Return-Path: Delivered-To: apmail-geronimo-scm-archive@www.apache.org Received: (qmail 26317 invoked from network); 10 Jul 2008 13:05:47 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 10 Jul 2008 13:05:47 -0000 Received: (qmail 35548 invoked by uid 500); 10 Jul 2008 13:05:47 -0000 Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org Received: (qmail 35493 invoked by uid 500); 10 Jul 2008 13:05:47 -0000 Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list scm@geronimo.apache.org Received: (qmail 35484 invoked by uid 99); 10 Jul 2008 13:05:47 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Jul 2008 06:05:47 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Jul 2008 13:05:01 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 929E42388A11; Thu, 10 Jul 2008 06:05:24 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r675561 [1/2] - in /geronimo/sandbox/djencks/jetty7/geronimo-jetty7: ./ src/main/java/org/apache/geronimo/jetty7/ src/main/java/org/apache/geronimo/jetty7/handler/ src/main/java/org/apache/geronimo/jetty7/security/ src/test/java/org/apache/... Date: Thu, 10 Jul 2008 13:05:22 -0000 To: scm@geronimo.apache.org From: djencks@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20080710130524.929E42388A11@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: djencks Date: Thu Jul 10 06:05:21 2008 New Revision: 675561 URL: http://svn.apache.org/viewvc?rev=675561&view=rev Log: initial integration with jetty-7-jaspi Added: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoRunAsToken.java (with props) geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java (with props) geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java (with props) geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/ServerAuthConfigGBean.java (with props) Removed: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/InternalJAASJettyRealm.java geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JAASJettyRealm.java Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/pom.xml geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/InternalJettyServletHolder.java geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainer.java geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyEJBWebServiceContext.java geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyServletHolder.java geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyWebAppContext.java geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JettySecurityHandler.java geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/TwistyWebAppContext.java geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/AbstractWebModuleTest.java geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ApplicationTest.java geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/SecurityTest.java geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/StatTest.java Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/pom.xml URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/pom.xml?rev=675561&r1=675560&r2=675561&view=diff ============================================================================== --- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/pom.xml (original) +++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/pom.xml Thu Jul 10 06:05:21 2008 @@ -27,13 +27,19 @@ jetty7 2.2-SNAPSHOT - + org.apache.geronimo.modules geronimo-jetty7 Geronimo Plugins, Jetty :: Core - + + org.apache.geronimo.specs + geronimo-servlet_3.0_spec + 1.0-EA-SNAPSHOT + + + org.apache.geronimo.modules geronimo-security-builder ${version} @@ -45,19 +51,30 @@ geronimo-connector ${version} + + org.apache.geronimo.framework + geronimo-security + ${version} + org.apache.geronimo.modules geronimo-webservices ${version} + + + org.apache.geronimo.specs + geronimo-servlet_2.5_spec + + - + org.mortbay.jetty jetty - + org.mortbay.jetty jetty-ajp @@ -79,7 +96,7 @@ test - + @@ -97,6 +114,6 @@ - + Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/InternalJettyServletHolder.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/InternalJettyServletHolder.java?rev=675561&r1=675560&r2=675561&view=diff ============================================================================== --- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/InternalJettyServletHolder.java (original) +++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/InternalJettyServletHolder.java Thu Jul 10 06:05:21 2008 @@ -92,7 +92,7 @@ * Provide the thread's current JettyServletHolder * * @return the thread's current JettyServletHolder - * @see org.apache.geronimo.jetty7.JAASJettyRealm#isUserInRole(java.security.Principal,java.lang.String) + * TODO remove */ static String getCurrentServletName() { return currentServletName.get(); Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainer.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainer.java?rev=675561&r1=675560&r2=675561&view=diff ============================================================================== --- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainer.java (original) +++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainer.java Thu Jul 10 06:05:21 2008 @@ -22,6 +22,7 @@ import org.apache.geronimo.management.geronimo.WebContainer; import org.mortbay.jetty.Connector; import org.mortbay.jetty.RequestLog; +import org.mortbay.jetty.security.ServletCallbackHandler; import org.mortbay.jetty.handler.AbstractHandlerContainer; /** @@ -36,10 +37,6 @@ void removeContext(AbstractHandlerContainer context); - InternalJAASJettyRealm addRealm(String realmName); - - void removeRealm(String realmName); - void resetStats(); void setStatsOn(boolean on); @@ -53,4 +50,5 @@ RequestLog getRequestLog(); File resolveToJettyHome(String workDir); + } Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java?rev=675561&r1=675560&r2=675561&view=diff ============================================================================== --- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java (original) +++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java Thu Jul 10 06:05:21 2008 @@ -61,7 +61,7 @@ private final ServerInfo serverInfo; private File jettyHomeDir; private JettyWebContainerStatsImpl stats; - private final Map realms = new HashMap(); +// private final Map realms = new HashMap(); // list of handlers private StatisticsHandler statsHandler = new StatisticsHandler(); private HandlerCollection handlerCollection = new HandlerCollection(); @@ -78,11 +78,11 @@ server = new JettyServer(); - //set up the new jetty6 handler structure which is to have a HandlerCollection, + //set up the jetty6+ handler structure which is to have a HandlerCollection, //each element of which is always tried on each request. //The first element of the HandlerCollection is a //ContextHandlerCollection, which is itself is a collection - //of Handlers. It's special property is that only of it's + //of Handlers. It's special property is that only one of it's //handlers will respond to a request. //The second element of the HandlerCollection is a DefaultHandler //which is responsible for serving static content or anything not @@ -208,29 +208,30 @@ contextHandlerCollection.removeHandler(context); } - public InternalJAASJettyRealm addRealm(String realmName) { - InternalJAASJettyRealm realm = (InternalJAASJettyRealm) realms.get(realmName); - if (realm == null) { - realm = new InternalJAASJettyRealm(realmName); - realms.put(realmName, realm); - } else { - realm.addUse(); - } - return realm; - } - - public void removeRealm(String realmName) { - InternalJAASJettyRealm realm = (InternalJAASJettyRealm) realms.get(realmName); - if (realm != null) { - if (realm.removeUse() == 0) { - realms.remove(realmName); - } - } - } +// public InternalJAASJettyRealm addRealm(String realmName) { +// InternalJAASJettyRealm realm = (InternalJAASJettyRealm) realms.get(realmName); +// if (realm == null) { +// realm = new InternalJAASJettyRealm(realmName); +// realms.put(realmName, realm); +// } else { +// realm.addUse(); +// } +// return realm; +// } +// +// public void removeRealm(String realmName) { +// InternalJAASJettyRealm realm = (InternalJAASJettyRealm) realms.get(realmName); +// if (realm != null) { +// if (realm.removeUse() == 0) { +// realms.remove(realmName); +// } +// } +// } public void addWebService(String contextPath, String[] virtualHosts, WebServiceContainer webServiceContainer, String securityRealmName, String realmName, String transportGuarantee, String authMethod, ClassLoader classLoader) throws Exception { - InternalJAASJettyRealm internalJAASJettyRealm = securityRealmName == null ? null : addRealm(securityRealmName); - JettyEJBWebServiceContext webServiceContext = new JettyEJBWebServiceContext(contextPath, webServiceContainer, internalJAASJettyRealm, realmName, transportGuarantee, authMethod, classLoader); +// InternalJAASJettyRealm internalJAASJettyRealm = securityRealmName == null ? null : addRealm(securityRealmName); +// JettyEJBWebServiceContext webServiceContext = new JettyEJBWebServiceContext(contextPath, webServiceContainer, internalJAASJettyRealm, realmName, transportGuarantee, authMethod, classLoader); + JettyEJBWebServiceContext webServiceContext = new JettyEJBWebServiceContext(contextPath, webServiceContainer, realmName, transportGuarantee, authMethod, classLoader); webServiceContext.setVirtualHosts(virtualHosts); addContext(webServiceContext); webServiceContext.start(); @@ -239,10 +240,10 @@ public void removeWebService(String contextPath) { JettyEJBWebServiceContext webServiceContext = (JettyEJBWebServiceContext) webServices.remove(contextPath); - String securityRealmName = webServiceContext.getSecurityRealmName(); - if (securityRealmName != null) { - removeRealm(securityRealmName); - } +// String securityRealmName = webServiceContext.getSecurityRealmName(); +// if (securityRealmName != null) { +// removeRealm(securityRealmName); +// } try { removeContext(webServiceContext); } catch (Exception e) { Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyEJBWebServiceContext.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyEJBWebServiceContext.java?rev=675561&r1=675560&r2=675561&view=diff ============================================================================== --- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyEJBWebServiceContext.java (original) +++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyEJBWebServiceContext.java Thu Jul 10 06:05:21 2008 @@ -34,10 +34,6 @@ import org.mortbay.jetty.Request; import org.mortbay.jetty.Response; import org.mortbay.jetty.handler.ContextHandler; -import org.mortbay.jetty.security.Authenticator; -import org.mortbay.jetty.security.BasicAuthenticator; -import org.mortbay.jetty.security.ClientCertAuthenticator; -import org.mortbay.jetty.security.DigestAuthenticator; /** * Delegates requests to a WebServiceContainer which is presumably for an EJB WebService. @@ -67,20 +63,21 @@ private final String contextPath; private final WebServiceContainer webServiceContainer; - private final Authenticator authenticator; - private final JAASJettyRealm realm; +// private final Authenticator authenticator; +// private final JAASJettyRealm realm; private final boolean isConfidentialTransportGuarantee; private final boolean isIntegralTransportGuarantee; private final ClassLoader classLoader; - public JettyEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer, InternalJAASJettyRealm internalJAASJettyRealm, String realmName, String transportGuarantee, String authMethod, ClassLoader classLoader) { + public JettyEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer, String realmName, String transportGuarantee, String authMethod, ClassLoader classLoader) { this.contextPath = contextPath; this.webServiceContainer = webServiceContainer; this.setContextPath(contextPath); - if (internalJAASJettyRealm != null) { - realm = new JAASJettyRealm(realmName, internalJAASJettyRealm); +// if (internalJAASJettyRealm != null) { + if (realmName != null) { +// realm = new JAASJettyRealm(realmName, internalJAASJettyRealm); //TODO //not used??? //setUserRealm(realm); @@ -97,20 +94,20 @@ } else { throw new IllegalArgumentException("Invalid transport-guarantee: " + transportGuarantee); } - if ("BASIC".equals(authMethod)) { - authenticator = new BasicAuthenticator(); - } else if ("DIGEST".equals(authMethod)) { - authenticator = new DigestAuthenticator(); - } else if ("CLIENT-CERT".equals(authMethod)) { - authenticator = new ClientCertAuthenticator(); - } else if ("NONE".equals(authMethod)) { - authenticator = null; - } else { - throw new IllegalArgumentException("Invalid authMethod: " + authMethod); - } +// if ("BASIC".equals(authMethod)) { +// authenticator = new BasicAuthenticator(); +// } else if ("DIGEST".equals(authMethod)) { +// authenticator = new DigestAuthenticator(); +// } else if ("CLIENT-CERT".equals(authMethod)) { +// authenticator = new ClientCertAuthenticator(); +// } else if ("NONE".equals(authMethod)) { +// authenticator = null; +// } else { +// throw new IllegalArgumentException("Invalid authMethod: " + authMethod); +// } } else { - realm = null; - authenticator = null; +// realm = null; +// authenticator = null; isConfidentialTransportGuarantee = false; isIntegralTransportGuarantee = false; } @@ -166,17 +163,17 @@ //hard to imagine this could be anything but null, but.... // Subject oldSubject = ContextManager.getCurrentCaller(); try { - if (authenticator != null) { - String pathInContext = org.mortbay.util.URIUtil.canonicalPath(req.getContextPath()); - if (authenticator.authenticate(realm, pathInContext, jettyRequest, jettyResponse) == null) { - throw new HttpException(403, null); - } - } else { - //EJB will figure out correct defaultSubject shortly - //TODO consider replacing the GenericEJBContainer.DefaultSubjectInterceptor with this line - //setting the defaultSubject. - ContextManager.popCallers(null); - } +// if (authenticator != null) { +// String pathInContext = org.mortbay.util.URIUtil.canonicalPath(req.getContextPath()); +// if (authenticator.authenticate(realm, pathInContext, jettyRequest, jettyResponse) == null) { +// throw new HttpException(403, null); +// } +// } else { +// //EJB will figure out correct defaultSubject shortly +// //TODO consider replacing the GenericEJBContainer.DefaultSubjectInterceptor with this line +// //setting the defaultSubject. +// ContextManager.popCallers(null); +// } try { webServiceContainer.invoke(request, response); jettyRequest.setHandled(true); @@ -197,13 +194,13 @@ return contextPath; } - public String getSecurityRealmName() { - if (realm == null) { - return null; - } else { - return realm.getSecurityRealmName(); - } - } +// public String getSecurityRealmName() { +// if (realm == null) { +// return null; +// } else { +// return realm.getSecurityRealmName(); +// } +// } public static class RequestAdapter implements WebServiceContainer.Request { private final Request request; Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyServletHolder.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyServletHolder.java?rev=675561&r1=675560&r2=675561&view=diff ============================================================================== --- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyServletHolder.java (original) +++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyServletHolder.java Thu Jul 10 06:05:21 2008 @@ -37,7 +37,6 @@ * It is also being our servlet gbean for now. We could gbean-ize the superclass to avoid the thread local access. * * @version $Rev$ $Date$ - * @see JAASJettyRealm#isUserInRole(java.security.Principal, String) */ public class JettyServletHolder implements ServletNameSource, Servlet, GBeanLifecycle { Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyWebAppContext.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyWebAppContext.java?rev=675561&r1=675560&r2=675561&view=diff ============================================================================== --- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyWebAppContext.java (original) +++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyWebAppContext.java Thu Jul 10 06:05:21 2008 @@ -34,12 +34,15 @@ import javax.security.auth.login.LoginException; import javax.transaction.TransactionManager; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.apache.geronimo.connector.outbound.connectiontracking.TrackedConnectionAssociator; import org.apache.geronimo.gbean.GBeanInfo; import org.apache.geronimo.gbean.GBeanInfoBuilder; import org.apache.geronimo.gbean.GBeanLifecycle; +import org.apache.geronimo.gbean.annotation.GBean; +import org.apache.geronimo.gbean.annotation.ParamAttribute; +import org.apache.geronimo.gbean.annotation.ParamReference; +import org.apache.geronimo.gbean.annotation.ParamSpecial; +import org.apache.geronimo.gbean.annotation.SpecialAttributeType; import org.apache.geronimo.j2ee.RuntimeCustomizer; import org.apache.geronimo.j2ee.annotation.Holder; import org.apache.geronimo.j2ee.annotation.LifecycleMethod; @@ -53,6 +56,7 @@ import org.apache.geronimo.jetty7.handler.ThreadClassloaderHandler; import org.apache.geronimo.jetty7.handler.TwistyWebAppContext; import org.apache.geronimo.jetty7.handler.UserTransactionHandler; +import org.apache.geronimo.jetty7.security.SecurityHandlerFactory; import org.apache.geronimo.kernel.Kernel; import org.apache.geronimo.kernel.ObjectNameUtil; import org.apache.geronimo.management.J2EEApplication; @@ -65,17 +69,23 @@ import org.mortbay.jetty.Handler; import org.mortbay.jetty.MimeTypes; import org.mortbay.jetty.security.Authenticator; +import org.mortbay.jetty.security.ServletCallbackHandler; import org.mortbay.jetty.servlet.ErrorPageErrorHandler; import org.mortbay.jetty.servlet.ServletHandler; import org.mortbay.jetty.servlet.ServletHolder; import org.mortbay.jetty.servlet.ServletMapping; import org.mortbay.jetty.servlet.SessionHandler; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Wrapper for a WebApplicationContext that sets up its J2EE environment. * * @version $Rev$ $Date$ */ + +@GBean(name="Jetty WebApplication Context", +j2eeType=NameFactory.WEB_MODULE) public class JettyWebAppContext implements GBeanLifecycle, JettyServletRegistration, WebModule { private static final Logger log = LoggerFactory.getLogger(JettyWebAppContext.class); @@ -99,44 +109,150 @@ private final Set servletNames = new HashSet(); - public JettyWebAppContext(String objectName, - String originalSpecDD, - Map componentContext, - ClassLoader classLoader, - URL configurationBaseUrl, - Set unshareableResources, - Set applicationManagedSecurityResources, - String displayName, - Map contextParamMap, - Collection listenerClassNames, - boolean distributable, - Map mimeMap, - String[] welcomeFiles, - Map localeEncodingMapping, - Map errorPages, - Authenticator authenticator, - String realmName, - Map tagLibMap, - boolean compactPath, - - int sessionTimeoutSeconds, - SessionHandlerFactory handlerFactory, - PreHandlerFactory preHandlerFactory, - - String policyContextID, - String securityRealmName, - - RunAsSource runAsSource, Holder holder, - - Host host, - TransactionManager transactionManager, - TrackedConnectionAssociator trackedConnectionAssociator, - JettyContainer jettyContainer, - RuntimeCustomizer contextCustomizer, - - J2EEServer server, - J2EEApplication application, - Kernel kernel) throws Exception { + public static final String GBEAN_ATTR_SESSION_TIMEOUT = "sessionTimeoutSeconds"; + + public static final String GBEAN_REF_SESSION_HANDLER_FACTORY = "SessionHandlerFactory"; + public static final String GBEAN_REF_PRE_HANDLER_FACTORY = "PreHandlerFactory"; + +// static { +// GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic("Jetty WebApplication Context", JettyWebAppContext.class, NameFactory.WEB_MODULE); +// infoBuilder.addAttribute("deploymentDescriptor", String.class, true); +// //from jetty6's webapp context +// +// infoBuilder.addAttribute("displayName", String.class, true); +// infoBuilder.addAttribute("contextParamMap", Map.class, true); +// infoBuilder.addAttribute("listenerClassNames", Collection.class, true); +// infoBuilder.addAttribute("distributable", boolean.class, true); +// +// infoBuilder.addAttribute("mimeMap", Map.class, true); +// infoBuilder.addAttribute("welcomeFiles", String[].class, true); +// infoBuilder.addAttribute("localeEncodingMapping", Map.class, true); +// infoBuilder.addAttribute("errorPages", Map.class, true); +// infoBuilder.addAttribute("authenticator", Authenticator.class, true); +// infoBuilder.addAttribute("realmName", String.class, true); +// infoBuilder.addAttribute("tagLibMap", Map.class, true); +// infoBuilder.addAttribute(GBEAN_ATTR_SESSION_TIMEOUT, int.class, true); +// infoBuilder.addReference(GBEAN_REF_SESSION_HANDLER_FACTORY, SessionHandlerFactory.class, +// NameFactory.GERONIMO_SERVICE); +// infoBuilder.addReference(GBEAN_REF_PRE_HANDLER_FACTORY, PreHandlerFactory.class, NameFactory.GERONIMO_SERVICE); +// +// infoBuilder.addAttribute("componentContext", Map.class, true); +// infoBuilder.addAttribute("classLoader", ClassLoader.class, false); +// infoBuilder.addAttribute("configurationBaseUrl", URL.class, true); +// infoBuilder.addAttribute("unshareableResources", Set.class, true); +// infoBuilder.addAttribute("applicationManagedSecurityResources", Set.class, true); +// +// infoBuilder.addAttribute("contextPath", String.class, true); +// infoBuilder.addAttribute("compactPath", boolean.class, true); +// +// infoBuilder.addAttribute("workDir", String.class, true); +// infoBuilder.addReference("Host", Host.class, "Host"); +// infoBuilder.addReference("TransactionManager", TransactionManager.class, NameFactory.JTA_RESOURCE); +// infoBuilder.addReference("TrackedConnectionAssociator", TrackedConnectionAssociator.class, NameFactory.JCA_CONNECTION_TRACKER); +// infoBuilder.addReference("JettyContainer", JettyContainer.class, NameFactory.GERONIMO_SERVICE); +// infoBuilder.addReference("ContextCustomizer", RuntimeCustomizer.class, NameFactory.GERONIMO_SERVICE); +// +// infoBuilder.addInterface(JettyServletRegistration.class); +// +// infoBuilder.addAttribute("policyContextID", String.class, true); +// infoBuilder.addAttribute("securityRealmName", String.class, true); +// infoBuilder.addReference("RunAsSource", RunAsSource.class, NameFactory.JACC_MANAGER); +// +// infoBuilder.addAttribute("holder", Holder.class, true); +// +// infoBuilder.addReference("J2EEServer", J2EEServer.class); +// infoBuilder.addReference("J2EEApplication", J2EEApplication.class); +// +// infoBuilder.addAttribute("kernel", Kernel.class, false); +// infoBuilder.addAttribute("objectName", String.class, false); +// infoBuilder.addAttribute("application", String.class, false); +// infoBuilder.addAttribute("javaVMs", String[].class, false); +// infoBuilder.addAttribute("servlets", String[].class, false); +// +// infoBuilder.addInterface(WebModule.class); +// +// infoBuilder.setConstructor(new String[]{ +// "objectName", +// "deploymentDescriptor", +// "componentContext", +// "classLoader", +// "configurationBaseUrl", +// "unshareableResources", +// "applicationManagedSecurityResources", +// +// "displayName", +// "contextParamMap", +// "listenerClassNames", +// "distributable", +// "mimeMap", +// "welcomeFiles", +// "localeEncodingMapping", +// "errorPages", +// "authenticator", +// "realmName", +// "tagLibMap", +// "compactPath", +// GBEAN_ATTR_SESSION_TIMEOUT, +// GBEAN_REF_SESSION_HANDLER_FACTORY, +// GBEAN_REF_PRE_HANDLER_FACTORY, +// +// "policyContextID", +// "securityRealmName", +// "RunAsSource", +// +// "holder", +// +// "Host", +// "TransactionManager", +// "TrackedConnectionAssociator", +// "JettyContainer", +// "ContextCustomizer", +// +// "J2EEServer", +// "J2EEApplication", +// "kernel" +// }); +// +// } + + public JettyWebAppContext(@ParamSpecial(type=SpecialAttributeType.objectName) String objectName, + @ParamAttribute(name = "deploymentDescriptor") String originalSpecDD, + @ParamAttribute(name = "componentContext") Map componentContext, + @ParamSpecial(type=SpecialAttributeType.classLoader) ClassLoader classLoader, + @ParamAttribute(name = "configurationBaseUrl") URL configurationBaseUrl, + @ParamAttribute(name = "unshareableResources") Set unshareableResources, + @ParamAttribute(name = "applicationManagedSecurityResources") Set applicationManagedSecurityResources, + @ParamAttribute(name = "displayName") String displayName, + @ParamAttribute(name = "contextParamMap") Map contextParamMap, + @ParamAttribute(name = "listenerClassNames") Collection listenerClassNames, + @ParamAttribute(name = "distributable") boolean distributable, + @ParamAttribute(name = "mimeMap") Map mimeMap, + @ParamAttribute(name = "welcomeFiles") String[] welcomeFiles, + @ParamAttribute(name = "localeEncodingMapping") Map localeEncodingMapping, + @ParamAttribute(name = "errorPages") Map errorPages, + @ParamAttribute(name = "tagLibMap") Map tagLibMap, + @ParamAttribute(name = "compactPath") boolean compactPath, + + @ParamAttribute(name = GBEAN_ATTR_SESSION_TIMEOUT) int sessionTimeoutSeconds, + @ParamReference(name = GBEAN_REF_SESSION_HANDLER_FACTORY) SessionHandlerFactory handlerFactory, + @ParamReference(name = GBEAN_REF_PRE_HANDLER_FACTORY) PreHandlerFactory preHandlerFactory, + + @ParamAttribute(name = "policyContextID") String policyContextID, + @ParamAttribute(name = "securityRealmName") String securityRealmName, + @ParamReference(name = "SecurityHandlerFactory") SecurityHandlerFactory securityHandlerFactory, + @ParamReference(name = "RunAsSource") RunAsSource runAsSource, + + @ParamAttribute(name = "holder") Holder holder, + + @ParamReference(name="Host") Host host, + @ParamReference(name="TransactionManager") TransactionManager transactionManager, + @ParamReference(name="TrackedConnectionAssociator") TrackedConnectionAssociator trackedConnectionAssociator, + @ParamReference(name="JettyContainer") JettyContainer jettyContainer, + @ParamReference(name="RuntimeCustomizer") RuntimeCustomizer contextCustomizer, + + @ParamReference(name="J2EEServer") J2EEServer server, + @ParamReference(name="J2EEApplication") J2EEApplication application, + @ParamSpecial(type=SpecialAttributeType.kernel) Kernel kernel) throws Exception { assert componentContext != null; assert classLoader != null; @@ -160,13 +276,13 @@ sessionHandler = new SessionHandler(); } JettySecurityHandler securityHandler = null; - if (securityRealmName != null) { - InternalJAASJettyRealm internalJAASJettyRealm = jettyContainer.addRealm(securityRealmName); +// if (securityRealmName != null) { +// InternalJAASJettyRealm internalJAASJettyRealm = jettyContainer.addRealm(securityRealmName); //wrap jetty realm with something that knows the dumb realmName - JAASJettyRealm realm = new JAASJettyRealm(realmName, internalJAASJettyRealm); +// JAASJettyRealm realm = new JAASJettyRealm(realmName, internalJAASJettyRealm); Subject defaultSubject = this.runAsSource.getDefaultSubject(); - securityHandler = new JettySecurityHandler(authenticator, realm, policyContextID, defaultSubject); - } + securityHandler = securityHandlerFactory.buildSecurityHandler(policyContextID, defaultSubject, runAsSource); +// } ServletHandler servletHandler = new ServletHandler(); @@ -524,117 +640,4 @@ } } - public static final GBeanInfo GBEAN_INFO; - - public static final String GBEAN_ATTR_SESSION_TIMEOUT = "sessionTimeoutSeconds"; - - public static final String GBEAN_REF_SESSION_HANDLER_FACTORY = "SessionHandlerFactory"; - public static final String GBEAN_REF_PRE_HANDLER_FACTORY = "PreHandlerFactory"; - - static { - GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic("Jetty WebApplication Context", JettyWebAppContext.class, NameFactory.WEB_MODULE); - infoBuilder.addAttribute("deploymentDescriptor", String.class, true); - //from jetty6's webapp context - - infoBuilder.addAttribute("displayName", String.class, true); - infoBuilder.addAttribute("contextParamMap", Map.class, true); - infoBuilder.addAttribute("listenerClassNames", Collection.class, true); - infoBuilder.addAttribute("distributable", boolean.class, true); - - infoBuilder.addAttribute("mimeMap", Map.class, true); - infoBuilder.addAttribute("welcomeFiles", String[].class, true); - infoBuilder.addAttribute("localeEncodingMapping", Map.class, true); - infoBuilder.addAttribute("errorPages", Map.class, true); - infoBuilder.addAttribute("authenticator", Authenticator.class, true); - infoBuilder.addAttribute("realmName", String.class, true); - infoBuilder.addAttribute("tagLibMap", Map.class, true); - infoBuilder.addAttribute(GBEAN_ATTR_SESSION_TIMEOUT, int.class, true); - infoBuilder.addReference(GBEAN_REF_SESSION_HANDLER_FACTORY, SessionHandlerFactory.class, - NameFactory.GERONIMO_SERVICE); - infoBuilder.addReference(GBEAN_REF_PRE_HANDLER_FACTORY, PreHandlerFactory.class, NameFactory.GERONIMO_SERVICE); - - infoBuilder.addAttribute("componentContext", Map.class, true); - infoBuilder.addAttribute("classLoader", ClassLoader.class, false); - infoBuilder.addAttribute("configurationBaseUrl", URL.class, true); - infoBuilder.addAttribute("unshareableResources", Set.class, true); - infoBuilder.addAttribute("applicationManagedSecurityResources", Set.class, true); - - infoBuilder.addAttribute("contextPath", String.class, true); - infoBuilder.addAttribute("compactPath", boolean.class, true); - - infoBuilder.addAttribute("workDir", String.class, true); - infoBuilder.addReference("Host", Host.class, "Host"); - infoBuilder.addReference("TransactionManager", TransactionManager.class, NameFactory.JTA_RESOURCE); - infoBuilder.addReference("TrackedConnectionAssociator", TrackedConnectionAssociator.class, NameFactory.JCA_CONNECTION_TRACKER); - infoBuilder.addReference("JettyContainer", JettyContainer.class, NameFactory.GERONIMO_SERVICE); - infoBuilder.addReference("ContextCustomizer", RuntimeCustomizer.class, NameFactory.GERONIMO_SERVICE); - - infoBuilder.addInterface(JettyServletRegistration.class); - - infoBuilder.addAttribute("policyContextID", String.class, true); - infoBuilder.addAttribute("securityRealmName", String.class, true); - infoBuilder.addReference("RunAsSource", RunAsSource.class, NameFactory.JACC_MANAGER); - - infoBuilder.addAttribute("holder", Holder.class, true); - - infoBuilder.addReference("J2EEServer", J2EEServer.class); - infoBuilder.addReference("J2EEApplication", J2EEApplication.class); - - infoBuilder.addAttribute("kernel", Kernel.class, false); - infoBuilder.addAttribute("objectName", String.class, false); - infoBuilder.addAttribute("application", String.class, false); - infoBuilder.addAttribute("javaVMs", String[].class, false); - infoBuilder.addAttribute("servlets", String[].class, false); - - infoBuilder.addInterface(WebModule.class); - - infoBuilder.setConstructor(new String[]{ - "objectName", - "deploymentDescriptor", - "componentContext", - "classLoader", - "configurationBaseUrl", - "unshareableResources", - "applicationManagedSecurityResources", - - "displayName", - "contextParamMap", - "listenerClassNames", - "distributable", - "mimeMap", - "welcomeFiles", - "localeEncodingMapping", - "errorPages", - "authenticator", - "realmName", - "tagLibMap", - "compactPath", - GBEAN_ATTR_SESSION_TIMEOUT, - GBEAN_REF_SESSION_HANDLER_FACTORY, - GBEAN_REF_PRE_HANDLER_FACTORY, - - "policyContextID", - "securityRealmName", - "RunAsSource", - - "holder", - - "Host", - "TransactionManager", - "TrackedConnectionAssociator", - "JettyContainer", - "ContextCustomizer", - - "J2EEServer", - "J2EEApplication", - "kernel" - }); - - GBEAN_INFO = infoBuilder.getBeanInfo(); - } - - public static GBeanInfo getGBeanInfo() { - return GBEAN_INFO; - } - } Added: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoRunAsToken.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoRunAsToken.java?rev=675561&view=auto ============================================================================== --- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoRunAsToken.java (added) +++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoRunAsToken.java Thu Jul 10 06:05:21 2008 @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +package org.apache.geronimo.jetty7.handler; + +import javax.security.auth.Subject; + +import org.mortbay.jetty.security.RunAsToken; +import org.apache.geronimo.security.ContextManager; + +/** + * @version $Rev:$ $Date:$ + */ +public class GeronimoRunAsToken implements RunAsToken { + + private final Subject runAsSubject; + + public GeronimoRunAsToken(Subject runAsSubject) { + this.runAsSubject = runAsSubject; + } + + //TODO remove?? + public Subject getRunAsSubject() { + return runAsSubject; + } + + //TODO should be setNextCaller() or pushNextCaller? + public void setRunAsRole() { + ContextManager.setNextCaller(runAsSubject); + } +} Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoRunAsToken.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoRunAsToken.java ------------------------------------------------------------------------------ svn:keywords = Date Revision Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoRunAsToken.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java?rev=675561&view=auto ============================================================================== --- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java (added) +++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java Thu Jul 10 06:05:21 2008 @@ -0,0 +1,91 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +package org.apache.geronimo.jetty7.handler; + +import java.security.AccessControlContext; +import java.security.AccessControlException; +import java.security.Principal; +import java.util.Map; + +import javax.security.jacc.WebRoleRefPermission; + +import org.mortbay.jetty.security.RunAsToken; +import org.mortbay.jetty.security.UserIdentity; +import org.mortbay.jetty.servlet.ServletHolder; + +/** + * @version $Rev:$ $Date:$ + */ +public class GeronimoUserIdentity implements UserIdentity { + + private final Principal userPrincipal; + private final AccessControlContext acc; + private RunAsToken runAsToken; + private ServletHolder serverletHolder; + + public GeronimoUserIdentity(Principal userPrincipal, AccessControlContext acc) { + this.userPrincipal = userPrincipal; + this.acc = acc; + } + + public Principal getUserPrincipal() { + return userPrincipal; + }/* ------------------------------------------------------------ */ + + //jaspi called from Request.isUserInRole and ConstraintSecurityHandler.check + public boolean isUserInRole(String role) { + // JACC v1.0 secion B.19 + String servletName = serverletHolder.getName(); + if (servletName == null || servletName.equals("jsp")) { + servletName = ""; + } + try { + acc.checkPermission(new WebRoleRefPermission(servletName, role)); + return true; + } catch (AccessControlException e) { + return false; + } + }/* ------------------------------------------------------------ */ + + //jaspi called from ServletHolder.handle, initServlet, doStop and tests + public RunAsToken setRunAsRole(RunAsToken newRunAsRole) { + RunAsToken oldRunAsToken = runAsToken; + ((GeronimoRunAsToken)newRunAsRole).setRunAsRole(); + runAsToken = newRunAsRole; + return oldRunAsToken; + } + + public ServletHolder setServletHolder(ServletHolder newServletHolder) { + ServletHolder oldServletHolder = serverletHolder; + this.serverletHolder = newServletHolder; + return oldServletHolder; + } + + + //jaspi called from FormAuthenticator.valueUnbound (when session is unbound) + //TODO usable??? + public void logout(Principal user) { + } + + public AccessControlContext getAccessControlContext() { + return acc; + } +} Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java ------------------------------------------------------------------------------ svn:keywords = Date Revision Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JettySecurityHandler.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JettySecurityHandler.java?rev=675561&r1=675560&r2=675561&view=diff ============================================================================== --- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JettySecurityHandler.java (original) +++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JettySecurityHandler.java Thu Jul 10 06:05:21 2008 @@ -20,8 +20,11 @@ import java.security.AccessControlContext; import java.security.AccessControlException; import java.security.Principal; +import java.util.Map; import javax.security.auth.Subject; +import javax.security.auth.message.config.ServerAuthConfig; +import javax.security.auth.message.callback.CallerPrincipalCallback; import javax.security.jacc.PolicyContext; import javax.security.jacc.WebResourcePermission; import javax.security.jacc.WebUserDataPermission; @@ -29,45 +32,39 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.geronimo.common.GeronimoSecurityException; -import org.apache.geronimo.jetty7.JAASJettyPrincipal; -import org.apache.geronimo.jetty7.JAASJettyRealm; import org.apache.geronimo.jetty7.JettyContainer; import org.apache.geronimo.security.Callers; import org.apache.geronimo.security.ContextManager; -import org.mortbay.jetty.HttpException; +import org.apache.geronimo.security.jacc.RunAsSource; import org.mortbay.jetty.Request; import org.mortbay.jetty.Response; -import org.mortbay.jetty.security.Authenticator; -import org.mortbay.jetty.security.FormAuthenticator; -import org.mortbay.jetty.security.SecurityHandler; +import org.mortbay.jetty.security.AbstractSecurityHandler; +import org.mortbay.jetty.security.RunAsToken; +import org.mortbay.jetty.security.ServletCallbackHandler; +import org.mortbay.jetty.security.UserIdentity; -public class JettySecurityHandler extends SecurityHandler { +public class JettySecurityHandler extends AbstractSecurityHandler { - private String policyContextID; + private final String policyContextID; + private final RunAsSource runAsSource; - private JAASJettyPrincipal defaultPrincipal; + //wrong + private final AccessControlContext default_acc; - private String formLoginPath; - - private JAASJettyRealm realm; - - public JettySecurityHandler(Authenticator authenticator, - JAASJettyRealm userRealm, + public JettySecurityHandler( String policyContextID, - Subject defaultSubject) { - setAuthenticator(authenticator); + Subject defaultSubject, + RunAsSource runAsSource, + ServerAuthConfig serverAuthConfig, + Subject serviceSubject, + Map authProperties, + ServletCallbackHandler servletCallbackHandler) { + setAuthConfig(serverAuthConfig); + setServiceSubject(serviceSubject); + setAuthProperties(authProperties); + setServletCallbackHandler(servletCallbackHandler); this.policyContextID = policyContextID; - - if (authenticator instanceof FormAuthenticator) { - String formLoginPath = ((FormAuthenticator) authenticator).getLoginPage(); - if (formLoginPath.indexOf('?') > 0) { - formLoginPath = formLoginPath.substring(0, formLoginPath.indexOf('?')); - } - this.formLoginPath = formLoginPath; - } else { - formLoginPath = null; - } + this.runAsSource = runAsSource; /** * Register our default principal with the ContextManager @@ -75,23 +72,17 @@ if (defaultSubject == null) { defaultSubject = ContextManager.EMPTY; } - this.defaultPrincipal = generateDefaultPrincipal(defaultSubject); + default_acc = ContextManager.registerSubjectShort(defaultSubject); +// this.defaultPrincipal = generateDefaultPrincipal(defaultSubject); - setUserRealm(userRealm); - this.realm = userRealm; - assert realm != null; } - public boolean hasConstraints() { - return true; - } public void doStop(JettyContainer jettyContainer) throws Exception { try { super.doStop(); } finally { - jettyContainer.removeRealm(realm.getSecurityRealmName()); } } @@ -102,7 +93,7 @@ * javax.servlet.http.HttpServletResponse, int) */ public void handle(String target, HttpServletRequest request, - HttpServletResponse response, int dispatch) throws IOException, + HttpServletResponse response, int dispatch) throws IOException, ServletException { String old_policy_id = PolicyContext.getContextID(); Callers oldCallers = ContextManager.getCallers(); @@ -118,35 +109,28 @@ } } -// public static Subject getCurrentRoleDesignate(String role) { -// return ((JettySecurityHandler) (WebAppContext.getCurrentWebAppContext() -// .getSecurityHandler())).getRoleDesignate(role); -// } -// -// private Subject getRoleDesignate(String roleName) { -// return (Subject) roleDesignates.get(roleName); -// } + protected UserIdentity newUserIdentity(ServletCallbackHandler callbackHandler, Subject clientSubject) { + AccessControlContext acc = ContextManager.registerSubjectShort(clientSubject); + ContextManager.setCallers(clientSubject, clientSubject); + final CallerPrincipalCallback principalCallback = callbackHandler.getThreadCallerPrincipalCallback(); + Principal userPrincipal = principalCallback == null? null: principalCallback.getPrincipal(); + return new GeronimoUserIdentity(userPrincipal, acc); + } - /** - * Check the security constraints using JACC. - * - * @param pathInContext path in context - * @param request HTTP request - * @param response HTTP response - * @return true if the path in context passes the security check, false if - * it fails or a redirection has occured during authentication. - */ - public boolean checkSecurityConstraints(String pathInContext, Request request, Response response) throws IOException { - if (formLoginPath != null) { - String pathToBeTested = (pathInContext.indexOf('?') > 0 ? pathInContext - .substring(0, pathInContext.indexOf('?')) - : pathInContext); + protected UserIdentity newSystemUserIdentity() { + return new GeronimoUserIdentity(null, default_acc); + } - if (pathToBeTested.equals(formLoginPath)) { - return true; - } - } + public RunAsToken newRunAsToken(String runAsRole) { + Subject runAsSubject = runAsSource.getSubjectForRole(runAsRole); + return new GeronimoRunAsToken(runAsSubject); + } + + protected Object prepareConstraintInfo(String pathInContext, Request request) { + return null; + } + protected boolean checkUserDataPermissions(String pathInContext, Request request, Response response, Object constraintInfo) throws IOException { try { String transportType; if (request.isSecure()) { @@ -162,100 +146,156 @@ if (substitutedPathInContext.indexOf(":") > -1) substitutedPathInContext = substitutedPathInContext.replaceAll(":", "%3A"); - - Authenticator authenticator = getAuthenticator(); - boolean isAuthenticated = false; - - if (authenticator instanceof FormAuthenticator - && pathInContext.endsWith(FormAuthenticator.__J_SECURITY_CHECK)) { - /** - * This is a post request to __J_SECURITY_CHECK. Stop now after authentication. - * Whether or not authentication succeeded, we return. - */ - authenticator.authenticate(realm, pathInContext, request, response); - return false; - } - // attempt to access an unprotected resource that is not the - // j_security_check. - // if we are logged in, return the logged in principal. - if (request != null) { - // null response appears to prevent redirect to login page - Principal user = authenticator.authenticate(realm, pathInContext, - request, null); - if (user == null || user == SecurityHandler.__NOBODY) { - //TODO use run-as as nextCaller if present - ContextManager.setCallers(defaultPrincipal.getSubject(), defaultPrincipal.getSubject()); - request.setUserPrincipal(new NotChecked()); - } else if (user != null) { - isAuthenticated = true; - } - } - - - AccessControlContext acc = ContextManager.getCurrentContext(); - /** * JACC v1.0 section 4.1.1 */ WebUserDataPermission wudp = new WebUserDataPermission(substitutedPathInContext, new String[]{request.getMethod()}, transportType); - acc.checkPermission(wudp); + default_acc.checkPermission(wudp); + return true; + } catch (AccessControlException e) { + return false; + } + } - WebResourcePermission webResourcePermission = new WebResourcePermission(request); - /** - * JACC v1.0 section 4.1.2 - */ - if (isAuthenticated) { - //current user is logged in, this is the actual check - acc.checkPermission(webResourcePermission); - } else { - //user is not logged in: if access denied, try to log them in. - try { - acc.checkPermission(webResourcePermission); - } catch (AccessControlException e) { - //not logged in: try to log them in. - Principal user = authenticator.authenticate(realm, pathInContext, request, response); - if (user == SecurityHandler.__NOBODY) { - return true; - } - if (user == null) { - throw e; - } - } - } + protected boolean isAuthMandatory(Request base_request, Response base_response, Object constraintInfo) { + return !checkWebResourcePermission(base_request, default_acc); + } - } catch (HttpException he) { - response.sendError(he.getStatus(), he.getReason()); - return false; - } catch (AccessControlException ace) { - if (!response.isCommitted()) { - response.sendError(403); - } + protected boolean checkWebResourcePermissions(String pathInContext, Request request, Response response, Object constraintInfo, UserIdentity userIdentity) throws IOException { + AccessControlContext acc = ((GeronimoUserIdentity)userIdentity).getAccessControlContext(); + return checkWebResourcePermission(request, acc); + } + + private boolean checkWebResourcePermission(Request request, AccessControlContext acc) { + WebResourcePermission webResourcePermission = new WebResourcePermission(request); + /** + * JACC v1.0 section 4.1.2 + */ + //user is not logged in: if access denied, try to log them in. + try { + acc.checkPermission(webResourcePermission); + return true; + } catch (AccessControlException e) { return false; } - return true; } +// public static Subject getCurrentRoleDesignate(String role) { +// return ((JettySecurityHandler) (WebAppContext.getCurrentWebAppContext() +// .getSecurityHandler())).getRoleDesignate(role); +// } +// +// private Subject getRoleDesignate(String roleName) { +// return (Subject) roleDesignates.get(roleName); +// } + /** - * Generate the default principal from the security config. + * Check the security constraints using JACC. * - * @param defaultSubject The default subject. - * @return the default principal - * @throws org.apache.geronimo.common.GeronimoSecurityException - * if the default principal cannot be constructed + * @param pathInContext path in context + * @param request HTTP request + * @param response HTTP response + * @return true if the path in context passes the security check, false if + * it fails or a redirection has occured during authentication. */ - protected JAASJettyPrincipal generateDefaultPrincipal(Subject defaultSubject) - throws GeronimoSecurityException { - - if (defaultSubject == null) { - throw new GeronimoSecurityException( - "Unable to generate default principal"); - } - - JAASJettyPrincipal result = new JAASJettyPrincipal("default"); - - result.setSubject(defaultSubject); +// public boolean checkSecurityConstraints(String pathInContext, Request request, Response response) throws IOException { +// if (formLoginPath != null) { +// String pathToBeTested = (pathInContext.indexOf('?') > 0 ? pathInContext +// .substring(0, pathInContext.indexOf('?')) +// : pathInContext); +// +// if (pathToBeTested.equals(formLoginPath)) { +// return true; +// } +// } +// +// try { +// String transportType; +// if (request.isSecure()) { +// transportType = "CONFIDENTIAL"; +// } else if (request.getConnection().isIntegral(request)) { +// transportType = "INTEGRAL"; +// } else { +// transportType = "NONE"; +// } +// String substitutedPathInContext = pathInContext; +// if (substitutedPathInContext.indexOf("%3A") > -1) +// substitutedPathInContext = substitutedPathInContext.replaceAll("%3A", "%3A%3A"); +// if (substitutedPathInContext.indexOf(":") > -1) +// substitutedPathInContext = substitutedPathInContext.replaceAll(":", "%3A"); +// +// +// Authenticator authenticator = getAuthenticator(); +// boolean isAuthenticated = false; +// +// if (authenticator instanceof FormAuthenticator +// && pathInContext.endsWith(FormAuthenticator.__J_SECURITY_CHECK)) { +// /** +// * This is a post request to __J_SECURITY_CHECK. Stop now after authentication. +// * Whether or not authentication succeeded, we return. +// */ +// authenticator.authenticate(realm, pathInContext, request, response); +// return false; +// } +// // attempt to access an unprotected resource that is not the +// // j_security_check. +// // if we are logged in, return the logged in principal. +// if (request != null) { +// // null response appears to prevent redirect to login page +// Principal user = authenticator.authenticate(realm, pathInContext, +// request, null); +// if (user == null || user == SecurityHandler.__NOBODY) { +// //TODO use run-as as nextCaller if present +// ContextManager.setCallers(defaultPrincipal.getSubject(), defaultPrincipal.getSubject()); +// request.setUserPrincipal(new NotChecked()); +// } else if (user != null) { +// isAuthenticated = true; +// } +// } +// +// +// AccessControlContext acc = ContextManager.getCurrentContext(); +// +// /** +// * JACC v1.0 section 4.1.1 +// */ +// WebUserDataPermission wudp = new WebUserDataPermission(substitutedPathInContext, new String[]{request.getMethod()}, transportType); +// acc.checkPermission(wudp); +// +// WebResourcePermission webResourcePermission = new WebResourcePermission(request); +// /** +// * JACC v1.0 section 4.1.2 +// */ +// if (isAuthenticated) { +// //current user is logged in, this is the actual check +// acc.checkPermission(webResourcePermission); +// } else { +// //user is not logged in: if access denied, try to log them in. +// try { +// acc.checkPermission(webResourcePermission); +// } catch (AccessControlException e) { +// //not logged in: try to log them in. +// Principal user = authenticator.authenticate(realm, pathInContext, request, response); +// if (user == SecurityHandler.__NOBODY) { +// return true; +// } +// if (user == null) { +// throw e; +// } +// } +// } +// +// } catch (HttpException he) { +// response.sendError(he.getStatus(), he.getReason()); +// return false; +// } catch (AccessControlException ace) { +// if (!response.isCommitted()) { +// response.sendError(403); +// } +// return false; +// } +// return true; +// } - return result; - } } Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/TwistyWebAppContext.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/TwistyWebAppContext.java?rev=675561&r1=675560&r2=675561&view=diff ============================================================================== --- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/TwistyWebAppContext.java (original) +++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/TwistyWebAppContext.java Thu Jul 10 06:05:21 2008 @@ -29,7 +29,7 @@ import org.mortbay.jetty.Handler; import org.mortbay.jetty.Server; import org.mortbay.jetty.handler.ErrorHandler; -import org.mortbay.jetty.security.SecurityHandler; +import org.mortbay.jetty.security.AbstractSecurityHandler; import org.mortbay.jetty.servlet.ServletHandler; import org.mortbay.jetty.servlet.SessionHandler; import org.mortbay.jetty.webapp.WebAppContext; @@ -42,7 +42,7 @@ private Handler handler; - public TwistyWebAppContext(SecurityHandler securityHandler, SessionHandler sessionHandler, ServletHandler servletHandler, ErrorHandler errorHandler) { + public TwistyWebAppContext(AbstractSecurityHandler securityHandler, SessionHandler sessionHandler, ServletHandler servletHandler, ErrorHandler errorHandler) { super(securityHandler, sessionHandler, servletHandler, errorHandler); } Added: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java?rev=675561&view=auto ============================================================================== --- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java (added) +++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java Thu Jul 10 06:05:21 2008 @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +package org.apache.geronimo.jetty7.security; + +import javax.security.auth.Subject; + +import org.apache.geronimo.jetty7.handler.JettySecurityHandler; +import org.apache.geronimo.security.jacc.RunAsSource; + +/** + * @version $Rev:$ $Date:$ + */ +public interface SecurityHandlerFactory { + + JettySecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource); + +} Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java ------------------------------------------------------------------------------ svn:keywords = Date Revision Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/ServerAuthConfigGBean.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/ServerAuthConfigGBean.java?rev=675561&view=auto ============================================================================== --- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/ServerAuthConfigGBean.java (added) +++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/ServerAuthConfigGBean.java Thu Jul 10 06:05:21 2008 @@ -0,0 +1,55 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +package org.apache.geronimo.jetty7.security; + +import java.util.Map; +import java.util.HashMap; + +import javax.security.auth.Subject; +import javax.security.auth.message.config.ServerAuthConfig; +import javax.security.auth.message.config.ServerAuthContext; + +import org.apache.geronimo.jetty7.handler.JettySecurityHandler; +import org.apache.geronimo.security.jacc.RunAsSource; +import org.mortbay.jetty.security.ServletCallbackHandler; +import org.mortbay.jetty.security.jaspi.SimpleAuthConfig; + +/** + * @version $Rev:$ $Date:$ + */ +public class ServerAuthConfigGBean implements SecurityHandlerFactory { + + private ServerAuthConfig serverAuthConfig; + private ServletCallbackHandler servletCallbackHandler = new ServletCallbackHandler(); + private Map authConfigProperties = new HashMap(); + private Subject serviceSubject = null; + + + public ServerAuthConfigGBean(ServletCallbackHandler servletCallbackHandler, ServerAuthContext serverAuthContext) { + this.servletCallbackHandler = servletCallbackHandler; + this.serverAuthConfig = new SimpleAuthConfig(null, serverAuthContext); + } + + public JettySecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource) { + return new JettySecurityHandler(policyContextID, defaultSubject, runAsSource, serverAuthConfig, serviceSubject, authConfigProperties, servletCallbackHandler); + } + +} Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/ServerAuthConfigGBean.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/ServerAuthConfigGBean.java ------------------------------------------------------------------------------ svn:keywords = Date Revision Propchange: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/ServerAuthConfigGBean.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/AbstractWebModuleTest.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/AbstractWebModuleTest.java?rev=675561&r1=675560&r2=675561&view=diff ============================================================================== --- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/AbstractWebModuleTest.java (original) +++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/AbstractWebModuleTest.java Thu Jul 10 06:05:21 2008 @@ -19,38 +19,50 @@ import java.io.File; import java.net.URL; import java.security.PermissionCollection; +import java.security.Principal; +import java.security.Permissions; import java.util.Collections; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.Set; +import javax.security.auth.Subject; +import javax.security.auth.message.AuthException; +import javax.security.auth.message.AuthStatus; +import javax.security.auth.message.MessageInfo; +import javax.security.jacc.WebUserDataPermission; +import javax.security.jacc.WebResourcePermission; +import javax.security.jacc.PolicyContextException; import javax.transaction.TransactionManager; import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator; import org.apache.geronimo.connector.outbound.connectiontracking.GeronimoTransactionListener; import org.apache.geronimo.jetty7.connector.HTTPSocketConnector; -import org.apache.geronimo.security.SecurityServiceImpl; -import org.apache.geronimo.security.deploy.PrincipalInfo; +import org.apache.geronimo.jetty7.security.SecurityHandlerFactory; +import org.apache.geronimo.jetty7.security.ServerAuthConfigGBean; import org.apache.geronimo.security.deploy.SubjectInfo; -import org.apache.geronimo.security.jaas.ConfigurationEntryFactory; -import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration; -import org.apache.geronimo.security.jaas.JaasLoginModuleUse; -import org.apache.geronimo.security.jaas.LoginModuleControlFlag; -import org.apache.geronimo.security.jaas.LoginModuleGBean; import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager; -import org.apache.geronimo.security.jacc.mappingprovider.ApplicationPrincipalRoleConfigurationManager; -import org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicyConfigurationFactory; -import org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicy; import org.apache.geronimo.security.jacc.ComponentPermissions; import org.apache.geronimo.security.jacc.PrincipalRoleMapper; import org.apache.geronimo.security.jacc.RunAsSource; -import org.apache.geronimo.security.realm.GenericSecurityRealm; +import org.apache.geronimo.security.jacc.mappingprovider.ApplicationPrincipalRoleConfigurationManager; +import org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicy; +import org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicyConfigurationFactory; +import org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal; +import org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal; +import org.apache.geronimo.security.SecurityServiceImpl; import org.apache.geronimo.system.serverinfo.BasicServerInfo; import org.apache.geronimo.system.serverinfo.ServerInfo; import org.apache.geronimo.testsupport.TestSupport; import org.apache.geronimo.transaction.manager.TransactionManagerImpl; -import org.mortbay.jetty.security.Authenticator; -import org.mortbay.jetty.security.FormAuthenticator; +import org.mortbay.jetty.security.ServletCallbackHandler; +import org.mortbay.jetty.security.jaspi.modules.FormAuthModule; +import org.mortbay.jetty.security.jaspi.modules.LoginCredentials; +import org.mortbay.jetty.security.jaspi.modules.LoginResult; +import org.mortbay.jetty.security.jaspi.modules.LoginService; +import org.mortbay.jetty.security.jaspi.modules.UserPasswordLoginCredentials; +import org.mortbay.jetty.security.jaspi.modules.BaseAuthModule; /** @@ -88,8 +100,22 @@ } - protected JettyWebAppContext setUpAppContext(String realmName, String securityRealmName, Authenticator authenticator, String policyContextId, PermissionCollection excludedPermissions, RunAsSource runAsSource, PermissionCollection checkedPermissions, String uriString) throws Exception { + protected JettyWebAppContext setUpAppContext(String securityRealmName, SecurityHandlerFactory securityHandlerFactory, String policyContextId, RunAsSource runAsSource, String uriString) throws Exception { + if (securityHandlerFactory == null) { + Permissions unchecked = new Permissions(); + unchecked.add(new WebUserDataPermission("/", null)); + unchecked.add(new WebResourcePermission("/", "")); + ComponentPermissions componentPermissions = new ComponentPermissions(new Permissions(), unchecked, Collections.emptyMap()); + setUpJACC(Collections.emptyMap(), Collections.>emptyMap(), componentPermissions, policyContextId); + final ServletCallbackHandler callbackHandler = new ServletCallbackHandler(); + securityHandlerFactory = new ServerAuthConfigGBean(callbackHandler, new BaseAuthModule(callbackHandler, null) { + @Override + public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException { + return AuthStatus.SUCCESS; + } + }); + } JettyWebAppContext app = new JettyWebAppContext(null, null, Collections.emptyMap(), @@ -105,8 +131,6 @@ null, null, null, - authenticator, - realmName, null, false, 0, @@ -114,6 +138,7 @@ preHandlerFactory, policyContextId, securityRealmName, + securityHandlerFactory, runAsSource, null, null, @@ -129,51 +154,49 @@ return app; } - protected JettyWebAppContext setUpSecureAppContext(String securityRealmName, Map roleDesignates, Map principalRoleMap, ComponentPermissions componentPermissions, SubjectInfo defaultSubjectInfo, PermissionCollection checked, Set securityRoles) throws Exception { + protected JettyWebAppContext setUpSecureAppContext(String securityRealmName, Map roleDesignates, Map> principalRoleMap, ComponentPermissions componentPermissions, SubjectInfo defaultSubjectInfo, PermissionCollection checked, Set securityRoles) throws Exception { String policyContextId = "TEST"; + ApplicationPolicyConfigurationManager jacc = setUpJACC(roleDesignates, principalRoleMap, componentPermissions, policyContextId); + ServletCallbackHandler callbackHandler = new ServletCallbackHandler(); + LoginService loginService = newLoginService(); + FormAuthModule authModule = new FormAuthModule(callbackHandler, loginService, "/auth/logon.html?param=test", "/auth/logonError.html?param=test"); + SecurityHandlerFactory securityHandlerFactory = new ServerAuthConfigGBean(callbackHandler, authModule); + return setUpAppContext( + securityRealmName, + securityHandlerFactory, + policyContextId, + jacc, + "war3/"); + + } + + private ApplicationPolicyConfigurationManager setUpJACC(Map roleDesignates, Map> principalRoleMap, ComponentPermissions componentPermissions, String policyContextId) throws Exception { + setUpSecurityService(); PrincipalRoleMapper roleMapper = new ApplicationPrincipalRoleConfigurationManager(principalRoleMap); Map contextIDToPermissionsMap = new HashMap(); contextIDToPermissionsMap.put(policyContextId, componentPermissions); ApplicationPolicyConfigurationManager jacc = new ApplicationPolicyConfigurationManager(contextIDToPermissionsMap, null, roleDesignates, cl, null, roleMapper); jacc.doStart(); + return jacc; + } - FormAuthenticator formAuthenticator = new FormAuthenticator(); - formAuthenticator.setLoginPage("/auth/logon.html?param=test"); - formAuthenticator.setErrorPage("/auth/logonError.html?param=test"); - return setUpAppContext("Test JAAS Realm", - securityRealmName, - formAuthenticator, - policyContextId, - componentPermissions.getExcludedPermissions(), - jacc, - checked, - "war3/"); + protected LoginService newLoginService() throws Exception { +// String domainName = "demo-properties-realm"; +// + Map users = new HashMap(); + users.put("alan", "starcraft"); + users.put("izumi", "violin"); + Map> groups = new HashMap>(); + groups.put("alan", Collections.singletonList("it")); + TestLoginService loginService = new TestLoginService(users, groups); + return loginService; } - protected void setUpSecurity() throws Exception { - String domainName = "demo-properties-realm"; - + protected void setUpSecurityService() throws Exception { ServerInfo serverInfo = new BasicServerInfo("."); new SecurityServiceImpl(cl, serverInfo, GeronimoPolicyConfigurationFactory.class.getName(), GeronimoPolicy.class.getName(), null, null, null, null); - - Map options = new HashMap(); - options.put("usersURI", new File(BASEDIR, "src/test/resources/data/users.properties").toURI().toString()); - options.put("groupsURI", new File(BASEDIR, "src/test/resources/data/groups.properties").toURI().toString()); - - LoginModuleGBean loginModule = new LoginModuleGBean("org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule", null, true, options, domainName, cl); - - JaasLoginModuleUse loginModuleUse = new JaasLoginModuleUse(loginModule, null, LoginModuleControlFlag.REQUIRED); - - PrincipalInfo.PrincipalEditor principalEditor = new PrincipalInfo.PrincipalEditor(); - principalEditor.setAsText("metro,org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"); - GenericSecurityRealm realm = new GenericSecurityRealm(domainName, loginModuleUse, true, serverInfo, cl, null); - - GeronimoLoginConfiguration loginConfiguration = new GeronimoLoginConfiguration(); - loginConfiguration.setConfigurations(Collections.singleton(realm)); - loginConfiguration.doStart(); - } protected void tearDownSecurity() throws Exception { @@ -189,7 +212,7 @@ container.doStart(); connector = new HTTPSocketConnector(container, null); connector.setPort(5678); - connector.setMaxThreads(50); + connector.setMaxThreads(2); connector.doStart(); TransactionManagerImpl transactionManager = new TransactionManagerImpl(); @@ -202,4 +225,41 @@ connector.doStop(); Thread.sleep(1000); } + + private static class TestLoginService implements LoginService { + + private final Map users; + private final Map> groups; + + private TestLoginService(Map users, Map> groups) { + this.users = users; + this.groups = groups; + } + + public LoginResult login(Subject subject, LoginCredentials loginCredentials) throws AuthException { + UserPasswordLoginCredentials creds = (UserPasswordLoginCredentials) loginCredentials; + String pws = users.get(creds.getUsername()); + if (pws != null && pws.equals(new String(creds.getPassword()))) { + final GeronimoUserPrincipal userPrincipal = new GeronimoUserPrincipal(creds.getUsername()); + subject.getPrincipals().add(userPrincipal); + List usersGroups = groups.get(creds.getUsername()); + if (usersGroups != null) { + for (String group: usersGroups) { + subject.getPrincipals().add(new GeronimoGroupPrincipal(group)); + } + return new LoginResult(true, userPrincipal, usersGroups.toArray(new String[usersGroups.size()]), subject); + } + return new LoginResult(true, userPrincipal, new String[0], subject); + } + return new LoginResult(false, null, null, subject); + } + + public void logout(Subject subject) throws AuthException { + } + + @Deprecated + public String getName() { + return null; + } + } } Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ApplicationTest.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ApplicationTest.java?rev=675561&r1=675560&r2=675561&view=diff ============================================================================== --- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ApplicationTest.java (original) +++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ApplicationTest.java Thu Jul 10 06:05:21 2008 @@ -36,7 +36,7 @@ public class ApplicationTest extends AbstractWebModuleTest { public void testApplication() throws Exception { - JettyWebAppContext app = setUpAppContext(null, null, null, null, null, null, null, "war1/"); + JettyWebAppContext app = setUpAppContext(null, null, "policyContextID", null, "war1/"); setUpStaticContentServlet(app); @@ -50,7 +50,7 @@ public void testApplicationWithSessionHandler() throws Exception { preHandlerFactory = new MockPreHandlerFactory(); sessionHandlerFactory = new MockSessionHandlerFactory(); - JettyWebAppContext app = setUpAppContext(null, null, null, null, null, null, null, "war1/"); + JettyWebAppContext app = setUpAppContext(null, null, "policyContextID", null, "war1/"); setUpStaticContentServlet(app); Modified: geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/SecurityTest.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/SecurityTest.java?rev=675561&r1=675560&r2=675561&view=diff ============================================================================== --- geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/SecurityTest.java (original) +++ geronimo/sandbox/djencks/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/SecurityTest.java Thu Jul 10 06:05:21 2008 @@ -78,6 +78,8 @@ PermissionCollection excludedPermissions = new Permissions(); uncheckedPermissions.add(new WebResourcePermission("/auth/logon.html", "")); uncheckedPermissions.add(new WebUserDataPermission("/auth/logon.html", "")); +// uncheckedPermissions.add(new WebResourcePermission("/auth/j_security_check", "")); + uncheckedPermissions.add(new WebUserDataPermission("/auth/j_security_check", "")); Map rolePermissions = new HashMap(); PermissionCollection permissions = new Permissions(); @@ -170,7 +172,6 @@ protected void setUp() throws Exception { super.setUp(); - setUpSecurity(); } protected void tearDown() throws Exception {