geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shiv...@apache.org
Subject svn commit: r593590 - in /geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main: java/org/apache/geronimo/console/configcreator/ webapp/WEB-INF/view/configcreator/
Date Fri, 09 Nov 2007 16:53:03 GMT
Author: shivahr
Date: Fri Nov  9 08:53:02 2007
New Revision: 593590

URL: http://svn.apache.org/viewvc?rev=593590&view=rev
Log:
GERONIMO-3429 Enhance security page of 'Create Plan' portlet to support addition of run-as-subject,
default-subject, credential-store.

Modified:
    geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/java/org/apache/geronimo/console/configcreator/AbstractHandler.java
    geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/java/org/apache/geronimo/console/configcreator/JSR77_Util.java
    geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/java/org/apache/geronimo/console/configcreator/SecurityHandler.java
    geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/webapp/WEB-INF/view/configcreator/security.jsp

Modified: geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/java/org/apache/geronimo/console/configcreator/AbstractHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/java/org/apache/geronimo/console/configcreator/AbstractHandler.java?rev=593590&r1=593589&r2=593590&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/java/org/apache/geronimo/console/configcreator/AbstractHandler.java
(original)
+++ geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/java/org/apache/geronimo/console/configcreator/AbstractHandler.java
Fri Nov  9 08:53:02 2007
@@ -36,7 +36,6 @@
 import org.apache.geronimo.xbeans.geronimo.security.GerRoleType;
 import org.apache.geronimo.xbeans.geronimo.security.GerSecurityType;
 import org.apache.geronimo.xbeans.geronimo.security.GerSubjectInfoType;
-import org.apache.xmlbeans.XmlException;
 
 /**
  * Base class for portlet helpers
@@ -123,6 +122,8 @@
 
     protected final static String DEPLOYED_SECURITY_REALMS_PARAMETER = "deployedSecurityRealms";
 
+    protected final static String DEPLOYED_CREDENTIAL_STORES_PARAMETER = "deployedCredentialStores";
+
     protected final static String COMMON_LIBS_PARAMETER = "commonLibs";
 
     protected final static String SELECTED_LIBS_PARAMETER = "selectedLibs";
@@ -241,6 +242,11 @@
 
         private void readSecurityParameters(PortletRequest request) {
             Map map = request.getParameterMap();
+            boolean processAdvancedSettings = false;
+            if (map.containsKey("security.advancedSettings.isPresent")
+                    && "true".equalsIgnoreCase(request.getParameter("security.advancedSettings.isPresent")))
{
+                processAdvancedSettings = true;
+            }
             GerRoleType[] roles = security.getRoleMappings().getRoleArray();
             for (int index = 0; index < roles.length; index++) {
                 String prefix1 = "security.roleMappings" + "." + index + ".";
@@ -304,40 +310,63 @@
                     distinguishedName.setName(request.getParameter(prefix2 + "name"));
                 }
 
-                String prefix2 = prefix1 + "runAsSubject" + ".";
-                if (map.containsKey(prefix2 + "realm")) {
-                    role.unsetRunAsSubject();
-                    GerSubjectInfoType runAsSubject = role.addNewRunAsSubject();
-                    runAsSubject.setRealm(request.getParameter(prefix2 + "realm"));
-                    runAsSubject.setId(request.getParameter(prefix2 + "id"));
+                if (processAdvancedSettings) {
+                    String prefix2 = prefix1 + "runAsSubject" + ".";
+                    if (map.containsKey(prefix2 + "realm")) {
+                        if (role.isSetRunAsSubject()) {
+                            role.unsetRunAsSubject();
+                        }
+                        String realm = request.getParameter(prefix2 + "realm");
+                        String id = request.getParameter(prefix2 + "id");
+                        if (!isEmpty(realm) && !isEmpty(id)) {
+                            GerSubjectInfoType runAsSubject = role.addNewRunAsSubject();
+                            runAsSubject.setRealm(realm);
+                            runAsSubject.setId(id);
+                        }
+                    }
                 }
             }
-            String prefix = "security" + "." + "defaultSubject" + ".";
-            if (map.containsKey(prefix + "realm")) {
-                security.unsetDefaultSubject();
-                GerSubjectInfoType runAsSubject = security.addNewDefaultSubject();
-                runAsSubject.setRealm(request.getParameter(prefix + "realm"));
-                runAsSubject.setId(request.getParameter(prefix + "id"));
-            }
-            String parameterName = "security" + "." + "credentialStoreRef";
-            if (map.containsKey(parameterName)) {
-                try {
-                    PatternType pattern = PatternType.Factory.parse(request.getParameter(parameterName));
+            if(processAdvancedSettings) {
+                String parameterName = "security" + "." + "credentialStoreRef";
+                if (map.containsKey(parameterName)) {
+                    String patternString = request.getParameter(parameterName);
+                    String[] elements = patternString.split("/", 6);
+                    PatternType pattern = PatternType.Factory.newInstance();
+                    pattern.setGroupId(elements[0]);
+                    pattern.setArtifactId(elements[1]);
+                    //pattern.setVersion(elements[2]);
+                    //pattern.setType(elements[3]);
+                    //pattern.setModule(elements[4]);
+                    pattern.setName(elements[5]);
                     security.setCredentialStoreRef(pattern);
-                } catch (XmlException e) {
-                    e.printStackTrace();
+                    dependencies.add(JSR88_Util.getDependencyString(patternString));
+                }
+                String prefix = "security" + "." + "defaultSubject" + ".";
+                if (map.containsKey(prefix + "realm")) {
+                    if(security.isSetDefaultSubject()) {
+                        security.unsetDefaultSubject();
+                    }
+                    String realm = request.getParameter(prefix + "realm");
+                    String id = request.getParameter(prefix + "id");
+                    if (!isEmpty(realm) && !isEmpty(id)) {
+                        GerSubjectInfoType runAsSubject = security.addNewDefaultSubject();
+                        runAsSubject.setRealm(realm);
+                        runAsSubject.setId(id);
+                    }
+                }
+                parameterName = "security" + "." + "doasCurrentCaller";
+                if ("true".equalsIgnoreCase(request.getParameter(parameterName))) {
+                    security.setDoasCurrentCaller(true);
+                }
+                parameterName = "security" + "." + "useContextHandler";
+                if ("true".equalsIgnoreCase(request.getParameter(parameterName))) {
+                    security.setUseContextHandler(true);
+                }
+                String defaultRole = request.getParameter("security" + "." + "defaultRole");
+                if (!isEmpty(defaultRole)) {
+                    security.setDefaultRole(defaultRole);
                 }
             }
-            parameterName = "security" + "." + "doasCurrentCaller";
-            if ("true".equalsIgnoreCase(request.getParameter(parameterName))) {
-                security.setDoasCurrentCaller(true);
-            }
-            parameterName = "security" + "." + "useContextHandler";
-            if ("true".equalsIgnoreCase(request.getParameter(parameterName))) {
-                security.setUseContextHandler(true);
-            }
-            parameterName = "security" + "." + "defaultRole";
-            security.setDefaultRole(request.getParameter(parameterName));
         }
 
         public String getContextRoot() {

Modified: geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/java/org/apache/geronimo/console/configcreator/JSR77_Util.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/java/org/apache/geronimo/console/configcreator/JSR77_Util.java?rev=593590&r1=593589&r2=593590&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/java/org/apache/geronimo/console/configcreator/JSR77_Util.java
(original)
+++ geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/java/org/apache/geronimo/console/configcreator/JSR77_Util.java
Fri Nov  9 08:53:02 2007
@@ -186,8 +186,8 @@
                 AbstractName dbName = PortletManager.getManagementHelper(request).getNameFor(db);
                 String poolName = (String) dbName.getName().get(NameFactory.J2EE_NAME);
                 String configurationName = dbName.getArtifact().toString() + "/";
-                ReferredData data = new ReferredData(poolName + " (" + configurationName
+ ")", configurationName
-                        + "/" + poolName);
+                ReferredData data = new ReferredData(poolName + " (" + configurationName
+ ")", 
+                        configurationName + "/" + poolName);
                 list.add(data);
             }
         }
@@ -217,6 +217,21 @@
             }
         }
         return mailSessionList;
+    }
+
+    protected static List getDeployedCredentialStores(PortletRequest request) {
+        List credentialStoreList = new ArrayList();
+        Object[] objects = PortletManager.getGBeansImplementing(request,
+                org.apache.geronimo.security.credentialstore.CredentialStore.class);
+        for (int i = 0; i < objects.length; i++) {
+            ObjectName objectName = PortletManager.getNameFor(request, objects[i]).getObjectName();
+            String credentialStoreName = objectName.getKeyProperty(NameFactory.J2EE_NAME);
+            String configurationName = objectName.getKeyProperty(NameFactory.SERVICE_MODULE)
+ "/";
+            ReferredData data = new ReferredData(credentialStoreName + " (" + configurationName
+ ")",
+                    configurationName + "/" + credentialStoreName);
+            credentialStoreList.add(data);
+        }
+        return credentialStoreList;
     }
 
     protected static List getCommonLibs(PortletRequest request) {

Modified: geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/java/org/apache/geronimo/console/configcreator/SecurityHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/java/org/apache/geronimo/console/configcreator/SecurityHandler.java?rev=593590&r1=593589&r2=593590&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/java/org/apache/geronimo/console/configcreator/SecurityHandler.java
(original)
+++ geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/java/org/apache/geronimo/console/configcreator/SecurityHandler.java
Fri Nov  9 08:53:02 2007
@@ -50,6 +50,7 @@
         WARConfigData data = getSessionData(request);
         request.setAttribute(DATA_PARAMETER, data);
         request.setAttribute(DEPLOYED_SECURITY_REALMS_PARAMETER, JSR77_Util.getDeployedSecurityRealms(request));
+        request.setAttribute(DEPLOYED_CREDENTIAL_STORES_PARAMETER, JSR77_Util.getDeployedCredentialStores(request));
     }
 
     public String actionAfterView(ActionRequest request, ActionResponse response, MultiPageModel
model)

Modified: geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/webapp/WEB-INF/view/configcreator/security.jsp
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/webapp/WEB-INF/view/configcreator/security.jsp?rev=593590&r1=593589&r2=593590&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/webapp/WEB-INF/view/configcreator/security.jsp
(original)
+++ geronimo/server/trunk/plugins/plancreator/plancreator-portlets/src/main/webapp/WEB-INF/view/configcreator/security.jsp
Fri Nov  9 08:53:02 2007
@@ -36,6 +36,42 @@
   }
 }
 
+function <portlet:namespace/>toggleAdvancedSecuritySettings() {
+  var checkBox = document.getElementById("<portlet:namespace/>advancedSecuritySettingsCheckbox");
+  if (checkBox.checked) {
+    <portlet:namespace/>showElement("advancedSecuritySettings");
+    var advancedSettingsFlag = document.getElementById("<portlet:namespace/>advancedSecuritySettingsFlag");
+    advancedSettingsFlag.value = "true";
+  } else {
+    <portlet:namespace/>hideElement("advancedSecuritySettings");
+    var advancedSettingsFlag = document.getElementById("<portlet:namespace/>advancedSecuritySettingsFlag");
+    advancedSettingsFlag.value = "false";
+  }
+  for (i = 0; i >= 0; i++) { //infinite loop
+    var runAsSubjectId = "security.roleMappings." + i + ".runAsSubject";
+    var runAsSubjectCheckBox = document.getElementById("<portlet:namespace/>" + runAsSubjectId
+ ".checkBox");
+    if (runAsSubjectCheckBox == null) {
+      break;
+    }
+    if (checkBox.checked) {
+      runAsSubjectCheckBox.disabled = false;
+    } else {
+      runAsSubjectCheckBox.disabled = true;
+      runAsSubjectCheckBox.checked = false;
+      <portlet:namespace/>hideElement(runAsSubjectId + ".subElements");
+    }
+  }
+}
+
+function <portlet:namespace/>toggleRunAsSubject(runAsSubjectId) {
+  var checkBox = document.getElementById("<portlet:namespace/>" + runAsSubjectId +
".checkBox");
+  if (checkBox.checked) {
+    <portlet:namespace/>showElement(runAsSubjectId + ".subElements");
+  } else {
+    <portlet:namespace/>hideElement(runAsSubjectId + ".subElements");
+  }
+}
+
 function <portlet:namespace/>handleAddClick(roleId, type) {
   if (type == "principal") {
     <portlet:namespace/>showElement(roleId + '.principal.ui');
@@ -259,11 +295,84 @@
   </tr>
 </table>
 
+<div>
+  <input type="checkbox" id="<portlet:namespace/>advancedSecuritySettingsCheckbox"
+    onClick="<portlet:namespace/>toggleAdvancedSecuritySettings();"/>
+  <b>Advanced Settings</b>
+  <div id="<portlet:namespace/>advancedSecuritySettings" style="display:none">
+    <input type="hidden" id="<portlet:namespace/>advancedSecuritySettingsFlag"
+      name="security.advancedSettings.isPresent" value="false"/>
+    <table border="0" class="MediumBackground">
+      <!-- Credential Store Ref -->
+      <tr>
+        <th><div align="left">Credential Store:</div></th>
+        <td>
+          <select name="security.credentialStoreRef">
+            <c:forEach var="credentialStore" items="${deployedCredentialStores}">
+              <option value="${credentialStore.patternName}">${credentialStore.displayName}</option>
+            </c:forEach>
+          </select>
+        </td>
+      </tr>
+      <tr>
+        <th></th>
+        <td>Select the Credential Store which has the defaultSubject and runAsSubjects
defined.</td>
+      </tr>
+
+      <!-- Default Subject -->
+      <tr>
+        <td colspan="2"><div align="left"><b>Default Subject:</b></div></td>
+      </tr>
+      <tr>
+        <th><div align="right">Realm:</div></th>
+        <td><input name="security.defaultSubject.realm" type="text" size="25"/></td>
+      </tr>
+      <tr>
+        <th><div align="right">Id:</div></th>
+        <td><input name="security.defaultSubject.id" type="text" size="25"/></td>
+      </tr>
+      <tr>
+        <th></th>
+        <td>The defaultSubject is used whenever an unauthenticated user accesses an
unsecured page. Typically, 
+        this is used so that an unsecured page can access a secured resource, a secured EJB
for example. 
+        Realm is the realm name of the default subject and Id is the default subject's name
within that realm.</td>
+      </tr>
+
+      <!-- doas-current-caller -->
+      <tr>
+        <td colspan="2" align="left">
+          <b>doas-current-caller:</b>
+          <input name="security.doasCurrentCaller" type="checkbox" value="true"/>
+        </td>
+      </tr>
+      <tr>
+        <th></th>
+        <td>Select this if the work is to be performed as the calling Subject/User
instead of as Server.</td>
+      </tr>
+      <!-- use-context-handler -->
+      <tr>
+        <td colspan="2" align="left">
+          <b>use-context-handler:</b>
+          <input name="security.useContextHandler" type="checkbox" value="true"/>
+        </td>
+      </tr>
+      <tr>
+        <th></th>
+        <td>Select this if the installed JACC policy contexts should use PolicyContextHandlers.</td>
+      </tr>
+    </table>
+  </div>
+</div>
+<br>
+
 <!-- Security Role Mappings -->
-<p><b>Security Role Mappings:</b><br><br>
+<p>
+<b>Security Role Mappings:</b>
+<br><br>
 Security roles declared in web.xml are shown below to the left. Map them to specific principals
present 
 in Geronimo's security realms by adding Principals, Login Domain Principals, Realm Principals
and/or 
-Distinguished Names.</p>
+Distinguished Names.
+</p>
 <table border="0">
   <c:set var="backgroundClass" value='MediumBackground'/>
   <c:forEach var="role" items="${data.security.roleMappings.roleArray}" varStatus="status1">
@@ -418,12 +527,42 @@
             </tr>
           </table>
         </div>
+
+        <c:set var="runAsSubjectId" value="${roleId}.runAsSubject" />
+        <div id="<portlet:namespace/>${runAsSubjectId}.ui">
+          <input type="checkbox" id="<portlet:namespace/>${runAsSubjectId}.checkBox"
disabled="disabled" 
+            onClick="<portlet:namespace/>toggleRunAsSubject('${runAsSubjectId}');"/>
+          Specify run-as-subject*
+          <div id="<portlet:namespace/>${runAsSubjectId}.subElements" style="display:none">
+            <table border="0">
+              <tr>
+                <th><div align="right">Realm:</div></th>
+                <td><input name="${runAsSubjectId}.realm" type="text" size="25"/></td>
+              </tr>
+              <tr>
+                <th><div align="right">Id:</div></th>
+                <td><input name="${runAsSubjectId}.id" type="text" size="25"/></td>
+              </tr>
+              <tr>
+                <th></th>
+                <td>The run-as-subject is required when the module is to continue as
if run by the specified 
+                  subject when constrained to the specified role.</td>
+              </tr>
+            </table>
+          </div>
+        </div>
         <br>
 
       </td>
     </tr>
   </c:forEach>
+  <tr>
+  <td colspan="2" align="left">* Click Advanced Settings to enable specifying run-as-subject</td>
+  </tr>
+</table>
+<br>
 
+<table border="0">
   <!-- SUBMIT BUTTON -->
   <tr>
     <th>



Mime
View raw message