geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r741679 [2/3] - in /geronimo/server/trunk: buildsupport/geronimo-plugin-archetype/src/main/resources/archetype-resources/ framework/configs/j2ee-security/src/main/plan/ framework/configs/server-security-config/src/main/plan/ framework/confi...
Date Fri, 06 Feb 2009 19:07:20 GMT
Modified: geronimo/server/trunk/plugins/j2ee/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/EARConfigBuilderTestSupport.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/EARConfigBuilderTestSupport.java?rev=741679&r1=741678&r2=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/EARConfigBuilderTestSupport.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/EARConfigBuilderTestSupport.java Fri Feb  6 19:07:17 2009
@@ -143,7 +143,6 @@
                     connectorConfigBuilder,
                     activationSpecInfoLocator,
                     appClientConfigBuilder,
-                    securityBuilder,
                     serviceBuilder,
                     persistenceUnitBuilder,
                     naming, artifactResolvers);
@@ -173,7 +172,6 @@
                 connectorConfigBuilder,
                 activationSpecInfoLocator,
                 appClientConfigBuilder,
-                securityBuilder,
                 serviceBuilder,
                 persistenceUnitBuilder,
                 naming, artifactResolvers);
@@ -209,7 +207,6 @@
                 connectorConfigBuilder,
                 activationSpecInfoLocator,
                 appClientConfigBuilder,
-                securityBuilder,
                 serviceBuilder,
                 persistenceUnitBuilder,
                 naming, artifactResolvers);
@@ -245,7 +242,6 @@
                 connectorConfigBuilder,
                 activationSpecInfoLocator,
                 appClientConfigBuilder,
-                securityBuilder,
                 serviceBuilder,
                 persistenceUnitBuilder,
                 naming, artifactResolvers);
@@ -281,7 +277,6 @@
                 connectorConfigBuilder,
                 activationSpecInfoLocator,
                 appClientConfigBuilder,
-                securityBuilder,
                 serviceBuilder,
                 persistenceUnitBuilder,
                 naming, artifactResolvers);
@@ -317,7 +312,6 @@
                 connectorConfigBuilder,
                 activationSpecInfoLocator,
                 appClientConfigBuilder,
-                securityBuilder,
                 serviceBuilder,
                 persistenceUnitBuilder,
                 naming, artifactResolvers);
@@ -354,7 +348,6 @@
                 connectorConfigBuilder,
                 activationSpecInfoLocator,
                 appClientConfigBuilder,
-                securityBuilder,
                 serviceBuilder,
                 persistenceUnitBuilder,
                 naming, artifactResolvers);
@@ -390,7 +383,6 @@
                 null,
                 activationSpecInfoLocator,
                 appClientConfigBuilder,
-                securityBuilder,
                 serviceBuilder,
                 persistenceUnitBuilder,
                 naming, artifactResolvers);

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/NamingBuilderCollectionTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/NamingBuilderCollectionTest.java?rev=741679&r1=741678&r2=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/NamingBuilderCollectionTest.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-j2ee-builder/src/test/java/org/apache/geronimo/j2ee/deployment/NamingBuilderCollectionTest.java Fri Feb  6 19:07:17 2009
@@ -46,7 +46,7 @@
         builders.add(p2);
                 
         QName plan = new QName("http://foo", "bar");
-        NamingBuilderCollection col = new NamingBuilderCollection(builders, plan);
+        NamingBuilderCollection col = new NamingBuilderCollection(builders);
         List expectedCallList;
         
         // test buildEnvironment
@@ -116,6 +116,10 @@
         public QNameSet getSpecQNameSet() {
             return QNameSet.EMPTY;
         }
+
+        public QName getBaseQName() {
+            return null;
+        }
         
     }
     

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-naming-builder/src/main/java/org/apache/geronimo/naming/deployment/AbstractNamingBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-naming-builder/src/main/java/org/apache/geronimo/naming/deployment/AbstractNamingBuilder.java?rev=741679&r1=741678&r2=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-naming-builder/src/main/java/org/apache/geronimo/naming/deployment/AbstractNamingBuilder.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-naming-builder/src/main/java/org/apache/geronimo/naming/deployment/AbstractNamingBuilder.java Fri Feb  6 19:07:17 2009
@@ -45,6 +45,7 @@
 import org.apache.geronimo.schema.NamespaceElementConverter;
 import org.apache.geronimo.xbeans.geronimo.naming.GerAbstractNamingEntryDocument;
 import org.apache.geronimo.xbeans.geronimo.naming.GerPatternType;
+import org.apache.geronimo.xbeans.geronimo.naming.GerAbstractNamingEntryType;
 import org.apache.geronimo.xbeans.javaee.InjectionTargetType;
 import org.apache.geronimo.xbeans.javaee.XsdStringType;
 import org.apache.xmlbeans.QNameSet;
@@ -57,6 +58,7 @@
  * @version $Rev$ $Date$
  */
 public abstract class AbstractNamingBuilder implements NamingBuilder {
+    protected static final QName BASE_NAMING_QNAME = GerAbstractNamingEntryType.type.getDocumentElementName();
     protected static final String J2EE_NAMESPACE = "http://java.sun.com/xml/ns/j2ee";
     protected static final String JEE_NAMESPACE = "http://java.sun.com/xml/ns/javaee";
     protected static final NamespaceElementConverter J2EE_CONVERTER = new NamespaceElementConverter(J2EE_NAMESPACE);
@@ -285,6 +287,10 @@
         return new Artifact[] {earConfiguration.getId(),localConfiguration.getId()};
     }
 
+
+    public QName getBaseQName() {
+        return BASE_NAMING_QNAME;
+    }
 }
 
 

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-naming-builder/src/main/java/org/apache/geronimo/naming/deployment/UnavailableRefBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-naming-builder/src/main/java/org/apache/geronimo/naming/deployment/UnavailableRefBuilder.java?rev=741679&r1=741678&r2=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-naming-builder/src/main/java/org/apache/geronimo/naming/deployment/UnavailableRefBuilder.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-naming-builder/src/main/java/org/apache/geronimo/naming/deployment/UnavailableRefBuilder.java Fri Feb  6 19:07:17 2009
@@ -75,6 +75,10 @@
         return QNameSet.EMPTY;
     }
 
+    public QName getBaseQName() {
+        return AbstractNamingBuilder.BASE_NAMING_QNAME;
+    }
+
     public static final GBeanInfo GBEAN_INFO;
 
     static {

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/pom.xml?rev=741679&r1=741678&r2=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/pom.xml (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/pom.xml Fri Feb  6 19:07:17 2009
@@ -27,7 +27,7 @@
         <artifactId>j2ee</artifactId>
         <version>2.2-SNAPSHOT</version>
     </parent>
-    
+
     <groupId>org.apache.geronimo.modules</groupId>
     <artifactId>geronimo-security-builder</artifactId>
     <name>Geronimo Plugins, J2EE :: Security Builder</name>
@@ -53,16 +53,77 @@
             <classifier>tests</classifier>
             <scope>test</scope>
         </dependency>
-
+<!--
+        <dependency>
+            <groupId>org.soter.rbac</groupId>
+            <artifactId>rbac-xml-model</artifactId>
+            <version>1.0-SNAPSHOT</version>
+        </dependency>
+        <dependency>
+            <groupId>org.soter.rbac</groupId>
+            <artifactId>rbac-jacc</artifactId>
+            <version>1.0-SNAPSHOT</version>
+        </dependency>
+-->
     </dependencies>
-    
+
     <build>
         <plugins>
+
+<!--
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>jaxb2-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>xjc</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <packageName>org.geronimo.security.rbac.model</packageName>
+                    <schemaFiles>geronimo-soter-1.0.xsd</schemaFiles>
+                    <extension>true</extension>
+                </configuration>
+            </plugin>
+-->
+            <!--         experiment with 2.1 episodes for multi-schema compilations. -->
+<!--
+            <plugin>
+                <groupId>org.jvnet.jaxb2.maven2</groupId>
+                <artifactId>maven-jaxb2-plugin</artifactId>
+                <version>0.5</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>generate</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <schemaDirectory>src/main/xsd</schemaDirectory>
+                    <packageName>org.geronimo.security.rbac.model</packageName>
+                    <schemaFiles>geronimo-soter-1.0.xsd</schemaFiles>
+                    <extension>true</extension>
+                    -->
+<!--<arguments>-episode rbac.episode</arguments>-->
+<!--
+                    <episodes>
+                        <episode>
+                            <groupId>org.soter.rbac</groupId>
+                            <artifactId>rbac-xml-model</artifactId>
+                        </episode>
+                    </episodes>
+                </configuration>
+            </plugin>
+-->
+
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>xmlbeans-maven-plugin</artifactId>
             </plugin>
-            
+
             <!--
             HACK: Copy XmlBeans generated schemas.
             -->

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/GeronimoSecurityBuilderImpl.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/GeronimoSecurityBuilderImpl.java?rev=741679&r1=741678&r2=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/GeronimoSecurityBuilderImpl.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/GeronimoSecurityBuilderImpl.java Fri Feb  6 19:07:17 2009
@@ -23,25 +23,34 @@
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
+import java.util.Collection;
+import java.util.jar.JarFile;
+import java.net.URL;
 
 import javax.xml.namespace.QName;
 
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.deployment.DeploymentContext;
 import org.apache.geronimo.deployment.NamespaceDrivenBuilder;
+import org.apache.geronimo.deployment.ModuleIDBuilder;
+import org.apache.geronimo.deployment.service.EnvironmentBuilder;
 import org.apache.geronimo.deployment.service.SingleGBeanBuilder;
 import org.apache.geronimo.deployment.xbeans.PatternType;
 import org.apache.geronimo.deployment.xmlbeans.XmlBeansUtil;
 import org.apache.geronimo.gbean.AbstractName;
 import org.apache.geronimo.gbean.AbstractNameQuery;
 import org.apache.geronimo.gbean.GBeanData;
-import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.gbean.GBeanLifecycle;
+import org.apache.geronimo.gbean.annotation.GBean;
+import org.apache.geronimo.gbean.annotation.ParamAttribute;
 import org.apache.geronimo.j2ee.deployment.EARContext;
+import org.apache.geronimo.j2ee.deployment.ModuleBuilderExtension;
+import org.apache.geronimo.j2ee.deployment.Module;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.kernel.GBeanAlreadyExistsException;
 import org.apache.geronimo.kernel.Naming;
+import org.apache.geronimo.kernel.config.ConfigurationStore;
 import org.apache.geronimo.kernel.repository.Environment;
 import org.apache.geronimo.schema.ElementConverter;
 import org.apache.geronimo.schema.NamespaceElementConverter;
@@ -49,15 +58,12 @@
 import org.apache.geronimo.schema.SecurityElementConverter;
 import org.apache.geronimo.security.SecurityNames;
 import org.apache.geronimo.security.credentialstore.CredentialStore;
-import org.apache.geronimo.security.deploy.LoginDomainPrincipalInfo;
 import org.apache.geronimo.security.deploy.PrincipalInfo;
-import org.apache.geronimo.security.deploy.RealmPrincipalInfo;
-import org.apache.geronimo.security.deploy.Role;
-import org.apache.geronimo.security.deploy.Security;
 import org.apache.geronimo.security.deploy.SubjectInfo;
 import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.geronimo.security.jacc.mappingprovider.ApplicationPrincipalRoleConfigurationManager;
+import org.apache.geronimo.security.jacc.PrincipalRoleMapper;
 import org.apache.geronimo.security.util.ConfigurationUtil;
 import org.apache.geronimo.xbeans.geronimo.security.GerLoginDomainPrincipalType;
 import org.apache.geronimo.xbeans.geronimo.security.GerPrincipalType;
@@ -65,6 +71,8 @@
 import org.apache.geronimo.xbeans.geronimo.security.GerRoleMappingsType;
 import org.apache.geronimo.xbeans.geronimo.security.GerRoleType;
 import org.apache.geronimo.xbeans.geronimo.security.GerSecurityDocument;
+import org.apache.geronimo.xbeans.geronimo.security.GerSecurityRefDocument;
+import org.apache.geronimo.xbeans.geronimo.security.GerSecurityRefType;
 import org.apache.geronimo.xbeans.geronimo.security.GerSecurityType;
 import org.apache.geronimo.xbeans.geronimo.security.GerSubjectInfoType;
 import org.apache.xmlbeans.QNameSet;
@@ -74,11 +82,17 @@
 /**
  * @version $Rev$ $Date$
  */
-public class GeronimoSecurityBuilderImpl implements NamespaceDrivenBuilder, GBeanLifecycle {
+@GBean(j2eeType = NameFactory.MODULE_BUILDER)
+public class GeronimoSecurityBuilderImpl implements NamespaceDrivenBuilder, ModuleBuilderExtension, GBeanLifecycle {
+    private static final QName BASE_SECURITY_QNAME = org.apache.geronimo.xbeans.geronimo.j2ee.GerSecurityDocument.type.getDocumentElementName();
     private static final QName SECURITY_QNAME = GerSecurityDocument.type.getDocumentElementName();
-    private static final QNameSet SECURITY_QNAME_SET = QNameSet.singleton(SECURITY_QNAME);
+    private static final QName SECURITY_REF_QNAME = GerSecurityRefDocument.type.getDocumentElementName();
+    private static final QNameSet SECURITY_QNAME_SET = QNameSet.forArray(new QName[]{SECURITY_QNAME, SECURITY_REF_QNAME});
     public static final String GERONIMO_SECURITY_NAMESPACE = "http://geronimo.apache.org/xml/ns/security-2.0";
     private static final Map<String, String> NAMESPACE_UPDATES = new HashMap<String, String>();
+
+    private static final String ROLE_MAPPER_DATA_NAME = "roleMapperDataName";
+
     static {
         NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/loginconfig", "http://geronimo.apache.org/xml/ns/loginconfig-2.0");
         NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/loginconfig-1.1", "http://geronimo.apache.org/xml/ns/loginconfig-2.0");
@@ -92,13 +106,20 @@
 
     static {
         GERONIMO_SCHEMA_CONVERSIONS.put("security", new SecurityElementConverter());
+        GERONIMO_SCHEMA_CONVERSIONS.put("security-ref", new NamespaceElementConverter(GERONIMO_SECURITY_NAMESPACE));
         GERONIMO_SCHEMA_CONVERSIONS.put("default-subject", new NamespaceElementConverter(GERONIMO_SECURITY_NAMESPACE));
     }
 
-    private final AbstractNameQuery credentialStoreName;
-
-    public GeronimoSecurityBuilderImpl(AbstractNameQuery credentialStoreName) {
-        this.credentialStoreName = credentialStoreName;
+    private final AbstractNameQuery defaultCredentialStoreName;
+    private final AbstractNameQuery defaultRoleMappingName;
+    private final Environment defaultEnvironment;
+
+    public GeronimoSecurityBuilderImpl(@ParamAttribute(name = "credentialStoreName")AbstractNameQuery credentialStoreName,
+                                       @ParamAttribute(name = "defaultRoleMappingName")AbstractNameQuery defaultRoleMappingName,
+                                       @ParamAttribute(name = "defaultEnvironment")Environment defaultEnvironment) {
+        this.defaultCredentialStoreName = credentialStoreName;
+        this.defaultRoleMappingName = defaultRoleMappingName;
+        this.defaultEnvironment = defaultEnvironment;
     }
 
     public void doStart() {
@@ -115,213 +136,208 @@
         doStop();
     }
 
+    //MBE methods
+    public void createModule(Module module, Object plan, JarFile moduleFile, String targetPath, URL specDDUrl, Environment environment, Object moduleContextInfo, AbstractName earName, Naming naming, ModuleIDBuilder idBuilder) throws DeploymentException {
+    }
+
+    public void installModule(JarFile earFile, EARContext earContext, Module module, Collection configurationStores, ConfigurationStore targetConfigurationStore, Collection repository) throws DeploymentException {
+    }
+
+    public void initContext(EARContext earContext, Module module, ClassLoader cl) throws DeploymentException {
+    }
+
+    public void addGBeans(EARContext earContext, Module module, ClassLoader cl, Collection repository) throws DeploymentException {
+        buildJaccManager(earContext);
+    }
+
+    //NamespaceDrivenBuilder methods
     public void buildEnvironment(XmlObject container, Environment environment) throws DeploymentException {
     }
 
+
     public void build(XmlObject container, DeploymentContext applicationContext, DeploymentContext moduleContext) throws DeploymentException {
-        EARContext earContext = (EARContext) applicationContext;
-        XmlObject[] items = container.selectChildren(SECURITY_QNAME_SET);
-        if (items.length > 1) {
-            throw new DeploymentException("Unexpected count of security elements in geronimo plan " + items.length + " qnameset: " + SECURITY_QNAME_SET);
-        }
-        if (items.length == 1) {
+        XmlObject[] items = container.selectChildren(SECURITY_QNAME);
+        for (XmlObject item : items) {
             GerSecurityType securityType;
             try {
-                securityType = (GerSecurityType) XmlBeansUtil.typedCopy(items[0], GerSecurityType.type);
+                securityType = (GerSecurityType) XmlBeansUtil.typedCopy(item, GerSecurityType.type);
             } catch (XmlException e) {
                 throw new DeploymentException("Could not validate security element", e);
             }
-            Security security = buildSecurityConfig(securityType);
             ClassLoader classLoader = applicationContext.getClassLoader();
-            SecurityConfiguration securityConfiguration = buildSecurityConfiguration(security, classLoader);
-            earContext.setSecurityConfiguration(securityConfiguration);
-            
-            Naming naming = earContext.getNaming();
-            GBeanData roleMapperData = configureRoleMapper(naming, earContext.getModuleName(), securityConfiguration);
-            try {
-                earContext.addGBean(roleMapperData);
-            } catch (GBeanAlreadyExistsException e) {
-                throw new DeploymentException("Role mapper gbean already present", e);
+
+            if (applicationContext instanceof EARContext) {
+                SecurityConfiguration securityConfiguration = buildSecurityConfig(securityType);
+                ((EARContext)applicationContext).setSecurityConfiguration(securityConfiguration);
             }
-            AbstractNameQuery credentialStoreName;
-            if (securityType.isSetCredentialStoreRef()) {
-                PatternType credentialStoreType = securityType.getCredentialStoreRef();
-                credentialStoreName = SingleGBeanBuilder.buildAbstractNameQuery(credentialStoreType, GBeanInfoBuilder.DEFAULT_J2EE_TYPE, Collections.singleton(CredentialStore.class.getName()));
-            } else {
-                credentialStoreName = this.credentialStoreName;
+
+            AbstractNameQuery roleMapperDataName = configureRoleMapper(applicationContext, securityType, classLoader);
+            if (applicationContext instanceof EARContext) {
+                setRoleMapperName(applicationContext, roleMapperDataName);
             }
-            GBeanData jaccBeanData = configureApplicationPolicyManager(naming, earContext.getModuleName(), earContext.getContextIDToPermissionsMap(), securityConfiguration, credentialStoreName);
-            jaccBeanData.setReferencePattern("PrincipalRoleMapper", roleMapperData.getAbstractName());
+        }
+        XmlObject[] refs = container.selectChildren(SECURITY_REF_QNAME);
+        if (refs.length > 1) {
+            throw new DeploymentException("Unexpected count of security-ref elements in geronimo plan " + refs.length + " qname: " + SECURITY_REF_QNAME);
+        }
+        if (refs.length == 1) {
+            GerSecurityRefType ref;
             try {
-                earContext.addGBean(jaccBeanData);
-            } catch (GBeanAlreadyExistsException e) {
-                throw new DeploymentException("JACC manager gbean already present", e);
+                ref = (GerSecurityRefType) XmlBeansUtil.typedCopy(refs[0], GerSecurityRefType.type);
+                if (ref.isSetName()) {
+                    String name = ref.getName().trim();
+                    AbstractNameQuery roleMapperDataName = new AbstractNameQuery(null, Collections.singletonMap("name", name), PrincipalRoleMapper.class.getName());
+                    setRoleMapperName(applicationContext, roleMapperDataName);
+                } else {
+                    PatternType SecurityRefType = ref.getRef();
+                    AbstractNameQuery roleMapperDataName = SingleGBeanBuilder.buildAbstractNameQuery(SecurityRefType, GBeanInfoBuilder.DEFAULT_J2EE_TYPE, Collections.singleton(CredentialStore.class.getName()));
+                    setRoleMapperName(applicationContext, roleMapperDataName);
+                }
+            } catch (XmlException e) {
+                throw new DeploymentException("Could not validate security element", e);
             }
-            earContext.setJaccManagerName(jaccBeanData.getAbstractName());
         }
     }
 
-    private static SecurityConfiguration buildSecurityConfiguration(Security security, ClassLoader classLoader) {
-        Map<String, SubjectInfo> roleDesignates = security.getRoleSubjectMappings();
-        Map<Principal, Set<String>> principalRoleMap = new HashMap<Principal, Set<String>>();
-        Map<String, Set<Principal>> roleToPrincipalMap = new HashMap<String, Set<Principal>>();
-        buildRolePrincipalMap(security, roleToPrincipalMap, classLoader);
-        invertMap(roleToPrincipalMap, principalRoleMap);
-        return new SecurityConfiguration(principalRoleMap, roleDesignates, security.getDefaultSubjectInfo(), security.getDefaultRole(), security.isDoAsCurrentCaller(), security.isUseContextHandler());
-    }
-
-    private static Map invertMap(Map<String, Set<Principal>> roleToPrincipalMap, Map<Principal, Set<String>> principalRoleMapping) {
-        for (Map.Entry<String, Set<java.security.Principal>> entry : roleToPrincipalMap.entrySet()) {
-            String role = entry.getKey();
-            Set<Principal> principals = entry.getValue();
-            for (Principal principal : principals) {
-
-                Set<String> roleSet = principalRoleMapping.get(principal);
-                if (roleSet == null) {
-                    roleSet = new HashSet<String>();
-                    principalRoleMapping.put(principal, roleSet);
-                }
-                roleSet.add(role);
-            }
+    private void setRoleMapperName(DeploymentContext applicationContext, AbstractNameQuery roleMapperDataName) throws DeploymentException {
+        EARContext earContext = (EARContext) applicationContext;
+        if (earContext.getGeneralData().put(ROLE_MAPPER_DATA_NAME, roleMapperDataName) != null) {
+            throw new DeploymentException("Only one role mapping or role mapping reference can be present in an ear");
         }
-        return principalRoleMapping;
     }
 
-    /**
-     * non-interface, used in some jetty/tomcat tests
-     *
-     * @param security Security object holding security info as it is extracted
-     * @param roleToPrincipalMap role to set of Principals mapping
-     * @param classLoader application classloader in case we need to load some principal classes.
-     */
-    public static void buildRolePrincipalMap(Security security, Map<String, Set<Principal>> roleToPrincipalMap, ClassLoader classLoader) {
-
-        for (Object o : security.getRoleMappings().values()) {
-            Role role = (Role) o;
-
-            String roleName = role.getRoleName();
-            Set<Principal> principalSet = new HashSet<Principal>();
-
-            for (Object o1 : role.getRealmPrincipals()) {
-                RealmPrincipalInfo realmPrincipal = (RealmPrincipalInfo) o1;
-                Principal principal = ConfigurationUtil.generateRealmPrincipal(realmPrincipal.getRealm(), realmPrincipal.getDomain(), realmPrincipal, classLoader);
-
-                principalSet.add(principal);
+    private void buildJaccManager(EARContext earContext) throws DeploymentException {
+        if (earContext.isHasSecurity()) {
+            //Be sure to only set once per app
+            earContext.setHasSecurity(false);
+            AbstractNameQuery roleMapperDataName = (AbstractNameQuery)earContext.getGeneralData().get(ROLE_MAPPER_DATA_NAME);
+            if (roleMapperDataName == null) {
+                roleMapperDataName = defaultRoleMappingName;
+                EnvironmentBuilder.mergeEnvironments(earContext.getConfiguration().getEnvironment(), defaultEnvironment);
             }
-
-            for (Object o2 : role.getLoginDomainPrincipals()) {
-                LoginDomainPrincipalInfo domainPrincipal = (LoginDomainPrincipalInfo) o2;
-                Principal principal = ConfigurationUtil.generateDomainPrincipal(domainPrincipal.getDomain(), domainPrincipal, classLoader);
-
-                principalSet.add(principal);
+            Naming naming = earContext.getNaming();
+            GBeanData jaccBeanData = configureApplicationPolicyManager(naming, earContext.getModuleName(), earContext.getContextIDToPermissionsMap());
+            jaccBeanData.setReferencePattern("PrincipalRoleMapper", roleMapperDataName);
+            try {
+                earContext.addGBean(jaccBeanData);
+            } catch (GBeanAlreadyExistsException e) {
+                throw new DeploymentException("JACC manager gbean already present", e);
             }
+//            earContext.setJaccManagerName(jaccBeanData.getAbstractName());
+        }
+    }
 
-            for (Object o3 : role.getPrincipals()) {
-                PrincipalInfo plainPrincipalInfo = (PrincipalInfo) o3;
-                Principal principal = ConfigurationUtil.generatePrincipal(plainPrincipalInfo, classLoader);
+    private SecurityConfiguration buildSecurityConfig(GerSecurityType securityType) {
 
-                principalSet.add(principal);
-            }
+        if (securityType == null) {
+            return null;
+        }
 
-            Set<Principal> roleMapping = roleToPrincipalMap.get(roleName);
-            if (roleMapping == null) {
-                roleMapping = new HashSet<Principal>();
-                roleToPrincipalMap.put(roleName, roleMapping);
-            }
-            roleMapping.addAll(principalSet);
+        boolean doAsCurrentCaller = securityType.getDoasCurrentCaller();
+        boolean useContextHandler = securityType.getUseContextHandler();
+        String defaultRole = securityType.isSetDefaultRole() ? securityType.getDefaultRole().trim() : null;
+
+        return new SecurityConfiguration(defaultRole, doAsCurrentCaller, useContextHandler);
+    }
 
+    private void add(String roleName, Principal principal, Map<Principal, Set<String>> principalRoleMap) {
+        Set<String> roles = principalRoleMap.get(principal);
+        if (roles == null) {
+            roles = new HashSet<String>();
+            principalRoleMap.put(principal, roles);
         }
+        roles.add(roleName);
     }
 
-    private Security buildSecurityConfig(GerSecurityType securityType) {
-        Security security;
-
-        if (securityType == null) {
+    private SubjectInfo buildSubjectInfo(GerSubjectInfoType defaultSubject) {
+        if (defaultSubject == null) {
             return null;
         }
-        security = new Security();
+        String realmName = defaultSubject.getRealm().trim();
+        String id = defaultSubject.getId().trim();
+        return new SubjectInfo(realmName, id);
+    }
 
-        security.setDoAsCurrentCaller(securityType.getDoasCurrentCaller());
-        security.setUseContextHandler(securityType.getUseContextHandler());
-        if (securityType.isSetDefaultRole()) {
-            security.setDefaultRole(securityType.getDefaultRole().trim());
-        }
+    private static Principal buildRealmPrincipal(GerRealmPrincipalType realmPrincipalType, ClassLoader classLoader) {
+        return ConfigurationUtil.generateRealmPrincipal(realmPrincipalType.getRealmName().trim(), realmPrincipalType.getDomainName().trim(), realmPrincipalType.getClass1().trim(), realmPrincipalType.getName().trim(), classLoader);
+    }
+
+    private static Principal buildDomainPrincipal(GerLoginDomainPrincipalType domainPrincipalType, ClassLoader classLoader) {
+        return ConfigurationUtil.generateDomainPrincipal(domainPrincipalType.getDomainName().trim(), domainPrincipalType.getClass1().trim(), domainPrincipalType.getName().trim(), classLoader);
+    }
+
+    private static Principal buildPrincipal(GerPrincipalType principalType, ClassLoader classLoader) {
+        return ConfigurationUtil.generatePrincipal(principalType.getClass1().trim(), principalType.getName().trim(), classLoader);
+    }
 
+    //used from TSSConfigEditor
+    public PrincipalInfo buildPrincipal(XmlObject xmlObject) {
+        GerPrincipalType principalType = (GerPrincipalType) xmlObject;
+        return new PrincipalInfo(principalType.getClass1().trim(), principalType.getName().trim());
+    }
+
+    protected AbstractNameQuery configureRoleMapper(DeploymentContext deploymentContext, GerSecurityType securityType, ClassLoader classLoader) throws DeploymentException {
+        Map<String, SubjectInfo> roleDesignates = new HashMap<String, SubjectInfo>();
+        Map<Principal, Set<String>> principalRoleMap = new HashMap<Principal, Set<String>>();
         if (securityType.isSetRoleMappings()) {
             GerRoleMappingsType roleMappingsType = securityType.getRoleMappings();
             for (int i = 0; i < roleMappingsType.sizeOfRoleArray(); i++) {
                 GerRoleType roleType = roleMappingsType.getRoleArray(i);
-                Role role = new Role();
 
                 String roleName = roleType.getRoleName().trim();
-                role.setRoleName(roleName);
-
                 if (roleType.isSetRunAsSubject()) {
                     SubjectInfo subjectInfo = buildSubjectInfo(roleType.getRunAsSubject());
-                    security.getRoleSubjectMappings().put(roleName, subjectInfo);
+                    roleDesignates.put(roleName, subjectInfo);
                 }
 
                 for (int j = 0; j < roleType.sizeOfRealmPrincipalArray(); j++) {
-                    role.getRealmPrincipals().add(GeronimoSecurityBuilderImpl.buildRealmPrincipal(roleType.getRealmPrincipalArray(j)));
+                    Principal principal = buildRealmPrincipal(roleType.getRealmPrincipalArray(j), classLoader);
+                    add(roleName, principal, principalRoleMap);
                 }
 
                 for (int j = 0; j < roleType.sizeOfLoginDomainPrincipalArray(); j++) {
-                    role.getLoginDomainPrincipals().add(GeronimoSecurityBuilderImpl.buildDomainPrincipal(roleType.getLoginDomainPrincipalArray(j)));
+                    Principal principal = buildDomainPrincipal(roleType.getLoginDomainPrincipalArray(j), classLoader);
+                    add(roleName, principal, principalRoleMap);
                 }
 
                 for (int j = 0; j < roleType.sizeOfPrincipalArray(); j++) {
-                    role.getPrincipals().add(buildPrincipal(roleType.getPrincipalArray(j)));
+                    Principal principal = buildPrincipal(roleType.getPrincipalArray(j), classLoader);
+                    add(roleName, principal, principalRoleMap);
                 }
 
-                security.getRoleMappings().put(roleName, role);
             }
         }
 
-        security.setDefaultSubjectInfo(buildSubjectInfo(securityType.getDefaultSubject()));
-
-        return security;
-    }
-
-    private SubjectInfo buildSubjectInfo(GerSubjectInfoType defaultSubject) {
-        if (defaultSubject == null) {
-            return null;
+        SubjectInfo defaultSubjectInfo = buildSubjectInfo(securityType.getDefaultSubject());
+        AbstractNameQuery credentialStoreName;
+        if (securityType.isSetCredentialStoreRef()) {
+            PatternType credentialStoreType = securityType.getCredentialStoreRef();
+            credentialStoreName = SingleGBeanBuilder.buildAbstractNameQuery(credentialStoreType, GBeanInfoBuilder.DEFAULT_J2EE_TYPE, Collections.singleton(CredentialStore.class.getName()));
+        } else {
+            credentialStoreName = this.defaultCredentialStoreName;
         }
-        String realmName = defaultSubject.getRealm().trim();
-        String id = defaultSubject.getId().trim();
-        return new SubjectInfo(realmName, id);
-    }
-
-    private static RealmPrincipalInfo buildRealmPrincipal(GerRealmPrincipalType realmPrincipalType) {
-        return new RealmPrincipalInfo(realmPrincipalType.getRealmName().trim(), realmPrincipalType.getDomainName().trim(), realmPrincipalType.getClass1().trim(), realmPrincipalType.getName().trim());
-    }
-
-    private static LoginDomainPrincipalInfo buildDomainPrincipal(GerLoginDomainPrincipalType domainPrincipalType) {
-        return new LoginDomainPrincipalInfo(domainPrincipalType.getDomainName().trim(), domainPrincipalType.getClass1().trim(), domainPrincipalType.getName().trim());
-    }
-
-    //used from TSSConfigEditor
-    public PrincipalInfo buildPrincipal(XmlObject xmlObject) {
-        GerPrincipalType principalType = (GerPrincipalType) xmlObject;
-        return new PrincipalInfo(principalType.getClass1().trim(), principalType.getName().trim());
-    }
-
-    protected GBeanData configureRoleMapper(Naming naming, AbstractName moduleName, SecurityConfiguration securityConfiguration) {
-        AbstractName roleMapperName = naming.createChildName(moduleName, "RoleMapper", "RoleMapper");
+        Naming naming = deploymentContext.getNaming();
+        String name = securityType.isSetName() ? securityType.getName() : "RoleMapper";
+        AbstractName roleMapperName = naming.createChildName(deploymentContext.getModuleName(), "RoleMapper", name);
         GBeanData roleMapperData = new GBeanData(roleMapperName, ApplicationPrincipalRoleConfigurationManager.GBEAN_INFO);
-        roleMapperData.setAttribute("principalRoleMap", securityConfiguration.getPrincipalRoleMap());
-        return roleMapperData;
+        roleMapperData.setAttribute("principalRoleMap", principalRoleMap);
+        roleMapperData.setAttribute("roleDesignates", roleDesignates);
+        roleMapperData.setAttribute("defaultSubjectInfo", defaultSubjectInfo);
+        if ((roleDesignates != null && !roleDesignates.isEmpty()) || defaultSubjectInfo != null) {
+            roleMapperData.setReferencePattern("CredentialStore", credentialStoreName);
+        }
+        try {
+            deploymentContext.addGBean(roleMapperData);
+        } catch (GBeanAlreadyExistsException e) {
+            throw new DeploymentException("Role mapper gbean already present", e);
+        }
+        return new AbstractNameQuery(roleMapperData.getAbstractName());
     }
 
-    protected GBeanData configureApplicationPolicyManager(Naming naming, AbstractName moduleName, Map<String, ComponentPermissions> contextIDToPermissionsMap, SecurityConfiguration securityConfiguration, AbstractNameQuery credentialStoreName) {
+    protected GBeanData configureApplicationPolicyManager(Naming naming, AbstractName moduleName, Map<String, ComponentPermissions> contextIDToPermissionsMap) {
         AbstractName jaccBeanName = naming.createChildName(moduleName, SecurityNames.JACC_MANAGER, SecurityNames.JACC_MANAGER);
         GBeanData jaccBeanData = new GBeanData(jaccBeanName, ApplicationPolicyConfigurationManager.GBEAN_INFO);
         jaccBeanData.setAttribute("contextIdToPermissionsMap", contextIDToPermissionsMap);
-        Map<String, SubjectInfo> roleDesignates = securityConfiguration.getRoleDesignates();
-        jaccBeanData.setAttribute("roleDesignates", roleDesignates);
-        jaccBeanData.setAttribute("defaultSubjectInfo", securityConfiguration.getDefaultSubjectInfo());
-        if ((roleDesignates != null && !roleDesignates.isEmpty()) || securityConfiguration.getDefaultSubjectInfo() != null) {
-            jaccBeanData.setReferencePattern("CredentialStore", credentialStoreName);
-        }
         return jaccBeanData;
     }
 
@@ -333,19 +349,9 @@
         return SECURITY_QNAME_SET;
     }
 
-    public static final GBeanInfo GBEAN_INFO;
-
-    static {
-        GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(GeronimoSecurityBuilderImpl.class, NameFactory.MODULE_BUILDER);
-
-        infoFactory.addAttribute("credentialStoreName", AbstractNameQuery.class, true, true);
-        infoFactory.setConstructor(new String[] {"credentialStoreName"});
-
-        GBEAN_INFO = infoFactory.getBeanInfo();
+    public QName getBaseQName() {
+        return BASE_SECURITY_QNAME;
     }
 
-    public static GBeanInfo getGBeanInfo() {
-        return GBEAN_INFO;
-    }
 
 }

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/SecurityConfiguration.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/SecurityConfiguration.java?rev=741679&r1=741678&r2=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/SecurityConfiguration.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/java/org/apache/geronimo/security/deployment/SecurityConfiguration.java Fri Feb  6 19:07:17 2009
@@ -25,42 +25,18 @@
  */
 public class SecurityConfiguration {
 
-    private final Map principalRoleMap;
-    private final Map<String, SubjectInfo> roleDesignates;
-    private final SubjectInfo defaultSubjectInfo;
+    public static SecurityConfiguration DEFAULT_SECURITY_CONFIGURATION = new SecurityConfiguration(null, false, false);
+
     private final String defaultRole;
     private final boolean doAsCurrentCaller;
     private final boolean isUseContextHandler;
 
-    public SecurityConfiguration(Map principalRoleMap, Map<String, SubjectInfo> roleDesignates, SubjectInfo defaultSubjectInfo, String defaultRole, boolean doAsCurrentCaller, boolean useContextHandler) {
-        this.principalRoleMap = principalRoleMap;
-        this.roleDesignates = roleDesignates;
-        this.defaultSubjectInfo = defaultSubjectInfo;
+    public SecurityConfiguration(String defaultRole, boolean doAsCurrentCaller, boolean useContextHandler) {
         this.defaultRole = defaultRole;
         this.doAsCurrentCaller = doAsCurrentCaller;
         isUseContextHandler = useContextHandler;
     }
 
-    public Map getPrincipalRoleMap() {
-        return principalRoleMap;
-    }
-
-    public Map<String, SubjectInfo> getRoleDesignates() {
-        return roleDesignates;
-    }
-
-    public SubjectInfo getDefaultSubjectInfo() {
-        return defaultSubjectInfo;
-    }
-
-    public String getDefaultSubjectRealm() {
-        return defaultSubjectInfo == null? null: defaultSubjectInfo.getRealm();
-    }
-
-    public String getDefaultSubjectId() {
-        return defaultSubjectInfo == null? null: defaultSubjectInfo.getId();
-    }
-
     public String getDefaultRole() {
         return defaultRole;
     }
@@ -72,4 +48,8 @@
     public boolean isUseContextHandler() {
         return isUseContextHandler;
     }
+
+    public boolean isDefault() {
+        return this == DEFAULT_SECURITY_CONFIGURATION;
+    }
 }

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/xsd/geronimo-security-2.0.xsd
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/xsd/geronimo-security-2.0.xsd?rev=741679&r1=741678&r2=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/xsd/geronimo-security-2.0.xsd (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/xsd/geronimo-security-2.0.xsd Fri Feb  6 19:07:17 2009
@@ -32,9 +32,10 @@
 
     <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
     <xsd:import namespace="http://geronimo.apache.org/xml/ns/j2ee/application-2.0" schemaLocation="geronimo-application-2.0.xsd"/>
-    <xsd:import namespace="http://geronimo.apache.org/xml/ns/deployment-1.2"  schemaLocation="geronimo-module-1.2.xsd"/>
+    <xsd:import namespace="http://geronimo.apache.org/xml/ns/deployment-1.2" schemaLocation="geronimo-module-1.2.xsd"/>
 
     <xsd:element name="security" type="geronimo:securityType" substitutionGroup="app:security"/>
+    <xsd:element name="security-ref" type="geronimo:security-refType" substitutionGroup="app:security"/>
     <xsd:element name="credential-store" type="sys:patternType"/>
     <xsd:element name="default-subject" type="geronimo:subject-infoType"/>
 
@@ -49,7 +50,6 @@
         </xsd:annotation>
         <xsd:complexContent>
             <xsd:extension base="app:abstract-securityType">
-
                 <xsd:sequence>
                     <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0"
                                  maxOccurs="unbounded"/>
@@ -57,6 +57,13 @@
                     <xsd:element name="default-subject" type="geronimo:subject-infoType" minOccurs="0"/>
                     <xsd:element name="role-mappings" type="geronimo:role-mappingsType" minOccurs="0"/>
                 </xsd:sequence>
+                <xsd:attribute name="name" type="xsd:string">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            Name of standalone security configurations. Optional for security elements in ee apps.
+                        </xsd:documentation>
+                    </xsd:annotation>
+                </xsd:attribute>
                 <xsd:attribute name="doas-current-caller" type="xsd:boolean" default="false">
                     <xsd:annotation>
                         <xsd:documentation>
@@ -88,6 +95,22 @@
         </xsd:complexContent>
     </xsd:complexType>
 
+    <xsd:complexType name="security-refType">
+        <xsd:annotation>
+            <xsd:documentation>
+                Reference to security element in a parent module.
+            </xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexContent>
+            <xsd:extension base="app:abstract-securityType">
+                <xsd:choice>
+                    <xsd:element name="name" type="xsd:string"/>
+                    <xsd:element name="ref" type="sys:patternType"/>
+                </xsd:choice>
+             </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
+
     <xsd:complexType name="descriptionType">
         <xsd:simpleContent>
             <xsd:extension base="xsd:string">
@@ -97,11 +120,11 @@
     </xsd:complexType>
 
     <!--<xsd:complexType name="named-username-password-credentialType">-->
-        <!--<xsd:sequence>-->
-            <!--<xsd:element name="name" type="xsd:string"/>-->
-            <!--<xsd:element name="username" type="xsd:string"/>-->
-            <!--<xsd:element name="password" type="xsd:string"/>-->
-        <!--</xsd:sequence>-->
+    <!--<xsd:sequence>-->
+    <!--<xsd:element name="name" type="xsd:string"/>-->
+    <!--<xsd:element name="username" type="xsd:string"/>-->
+    <!--<xsd:element name="password" type="xsd:string"/>-->
+    <!--</xsd:sequence>-->
     <!--</xsd:complexType>-->
 
     <xsd:complexType name="role-mappingsType">
@@ -164,18 +187,18 @@
     </xsd:complexType>
 
     <!--<xsd:complexType name="credential-storeType">-->
-        <!--<xsd:sequence>-->
-            <!--<xsd:element name="pattern" type="sys:patternType">-->
-                <!--<xsd:annotation>-->
-                    <!--<xsd:documentation>-->
-                        <!--The pattern element defines a components of the-->
-                        <!--abstract name of GBean referred. It (optionally) includes-->
-                        <!--the groupId, artifactId, version,-->
-                        <!--module, type, and name of the GBean module.-->
-                    <!--</xsd:documentation>-->
-                <!--</xsd:annotation>-->
-            <!--</xsd:element>-->
-        <!--</xsd:sequence>-->
+    <!--<xsd:sequence>-->
+    <!--<xsd:element name="pattern" type="sys:patternType">-->
+    <!--<xsd:annotation>-->
+    <!--<xsd:documentation>-->
+    <!--The pattern element defines a components of the-->
+    <!--abstract name of GBean referred. It (optionally) includes-->
+    <!--the groupId, artifactId, version,-->
+    <!--module, type, and name of the GBean module.-->
+    <!--</xsd:documentation>-->
+    <!--</xsd:annotation>-->
+    <!--</xsd:element>-->
+    <!--</xsd:sequence>-->
     <!--</xsd:complexType>-->
 
 </xsd:schema>

Copied: geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/xsd/geronimo-soter-1.0.xsd (from r652591, geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/xsd/geronimo-security-2.0.xsd)
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/xsd/geronimo-soter-1.0.xsd?p2=geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/xsd/geronimo-soter-1.0.xsd&p1=geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/xsd/geronimo-security-2.0.xsd&r1=652591&r2=741679&rev=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/xsd/geronimo-security-2.0.xsd (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/xsd/geronimo-soter-1.0.xsd Fri Feb  6 19:07:17 2009
@@ -21,11 +21,11 @@
 
 <xsd:schema
         xmlns:xsd="http://www.w3.org/2001/XMLSchema"
-        xmlns:j2ee="http://java.sun.com/xml/ns/j2ee"
-        xmlns:geronimo="http://geronimo.apache.org/xml/ns/security-2.0"
-        targetNamespace="http://geronimo.apache.org/xml/ns/security-2.0"
+        xmlns:geronimo="http://geronimo.apache.org/xml/ns/soter-1.0"
+        targetNamespace="http://geronimo.apache.org/xml/ns/soter-1.0"
         xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-2.0"
         xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2"
+        xmlns:soter="http://soter.org/xml/ns/rbac-xml"
         elementFormDefault="qualified"
         attributeFormDefault="unqualified"
         version="2.0">
@@ -33,8 +33,10 @@
     <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
     <xsd:import namespace="http://geronimo.apache.org/xml/ns/j2ee/application-2.0" schemaLocation="geronimo-application-2.0.xsd"/>
     <xsd:import namespace="http://geronimo.apache.org/xml/ns/deployment-1.2"  schemaLocation="geronimo-module-1.2.xsd"/>
+    <xsd:import namespace="http://soter.org/xml/ns/rbac-xml"  schemaLocation="rbac-xml.xsd"/>
 
     <xsd:element name="security" type="geronimo:securityType" substitutionGroup="app:security"/>
+    <!--<xsd:element name="security" type="geronimo:securityType"/>-->
     <xsd:element name="credential-store" type="sys:patternType"/>
     <xsd:element name="default-subject" type="geronimo:subject-infoType"/>
 
@@ -56,6 +58,7 @@
                     <xsd:element name="credential-store-ref" type="sys:patternType" minOccurs="0"/>
                     <xsd:element name="default-subject" type="geronimo:subject-infoType" minOccurs="0"/>
                     <xsd:element name="role-mappings" type="geronimo:role-mappingsType" minOccurs="0"/>
+                    <xsd:element name="rbac" type="soter:rbacType" minOccurs="0"/>
                 </xsd:sequence>
                 <xsd:attribute name="doas-current-caller" type="xsd:boolean" default="false">
                     <xsd:annotation>
@@ -96,13 +99,13 @@
         </xsd:simpleContent>
     </xsd:complexType>
 
-    <xsd:complexType name="named-username-password-credentialType">
-        <xsd:sequence>
-            <xsd:element name="name" type="xsd:string"/>
-            <xsd:element name="username" type="xsd:string"/>
-            <xsd:element name="password" type="xsd:string"/>
-        </xsd:sequence>
-    </xsd:complexType>
+    <!--<xsd:complexType name="named-username-password-credentialType">-->
+        <!--<xsd:sequence>-->
+            <!--<xsd:element name="name" type="xsd:string"/>-->
+            <!--<xsd:element name="username" type="xsd:string"/>-->
+            <!--<xsd:element name="password" type="xsd:string"/>-->
+        <!--</xsd:sequence>-->
+    <!--</xsd:complexType>-->
 
     <xsd:complexType name="role-mappingsType">
         <xsd:sequence>
@@ -114,47 +117,10 @@
         <xsd:sequence>
             <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
             <xsd:element name="run-as-subject" type="geronimo:subject-infoType" minOccurs="0"/>
-            <xsd:element name="realm-principal" type="geronimo:realmPrincipalType" minOccurs="0" maxOccurs="unbounded"/>
-            <xsd:element name="login-domain-principal" type="geronimo:loginDomainPrincipalType" minOccurs="0"
-                         maxOccurs="unbounded"/>
-            <xsd:element name="principal" type="geronimo:principalType" minOccurs="0" maxOccurs="unbounded"/>
-            <xsd:element name="distinguished-name" type="geronimo:distinguishedNameType" minOccurs="0"
-                         maxOccurs="unbounded"/>
         </xsd:sequence>
         <xsd:attribute name="role-name" type="xsd:string" use="required"/>
     </xsd:complexType>
 
-    <xsd:complexType name="realmPrincipalType">
-        <xsd:complexContent>
-            <xsd:extension base="geronimo:loginDomainPrincipalType">
-                <xsd:attribute name="realm-name" type="xsd:string" use="required"/>
-            </xsd:extension>
-        </xsd:complexContent>
-    </xsd:complexType>
-
-    <xsd:complexType name="loginDomainPrincipalType">
-        <xsd:complexContent>
-            <xsd:extension base="geronimo:principalType">
-                <xsd:attribute name="domain-name" type="xsd:string" use="required"/>
-            </xsd:extension>
-        </xsd:complexContent>
-    </xsd:complexType>
-
-    <xsd:complexType name="principalType">
-        <xsd:sequence>
-            <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
-        </xsd:sequence>
-        <xsd:attribute name="class" type="xsd:string" use="required"/>
-        <xsd:attribute name="name" type="xsd:string" use="required"/>
-    </xsd:complexType>
-
-    <xsd:complexType name="distinguishedNameType">
-        <xsd:sequence>
-            <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
-        </xsd:sequence>
-        <xsd:attribute name="name" type="xsd:string" use="required"/>
-    </xsd:complexType>
-
     <xsd:complexType name="subject-infoType">
         <xsd:sequence>
             <xsd:element name="description" type="geronimo:descriptionType" minOccurs="0" maxOccurs="unbounded"/>

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/test/java/org/apache/geronimo/security/deployment/LoginConfigBuilderTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/test/java/org/apache/geronimo/security/deployment/LoginConfigBuilderTest.java?rev=741679&r1=741678&r2=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/test/java/org/apache/geronimo/security/deployment/LoginConfigBuilderTest.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/test/java/org/apache/geronimo/security/deployment/LoginConfigBuilderTest.java Fri Feb  6 19:07:17 2009
@@ -110,7 +110,7 @@
     }
 
     private void doTest(String text) throws XmlException, DeploymentException {
-        GeronimoSecurityBuilderImpl secBuilder = new GeronimoSecurityBuilderImpl(null);
+        GeronimoSecurityBuilderImpl secBuilder = new GeronimoSecurityBuilderImpl(null, null, null);
         secBuilder.doStart();
         LoginConfigBuilder builder = new LoginConfigBuilder(new Jsr77Naming(), null);
         XmlObject xmlObject = XmlBeansUtil.parse(text);

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java?rev=741679&r1=741678&r2=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java Fri Feb  6 19:07:17 2009
@@ -22,38 +22,28 @@
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
-import java.security.Permission;
-import java.security.PermissionCollection;
-import java.security.Permissions;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Enumeration;
 import java.util.HashMap;
-import java.util.HashSet;
+import java.util.LinkedHashSet;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
-import java.util.Set;
-import java.util.LinkedHashSet;
 import java.util.jar.JarEntry;
 import java.util.jar.JarFile;
 import java.util.zip.ZipEntry;
 
-import javax.security.jacc.WebResourcePermission;
-import javax.security.jacc.WebRoleRefPermission;
-import javax.security.jacc.WebUserDataPermission;
 import javax.xml.namespace.QName;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.apache.geronimo.common.DeploymentException;
-import org.apache.geronimo.deployment.ModuleIDBuilder;
-import org.apache.geronimo.deployment.NamespaceDrivenBuilderCollection;
 import org.apache.geronimo.deployment.ClassPathList;
+import org.apache.geronimo.deployment.ModuleIDBuilder;
 import org.apache.geronimo.deployment.ModuleList;
+import org.apache.geronimo.deployment.NamespaceDrivenBuilder;
+import org.apache.geronimo.deployment.NamespaceDrivenBuilderCollection;
 import org.apache.geronimo.deployment.util.DeploymentUtil;
-import org.apache.geronimo.deployment.xbeans.ServiceDocument;
 import org.apache.geronimo.deployment.xmlbeans.XmlBeansUtil;
 import org.apache.geronimo.gbean.AbstractName;
 import org.apache.geronimo.gbean.AbstractNameQuery;
@@ -79,18 +69,13 @@
 import org.apache.geronimo.naming.deployment.ResourceEnvironmentSetter;
 import org.apache.geronimo.schema.SchemaConversionUtils;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
-import org.apache.geronimo.web25.deployment.security.HTTPMethods;
-import org.apache.geronimo.web25.deployment.security.URLPattern;
 import org.apache.geronimo.web25.deployment.security.SpecSecurityBuilder;
 import org.apache.geronimo.xbeans.geronimo.j2ee.GerSecurityDocument;
 import org.apache.geronimo.xbeans.javaee.FilterMappingType;
 import org.apache.geronimo.xbeans.javaee.FilterType;
 import org.apache.geronimo.xbeans.javaee.FullyQualifiedClassType;
 import org.apache.geronimo.xbeans.javaee.ListenerType;
-import org.apache.geronimo.xbeans.javaee.RoleNameType;
 import org.apache.geronimo.xbeans.javaee.SecurityConstraintType;
-import org.apache.geronimo.xbeans.javaee.SecurityRoleRefType;
-import org.apache.geronimo.xbeans.javaee.SecurityRoleType;
 import org.apache.geronimo.xbeans.javaee.ServletMappingType;
 import org.apache.geronimo.xbeans.javaee.ServletType;
 import org.apache.geronimo.xbeans.javaee.UrlPatternType;
@@ -102,6 +87,8 @@
 import org.apache.xmlbeans.XmlDocumentProperties;
 import org.apache.xmlbeans.XmlException;
 import org.apache.xmlbeans.XmlObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * @version $Rev$ $Date$
@@ -119,7 +106,6 @@
     protected static final AbstractNameQuery STATEFUL_SESSION_BEAN_PATTERN;
     protected static final AbstractNameQuery ENTITY_BEAN_PATTERN;
     protected final Kernel kernel;
-    protected final NamespaceDrivenBuilderCollection securityBuilders;
     protected final NamespaceDrivenBuilderCollection serviceBuilders;
     protected final ResourceEnvironmentSetter resourceEnvironmentSetter;
     protected final Collection<WebServiceBuilder> webServiceBuilder;
@@ -128,7 +114,6 @@
     protected final Collection<ModuleBuilderExtension> moduleBuilderExtensions;
 
     private static final QName SECURITY_QNAME = GerSecurityDocument.type.getDocumentElementName();
-    private static final QName SERVICE_QNAME = ServiceDocument.type.getDocumentElementName();
 
     /**
      * Manifest classpath entries in a war configuration must be resolved relative to the war configuration, not the
@@ -137,10 +122,9 @@
      */
     private static final URI RELATIVE_MODULE_BASE_URI = URI.create("../");
 
-    protected AbstractWebModuleBuilder(Kernel kernel, Collection securityBuilders, Collection serviceBuilders, NamingBuilder namingBuilders, ResourceEnvironmentSetter resourceEnvironmentSetter, Collection<WebServiceBuilder> webServiceBuilder, Collection<ModuleBuilderExtension> moduleBuilderExtensions) {
+    protected AbstractWebModuleBuilder(Kernel kernel, Collection<NamespaceDrivenBuilder> serviceBuilders, NamingBuilder namingBuilders, ResourceEnvironmentSetter resourceEnvironmentSetter, Collection<WebServiceBuilder> webServiceBuilder, Collection<ModuleBuilderExtension> moduleBuilderExtensions) {
         this.kernel = kernel;
-        this.securityBuilders = new NamespaceDrivenBuilderCollection(securityBuilders, SECURITY_QNAME);
-        this.serviceBuilders = new NamespaceDrivenBuilderCollection(serviceBuilders, SERVICE_QNAME);
+        this.serviceBuilders = new NamespaceDrivenBuilderCollection(serviceBuilders);
         this.namingBuilders = namingBuilders;
         this.resourceEnvironmentSetter = resourceEnvironmentSetter;
         this.webServiceBuilder = webServiceBuilder;
@@ -345,10 +329,13 @@
 
 
         WebAppType webApp = (WebAppType) module.getSpecDD();
-        if ((webApp.getSecurityConstraintArray().length > 0 || webApp.getSecurityRoleArray().length > 0) &&
-                !hasSecurityRealmName) {
-            throw new DeploymentException("web.xml for web app " + module.getName() + " includes security elements but Geronimo deployment plan is not provided or does not contain <security-realm-name> element necessary to configure security accordingly.");
+        if ((webApp.getSecurityConstraintArray().length > 0 || webApp.getSecurityRoleArray().length > 0)) {
+            if (!hasSecurityRealmName) {
+                throw new DeploymentException("web.xml for web app " + module.getName() + " includes security elements but Geronimo deployment plan is not provided or does not contain <security-realm-name> element necessary to configure security accordingly.");
+            }
+            earContext.setHasSecurity(true);
         }
+        //TODO think about how to provide a default security realm name
         XmlObject[] securityElements = XmlBeansUtil.selectSubstitutionGroupElements(SECURITY_QNAME, gerWebApp);
         if (securityElements.length > 0 && !hasSecurityRealmName) {
             throw new DeploymentException("You have supplied a security configuration for web app " + module.getName() + " but no security-realm-name to allow login");
@@ -364,7 +351,6 @@
             WebServiceBuilder serviceBuilder = (WebServiceBuilder) aWebServiceBuilder;
             serviceBuilder.findWebServices(module, false, servletNameToPathMap, module.getEnvironment(), sharedContext);
         }
-        securityBuilders.build(gerWebApp, earContext, module.getEarContext());
         serviceBuilders.build(gerWebApp, earContext, module.getEarContext());
     }
 

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/SchemaConversionTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/SchemaConversionTest.java?rev=741679&r1=741678&r2=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/SchemaConversionTest.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/SchemaConversionTest.java Fri Feb  6 19:07:17 2009
@@ -128,7 +128,7 @@
     private static class WebModuleBuilder extends AbstractWebModuleBuilder {
 
         protected WebModuleBuilder(Kernel kernel) {
-            super(kernel, null, null, null, null, Collections.EMPTY_SET, null);
+            super(kernel, null, null, null, Collections.EMPTY_SET, null);
         }
 
         protected Module createModule(Object plan, JarFile moduleFile, String targetPath, URL specDDUrl, boolean standAlone, String contextRoot, AbstractName earName, Naming naming, ModuleIDBuilder idBuilder) throws DeploymentException {

Modified: geronimo/server/trunk/plugins/j2ee/j2ee-deployer/src/main/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/j2ee-deployer/src/main/plan/plan.xml?rev=741679&r1=741678&r2=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/j2ee-deployer/src/main/plan/plan.xml (original)
+++ geronimo/server/trunk/plugins/j2ee/j2ee-deployer/src/main/plan/plan.xml Fri Feb  6 19:07:17 2009
@@ -31,12 +31,14 @@
         <reference name="WebConfigBuilder">
             <name>WebBuilder</name>
         </reference>
-        <reference name="SecurityBuilders">
-            <name>SecurityBuilder</name>
-        </reference>
-        <reference name="ServiceBuilders">
-            <name>GBeanBuilder</name>
-        </reference>
+        <references name="ServiceBuilders">
+            <pattern>
+                <name>GBeanBuilder</name>
+            </pattern>
+            <pattern>
+                <name>SecurityBuilder</name>
+            </pattern>
+        </references>
         <references name="PersistenceUnitBuilders">
             <pattern>
                 <name>PersistenceUnitBuilder</name>
@@ -103,9 +105,7 @@
 
     <gbean name="CredentialStoreBuilder" class="org.apache.geronimo.security.deployment.CredentialStoreBuilder"/>
 
-    <gbean name="NamingBuilders" class="org.apache.geronimo.j2ee.deployment.NamingBuilderCollectionGBean">
-        <attribute name="baseElementQNameNamespaceURI">http://geronimo.apache.org/xml/ns/naming-${geronimoSchemaVersion}</attribute>
-        <attribute name="baseElementQNameLocalPart">abstract-naming-entry</attribute>
+    <gbean name="NamingBuilders" class="org.apache.geronimo.j2ee.deployment.NamingBuilderCollection">
         <references name="NamingBuilders">
             <pattern>
                 <name>GBeanRefBuilder</name>

Modified: geronimo/server/trunk/plugins/jasper/geronimo-jasper-builder/src/test/java/org/apache/geronimo/jasper/deployment/BasicTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jasper/geronimo-jasper-builder/src/test/java/org/apache/geronimo/jasper/deployment/BasicTest.java?rev=741679&r1=741678&r2=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jasper/geronimo-jasper-builder/src/test/java/org/apache/geronimo/jasper/deployment/BasicTest.java (original)
+++ geronimo/server/trunk/plugins/jasper/geronimo-jasper-builder/src/test/java/org/apache/geronimo/jasper/deployment/BasicTest.java Fri Feb  6 19:07:17 2009
@@ -33,7 +33,7 @@
     
     public void testMyFacesModuleBuilderExtension() throws Exception {
         GBeanInfo gBeanInfo = JspModuleBuilderExtension.getGBeanInfo();
-        JspModuleBuilderExtension instance = new JspModuleBuilderExtension(null, new NamingBuilderCollection(Collections.EMPTY_SET, null));
+        JspModuleBuilderExtension instance = new JspModuleBuilderExtension(null, new NamingBuilderCollection(Collections.EMPTY_SET));
     }
 
 }

Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java?rev=741679&r1=741678&r2=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java (original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java Fri Feb  6 19:07:17 2009
@@ -122,6 +122,8 @@
 public class JettyModuleBuilder extends AbstractWebModuleBuilder implements GBeanLifecycle {
     private static final Logger log = LoggerFactory.getLogger(JettyModuleBuilder.class);
     
+    private static final String ROLE_MAPPER_DATA_NAME = "roleMapperDataName";
+
     private static final Map<String, String> NAMESPACE_UPDATES = new HashMap<String, String>();
     static {
         NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/web", "http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1");
@@ -167,13 +169,12 @@
                               Object pojoWebServiceTemplate,
                               Collection<WebServiceBuilder> webServiceBuilder,
                               Collection clusteringBuilders,
-                              Collection securityBuilders,
                               Collection serviceBuilders,
                               NamingBuilder namingBuilders,
                               Collection<ModuleBuilderExtension> moduleBuilderExtensions,
                               ResourceEnvironmentSetter resourceEnvironmentSetter,
                               Kernel kernel) throws GBeanNotFoundException {
-        super(kernel, securityBuilders, serviceBuilders, namingBuilders, resourceEnvironmentSetter, webServiceBuilder, moduleBuilderExtensions);
+        super(kernel, serviceBuilders, namingBuilders, resourceEnvironmentSetter, webServiceBuilder, moduleBuilderExtensions);
         this.defaultEnvironment = defaultEnvironment;
         this.defaultSessionTimeoutSeconds = (defaultSessionTimeoutSeconds == null) ? 30 * 60 : defaultSessionTimeoutSeconds;
         this.jettyContainerObjectName = jettyContainerName;
@@ -182,7 +183,7 @@
         this.defaultFilters = defaultFilters;
         this.defaultFilterMappings = defaultFilterMappings;
         this.pojoWebServiceTemplate = getGBeanData(kernel, pojoWebServiceTemplate);
-        this.clusteringBuilders = new NamespaceDrivenBuilderCollection(clusteringBuilders, GerClusteringDocument.type.getDocumentElementName());
+        this.clusteringBuilders = new NamespaceDrivenBuilderCollection(clusteringBuilders);
 
         this.defaultWelcomeFiles = defaultWelcomeFiles == null ? new ArrayList<String>() : defaultWelcomeFiles;
         this.defaultLocaleEncodingMappings = defaultLocaleEncodingMappings == null ? new HashMap<String, String>() : defaultLocaleEncodingMappings;
@@ -551,7 +552,7 @@
         }
         String securityRealmName = jettyWebApp.getSecurityRealmName().trim();
         webModuleData.setAttribute("securityRealmName", securityRealmName);
-        webModuleData.setReferencePattern("RunAsSource", earContext.getJaccManagerName());
+        webModuleData.setReferencePattern("RunAsSource", (AbstractNameQuery)earContext.getGeneralData().get(ROLE_MAPPER_DATA_NAME));
 
         /**
          * TODO - go back to commented version when possible.
@@ -1044,7 +1045,6 @@
         infoBuilder.addReference("PojoWebServiceTemplate", Object.class, NameFactory.SERVLET_WEB_SERVICE_TEMPLATE);
         infoBuilder.addReference("WebServiceBuilder", WebServiceBuilder.class, NameFactory.MODULE_BUILDER);
         infoBuilder.addReference("ClusteringBuilders", NamespaceDrivenBuilder.class, NameFactory.MODULE_BUILDER);
-        infoBuilder.addReference("SecurityBuilders", NamespaceDrivenBuilder.class, NameFactory.MODULE_BUILDER);
         infoBuilder.addReference("ServiceBuilders", NamespaceDrivenBuilder.class, NameFactory.MODULE_BUILDER);
         infoBuilder.addReference("NamingBuilders", NamingBuilder.class, NameFactory.MODULE_BUILDER);
         infoBuilder.addReference("ModuleBuilderExtensions", ModuleBuilderExtension.class, NameFactory.MODULE_BUILDER);
@@ -1066,7 +1066,6 @@
                 "PojoWebServiceTemplate",
                 "WebServiceBuilder",
                 "ClusteringBuilders",
-                "SecurityBuilders",
                 "ServiceBuilders",
                 "NamingBuilders",
                 "ModuleBuilderExtensions",

Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-2.0.2.xsd
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-2.0.2.xsd?rev=741679&r1=741678&r2=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-2.0.2.xsd (original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-2.0.2.xsd Fri Feb  6 19:07:17 2009
@@ -219,7 +219,7 @@
                         </xs:documentation>
                     </xs:annotation>
                 </xs:element>
-                <xs:element ref="app:security" minOccurs="0">
+                <xs:element ref="app:security" minOccurs="0" maxOccurs="unbounded">
                     <xs:annotation>
                         <xs:documentation>
                             Reference to security element defined in imported

Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/test/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilderTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/test/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilderTest.java?rev=741679&r1=741678&r2=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/test/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilderTest.java (original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/test/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilderTest.java Fri Feb  6 19:07:17 2009
@@ -28,12 +28,14 @@
 import java.util.Map;
 import java.util.Set;
 import java.util.ArrayList;
+import java.util.Arrays;
 
 import org.apache.geronimo.testsupport.TestSupport;
 
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinatorGBean;
 import org.apache.geronimo.deployment.ModuleIDBuilder;
+import org.apache.geronimo.deployment.NamespaceDrivenBuilder;
 import org.apache.geronimo.deployment.service.GBeanBuilder;
 import org.apache.geronimo.deployment.util.DeploymentUtil;
 import org.apache.geronimo.deployment.util.UnpackedJarFile;
@@ -282,9 +284,8 @@
                 pojoWebServiceTemplate,
                 Collections.singleton(webServiceBuilder),
                 null,
-                Collections.singleton(new GeronimoSecurityBuilderImpl(null)),
-                Collections.singleton(new GBeanBuilder(null, null)),
-                new NamingBuilderCollection(null, null),
+                Arrays.asList(new GBeanBuilder(null, null), new GeronimoSecurityBuilderImpl(null, null, null)),
+                new NamingBuilderCollection(null),
                 moduleBuilderExtensions,
                 new MockResourceEnvironmentSetter(),
                 kernel);

Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/test/java/org/apache/geronimo/jetty6/deployment/PlanParsingTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/test/java/org/apache/geronimo/jetty6/deployment/PlanParsingTest.java?rev=741679&r1=741678&r2=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/test/java/org/apache/geronimo/jetty6/deployment/PlanParsingTest.java (original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/test/java/org/apache/geronimo/jetty6/deployment/PlanParsingTest.java Fri Feb  6 19:07:17 2009
@@ -22,6 +22,7 @@
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashSet;
+import java.util.Arrays;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.jar.JarFile;
 
@@ -31,6 +32,7 @@
 import org.apache.geronimo.deployment.xbeans.ArtifactType;
 import org.apache.geronimo.deployment.xbeans.EnvironmentType;
 import org.apache.geronimo.deployment.xmlbeans.XmlBeansUtil;
+import org.apache.geronimo.deployment.NamespaceDrivenBuilder;
 import org.apache.geronimo.gbean.AbstractName;
 import org.apache.geronimo.gbean.AbstractNameQuery;
 import org.apache.geronimo.j2ee.deployment.NamingBuilderCollection;
@@ -74,7 +76,7 @@
 
     protected void setUp() throws Exception {
         super.setUp();
-        GeronimoSecurityBuilderImpl securityBuilder = new GeronimoSecurityBuilderImpl(null);
+        GeronimoSecurityBuilderImpl securityBuilder = new GeronimoSecurityBuilderImpl(null, null, null);
         securityBuilder.doStart();
         builder = new JettyModuleBuilder(defaultEnvironment,
                 new Integer(1800),
@@ -88,9 +90,8 @@
                 pojoWebServiceTemplate,
                 Collections.singleton(webServiceBuilder),
                 null,
-                Collections.singleton(new GeronimoSecurityBuilderImpl(null)),
-                Collections.singleton(new GBeanBuilder(null, null)),
-                new NamingBuilderCollection(null, null),
+                Arrays.asList(new GBeanBuilder(null, null), new GeronimoSecurityBuilderImpl(null, null, null)),
+                       new NamingBuilderCollection(null),
                 null,
                 new MockResourceEnvironmentSetter(),
                 null);

Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6-clustering-builder-wadi/src/main/java/org/apache/geronimo/jetty6/cluster/wadi/builder/WADIJettyClusteringBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6-clustering-builder-wadi/src/main/java/org/apache/geronimo/jetty6/cluster/wadi/builder/WADIJettyClusteringBuilder.java?rev=741679&r1=741678&r2=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6-clustering-builder-wadi/src/main/java/org/apache/geronimo/jetty6/cluster/wadi/builder/WADIJettyClusteringBuilder.java (original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6-clustering-builder-wadi/src/main/java/org/apache/geronimo/jetty6/cluster/wadi/builder/WADIJettyClusteringBuilder.java Fri Feb  6 19:07:17 2009
@@ -50,6 +50,7 @@
 import org.apache.geronimo.schema.SchemaConversionUtils;
 import org.apache.geronimo.xbeans.geronimo.GerClusteringWadiDocument;
 import org.apache.geronimo.xbeans.geronimo.GerClusteringWadiType;
+import org.apache.geronimo.xbeans.geronimo.j2ee.GerClusteringDocument;
 import org.apache.geronimo.xbeans.geronimo.naming.GerPatternType;
 import org.apache.xmlbeans.QNameSet;
 import org.apache.xmlbeans.XmlObject;
@@ -60,6 +61,7 @@
  */
 @GBean(name="WADIJettyClusteringBuilder", j2eeType=NameFactory.MODULE_BUILDER)
 public class WADIJettyClusteringBuilder implements NamespaceDrivenBuilder {
+    private static final QName BASE_CLUSTERING_QNAME = GerClusteringDocument.type.getDocumentElementName();
     private static final QName CLUSTERING_WADI_QNAME = GerClusteringWadiDocument.type.getDocumentElementName();
     private static final QNameSet CLUSTERING_WADI_QNAME_SET = QNameSet.singleton(CLUSTERING_WADI_QNAME);
 
@@ -143,6 +145,10 @@
         return CLUSTERING_WADI_QNAME_SET;
     }
 
+    public QName getBaseQName() {
+        return BASE_CLUSTERING_QNAME;
+    }
+
     protected GerClusteringWadiType getWadiClusterConfig(XmlObject container) throws DeploymentException {
         XmlObject[] items = container.selectChildren(CLUSTERING_WADI_QNAME_SET);
         if (items.length > 1) {
@@ -189,7 +195,7 @@
         WADISessionManagerConfigInfo configInfo = new WADISessionManagerConfigInfo(serviceSpaceName,
                 sweepInterval,
                 numPartitions,
-                sessionTimeout.intValue(),
+                sessionTimeout,
                 disableReplication,
                 deltaReplication);
         beanData.setAttribute(BasicWADISessionManager.GBEAN_ATTR_WADI_CONFIG_INFO, configInfo);
@@ -232,7 +238,7 @@
     }
 
     protected void setCluster(GerClusteringWadiType clustering, GBeanData beanData) {
-        Set patterns = new HashSet();
+        Set<AbstractNameQuery> patterns = new HashSet<AbstractNameQuery>();
         if (clustering.isSetCluster()) {
             addAbstractNameQueries(patterns, clustering.getCluster().getPatternArray());
         } else {
@@ -242,7 +248,7 @@
     }
 
     protected void setBackingStrategyFactory(GerClusteringWadiType clustering, GBeanData beanData) {
-        Set patterns = new HashSet();
+        Set<AbstractNameQuery> patterns = new HashSet<AbstractNameQuery>();
         if (clustering.isSetBackingStrategyFactory()) {
             addAbstractNameQueries(patterns, clustering.getBackingStrategyFactory().getPatternArray());
         } else {
@@ -281,9 +287,9 @@
         return name;
     }
 
-    protected void addAbstractNameQueries(Set patterns, GerPatternType[] patternTypes) {
-        for (int i = 0; i < patternTypes.length; i++) {
-            AbstractNameQuery query = ENCConfigBuilder.buildAbstractNameQuery(patternTypes[i], null, null, null);
+    protected void addAbstractNameQueries(Set<AbstractNameQuery> patterns, GerPatternType[] patternTypes) {
+        for (GerPatternType patternType : patternTypes) {
+            AbstractNameQuery query = ENCConfigBuilder.buildAbstractNameQuery(patternType, null, null, null);
             patterns.add(query);
         }
     }

Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/AbstractWebModuleTest.java?rev=741679&r1=741678&r2=741679&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/AbstractWebModuleTest.java (original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/AbstractWebModuleTest.java Fri Feb  6 19:07:17 2009
@@ -19,31 +19,39 @@
 import java.io.File;
 import java.net.URL;
 import java.security.PermissionCollection;
+import java.security.Permissions;
+import java.security.Principal;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import javax.security.auth.Subject;
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.WebUserDataPermission;
 import javax.transaction.TransactionManager;
 
 import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
 import org.apache.geronimo.connector.outbound.connectiontracking.GeronimoTransactionListener;
 import org.apache.geronimo.jetty6.connector.HTTPSocketConnector;
 import org.apache.geronimo.security.SecurityServiceImpl;
-import org.apache.geronimo.security.deploy.PrincipalInfo;
-import org.apache.geronimo.security.deploy.SubjectInfo;
-import org.apache.geronimo.security.jaas.ConfigurationEntryFactory;
+import org.apache.geronimo.security.jaas.LoginModuleGBean;
 import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration;
-import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
 import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
-import org.apache.geronimo.security.jaas.LoginModuleGBean;
+import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
+import org.apache.geronimo.security.jaas.ConfigurationEntryFactory;
+import org.apache.geronimo.security.deploy.SubjectInfo;
+import org.apache.geronimo.security.deploy.PrincipalInfo;
 import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
-import org.apache.geronimo.security.jacc.mappingprovider.ApplicationPrincipalRoleConfigurationManager;
-import org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicyConfigurationFactory;
-import org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicy;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.geronimo.security.jacc.PrincipalRoleMapper;
 import org.apache.geronimo.security.jacc.RunAsSource;
+import org.apache.geronimo.security.jacc.mappingprovider.ApplicationPrincipalRoleConfigurationManager;
+import org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicy;
+import org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicyConfigurationFactory;
+import org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal;
+import org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal;
 import org.apache.geronimo.security.realm.GenericSecurityRealm;
 import org.apache.geronimo.system.serverinfo.BasicServerInfo;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
@@ -129,13 +137,9 @@
         return app;
     }
 
-    protected JettyWebAppContext setUpSecureAppContext(String securityRealmName, Map roleDesignates, Map principalRoleMap, ComponentPermissions componentPermissions, SubjectInfo defaultSubjectInfo, PermissionCollection checked, Set securityRoles) throws Exception {
+    protected JettyWebAppContext setUpSecureAppContext(String securityRealmName, Map<String, SubjectInfo> roleDesignates, Map<Principal, Set<String>> principalRoleMap, ComponentPermissions componentPermissions, SubjectInfo defaultSubjectInfo, PermissionCollection checked, Set securityRoles) throws Exception {
         String policyContextId = "TEST";
-        PrincipalRoleMapper roleMapper = new ApplicationPrincipalRoleConfigurationManager(principalRoleMap);
-        Map<String, ComponentPermissions> contextIDToPermissionsMap = new HashMap<String, ComponentPermissions>();
-        contextIDToPermissionsMap.put(policyContextId, componentPermissions);
-        ApplicationPolicyConfigurationManager jacc = new ApplicationPolicyConfigurationManager(contextIDToPermissionsMap, null, roleDesignates, cl, null, roleMapper);
-        jacc.doStart();
+        ApplicationPolicyConfigurationManager jacc = setUpJACC(roleDesignates, principalRoleMap, componentPermissions, policyContextId);
 
         FormAuthenticator formAuthenticator = new FormAuthenticator();
         formAuthenticator.setLoginPage("/auth/logon.html?param=test");
@@ -151,9 +155,18 @@
 
     }
 
-    protected void setUpSecurity() throws Exception {
-        String domainName = "demo-properties-realm";
+    private ApplicationPolicyConfigurationManager setUpJACC(Map<String, SubjectInfo> roleDesignates, Map<Principal, Set<String>> principalRoleMap, ComponentPermissions componentPermissions, String policyContextId) throws Exception {
+        setUpSecurityService();
+        PrincipalRoleMapper roleMapper = new ApplicationPrincipalRoleConfigurationManager(principalRoleMap, null, roleDesignates, null);
+        Map<String, ComponentPermissions> contextIDToPermissionsMap = new HashMap<String, ComponentPermissions>();
+        contextIDToPermissionsMap.put(policyContextId, componentPermissions);
+        ApplicationPolicyConfigurationManager jacc = new ApplicationPolicyConfigurationManager(contextIDToPermissionsMap, roleMapper, cl);
+        jacc.doStart();
+        return jacc;
+    }
 
+    protected void setUpSecurityService() throws Exception {
+        String domainName = "demo-properties-realm";
         ServerInfo serverInfo = new BasicServerInfo(".");
 
         new SecurityServiceImpl(cl, serverInfo, GeronimoPolicyConfigurationFactory.class.getName(), GeronimoPolicy.class.getName(), null, null, null, null);



Mime
View raw message