasRealm.loginContextCreated", principalName));
-
-              // Return the appropriate Principal for this authenticated Subject
-  /*            Principal principal = createPrincipal(username, subject);
-              if (principal == null) {
-                  log.debug(sm.getString("jaasRealm.authenticateFailure", username));
-                  return (null);
-              }
-              if (log.isDebugEnabled()) {
-                  log.debug(sm.getString("jaasRealm.authenticateSuccess", username));
-              }
-  */
-              JAASTomcatPrincipal jaasPrincipal = new JAASTomcatPrincipal(principalName);
-              jaasPrincipal.setSubject(subject);
+            if ((principalName != null) && (!principalName.equals(""))) {
+                LoginContext loginContext = null;
+                if (appName == null)
+                    appName = "Tomcat";
 
-              return (jaasPrincipal);
-            }
-            else {
+                if (log.isDebugEnabled())
+                    log.debug(sm.getString("jaasRealm.beginLogin", principalName, appName));
+
+                // What if the LoginModule is in the container class loader ?
+                ClassLoader ocl = null;
+
+                if (isUseContextClassLoader()) {
+                    ocl = Thread.currentThread().getContextClassLoader();
+                    Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
+                }
+
+                try {
+                    loginContext = ContextManager.login(appName, callbackHandler);
+                } catch (AccountExpiredException e) {
+                    if (log.isDebugEnabled())
+                        log.debug(sm.getString("jaasRealm.accountExpired", principalName));
+                    return (null);
+                } catch (CredentialExpiredException e) {
+                    if (log.isDebugEnabled())
+                        log.debug(sm.getString("jaasRealm.credentialExpired", principalName));
+                    return (null);
+                } catch (FailedLoginException e) {
+                    if (log.isDebugEnabled())
+                        log.debug(sm.getString("jaasRealm.failedLogin", principalName));
+                    return (null);
+                } catch (LoginException e) {
+                    log.warn(sm.getString("jaasRealm.loginException", principalName), e);
+                    return (null);
+                } catch (Throwable e) {
+                    log.error(sm.getString("jaasRealm.unexpectedError"), e);
+                    return (null);
+                } finally {
+                    if (isUseContextClassLoader()) {
+                        Thread.currentThread().setContextClassLoader(ocl);
+                    }
+                }
+
+                if (log.isDebugEnabled())
+                    log.debug("Login context created " + principalName);
+
+                // Negotiate a login via this LoginContext
+                Subject subject = loginContext.getSubject();
+                ContextManager.setCallers(subject, subject);
+
+                if (log.isDebugEnabled())
+                    log.debug(sm.getString("jaasRealm.loginContextCreated", principalName));
+
+                // Return the appropriate Principal for this authenticated Subject
+                JAASTomcatPrincipal jaasPrincipal = new JAASTomcatPrincipal(principalName);
+                jaasPrincipal.setSubject(subject);
+
+                return (jaasPrincipal);
+            } else {
                 if (log.isDebugEnabled())
                     log.debug("Login Failed - null userID");
                 return null;
@@ -382,6 +350,7 @@
             return null;
         }
     }
+
     /**
      * Prepare for active use of the public methods of this <code>Component</code>.
      *

Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java
(original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java
Tue Aug 14 01:24:58 2007
@@ -88,37 +88,7 @@
             }
 
             try {
-                loginContext = new LoginContext(appName, new JAASCallbackHandler(this, username,
credentials));
-            } catch (Throwable e) {
-                log.error(sm.getString("jaasRealm.unexpectedError"), e);
-                return (null);
-            } finally {
-                if (isUseContextClassLoader()) {
-                    Thread.currentThread().setContextClassLoader(ocl);
-                }
-            }
-
-            if (log.isDebugEnabled())
-                log.debug("Login context created " + username);
-
-            // Negotiate a login via this LoginContext
-            Subject subject = null;
-            try {
-                loginContext.login();
-                Subject tempSubject = loginContext.getSubject();
-                if (tempSubject == null) {
-                    if (log.isDebugEnabled())
-                        log.debug(sm.getString("jaasRealm.failedLogin", username));
-                    return (null);
-                }
-
-                subject = ContextManager.getServerSideSubject(tempSubject);
-                if (subject == null) {
-                    if (log.isDebugEnabled())
-                        log.debug(sm.getString("jaasRealm.failedLogin", username));
-                    return (null);
-                }
-
+                loginContext = ContextManager.login(appName, new JAASCallbackHandler(this,
username, credentials));
             } catch (AccountExpiredException e) {
                 if (log.isDebugEnabled())
                     log.debug(sm.getString("jaasRealm.accountExpired", username));
@@ -137,8 +107,18 @@
             } catch (Throwable e) {
                 log.error(sm.getString("jaasRealm.unexpectedError"), e);
                 return (null);
+            } finally {
+                if (isUseContextClassLoader()) {
+                    Thread.currentThread().setContextClassLoader(ocl);
+                }
             }
 
+            if (log.isDebugEnabled())
+                log.debug("Login context created " + username);
+
+            // Negotiate a login via this LoginContext
+            Subject subject = loginContext.getSubject();
+            ContextManager.setCallers(subject, subject);
             if (log.isDebugEnabled())
                 log.debug(sm.getString("jaasRealm.loginContextCreated", username));
 



Mime
View raw message