geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r675561 [1/2] - in /geronimo/sandbox/djencks/jetty7/geronimo-jetty7: ./ src/main/java/org/apache/geronimo/jetty7/ src/main/java/org/apache/geronimo/jetty7/handler/ src/main/java/org/apache/geronimo/jetty7/security/ src/test/java/org/apache/...
Date Thu, 10 Jul 2008 13:05:22 GMT
Author: djencks
Date: Thu Jul 10 06:05:21 2008
New Revision: 675561

URL: http://svn.apache.org/viewvc?rev=675561&view=rev
Log:
initial integration with jetty-7-jaspi

Added:
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoRunAsToken.java   (with props)
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java   (with props)
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java   (with props)
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/ServerAuthConfigGBean.java   (with props)
Removed:
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/InternalJAASJettyRealm.java
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JAASJettyRealm.java
Modified:
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/pom.xml
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/InternalJettyServletHolder.java
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainer.java
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyEJBWebServiceContext.java
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyServletHolder.java
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyWebAppContext.java
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JettySecurityHandler.java
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/TwistyWebAppContext.java
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/AbstractWebModuleTest.java
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ApplicationTest.java
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/SecurityTest.java
    geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/StatTest.java

Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/pom.xml?rev=675561&r1=675560&r2=675561&view=diff
==============================================================================
--- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/pom.xml (original)
+++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/pom.xml Thu Jul 10 06:05:21 2008
@@ -27,13 +27,19 @@
         <artifactId>jetty7</artifactId>
         <version>2.2-SNAPSHOT</version>
     </parent>
-    
+
     <groupId>org.apache.geronimo.modules</groupId>
     <artifactId>geronimo-jetty7</artifactId>
     <name>Geronimo Plugins, Jetty :: Core</name>
-    
+
     <dependencies>
         <dependency>
+            <groupId>org.apache.geronimo.specs</groupId>
+            <artifactId>geronimo-servlet_3.0_spec</artifactId>
+            <version>1.0-EA-SNAPSHOT</version>
+        </dependency>
+
+        <dependency>
             <groupId>org.apache.geronimo.modules</groupId>
             <artifactId>geronimo-security-builder</artifactId>
             <version>${version}</version>
@@ -45,19 +51,30 @@
             <artifactId>geronimo-connector</artifactId>
             <version>${version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.geronimo.framework</groupId>
+            <artifactId>geronimo-security</artifactId>
+            <version>${version}</version>
+        </dependency>
 
         <!-- xbean-reflect, g-management come via g-j2ee from this -->
         <dependency>
             <groupId>org.apache.geronimo.modules</groupId>
             <artifactId>geronimo-webservices</artifactId>
             <version>${version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.apache.geronimo.specs</groupId>
+                    <artifactId>geronimo-servlet_2.5_spec</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
-         
+
         <dependency>
             <groupId>org.mortbay.jetty</groupId>
             <artifactId>jetty</artifactId>
         </dependency>
-        
+
         <dependency>
             <groupId>org.mortbay.jetty</groupId>
             <artifactId>jetty-ajp</artifactId>
@@ -79,7 +96,7 @@
             <scope>test</scope>
         </dependency>
     </dependencies>
-    
+
     <build>
         <plugins>
             <plugin>
@@ -97,6 +114,6 @@
             </plugin>
         </plugins>
     </build>
-    
+
 </project>
 

Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/InternalJettyServletHolder.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/InternalJettyServletHolder.java?rev=675561&r1=675560&r2=675561&view=diff
==============================================================================
--- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/InternalJettyServletHolder.java (original)
+++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/InternalJettyServletHolder.java Thu Jul 10 06:05:21 2008
@@ -92,7 +92,7 @@
      * Provide the thread's current JettyServletHolder
      *
      * @return the thread's current JettyServletHolder
-     * @see org.apache.geronimo.jetty7.JAASJettyRealm#isUserInRole(java.security.Principal,java.lang.String)
+     * TODO remove
      */
     static String getCurrentServletName() {
         return currentServletName.get();

Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainer.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainer.java?rev=675561&r1=675560&r2=675561&view=diff
==============================================================================
--- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainer.java (original)
+++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainer.java Thu Jul 10 06:05:21 2008
@@ -22,6 +22,7 @@
 import org.apache.geronimo.management.geronimo.WebContainer;
 import org.mortbay.jetty.Connector;
 import org.mortbay.jetty.RequestLog;
+import org.mortbay.jetty.security.ServletCallbackHandler;
 import org.mortbay.jetty.handler.AbstractHandlerContainer;
 
 /**
@@ -36,10 +37,6 @@
 
     void removeContext(AbstractHandlerContainer context);
 
-    InternalJAASJettyRealm addRealm(String realmName);
-
-    void removeRealm(String realmName);
-
     void resetStats();
 
     void setStatsOn(boolean on);
@@ -53,4 +50,5 @@
     RequestLog getRequestLog();
 
     File resolveToJettyHome(String workDir);
+
 }

Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java?rev=675561&r1=675560&r2=675561&view=diff
==============================================================================
--- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java (original)
+++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java Thu Jul 10 06:05:21 2008
@@ -61,7 +61,7 @@
     private final ServerInfo serverInfo;
     private File jettyHomeDir;
     private JettyWebContainerStatsImpl stats;
-    private final Map realms = new HashMap();
+//    private final Map realms = new HashMap();
     // list of handlers
     private StatisticsHandler statsHandler = new StatisticsHandler();  
     private HandlerCollection handlerCollection = new HandlerCollection();
@@ -78,11 +78,11 @@
 
         server = new JettyServer();
 
-        //set up the new jetty6 handler structure which is to have a HandlerCollection,
+        //set up the jetty6+ handler structure which is to have a HandlerCollection,
         //each element of which is always tried on each request.
         //The first element of the HandlerCollection is a
         //ContextHandlerCollection, which is itself is a collection
-        //of Handlers. It's special property is that only of it's
+        //of Handlers. It's special property is that only one of it's
         //handlers will respond to a request.
         //The second element of the HandlerCollection is a DefaultHandler
         //which is responsible for serving static content or anything not
@@ -208,29 +208,30 @@
         contextHandlerCollection.removeHandler(context);
     }
 
-    public InternalJAASJettyRealm addRealm(String realmName) {
-        InternalJAASJettyRealm realm = (InternalJAASJettyRealm) realms.get(realmName);
-        if (realm == null) {
-            realm = new InternalJAASJettyRealm(realmName);
-            realms.put(realmName, realm);
-        } else {
-            realm.addUse();
-        }
-        return realm;
-    }
-
-    public void removeRealm(String realmName) {
-        InternalJAASJettyRealm realm = (InternalJAASJettyRealm) realms.get(realmName);
-        if (realm != null) {
-            if (realm.removeUse() == 0) {
-                realms.remove(realmName);
-            }
-        }
-    }
+//    public InternalJAASJettyRealm addRealm(String realmName) {
+//        InternalJAASJettyRealm realm = (InternalJAASJettyRealm) realms.get(realmName);
+//        if (realm == null) {
+//            realm = new InternalJAASJettyRealm(realmName);
+//            realms.put(realmName, realm);
+//        } else {
+//            realm.addUse();
+//        }
+//        return realm;
+//    }
+//
+//    public void removeRealm(String realmName) {
+//        InternalJAASJettyRealm realm = (InternalJAASJettyRealm) realms.get(realmName);
+//        if (realm != null) {
+//            if (realm.removeUse() == 0) {
+//                realms.remove(realmName);
+//            }
+//        }
+//    }
 
     public void addWebService(String contextPath, String[] virtualHosts, WebServiceContainer webServiceContainer, String securityRealmName, String realmName, String transportGuarantee, String authMethod, ClassLoader classLoader) throws Exception {
-        InternalJAASJettyRealm internalJAASJettyRealm = securityRealmName == null ? null : addRealm(securityRealmName);
-        JettyEJBWebServiceContext webServiceContext = new JettyEJBWebServiceContext(contextPath, webServiceContainer, internalJAASJettyRealm, realmName, transportGuarantee, authMethod, classLoader);
+//        InternalJAASJettyRealm internalJAASJettyRealm = securityRealmName == null ? null : addRealm(securityRealmName);
+//        JettyEJBWebServiceContext webServiceContext = new JettyEJBWebServiceContext(contextPath, webServiceContainer, internalJAASJettyRealm, realmName, transportGuarantee, authMethod, classLoader);
+        JettyEJBWebServiceContext webServiceContext = new JettyEJBWebServiceContext(contextPath, webServiceContainer, realmName, transportGuarantee, authMethod, classLoader);
         webServiceContext.setVirtualHosts(virtualHosts);
         addContext(webServiceContext);
         webServiceContext.start();
@@ -239,10 +240,10 @@
 
     public void removeWebService(String contextPath) {
         JettyEJBWebServiceContext webServiceContext = (JettyEJBWebServiceContext) webServices.remove(contextPath);
-        String securityRealmName = webServiceContext.getSecurityRealmName();
-        if (securityRealmName != null) {
-            removeRealm(securityRealmName);
-        }
+//        String securityRealmName = webServiceContext.getSecurityRealmName();
+//        if (securityRealmName != null) {
+//            removeRealm(securityRealmName);
+//        }
         try {
             removeContext(webServiceContext);
         } catch (Exception e) {

Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyEJBWebServiceContext.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyEJBWebServiceContext.java?rev=675561&r1=675560&r2=675561&view=diff
==============================================================================
--- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyEJBWebServiceContext.java (original)
+++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyEJBWebServiceContext.java Thu Jul 10 06:05:21 2008
@@ -34,10 +34,6 @@
 import org.mortbay.jetty.Request;
 import org.mortbay.jetty.Response;
 import org.mortbay.jetty.handler.ContextHandler;
-import org.mortbay.jetty.security.Authenticator;
-import org.mortbay.jetty.security.BasicAuthenticator;
-import org.mortbay.jetty.security.ClientCertAuthenticator;
-import org.mortbay.jetty.security.DigestAuthenticator;
 
 /**
  * Delegates requests to a WebServiceContainer which is presumably for an EJB WebService.
@@ -67,20 +63,21 @@
 
     private final String contextPath;
     private final WebServiceContainer webServiceContainer;
-    private final Authenticator authenticator;
-    private final JAASJettyRealm realm;
+//    private final Authenticator authenticator;
+//    private final JAASJettyRealm realm;
     private final boolean isConfidentialTransportGuarantee;
     private final boolean isIntegralTransportGuarantee;
     private final ClassLoader classLoader;
 
 
-    public JettyEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer, InternalJAASJettyRealm internalJAASJettyRealm, String realmName, String transportGuarantee, String authMethod, ClassLoader classLoader) {
+    public JettyEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer, String realmName, String transportGuarantee, String authMethod, ClassLoader classLoader) {
         this.contextPath = contextPath;
         this.webServiceContainer = webServiceContainer;
         this.setContextPath(contextPath);
         
-        if (internalJAASJettyRealm != null) {
-            realm = new JAASJettyRealm(realmName, internalJAASJettyRealm);
+//        if (internalJAASJettyRealm != null) {
+        if (realmName != null) {
+//            realm = new JAASJettyRealm(realmName, internalJAASJettyRealm);
             //TODO
             //not used???
             //setUserRealm(realm);
@@ -97,20 +94,20 @@
             } else {
                 throw new IllegalArgumentException("Invalid transport-guarantee: " + transportGuarantee);
             }
-            if ("BASIC".equals(authMethod)) {
-                authenticator = new BasicAuthenticator();
-            } else if ("DIGEST".equals(authMethod)) {
-                authenticator = new DigestAuthenticator();
-            } else if ("CLIENT-CERT".equals(authMethod)) {
-                authenticator = new ClientCertAuthenticator();
-            } else if ("NONE".equals(authMethod)) {
-                authenticator = null;
-            } else {
-                throw new IllegalArgumentException("Invalid authMethod: " + authMethod);
-            }
+//            if ("BASIC".equals(authMethod)) {
+//                authenticator = new BasicAuthenticator();
+//            } else if ("DIGEST".equals(authMethod)) {
+//                authenticator = new DigestAuthenticator();
+//            } else if ("CLIENT-CERT".equals(authMethod)) {
+//                authenticator = new ClientCertAuthenticator();
+//            } else if ("NONE".equals(authMethod)) {
+//                authenticator = null;
+//            } else {
+//                throw new IllegalArgumentException("Invalid authMethod: " + authMethod);
+//            }
         } else {
-            realm = null;
-            authenticator = null;
+//            realm = null;
+//            authenticator = null;
             isConfidentialTransportGuarantee = false;
             isIntegralTransportGuarantee = false;
         }
@@ -166,17 +163,17 @@
             //hard to imagine this could be anything but null, but....
 //            Subject oldSubject = ContextManager.getCurrentCaller();
             try {
-                if (authenticator != null) {
-                    String pathInContext = org.mortbay.util.URIUtil.canonicalPath(req.getContextPath());
-                    if (authenticator.authenticate(realm, pathInContext, jettyRequest, jettyResponse) == null) {
-                        throw new HttpException(403, null);
-                    }
-                } else {
-                    //EJB will figure out correct defaultSubject shortly
-                    //TODO consider replacing the GenericEJBContainer.DefaultSubjectInterceptor with this line
-                    //setting the defaultSubject.
-                    ContextManager.popCallers(null);
-                }
+//                if (authenticator != null) {
+//                    String pathInContext = org.mortbay.util.URIUtil.canonicalPath(req.getContextPath());
+//                    if (authenticator.authenticate(realm, pathInContext, jettyRequest, jettyResponse) == null) {
+//                        throw new HttpException(403, null);
+//                    }
+//                } else {
+//                    //EJB will figure out correct defaultSubject shortly
+//                    //TODO consider replacing the GenericEJBContainer.DefaultSubjectInterceptor with this line
+//                    //setting the defaultSubject.
+//                    ContextManager.popCallers(null);
+//                }
                 try {
                     webServiceContainer.invoke(request, response);
                     jettyRequest.setHandled(true);
@@ -197,13 +194,13 @@
         return contextPath;
     }
 
-    public String getSecurityRealmName() {
-        if (realm == null) {
-            return null;
-        } else {
-            return realm.getSecurityRealmName();
-        }
-    }
+//    public String getSecurityRealmName() {
+//        if (realm == null) {
+//            return null;
+//        } else {
+//            return realm.getSecurityRealmName();
+//        }
+//    }
 
     public static class RequestAdapter implements WebServiceContainer.Request {
         private final Request request;

Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyServletHolder.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyServletHolder.java?rev=675561&r1=675560&r2=675561&view=diff
==============================================================================
--- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyServletHolder.java (original)
+++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyServletHolder.java Thu Jul 10 06:05:21 2008
@@ -37,7 +37,6 @@
  * It is also being our servlet gbean for now.  We could gbean-ize the superclass to avoid the thread local access.
  *
  * @version $Rev$ $Date$
- * @see JAASJettyRealm#isUserInRole(java.security.Principal, String)
  */
 public class JettyServletHolder implements ServletNameSource, Servlet, GBeanLifecycle {
 

Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyWebAppContext.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyWebAppContext.java?rev=675561&r1=675560&r2=675561&view=diff
==============================================================================
--- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyWebAppContext.java (original)
+++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyWebAppContext.java Thu Jul 10 06:05:21 2008
@@ -34,12 +34,15 @@
 import javax.security.auth.login.LoginException;
 import javax.transaction.TransactionManager;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.apache.geronimo.connector.outbound.connectiontracking.TrackedConnectionAssociator;
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.gbean.GBeanLifecycle;
+import org.apache.geronimo.gbean.annotation.GBean;
+import org.apache.geronimo.gbean.annotation.ParamAttribute;
+import org.apache.geronimo.gbean.annotation.ParamReference;
+import org.apache.geronimo.gbean.annotation.ParamSpecial;
+import org.apache.geronimo.gbean.annotation.SpecialAttributeType;
 import org.apache.geronimo.j2ee.RuntimeCustomizer;
 import org.apache.geronimo.j2ee.annotation.Holder;
 import org.apache.geronimo.j2ee.annotation.LifecycleMethod;
@@ -53,6 +56,7 @@
 import org.apache.geronimo.jetty7.handler.ThreadClassloaderHandler;
 import org.apache.geronimo.jetty7.handler.TwistyWebAppContext;
 import org.apache.geronimo.jetty7.handler.UserTransactionHandler;
+import org.apache.geronimo.jetty7.security.SecurityHandlerFactory;
 import org.apache.geronimo.kernel.Kernel;
 import org.apache.geronimo.kernel.ObjectNameUtil;
 import org.apache.geronimo.management.J2EEApplication;
@@ -65,17 +69,23 @@
 import org.mortbay.jetty.Handler;
 import org.mortbay.jetty.MimeTypes;
 import org.mortbay.jetty.security.Authenticator;
+import org.mortbay.jetty.security.ServletCallbackHandler;
 import org.mortbay.jetty.servlet.ErrorPageErrorHandler;
 import org.mortbay.jetty.servlet.ServletHandler;
 import org.mortbay.jetty.servlet.ServletHolder;
 import org.mortbay.jetty.servlet.ServletMapping;
 import org.mortbay.jetty.servlet.SessionHandler;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * Wrapper for a WebApplicationContext that sets up its J2EE environment.
  *
  * @version $Rev$ $Date$
  */
+
+@GBean(name="Jetty WebApplication Context",
+j2eeType=NameFactory.WEB_MODULE)
 public class JettyWebAppContext implements GBeanLifecycle, JettyServletRegistration, WebModule {
     private static final Logger log = LoggerFactory.getLogger(JettyWebAppContext.class);
 
@@ -99,44 +109,150 @@
 
     private final Set<String> servletNames = new HashSet<String>();
 
-    public JettyWebAppContext(String objectName,
-            String originalSpecDD,
-            Map<String, Object> componentContext,
-            ClassLoader classLoader,
-            URL configurationBaseUrl,
-            Set unshareableResources,
-            Set applicationManagedSecurityResources,
-            String displayName,
-            Map contextParamMap,
-            Collection<String> listenerClassNames,
-            boolean distributable,
-            Map mimeMap,
-            String[] welcomeFiles,
-            Map<String, String> localeEncodingMapping,
-            Map errorPages,
-            Authenticator authenticator,
-            String realmName,
-            Map<String, String> tagLibMap,
-            boolean compactPath,
-
-            int sessionTimeoutSeconds,
-            SessionHandlerFactory handlerFactory,
-            PreHandlerFactory preHandlerFactory,
-
-            String policyContextID,
-            String securityRealmName,
-
-            RunAsSource runAsSource, Holder holder,
-
-            Host host,
-            TransactionManager transactionManager,
-            TrackedConnectionAssociator trackedConnectionAssociator,
-            JettyContainer jettyContainer,
-            RuntimeCustomizer contextCustomizer,
-
-            J2EEServer server,
-            J2EEApplication application,
-            Kernel kernel) throws Exception {
+    public static final String GBEAN_ATTR_SESSION_TIMEOUT = "sessionTimeoutSeconds";
+
+    public static final String GBEAN_REF_SESSION_HANDLER_FACTORY = "SessionHandlerFactory";
+    public static final String GBEAN_REF_PRE_HANDLER_FACTORY = "PreHandlerFactory";
+
+//    static {
+//        GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic("Jetty WebApplication Context", JettyWebAppContext.class, NameFactory.WEB_MODULE);
+//        infoBuilder.addAttribute("deploymentDescriptor", String.class, true);
+//        //from jetty6's webapp context
+//
+//        infoBuilder.addAttribute("displayName", String.class, true);
+//        infoBuilder.addAttribute("contextParamMap", Map.class, true);
+//        infoBuilder.addAttribute("listenerClassNames", Collection.class, true);
+//        infoBuilder.addAttribute("distributable", boolean.class, true);
+//
+//        infoBuilder.addAttribute("mimeMap", Map.class, true);
+//        infoBuilder.addAttribute("welcomeFiles", String[].class, true);
+//        infoBuilder.addAttribute("localeEncodingMapping", Map.class, true);
+//        infoBuilder.addAttribute("errorPages", Map.class, true);
+//        infoBuilder.addAttribute("authenticator", Authenticator.class, true);
+//        infoBuilder.addAttribute("realmName", String.class, true);
+//        infoBuilder.addAttribute("tagLibMap", Map.class, true);
+//        infoBuilder.addAttribute(GBEAN_ATTR_SESSION_TIMEOUT, int.class, true);
+//        infoBuilder.addReference(GBEAN_REF_SESSION_HANDLER_FACTORY, SessionHandlerFactory.class,
+//                NameFactory.GERONIMO_SERVICE);
+//        infoBuilder.addReference(GBEAN_REF_PRE_HANDLER_FACTORY, PreHandlerFactory.class, NameFactory.GERONIMO_SERVICE);
+//
+//        infoBuilder.addAttribute("componentContext", Map.class, true);
+//        infoBuilder.addAttribute("classLoader", ClassLoader.class, false);
+//        infoBuilder.addAttribute("configurationBaseUrl", URL.class, true);
+//        infoBuilder.addAttribute("unshareableResources", Set.class, true);
+//        infoBuilder.addAttribute("applicationManagedSecurityResources", Set.class, true);
+//
+//        infoBuilder.addAttribute("contextPath", String.class, true);
+//        infoBuilder.addAttribute("compactPath", boolean.class, true);
+//
+//        infoBuilder.addAttribute("workDir", String.class, true);
+//        infoBuilder.addReference("Host", Host.class, "Host");
+//        infoBuilder.addReference("TransactionManager", TransactionManager.class, NameFactory.JTA_RESOURCE);
+//        infoBuilder.addReference("TrackedConnectionAssociator", TrackedConnectionAssociator.class, NameFactory.JCA_CONNECTION_TRACKER);
+//        infoBuilder.addReference("JettyContainer", JettyContainer.class, NameFactory.GERONIMO_SERVICE);
+//        infoBuilder.addReference("ContextCustomizer", RuntimeCustomizer.class, NameFactory.GERONIMO_SERVICE);
+//
+//        infoBuilder.addInterface(JettyServletRegistration.class);
+//
+//        infoBuilder.addAttribute("policyContextID", String.class, true);
+//        infoBuilder.addAttribute("securityRealmName", String.class, true);
+//        infoBuilder.addReference("RunAsSource", RunAsSource.class, NameFactory.JACC_MANAGER);
+//
+//        infoBuilder.addAttribute("holder", Holder.class, true);
+//
+//        infoBuilder.addReference("J2EEServer", J2EEServer.class);
+//        infoBuilder.addReference("J2EEApplication", J2EEApplication.class);
+//
+//        infoBuilder.addAttribute("kernel", Kernel.class, false);
+//        infoBuilder.addAttribute("objectName", String.class, false);
+//        infoBuilder.addAttribute("application", String.class, false);
+//        infoBuilder.addAttribute("javaVMs", String[].class, false);
+//        infoBuilder.addAttribute("servlets", String[].class, false);
+//
+//        infoBuilder.addInterface(WebModule.class);
+//
+//        infoBuilder.setConstructor(new String[]{
+//                "objectName",
+//                "deploymentDescriptor",
+//                "componentContext",
+//                "classLoader",
+//                "configurationBaseUrl",
+//                "unshareableResources",
+//                "applicationManagedSecurityResources",
+//
+//                "displayName",
+//                "contextParamMap",
+//                "listenerClassNames",
+//                "distributable",
+//                "mimeMap",
+//                "welcomeFiles",
+//                "localeEncodingMapping",
+//                "errorPages",
+//                "authenticator",
+//                "realmName",
+//                "tagLibMap",
+//                "compactPath",
+//                GBEAN_ATTR_SESSION_TIMEOUT,
+//                GBEAN_REF_SESSION_HANDLER_FACTORY,
+//                GBEAN_REF_PRE_HANDLER_FACTORY,
+//
+//                "policyContextID",
+//                "securityRealmName",
+//                "RunAsSource",
+//
+//                "holder",
+//
+//                "Host",
+//                "TransactionManager",
+//                "TrackedConnectionAssociator",
+//                "JettyContainer",
+//                "ContextCustomizer",
+//
+//                "J2EEServer",
+//                "J2EEApplication",
+//                "kernel"
+//        });
+//
+//    }
+
+    public JettyWebAppContext(@ParamSpecial(type=SpecialAttributeType.objectName) String objectName,
+                              @ParamAttribute(name = "deploymentDescriptor") String originalSpecDD,
+                              @ParamAttribute(name = "componentContext") Map<String, Object> componentContext,
+                              @ParamSpecial(type=SpecialAttributeType.classLoader)  ClassLoader classLoader,
+                              @ParamAttribute(name = "configurationBaseUrl") URL configurationBaseUrl,
+                              @ParamAttribute(name = "unshareableResources") Set unshareableResources,
+                              @ParamAttribute(name = "applicationManagedSecurityResources") Set applicationManagedSecurityResources,
+                              @ParamAttribute(name = "displayName") String displayName,
+                              @ParamAttribute(name = "contextParamMap") Map contextParamMap,
+                              @ParamAttribute(name = "listenerClassNames") Collection<String> listenerClassNames,
+                              @ParamAttribute(name = "distributable") boolean distributable,
+                              @ParamAttribute(name = "mimeMap") Map mimeMap,
+                              @ParamAttribute(name = "welcomeFiles") String[] welcomeFiles,
+                              @ParamAttribute(name = "localeEncodingMapping") Map<String, String> localeEncodingMapping,
+                              @ParamAttribute(name = "errorPages") Map errorPages,
+                              @ParamAttribute(name = "tagLibMap") Map<String, String> tagLibMap,
+                              @ParamAttribute(name = "compactPath") boolean compactPath,
+
+                              @ParamAttribute(name = GBEAN_ATTR_SESSION_TIMEOUT) int sessionTimeoutSeconds,
+                              @ParamReference(name = GBEAN_REF_SESSION_HANDLER_FACTORY) SessionHandlerFactory handlerFactory,
+                              @ParamReference(name = GBEAN_REF_PRE_HANDLER_FACTORY) PreHandlerFactory preHandlerFactory,
+
+                              @ParamAttribute(name = "policyContextID") String policyContextID,
+                              @ParamAttribute(name = "securityRealmName") String securityRealmName,
+                              @ParamReference(name = "SecurityHandlerFactory")  SecurityHandlerFactory securityHandlerFactory,
+                              @ParamReference(name = "RunAsSource") RunAsSource runAsSource,
+
+                              @ParamAttribute(name = "holder") Holder holder,
+
+                              @ParamReference(name="Host") Host host,
+                              @ParamReference(name="TransactionManager") TransactionManager transactionManager,
+                              @ParamReference(name="TrackedConnectionAssociator") TrackedConnectionAssociator trackedConnectionAssociator,
+                              @ParamReference(name="JettyContainer") JettyContainer jettyContainer,
+                              @ParamReference(name="RuntimeCustomizer") RuntimeCustomizer contextCustomizer,
+
+                              @ParamReference(name="J2EEServer") J2EEServer server,
+                              @ParamReference(name="J2EEApplication") J2EEApplication application,
+                              @ParamSpecial(type=SpecialAttributeType.kernel) Kernel kernel) throws Exception {
 
         assert componentContext != null;
         assert classLoader != null;
@@ -160,13 +276,13 @@
             sessionHandler = new SessionHandler();
         }
         JettySecurityHandler securityHandler = null;
-        if (securityRealmName != null) {
-            InternalJAASJettyRealm internalJAASJettyRealm = jettyContainer.addRealm(securityRealmName);
+//        if (securityRealmName != null) {
+//            InternalJAASJettyRealm internalJAASJettyRealm = jettyContainer.addRealm(securityRealmName);
             //wrap jetty realm with something that knows the dumb realmName
-            JAASJettyRealm realm = new JAASJettyRealm(realmName, internalJAASJettyRealm);
+//            JAASJettyRealm realm = new JAASJettyRealm(realmName, internalJAASJettyRealm);
             Subject defaultSubject =  this.runAsSource.getDefaultSubject();
-            securityHandler = new JettySecurityHandler(authenticator, realm, policyContextID, defaultSubject);
-        }
+            securityHandler = securityHandlerFactory.buildSecurityHandler(policyContextID, defaultSubject, runAsSource);
+//        }
 
         ServletHandler servletHandler = new ServletHandler();
 
@@ -524,117 +640,4 @@
         }
     }
 
-    public static final GBeanInfo GBEAN_INFO;
-
-    public static final String GBEAN_ATTR_SESSION_TIMEOUT = "sessionTimeoutSeconds";
-
-    public static final String GBEAN_REF_SESSION_HANDLER_FACTORY = "SessionHandlerFactory";
-    public static final String GBEAN_REF_PRE_HANDLER_FACTORY = "PreHandlerFactory";
-
-    static {
-        GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic("Jetty WebApplication Context", JettyWebAppContext.class, NameFactory.WEB_MODULE);
-        infoBuilder.addAttribute("deploymentDescriptor", String.class, true);
-        //from jetty6's webapp context
-
-        infoBuilder.addAttribute("displayName", String.class, true);
-        infoBuilder.addAttribute("contextParamMap", Map.class, true);
-        infoBuilder.addAttribute("listenerClassNames", Collection.class, true);
-        infoBuilder.addAttribute("distributable", boolean.class, true);
-
-        infoBuilder.addAttribute("mimeMap", Map.class, true);
-        infoBuilder.addAttribute("welcomeFiles", String[].class, true);
-        infoBuilder.addAttribute("localeEncodingMapping", Map.class, true);
-        infoBuilder.addAttribute("errorPages", Map.class, true);
-        infoBuilder.addAttribute("authenticator", Authenticator.class, true);
-        infoBuilder.addAttribute("realmName", String.class, true);
-        infoBuilder.addAttribute("tagLibMap", Map.class, true);
-        infoBuilder.addAttribute(GBEAN_ATTR_SESSION_TIMEOUT, int.class, true);
-        infoBuilder.addReference(GBEAN_REF_SESSION_HANDLER_FACTORY, SessionHandlerFactory.class,
-                NameFactory.GERONIMO_SERVICE);
-        infoBuilder.addReference(GBEAN_REF_PRE_HANDLER_FACTORY, PreHandlerFactory.class, NameFactory.GERONIMO_SERVICE);
-
-        infoBuilder.addAttribute("componentContext", Map.class, true);
-        infoBuilder.addAttribute("classLoader", ClassLoader.class, false);
-        infoBuilder.addAttribute("configurationBaseUrl", URL.class, true);
-        infoBuilder.addAttribute("unshareableResources", Set.class, true);
-        infoBuilder.addAttribute("applicationManagedSecurityResources", Set.class, true);
-
-        infoBuilder.addAttribute("contextPath", String.class, true);
-        infoBuilder.addAttribute("compactPath", boolean.class, true);
-
-        infoBuilder.addAttribute("workDir", String.class, true);
-        infoBuilder.addReference("Host", Host.class, "Host");
-        infoBuilder.addReference("TransactionManager", TransactionManager.class, NameFactory.JTA_RESOURCE);
-        infoBuilder.addReference("TrackedConnectionAssociator", TrackedConnectionAssociator.class, NameFactory.JCA_CONNECTION_TRACKER);
-        infoBuilder.addReference("JettyContainer", JettyContainer.class, NameFactory.GERONIMO_SERVICE);
-        infoBuilder.addReference("ContextCustomizer", RuntimeCustomizer.class, NameFactory.GERONIMO_SERVICE);
-
-        infoBuilder.addInterface(JettyServletRegistration.class);
-
-        infoBuilder.addAttribute("policyContextID", String.class, true);
-        infoBuilder.addAttribute("securityRealmName", String.class, true);
-        infoBuilder.addReference("RunAsSource", RunAsSource.class, NameFactory.JACC_MANAGER);
-
-        infoBuilder.addAttribute("holder", Holder.class, true);
-
-        infoBuilder.addReference("J2EEServer", J2EEServer.class);
-        infoBuilder.addReference("J2EEApplication", J2EEApplication.class);
-
-        infoBuilder.addAttribute("kernel", Kernel.class, false);
-        infoBuilder.addAttribute("objectName", String.class, false);
-        infoBuilder.addAttribute("application", String.class, false);
-        infoBuilder.addAttribute("javaVMs", String[].class, false);
-        infoBuilder.addAttribute("servlets", String[].class, false);
-
-        infoBuilder.addInterface(WebModule.class);
-
-        infoBuilder.setConstructor(new String[]{
-                "objectName",
-                "deploymentDescriptor",
-                "componentContext",
-                "classLoader",
-                "configurationBaseUrl",
-                "unshareableResources",
-                "applicationManagedSecurityResources",
-
-                "displayName",
-                "contextParamMap",
-                "listenerClassNames",
-                "distributable",
-                "mimeMap",
-                "welcomeFiles",
-                "localeEncodingMapping",
-                "errorPages",
-                "authenticator",
-                "realmName",
-                "tagLibMap",
-                "compactPath",
-                GBEAN_ATTR_SESSION_TIMEOUT,
-                GBEAN_REF_SESSION_HANDLER_FACTORY,
-                GBEAN_REF_PRE_HANDLER_FACTORY,
-
-                "policyContextID",
-                "securityRealmName",
-                "RunAsSource",
-
-                "holder",
-
-                "Host",
-                "TransactionManager",
-                "TrackedConnectionAssociator",
-                "JettyContainer",
-                "ContextCustomizer",
-
-                "J2EEServer",
-                "J2EEApplication",
-                "kernel"
-        });
-
-        GBEAN_INFO = infoBuilder.getBeanInfo();
-    }
-
-    public static GBeanInfo getGBeanInfo() {
-        return GBEAN_INFO;
-    }
-
 }

Added: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoRunAsToken.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoRunAsToken.java?rev=675561&view=auto
==============================================================================
--- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoRunAsToken.java (added)
+++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoRunAsToken.java Thu Jul 10 06:05:21 2008
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.jetty7.handler;
+
+import javax.security.auth.Subject;
+
+import org.mortbay.jetty.security.RunAsToken;
+import org.apache.geronimo.security.ContextManager;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class GeronimoRunAsToken implements RunAsToken {
+
+    private final Subject runAsSubject;
+
+    public GeronimoRunAsToken(Subject runAsSubject) {
+        this.runAsSubject = runAsSubject;
+    }
+
+    //TODO remove??
+    public Subject getRunAsSubject() {
+        return runAsSubject;
+    }
+
+    //TODO   should be setNextCaller() or pushNextCaller?
+    public void setRunAsRole() {
+        ContextManager.setNextCaller(runAsSubject);
+    }
+}

Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoRunAsToken.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoRunAsToken.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoRunAsToken.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java?rev=675561&view=auto
==============================================================================
--- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java (added)
+++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java Thu Jul 10 06:05:21 2008
@@ -0,0 +1,91 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.jetty7.handler;
+
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
+import java.security.Principal;
+import java.util.Map;
+
+import javax.security.jacc.WebRoleRefPermission;
+
+import org.mortbay.jetty.security.RunAsToken;
+import org.mortbay.jetty.security.UserIdentity;
+import org.mortbay.jetty.servlet.ServletHolder;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class GeronimoUserIdentity implements UserIdentity {
+
+    private final Principal userPrincipal;
+    private final AccessControlContext acc;
+    private RunAsToken runAsToken;
+    private ServletHolder serverletHolder;
+
+    public GeronimoUserIdentity(Principal userPrincipal, AccessControlContext acc) {
+        this.userPrincipal = userPrincipal;
+        this.acc = acc;
+    }
+
+    public Principal getUserPrincipal() {
+        return userPrincipal;
+    }/* ------------------------------------------------------------ */
+
+    //jaspi called from Request.isUserInRole and ConstraintSecurityHandler.check
+    public boolean isUserInRole(String role) {
+        // JACC v1.0 secion B.19
+        String servletName = serverletHolder.getName();
+        if (servletName == null || servletName.equals("jsp")) {
+            servletName = "";
+        }
+        try {
+            acc.checkPermission(new WebRoleRefPermission(servletName, role));
+            return true;
+        } catch (AccessControlException e) {
+            return false;
+        }
+    }/* ------------------------------------------------------------ */
+
+    //jaspi called from ServletHolder.handle, initServlet, doStop and tests
+    public RunAsToken setRunAsRole(RunAsToken newRunAsRole) {
+        RunAsToken oldRunAsToken = runAsToken;
+        ((GeronimoRunAsToken)newRunAsRole).setRunAsRole();
+        runAsToken = newRunAsRole;
+        return oldRunAsToken;
+    }
+
+    public ServletHolder setServletHolder(ServletHolder newServletHolder) {
+        ServletHolder oldServletHolder = serverletHolder;
+        this.serverletHolder = newServletHolder;
+        return oldServletHolder;
+    }
+
+
+    //jaspi called from FormAuthenticator.valueUnbound (when session is unbound)
+    //TODO usable???
+    public void logout(Principal user) {
+    }
+
+    public AccessControlContext getAccessControlContext() {
+        return acc;
+    }
+}

Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JettySecurityHandler.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JettySecurityHandler.java?rev=675561&r1=675560&r2=675561&view=diff
==============================================================================
--- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JettySecurityHandler.java (original)
+++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JettySecurityHandler.java Thu Jul 10 06:05:21 2008
@@ -20,8 +20,11 @@
 import java.security.AccessControlContext;
 import java.security.AccessControlException;
 import java.security.Principal;
+import java.util.Map;
 
 import javax.security.auth.Subject;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
 import javax.security.jacc.PolicyContext;
 import javax.security.jacc.WebResourcePermission;
 import javax.security.jacc.WebUserDataPermission;
@@ -29,45 +32,39 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.geronimo.common.GeronimoSecurityException;
-import org.apache.geronimo.jetty7.JAASJettyPrincipal;
-import org.apache.geronimo.jetty7.JAASJettyRealm;
 import org.apache.geronimo.jetty7.JettyContainer;
 import org.apache.geronimo.security.Callers;
 import org.apache.geronimo.security.ContextManager;
-import org.mortbay.jetty.HttpException;
+import org.apache.geronimo.security.jacc.RunAsSource;
 import org.mortbay.jetty.Request;
 import org.mortbay.jetty.Response;
-import org.mortbay.jetty.security.Authenticator;
-import org.mortbay.jetty.security.FormAuthenticator;
-import org.mortbay.jetty.security.SecurityHandler;
+import org.mortbay.jetty.security.AbstractSecurityHandler;
+import org.mortbay.jetty.security.RunAsToken;
+import org.mortbay.jetty.security.ServletCallbackHandler;
+import org.mortbay.jetty.security.UserIdentity;
 
-public class JettySecurityHandler extends SecurityHandler {
+public class JettySecurityHandler extends AbstractSecurityHandler {
 
-    private String policyContextID;
+    private final String policyContextID;
+    private final RunAsSource runAsSource;
 
-    private JAASJettyPrincipal defaultPrincipal;
+    //wrong
+    private final AccessControlContext default_acc;
 
-    private String formLoginPath;
-
-    private JAASJettyRealm realm;
-
-    public JettySecurityHandler(Authenticator authenticator,
-            JAASJettyRealm userRealm,
+    public JettySecurityHandler(
             String policyContextID,
-            Subject defaultSubject) {
-        setAuthenticator(authenticator);
+            Subject defaultSubject,
+            RunAsSource runAsSource,
+            ServerAuthConfig serverAuthConfig,
+            Subject serviceSubject,
+            Map authProperties,
+            ServletCallbackHandler servletCallbackHandler) {
+        setAuthConfig(serverAuthConfig);
+        setServiceSubject(serviceSubject);
+        setAuthProperties(authProperties);
+        setServletCallbackHandler(servletCallbackHandler);
         this.policyContextID = policyContextID;
-
-        if (authenticator instanceof FormAuthenticator) {
-            String formLoginPath = ((FormAuthenticator) authenticator).getLoginPage();
-            if (formLoginPath.indexOf('?') > 0) {
-                formLoginPath = formLoginPath.substring(0, formLoginPath.indexOf('?'));
-            }
-            this.formLoginPath = formLoginPath;
-        } else {
-            formLoginPath = null;
-        }
+        this.runAsSource = runAsSource;
 
         /**
          * Register our default principal with the ContextManager
@@ -75,23 +72,17 @@
         if (defaultSubject == null) {
             defaultSubject = ContextManager.EMPTY;
         }
-        this.defaultPrincipal = generateDefaultPrincipal(defaultSubject);
+        default_acc = ContextManager.registerSubjectShort(defaultSubject);
+//        this.defaultPrincipal = generateDefaultPrincipal(defaultSubject);
 
-        setUserRealm(userRealm);
-        this.realm = userRealm;
-        assert realm != null;
     }
 
-    public boolean hasConstraints() {
-        return true;
-    }
 
     public void doStop(JettyContainer jettyContainer) throws Exception {
         try {
             super.doStop();
         }
         finally {
-            jettyContainer.removeRealm(realm.getSecurityRealmName());
         }
     }
 
@@ -102,7 +93,7 @@
      *      javax.servlet.http.HttpServletResponse, int)
      */
     public void handle(String target, HttpServletRequest request,
-            HttpServletResponse response, int dispatch) throws IOException,
+                       HttpServletResponse response, int dispatch) throws IOException,
             ServletException {
         String old_policy_id = PolicyContext.getContextID();
         Callers oldCallers = ContextManager.getCallers();
@@ -118,35 +109,28 @@
         }
     }
 
-//    public static Subject getCurrentRoleDesignate(String role) {
-//        return ((JettySecurityHandler) (WebAppContext.getCurrentWebAppContext()
-//                .getSecurityHandler())).getRoleDesignate(role);
-//    }
-//
-//    private Subject getRoleDesignate(String roleName) {
-//        return (Subject) roleDesignates.get(roleName);
-//    }
+    protected UserIdentity newUserIdentity(ServletCallbackHandler callbackHandler, Subject clientSubject) {
+        AccessControlContext acc = ContextManager.registerSubjectShort(clientSubject);
+        ContextManager.setCallers(clientSubject, clientSubject);
+        final CallerPrincipalCallback principalCallback = callbackHandler.getThreadCallerPrincipalCallback();
+        Principal userPrincipal = principalCallback == null? null: principalCallback.getPrincipal();
+        return new GeronimoUserIdentity(userPrincipal, acc);
+    }
 
-    /**
-     * Check the security constraints using JACC.
-     *
-     * @param pathInContext path in context
-     * @param request       HTTP request
-     * @param response      HTTP response
-     * @return true if the path in context passes the security check, false if
-     *         it fails or a redirection has occured during authentication.
-     */
-    public boolean checkSecurityConstraints(String pathInContext, Request request, Response response) throws IOException {
-        if (formLoginPath != null) {
-            String pathToBeTested = (pathInContext.indexOf('?') > 0 ? pathInContext
-                    .substring(0, pathInContext.indexOf('?'))
-                    : pathInContext);
+    protected UserIdentity newSystemUserIdentity() {
+        return new GeronimoUserIdentity(null, default_acc);
+    }
 
-            if (pathToBeTested.equals(formLoginPath)) {
-                return true;
-            }
-        }
+    public RunAsToken newRunAsToken(String runAsRole) {
+        Subject runAsSubject = runAsSource.getSubjectForRole(runAsRole);
+        return new GeronimoRunAsToken(runAsSubject);
+    }
+
+    protected Object prepareConstraintInfo(String pathInContext, Request request) {
+        return null;
+    }
 
+    protected boolean checkUserDataPermissions(String pathInContext, Request request, Response response, Object constraintInfo) throws IOException {
         try {
             String transportType;
             if (request.isSecure()) {
@@ -162,100 +146,156 @@
             if (substitutedPathInContext.indexOf(":") > -1)
                 substitutedPathInContext = substitutedPathInContext.replaceAll(":", "%3A");
 
-
-            Authenticator authenticator = getAuthenticator();
-            boolean isAuthenticated = false;
-
-            if (authenticator instanceof FormAuthenticator
-                    && pathInContext.endsWith(FormAuthenticator.__J_SECURITY_CHECK)) {
-                /**
-                 * This is a post request to __J_SECURITY_CHECK. Stop now after authentication.
-                 * Whether or not authentication succeeded, we return.
-                 */
-                authenticator.authenticate(realm, pathInContext, request, response);
-                return false;
-            }
-            // attempt to access an unprotected resource that is not the
-            // j_security_check.
-            // if we are logged in, return the logged in principal.
-            if (request != null) {
-                // null response appears to prevent redirect to login page
-                Principal user = authenticator.authenticate(realm, pathInContext,
-                        request, null);
-                if (user == null || user == SecurityHandler.__NOBODY) {
-                    //TODO use run-as as nextCaller if present
-                    ContextManager.setCallers(defaultPrincipal.getSubject(), defaultPrincipal.getSubject());
-                    request.setUserPrincipal(new NotChecked());
-                } else if (user != null) {
-                    isAuthenticated = true;
-                }
-            }
-
-
-            AccessControlContext acc = ContextManager.getCurrentContext();
-
             /**
              * JACC v1.0 section 4.1.1
              */
             WebUserDataPermission wudp = new WebUserDataPermission(substitutedPathInContext, new String[]{request.getMethod()}, transportType);
-            acc.checkPermission(wudp);
+            default_acc.checkPermission(wudp);
+            return true;
+        } catch (AccessControlException e) {
+            return false;
+        }
+    }
 
-            WebResourcePermission webResourcePermission = new WebResourcePermission(request);
-            /**
-             * JACC v1.0 section 4.1.2
-             */
-            if (isAuthenticated) {
-                //current user is logged in, this is the actual check
-                acc.checkPermission(webResourcePermission);
-            } else {
-                //user is not logged in: if access denied, try to log them in.
-                try {
-                    acc.checkPermission(webResourcePermission);
-                } catch (AccessControlException e) {
-                    //not logged in: try to log them in.
-                    Principal user = authenticator.authenticate(realm, pathInContext, request, response);
-                    if (user == SecurityHandler.__NOBODY) {
-                        return true;
-                    }
-                    if (user == null) {
-                        throw e;
-                    }
-                }
-            }
+    protected boolean isAuthMandatory(Request base_request, Response base_response, Object constraintInfo) {
+        return !checkWebResourcePermission(base_request, default_acc);
+    }
 
-        } catch (HttpException he) {
-            response.sendError(he.getStatus(), he.getReason());
-            return false;
-        } catch (AccessControlException ace) {
-            if (!response.isCommitted()) {
-                response.sendError(403);
-            }
+    protected boolean checkWebResourcePermissions(String pathInContext, Request request, Response response, Object constraintInfo, UserIdentity userIdentity) throws IOException {
+        AccessControlContext acc = ((GeronimoUserIdentity)userIdentity).getAccessControlContext();
+        return checkWebResourcePermission(request, acc);
+    }
+
+    private boolean checkWebResourcePermission(Request request, AccessControlContext acc) {
+        WebResourcePermission webResourcePermission = new WebResourcePermission(request);
+        /**
+         * JACC v1.0 section 4.1.2
+         */
+        //user is not logged in: if access denied, try to log them in.
+        try {
+            acc.checkPermission(webResourcePermission);
+            return true;
+        } catch (AccessControlException e) {
             return false;
         }
-        return true;
     }
 
+//    public static Subject getCurrentRoleDesignate(String role) {
+//        return ((JettySecurityHandler) (WebAppContext.getCurrentWebAppContext()
+//                .getSecurityHandler())).getRoleDesignate(role);
+//    }
+//
+//    private Subject getRoleDesignate(String roleName) {
+//        return (Subject) roleDesignates.get(roleName);
+//    }
+
     /**
-     * Generate the default principal from the security config.
+     * Check the security constraints using JACC.
      *
-     * @param defaultSubject The default subject.
-     * @return the default principal
-     * @throws org.apache.geronimo.common.GeronimoSecurityException
-     *          if the default principal cannot be constructed
+     * @param pathInContext path in context
+     * @param request       HTTP request
+     * @param response      HTTP response
+     * @return true if the path in context passes the security check, false if
+     *         it fails or a redirection has occured during authentication.
      */
-    protected JAASJettyPrincipal generateDefaultPrincipal(Subject defaultSubject)
-            throws GeronimoSecurityException {
-
-        if (defaultSubject == null) {
-            throw new GeronimoSecurityException(
-                    "Unable to generate default principal");
-        }
-
-        JAASJettyPrincipal result = new JAASJettyPrincipal("default");
-
-        result.setSubject(defaultSubject);
+//    public boolean checkSecurityConstraints(String pathInContext, Request request, Response response) throws IOException {
+//        if (formLoginPath != null) {
+//            String pathToBeTested = (pathInContext.indexOf('?') > 0 ? pathInContext
+//                    .substring(0, pathInContext.indexOf('?'))
+//                    : pathInContext);
+//
+//            if (pathToBeTested.equals(formLoginPath)) {
+//                return true;
+//            }
+//        }
+//
+//        try {
+//            String transportType;
+//            if (request.isSecure()) {
+//                transportType = "CONFIDENTIAL";
+//            } else if (request.getConnection().isIntegral(request)) {
+//                transportType = "INTEGRAL";
+//            } else {
+//                transportType = "NONE";
+//            }
+//            String substitutedPathInContext = pathInContext;
+//            if (substitutedPathInContext.indexOf("%3A") > -1)
+//                substitutedPathInContext = substitutedPathInContext.replaceAll("%3A", "%3A%3A");
+//            if (substitutedPathInContext.indexOf(":") > -1)
+//                substitutedPathInContext = substitutedPathInContext.replaceAll(":", "%3A");
+//
+//
+//            Authenticator authenticator = getAuthenticator();
+//            boolean isAuthenticated = false;
+//
+//            if (authenticator instanceof FormAuthenticator
+//                    && pathInContext.endsWith(FormAuthenticator.__J_SECURITY_CHECK)) {
+//                /**
+//                 * This is a post request to __J_SECURITY_CHECK. Stop now after authentication.
+//                 * Whether or not authentication succeeded, we return.
+//                 */
+//                authenticator.authenticate(realm, pathInContext, request, response);
+//                return false;
+//            }
+//            // attempt to access an unprotected resource that is not the
+//            // j_security_check.
+//            // if we are logged in, return the logged in principal.
+//            if (request != null) {
+//                // null response appears to prevent redirect to login page
+//                Principal user = authenticator.authenticate(realm, pathInContext,
+//                        request, null);
+//                if (user == null || user == SecurityHandler.__NOBODY) {
+//                    //TODO use run-as as nextCaller if present
+//                    ContextManager.setCallers(defaultPrincipal.getSubject(), defaultPrincipal.getSubject());
+//                    request.setUserPrincipal(new NotChecked());
+//                } else if (user != null) {
+//                    isAuthenticated = true;
+//                }
+//            }
+//
+//
+//            AccessControlContext acc = ContextManager.getCurrentContext();
+//
+//            /**
+//             * JACC v1.0 section 4.1.1
+//             */
+//            WebUserDataPermission wudp = new WebUserDataPermission(substitutedPathInContext, new String[]{request.getMethod()}, transportType);
+//            acc.checkPermission(wudp);
+//
+//            WebResourcePermission webResourcePermission = new WebResourcePermission(request);
+//            /**
+//             * JACC v1.0 section 4.1.2
+//             */
+//            if (isAuthenticated) {
+//                //current user is logged in, this is the actual check
+//                acc.checkPermission(webResourcePermission);
+//            } else {
+//                //user is not logged in: if access denied, try to log them in.
+//                try {
+//                    acc.checkPermission(webResourcePermission);
+//                } catch (AccessControlException e) {
+//                    //not logged in: try to log them in.
+//                    Principal user = authenticator.authenticate(realm, pathInContext, request, response);
+//                    if (user == SecurityHandler.__NOBODY) {
+//                        return true;
+//                    }
+//                    if (user == null) {
+//                        throw e;
+//                    }
+//                }
+//            }
+//
+//        } catch (HttpException he) {
+//            response.sendError(he.getStatus(), he.getReason());
+//            return false;
+//        } catch (AccessControlException ace) {
+//            if (!response.isCommitted()) {
+//                response.sendError(403);
+//            }
+//            return false;
+//        }
+//        return true;
+//    }
 
-        return result;
-    }
 
 }

Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/TwistyWebAppContext.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/TwistyWebAppContext.java?rev=675561&r1=675560&r2=675561&view=diff
==============================================================================
--- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/TwistyWebAppContext.java (original)
+++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/TwistyWebAppContext.java Thu Jul 10 06:05:21 2008
@@ -29,7 +29,7 @@
 import org.mortbay.jetty.Handler;
 import org.mortbay.jetty.Server;
 import org.mortbay.jetty.handler.ErrorHandler;
-import org.mortbay.jetty.security.SecurityHandler;
+import org.mortbay.jetty.security.AbstractSecurityHandler;
 import org.mortbay.jetty.servlet.ServletHandler;
 import org.mortbay.jetty.servlet.SessionHandler;
 import org.mortbay.jetty.webapp.WebAppContext;
@@ -42,7 +42,7 @@
     private Handler handler;
 
 
-    public TwistyWebAppContext(SecurityHandler securityHandler, SessionHandler sessionHandler, ServletHandler servletHandler, ErrorHandler errorHandler) {
+    public TwistyWebAppContext(AbstractSecurityHandler securityHandler, SessionHandler sessionHandler, ServletHandler servletHandler, ErrorHandler errorHandler) {
         super(securityHandler, sessionHandler, servletHandler, errorHandler);
     }
 

Added: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java?rev=675561&view=auto
==============================================================================
--- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java (added)
+++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java Thu Jul 10 06:05:21 2008
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.jetty7.security;
+
+import javax.security.auth.Subject;
+
+import org.apache.geronimo.jetty7.handler.JettySecurityHandler;
+import org.apache.geronimo.security.jacc.RunAsSource;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public interface SecurityHandlerFactory {
+
+    JettySecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource);
+
+}

Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/ServerAuthConfigGBean.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/ServerAuthConfigGBean.java?rev=675561&view=auto
==============================================================================
--- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/ServerAuthConfigGBean.java (added)
+++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/ServerAuthConfigGBean.java Thu Jul 10 06:05:21 2008
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.jetty7.security;
+
+import java.util.Map;
+import java.util.HashMap;
+
+import javax.security.auth.Subject;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.config.ServerAuthContext;
+
+import org.apache.geronimo.jetty7.handler.JettySecurityHandler;
+import org.apache.geronimo.security.jacc.RunAsSource;
+import org.mortbay.jetty.security.ServletCallbackHandler;
+import org.mortbay.jetty.security.jaspi.SimpleAuthConfig;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class ServerAuthConfigGBean implements SecurityHandlerFactory {
+
+    private ServerAuthConfig serverAuthConfig;
+    private ServletCallbackHandler servletCallbackHandler = new ServletCallbackHandler();
+    private Map authConfigProperties = new HashMap<Object, Object>();
+    private Subject serviceSubject = null;
+
+
+    public ServerAuthConfigGBean(ServletCallbackHandler servletCallbackHandler, ServerAuthContext serverAuthContext) {
+        this.servletCallbackHandler = servletCallbackHandler;
+        this.serverAuthConfig = new SimpleAuthConfig(null, serverAuthContext);
+    }
+
+    public JettySecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource) {
+        return new JettySecurityHandler(policyContextID, defaultSubject, runAsSource, serverAuthConfig, serviceSubject, authConfigProperties, servletCallbackHandler);
+    }
+
+}

Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/ServerAuthConfigGBean.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/ServerAuthConfigGBean.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/ServerAuthConfigGBean.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/AbstractWebModuleTest.java?rev=675561&r1=675560&r2=675561&view=diff
==============================================================================
--- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/AbstractWebModuleTest.java (original)
+++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/AbstractWebModuleTest.java Thu Jul 10 06:05:21 2008
@@ -19,38 +19,50 @@
 import java.io.File;
 import java.net.URL;
 import java.security.PermissionCollection;
+import java.security.Principal;
+import java.security.Permissions;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import javax.security.auth.Subject;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.jacc.WebUserDataPermission;
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.PolicyContextException;
 import javax.transaction.TransactionManager;
 
 import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
 import org.apache.geronimo.connector.outbound.connectiontracking.GeronimoTransactionListener;
 import org.apache.geronimo.jetty7.connector.HTTPSocketConnector;
-import org.apache.geronimo.security.SecurityServiceImpl;
-import org.apache.geronimo.security.deploy.PrincipalInfo;
+import org.apache.geronimo.jetty7.security.SecurityHandlerFactory;
+import org.apache.geronimo.jetty7.security.ServerAuthConfigGBean;
 import org.apache.geronimo.security.deploy.SubjectInfo;
-import org.apache.geronimo.security.jaas.ConfigurationEntryFactory;
-import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration;
-import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
-import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
-import org.apache.geronimo.security.jaas.LoginModuleGBean;
 import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
-import org.apache.geronimo.security.jacc.mappingprovider.ApplicationPrincipalRoleConfigurationManager;
-import org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicyConfigurationFactory;
-import org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicy;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.geronimo.security.jacc.PrincipalRoleMapper;
 import org.apache.geronimo.security.jacc.RunAsSource;
-import org.apache.geronimo.security.realm.GenericSecurityRealm;
+import org.apache.geronimo.security.jacc.mappingprovider.ApplicationPrincipalRoleConfigurationManager;
+import org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicy;
+import org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicyConfigurationFactory;
+import org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal;
+import org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal;
+import org.apache.geronimo.security.SecurityServiceImpl;
 import org.apache.geronimo.system.serverinfo.BasicServerInfo;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
 import org.apache.geronimo.testsupport.TestSupport;
 import org.apache.geronimo.transaction.manager.TransactionManagerImpl;
-import org.mortbay.jetty.security.Authenticator;
-import org.mortbay.jetty.security.FormAuthenticator;
+import org.mortbay.jetty.security.ServletCallbackHandler;
+import org.mortbay.jetty.security.jaspi.modules.FormAuthModule;
+import org.mortbay.jetty.security.jaspi.modules.LoginCredentials;
+import org.mortbay.jetty.security.jaspi.modules.LoginResult;
+import org.mortbay.jetty.security.jaspi.modules.LoginService;
+import org.mortbay.jetty.security.jaspi.modules.UserPasswordLoginCredentials;
+import org.mortbay.jetty.security.jaspi.modules.BaseAuthModule;
 
 
 /**
@@ -88,8 +100,22 @@
 
     }
 
-    protected JettyWebAppContext setUpAppContext(String realmName, String securityRealmName, Authenticator authenticator, String policyContextId, PermissionCollection excludedPermissions, RunAsSource runAsSource, PermissionCollection checkedPermissions, String uriString) throws Exception {
+    protected JettyWebAppContext setUpAppContext(String securityRealmName, SecurityHandlerFactory securityHandlerFactory, String policyContextId, RunAsSource runAsSource, String uriString) throws Exception {
 
+        if (securityHandlerFactory == null) {
+            Permissions unchecked = new Permissions();
+            unchecked.add(new WebUserDataPermission("/", null));
+            unchecked.add(new WebResourcePermission("/", ""));
+            ComponentPermissions componentPermissions = new ComponentPermissions(new Permissions(), unchecked, Collections.<String, PermissionCollection>emptyMap());
+            setUpJACC(Collections.<String, SubjectInfo>emptyMap(), Collections.<Principal, Set<String>>emptyMap(), componentPermissions, policyContextId);
+            final ServletCallbackHandler callbackHandler = new ServletCallbackHandler();
+            securityHandlerFactory = new ServerAuthConfigGBean(callbackHandler, new BaseAuthModule(callbackHandler, null) {
+                @Override
+                public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
+                    return AuthStatus.SUCCESS;
+                }
+            });
+        }
         JettyWebAppContext app = new JettyWebAppContext(null,
                 null,
                 Collections.<String, Object>emptyMap(),
@@ -105,8 +131,6 @@
                 null,
                 null,
                 null,
-                authenticator,
-                realmName,
                 null,
                 false,
                 0,
@@ -114,6 +138,7 @@
                 preHandlerFactory,
                 policyContextId,
                 securityRealmName,
+                securityHandlerFactory,
                 runAsSource,
                 null,
                 null,
@@ -129,51 +154,49 @@
         return app;
     }
 
-    protected JettyWebAppContext setUpSecureAppContext(String securityRealmName, Map roleDesignates, Map principalRoleMap, ComponentPermissions componentPermissions, SubjectInfo defaultSubjectInfo, PermissionCollection checked, Set securityRoles) throws Exception {
+    protected JettyWebAppContext setUpSecureAppContext(String securityRealmName, Map<String, SubjectInfo> roleDesignates, Map<Principal, Set<String>> principalRoleMap, ComponentPermissions componentPermissions, SubjectInfo defaultSubjectInfo, PermissionCollection checked, Set securityRoles) throws Exception {
         String policyContextId = "TEST";
+        ApplicationPolicyConfigurationManager jacc = setUpJACC(roleDesignates, principalRoleMap, componentPermissions, policyContextId);
+        ServletCallbackHandler callbackHandler = new ServletCallbackHandler();
+        LoginService loginService = newLoginService();
+        FormAuthModule authModule = new FormAuthModule(callbackHandler, loginService, "/auth/logon.html?param=test", "/auth/logonError.html?param=test");
+        SecurityHandlerFactory securityHandlerFactory = new ServerAuthConfigGBean(callbackHandler, authModule);
+        return setUpAppContext(
+                securityRealmName,
+                securityHandlerFactory,
+                policyContextId,
+                jacc,
+                "war3/");
+
+    }
+
+    private ApplicationPolicyConfigurationManager setUpJACC(Map<String, SubjectInfo> roleDesignates, Map<Principal, Set<String>> principalRoleMap, ComponentPermissions componentPermissions, String policyContextId) throws Exception {
+        setUpSecurityService();
         PrincipalRoleMapper roleMapper = new ApplicationPrincipalRoleConfigurationManager(principalRoleMap);
         Map<String, ComponentPermissions> contextIDToPermissionsMap = new HashMap<String, ComponentPermissions>();
         contextIDToPermissionsMap.put(policyContextId, componentPermissions);
         ApplicationPolicyConfigurationManager jacc = new ApplicationPolicyConfigurationManager(contextIDToPermissionsMap, null, roleDesignates, cl, null, roleMapper);
         jacc.doStart();
+        return jacc;
+    }
 
-        FormAuthenticator formAuthenticator = new FormAuthenticator();
-        formAuthenticator.setLoginPage("/auth/logon.html?param=test");
-        formAuthenticator.setErrorPage("/auth/logonError.html?param=test");
-        return setUpAppContext("Test JAAS Realm",
-                securityRealmName,
-                formAuthenticator,
-                policyContextId,
-                componentPermissions.getExcludedPermissions(),
-                jacc,
-                checked,
-                "war3/");
+    protected LoginService newLoginService() throws Exception {
+//        String domainName = "demo-properties-realm";
+//
+        Map<String, String> users = new HashMap<String, String>();
+        users.put("alan", "starcraft");
+        users.put("izumi", "violin");
+        Map<String, List<String>> groups = new HashMap<String, List<String>>();
+        groups.put("alan", Collections.singletonList("it"));
+        TestLoginService loginService = new TestLoginService(users, groups);
+        return loginService;
 
     }
 
-    protected void setUpSecurity() throws Exception {
-        String domainName = "demo-properties-realm";
-
+    protected void setUpSecurityService() throws Exception {
         ServerInfo serverInfo = new BasicServerInfo(".");
 
         new SecurityServiceImpl(cl, serverInfo, GeronimoPolicyConfigurationFactory.class.getName(), GeronimoPolicy.class.getName(), null, null, null, null);
-
-        Map<String, Object> options = new HashMap<String, Object>();
-        options.put("usersURI", new File(BASEDIR, "src/test/resources/data/users.properties").toURI().toString());
-        options.put("groupsURI", new File(BASEDIR, "src/test/resources/data/groups.properties").toURI().toString());
-
-        LoginModuleGBean loginModule = new LoginModuleGBean("org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule", null, true, options, domainName, cl);
-
-        JaasLoginModuleUse loginModuleUse = new JaasLoginModuleUse(loginModule, null, LoginModuleControlFlag.REQUIRED);
-
-        PrincipalInfo.PrincipalEditor principalEditor = new PrincipalInfo.PrincipalEditor();
-        principalEditor.setAsText("metro,org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
-        GenericSecurityRealm realm = new GenericSecurityRealm(domainName, loginModuleUse, true, serverInfo,  cl, null);
-
-        GeronimoLoginConfiguration loginConfiguration = new GeronimoLoginConfiguration();
-        loginConfiguration.setConfigurations(Collections.<ConfigurationEntryFactory>singleton(realm));
-        loginConfiguration.doStart();
-
     }
 
     protected void tearDownSecurity() throws Exception {
@@ -189,7 +212,7 @@
         container.doStart();
         connector = new HTTPSocketConnector(container, null);
         connector.setPort(5678);
-        connector.setMaxThreads(50);
+        connector.setMaxThreads(2);
         connector.doStart();
 
         TransactionManagerImpl transactionManager = new TransactionManagerImpl();
@@ -202,4 +225,41 @@
         connector.doStop();
         Thread.sleep(1000);
     }
+
+    private static class TestLoginService implements LoginService {
+
+        private final Map<String, String> users;
+        private final Map<String, List<String>> groups;
+
+        private TestLoginService(Map<String, String> users, Map<String, List<String>> groups) {
+            this.users = users;
+            this.groups = groups;
+        }
+
+        public LoginResult login(Subject subject, LoginCredentials loginCredentials) throws AuthException {
+            UserPasswordLoginCredentials creds = (UserPasswordLoginCredentials) loginCredentials;
+            String pws = users.get(creds.getUsername());
+            if (pws != null && pws.equals(new String(creds.getPassword()))) {
+                final GeronimoUserPrincipal userPrincipal = new GeronimoUserPrincipal(creds.getUsername());
+                subject.getPrincipals().add(userPrincipal);
+                List<String> usersGroups = groups.get(creds.getUsername());
+                if (usersGroups != null) {
+                    for (String group: usersGroups) {
+                        subject.getPrincipals().add(new GeronimoGroupPrincipal(group));
+                    }
+                    return new LoginResult(true, userPrincipal, usersGroups.toArray(new String[usersGroups.size()]), subject);
+                }
+                return new LoginResult(true, userPrincipal, new String[0], subject);
+            }
+            return new LoginResult(false, null, null, subject);
+        }
+
+        public void logout(Subject subject) throws AuthException {
+        }
+
+        @Deprecated
+        public String getName() {
+            return null;
+        }
+    }
 }

Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ApplicationTest.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ApplicationTest.java?rev=675561&r1=675560&r2=675561&view=diff
==============================================================================
--- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ApplicationTest.java (original)
+++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ApplicationTest.java Thu Jul 10 06:05:21 2008
@@ -36,7 +36,7 @@
 public class ApplicationTest extends AbstractWebModuleTest {
 
     public void testApplication() throws Exception {
-        JettyWebAppContext app = setUpAppContext(null, null, null, null, null, null, null, "war1/");
+        JettyWebAppContext app = setUpAppContext(null, null, "policyContextID", null, "war1/");
 
         setUpStaticContentServlet(app);
 
@@ -50,7 +50,7 @@
     public void testApplicationWithSessionHandler() throws Exception {
         preHandlerFactory = new MockPreHandlerFactory();
         sessionHandlerFactory = new MockSessionHandlerFactory();
-        JettyWebAppContext app = setUpAppContext(null, null, null, null, null, null, null, "war1/");
+        JettyWebAppContext app = setUpAppContext(null, null, "policyContextID", null, "war1/");
 
         setUpStaticContentServlet(app);
 

Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/SecurityTest.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/SecurityTest.java?rev=675561&r1=675560&r2=675561&view=diff
==============================================================================
--- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/SecurityTest.java (original)
+++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/SecurityTest.java Thu Jul 10 06:05:21 2008
@@ -78,6 +78,8 @@
         PermissionCollection excludedPermissions = new Permissions();
         uncheckedPermissions.add(new WebResourcePermission("/auth/logon.html", ""));
         uncheckedPermissions.add(new WebUserDataPermission("/auth/logon.html", ""));
+//        uncheckedPermissions.add(new WebResourcePermission("/auth/j_security_check", ""));
+        uncheckedPermissions.add(new WebUserDataPermission("/auth/j_security_check", ""));
 
         Map rolePermissions = new HashMap();
         PermissionCollection permissions = new Permissions();
@@ -170,7 +172,6 @@
 
     protected void setUp() throws Exception {
         super.setUp();
-        setUpSecurity();
     }
 
     protected void tearDown() throws Exception {



Mime
View raw message