geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r792824 - in /geronimo/server/trunk: plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/ plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/ plugins/cxf/geronimo-cxf-ejb/src/main/java/org...
Date Fri, 10 Jul 2009 07:36:59 GMT
Author: djencks
Date: Fri Jul 10 07:36:58 2009
New Revision: 792824

URL: http://svn.apache.org/viewvc?rev=792824&view=rev
Log:
GERONIMO-4645 Make ejb ws security more jacc friendly, implement transport guarantees for jetty7 using jacc. See jira for more comments

Modified:
    geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java
    geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java
    geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java
    geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java
    geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java
    geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java
    geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java
    geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/WebAppContextWrapper.java
    geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/EJBWebServiceSecurityHandler.java
    geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/AuthConfigProviderHandlerFactory.java
    geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/JettySecurityHandlerFactory.java
    geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java
    geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ContainerTest.java
    geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/security/ServerAuthenticationGBean.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java
    geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java
    geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/ejb-jar.xml
    geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/openejb-jar.xml

Modified: geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java (original)
+++ geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java Fri Jul 10 07:36:58 2009
@@ -83,7 +83,7 @@
         EjbModule ejbModule = (EjbModule) module;
         
         //overridden web service locations
-        Map correctedPortLocations = new HashMap();     
+        Map<String, String> correctedPortLocations = new HashMap<String, String>();     
         Map<String, WebServiceBinding> wsBindingMap = createWebServiceBindingMap(ejbModule);
         for (Map.Entry<String, WebServiceBinding> entry : wsBindingMap.entrySet()) {
             String location = entry.getValue().getWebServiceAddress();
@@ -130,7 +130,7 @@
 
             AbstractName ejbWebServiceName = earContext.getNaming().createChildName(sessionName, ejbName, NameFactory.WEB_SERVICE_LINK);
 
-            GBeanData ejbWebServiceGBean = new GBeanData(ejbWebServiceName, EjbWebServiceGBean.GBEAN_INFO);
+            GBeanData ejbWebServiceGBean = new GBeanData(ejbWebServiceName, EjbWebServiceGBean.class);
 
             ejbWebServiceGBean.setAttribute("ejbName", ejbName);
             ejbWebServiceGBean.setAttribute("ejbClass", bean.ejbClass);

Modified: geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java (original)
+++ geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java Fri Jul 10 07:36:58 2009
@@ -16,77 +16,77 @@
  */
 package org.apache.geronimo.axis.server;
 
+import java.net.URI;
+import java.util.Collection;
+import java.util.Properties;
+
 import org.apache.axis.description.JavaServiceDesc;
 import org.apache.axis.handlers.soap.SOAPService;
 import org.apache.axis.providers.java.RPCProvider;
-import org.apache.geronimo.gbean.GBeanInfo;
-import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.gbean.GBeanLifecycle;
+import org.apache.geronimo.gbean.annotation.GBean;
+import org.apache.geronimo.gbean.annotation.ParamAttribute;
+import org.apache.geronimo.gbean.annotation.ParamReference;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.openejb.EjbDeployment;
-import org.apache.geronimo.webservices.SoapHandler;
 import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.webservices.SoapHandler;
 import org.apache.openejb.server.axis.EjbContainerProvider;
 
-import java.net.URI;
-import java.util.Properties;
-
+@GBean(j2eeType = NameFactory.WEB_SERVICE_LINK)
 public class EjbWebServiceGBean implements GBeanLifecycle {
 
     private final SoapHandler soapHandler;
     private final URI location;
 
-    protected EjbWebServiceGBean() {
-        soapHandler = null;
-        location = null;
-    }
-
-    public EjbWebServiceGBean(EjbDeployment ejbDeploymentContext,
-                              URI location,
-                              URI wsdlURI,
-                              SoapHandler soapHandler,
-                              ServiceInfo serviceInfo,
-                              ConfigurationFactory configurationFactory,
-                              String realmName,
-                              String transportGuarantee,
-                              String authMethod,
-                              String[] protectedMethods, 
-                              String[] virtualHosts,
-                              Properties properties) throws Exception {
-
-        this.soapHandler = soapHandler;
+    public EjbWebServiceGBean(@ParamReference(name = "EjbDeployment") EjbDeployment ejbDeploymentContext,
+                              @ParamAttribute(name = "location") URI location,
+                              @ParamAttribute(name = "wsdlURI") URI wsdlURI,
+                              @ParamAttribute(name = "serviceInfo") ServiceInfo serviceInfo,
+                              @ParamReference(name = "WebServiceContainer") Collection<SoapHandler> webContainers,
+                              @ParamAttribute(name = "policyContextID") String policyContextID,
+                              @ParamReference(name = "ConfigurationFactory") ConfigurationFactory configurationFactory,
+                              @ParamAttribute(name = "realmName") String realmName,
+                              @ParamAttribute(name = "transportGuarantee") String transportGuarantee,
+                              @ParamAttribute(name = "authMethod") String authMethod,
+                              @ParamAttribute(name = "protectedMethods") String[] protectedMethods,
+                              @ParamAttribute(name = "virtualHosts") String[] virtualHosts,
+                              @ParamAttribute(name = "properties") Properties properties) throws Exception {
         this.location = location;
-                        
         //for use as a template
-        if (ejbDeploymentContext == null) {
+        if (webContainers == null || webContainers.isEmpty()) {
+            soapHandler = null;
             return;
         }
+        this.soapHandler = webContainers.iterator().next();
+
         RPCProvider provider = new EjbContainerProvider(ejbDeploymentContext.getDeploymentInfo(), serviceInfo.getHandlerInfos());
         SOAPService service = new SOAPService(null, provider, null);
 
         JavaServiceDesc serviceDesc = serviceInfo.getServiceDesc();
         service.setServiceDescription(serviceDesc);
-        
+
         ClassLoader classLoader = ejbDeploymentContext.getClassLoader();
-                
-        Class serviceEndpointInterface = 
-            classLoader.loadClass(ejbDeploymentContext.getServiceEndpointInterfaceName());
-        
+
+        Class serviceEndpointInterface =
+                classLoader.loadClass(ejbDeploymentContext.getServiceEndpointInterfaceName());
+
         service.setOption("className", serviceEndpointInterface.getName());
         serviceDesc.setImplClass(serviceEndpointInterface);
-        
+
         AxisWebServiceContainer axisContainer = new AxisWebServiceContainer(location, wsdlURI, service, serviceInfo.getWsdlMap(), classLoader);
         if (soapHandler != null) {
-            soapHandler.addWebService(location.getPath(), 
-                                      virtualHosts, 
-                                      axisContainer, 
-                                      configurationFactory, 
-                                      realmName, 
-                                      transportGuarantee, 
-                                      authMethod, 
-                                      protectedMethods, 
-                                      properties,
-                                      classLoader);
+            soapHandler.addWebService(location.getPath(),
+                    virtualHosts,
+                    axisContainer,
+                    policyContextID,
+                    configurationFactory,
+                    realmName,
+                    transportGuarantee,
+                    authMethod,
+                    protectedMethods,
+                    properties,
+                    classLoader);
         }
     }
 
@@ -104,47 +104,4 @@
 
     }
 
-    public static final GBeanInfo GBEAN_INFO;
-
-    static {
-        GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(EjbWebServiceGBean.class, EjbWebServiceGBean.class, NameFactory.WEB_SERVICE_LINK);
-
-//        infoFactory.addOperation("invoke", new Class[]{WebServiceContainer.Request.class, WebServiceContainer.Response.class});
-
-        infoFactory.addReference("EjbDeployment", EjbDeployment.class);
-        infoFactory.addAttribute("location", URI.class, true);
-        infoFactory.addAttribute("wsdlURI", URI.class, true);
-        infoFactory.addReference("ConfigurationFactory", ConfigurationFactory.class);
-        infoFactory.addAttribute("realmName", String.class, true);
-        infoFactory.addAttribute("transportGuarantee", String.class, true);
-        infoFactory.addAttribute("authMethod", String.class, true);
-        infoFactory.addAttribute("serviceInfo", ServiceInfo.class, true);
-        infoFactory.addAttribute("protectedMethods", String[].class, true);
-        infoFactory.addAttribute("virtualHosts", String[].class, true);
-        infoFactory.addReference("WebServiceContainer", SoapHandler.class);
-        infoFactory.addAttribute("properties", Properties.class, true);
-
-        infoFactory.setConstructor(new String[]{
-                "EjbDeployment",
-                "location",
-                "wsdlURI",
-                "WebServiceContainer",
-                "serviceInfo",
-                "ConfigurationFactory",
-                "realmName",
-                "transportGuarantee",
-                "authMethod",
-                "protectedMethods",
-                "virtualHosts",
-                "properties"
-        });
-
-        GBEAN_INFO = infoFactory.getBeanInfo();
-    }
-
-    public static GBeanInfo getGBeanInfo() {
-        return GBEAN_INFO;
-    }
-
-
 }

Modified: geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java (original)
+++ geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java Fri Jul 10 07:36:58 2009
@@ -28,6 +28,11 @@
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.gbean.GBeanLifecycle;
+import org.apache.geronimo.gbean.annotation.GBean;
+import org.apache.geronimo.gbean.annotation.ParamReference;
+import org.apache.geronimo.gbean.annotation.ParamAttribute;
+import org.apache.geronimo.gbean.annotation.ParamSpecial;
+import org.apache.geronimo.gbean.annotation.SpecialAttributeType;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.jaxws.JAXWSUtils;
 import org.apache.geronimo.jaxws.JNDIResolver;
@@ -39,24 +44,26 @@
 import org.apache.geronimo.security.jaas.ConfigurationFactory;
 import org.apache.openejb.DeploymentInfo;
 
+@GBean(j2eeType = NameFactory.WEB_SERVICE_LINK)
 public class EJBWebServiceGBean implements GBeanLifecycle {
 
     private SoapHandler soapHandler;
     private String location;
     private EJBWebServiceContainer container;
 
-    public EJBWebServiceGBean(EjbDeployment ejbDeploymentContext,
-                              PortInfo portInfo,                              
-                              Kernel kernel,
-                              URL configurationBaseUrl,                              
-                              Collection<SoapHandler> webContainers,
-                              ConfigurationFactory configurationFactory,
-                              String realmName,
-                              String transportGuarantee,
-                              String authMethod,
-                              String[] protectedMethods,
-                              String[] virtualHosts,
-                              Properties properties) throws Exception {        
+    public EJBWebServiceGBean(@ParamReference(name="EjbDeployment")EjbDeployment ejbDeploymentContext,
+                              @ParamAttribute(name="portInfo")PortInfo portInfo,
+                              @ParamSpecial(type = SpecialAttributeType.kernel)Kernel kernel,
+                              @ParamAttribute(name="configurationBaseUrl")URL configurationBaseUrl,
+                              @ParamReference(name="WebServiceContainer")Collection<SoapHandler> webContainers,
+                              @ParamAttribute(name="policyContextID")String policyContextID,
+                              @ParamReference(name="ConfigurationFactory")ConfigurationFactory configurationFactory,
+                              @ParamAttribute(name="realmName")String realmName,
+                              @ParamAttribute(name="transportGuarantee")String transportGuarantee,
+                              @ParamAttribute(name="authMethod")String authMethod,
+                              @ParamAttribute(name="protectedMethods")String[] protectedMethods,
+                              @ParamAttribute(name="virtualHosts")String[] virtualHosts,
+                              @ParamAttribute(name="properties")Properties properties) throws Exception {
         if (ejbDeploymentContext == null || webContainers == null || webContainers.isEmpty() || portInfo == null) {
             return;
         }
@@ -88,6 +95,7 @@
         soapHandler.addWebService(this.location, 
                                   virtualHosts, 
                                   this.container,
+                                  policyContextID,
                                   configurationFactory,
                                   realmName, 
                                   transportGuarantee, 
@@ -112,45 +120,5 @@
     public void doFail() {
     }
 
-    public static final GBeanInfo GBEAN_INFO;
-
-    static {
-        GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(EJBWebServiceGBean.class, EJBWebServiceGBean.class, NameFactory.WEB_SERVICE_LINK);
-        
-        infoFactory.addReference("EjbDeployment", EjbDeployment.class);
-        infoFactory.addAttribute("portInfo", PortInfo.class, true);       
-        infoFactory.addAttribute("kernel", Kernel.class, false);
-        infoFactory.addAttribute("configurationBaseUrl", URL.class, true);
-        infoFactory.addReference("ConfigurationFactory", ConfigurationFactory.class);
-        infoFactory.addAttribute("realmName", String.class, true);
-        infoFactory.addAttribute("transportGuarantee", String.class, true);
-        infoFactory.addAttribute("authMethod", String.class, true);
-        infoFactory.addAttribute("protectedMethods", String[].class, true);
-        infoFactory.addAttribute("virtualHosts", String[].class, true);
-        infoFactory.addReference("WebServiceContainer", SoapHandler.class);
-        infoFactory.addAttribute("properties", Properties.class, true);
-        
-        infoFactory.setConstructor(new String[]{
-                "EjbDeployment",
-                "portInfo",
-                "kernel",
-                "configurationBaseUrl",
-                "WebServiceContainer",
-                "ConfigurationFactory",
-                "realmName",
-                "transportGuarantee",
-                "authMethod",
-                "protectedMethods",
-                "virtualHosts",
-                "properties"
-        });
-
-        
-        GBEAN_INFO = infoFactory.getBeanInfo();
-    }
-
-    public static GBeanInfo getGBeanInfo() {
-        return GBEAN_INFO;
-    }
 
 }

Modified: geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java (original)
+++ geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java Fri Jul 10 07:36:58 2009
@@ -17,6 +17,8 @@
 package org.apache.geronimo.jaxws.builder;
 
 import java.net.URL;
+import java.security.PermissionCollection;
+import java.security.Permissions;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
@@ -25,6 +27,9 @@
 import java.util.Properties;
 import java.util.jar.JarFile;
 
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.WebUserDataPermission;
+
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.deployment.ModuleIDBuilder;
 import org.apache.geronimo.deployment.service.EnvironmentBuilder;
@@ -47,7 +52,9 @@
 import org.apache.geronimo.kernel.repository.Environment;
 import org.apache.geronimo.openejb.deployment.EjbModule;
 import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.openejb.assembler.classic.EnterpriseBeanInfo;
+import org.apache.openejb.jee.oejb2.AuthMethodType;
 import org.apache.openejb.jee.oejb2.EnterpriseBean;
 import org.apache.openejb.jee.oejb2.GeronimoEjbJarType;
 import org.apache.openejb.jee.oejb2.OpenejbJarType;
@@ -101,7 +108,7 @@
         Environment environment = module.getEnvironment();
                 
         //overridden web service locations       
-        Map correctedPortLocations = new HashMap();     
+        Map<String, String> correctedPortLocations = new HashMap<String, String>();
         Map<String, WebServiceBinding> wsBindingMap = createWebServiceBindingMap(ejbModule);
         for (Map.Entry<String, WebServiceBinding> entry : wsBindingMap.entrySet()) {
             String location = entry.getValue().getWebServiceAddress();
@@ -115,6 +122,55 @@
         }
         
         jaxwsBuilder.findWebServices(module, true, correctedPortLocations, environment, ejbModule.getSharedContext());
+
+        for (EnterpriseBeanInfo bean : ejbModule.getEjbJarInfo().enterpriseBeans) {
+            if (bean.type != EnterpriseBeanInfo.STATELESS) {
+                continue;
+            }
+
+            String ejbName = bean.ejbName;
+
+            AbstractName sessionName = earContext.getNaming().createChildName(module.getModuleName(), ejbName, NameFactory.STATELESS_SESSION_BEAN);
+
+            assert sessionName != null: "StatelesSessionBean object name is null";
+
+            WebServiceBinding wsBinding = wsBindingMap.get(ejbName);
+            if (wsBinding != null) {
+
+                WebServiceSecurityType wsSecurity = wsBinding.getWebServiceSecurity();
+                if (wsSecurity != null) {
+                    earContext.setHasSecurity(true);
+                    String policyContextID = sessionName.toString();
+                    Properties properties = wsSecurity.getProperties();
+                    PermissionCollection uncheckedPermissions = new Permissions();
+                    String transportGuarantee = wsSecurity.getTransportGuarantee().toString().trim();
+                    boolean getProtected = properties.get("getProtected") == null? true: Boolean.valueOf((String) properties.get("getProtected"));
+                    if (getProtected) {
+                        WebUserDataPermission webUserDataPermission = new WebUserDataPermission("/*", null, transportGuarantee);
+                        uncheckedPermissions.add(webUserDataPermission);
+                    } else {
+                        uncheckedPermissions.add(new WebUserDataPermission("/*", new String[] {"GET"}, "NONE"));
+                        uncheckedPermissions.add(new WebUserDataPermission("/*", "!GET:" + transportGuarantee));
+                    }
+                    Map<String, PermissionCollection> rolePermissions = new HashMap<String, PermissionCollection>();
+                    //TODO allow jaspi authentication
+                    boolean secured = wsSecurity.getAuthMethod() != null && AuthMethodType.NONE != (wsSecurity.getAuthMethod());// || wsSecurity.isSetAuthentication();
+                    if (secured) {
+                        boolean getSecured = properties.get("getSecured") == null? true: Boolean.valueOf((String) properties.get("getSecured"));
+                        if (!getSecured) {
+                            uncheckedPermissions.add(new WebResourcePermission("/*", "GET"));
+                        }
+                    } else {
+                        uncheckedPermissions.add(new WebResourcePermission("/*", (String[]) null));
+                    }
+                    ComponentPermissions permissions = new ComponentPermissions(new Permissions(), uncheckedPermissions, rolePermissions);
+                    earContext.addSecurityContext(policyContextID, permissions);
+
+                }
+            }
+
+        }
+
     }
 
     public void addGBeans(EARContext earContext, Module module, ClassLoader cl, Collection repository) throws DeploymentException {
@@ -157,11 +213,14 @@
                 
                 WebServiceSecurityType wsSecurity = wsBinding.getWebServiceSecurity();
                 if (wsSecurity != null) {
+                    Properties properties = wsSecurity.getProperties();
+
                     ejbWebServiceGBean.setReferencePattern("ConfigurationFactory",
                             new AbstractNameQuery(null, Collections.singletonMap("name", wsSecurity.getSecurityRealmName().trim()),
                             ConfigurationFactory.class.getName()));
                     ejbWebServiceGBean.setAttribute("transportGuarantee", wsSecurity.getTransportGuarantee().toString());
-                    ejbWebServiceGBean.setAttribute("authMethod", wsSecurity.getAuthMethod().value());
+                    String authMethod = wsSecurity.getAuthMethod().value();
+                    ejbWebServiceGBean.setAttribute("authMethod", authMethod);
                     if (wsSecurity.getRealmName() != null) {
                         ejbWebServiceGBean.setAttribute("realmName", wsSecurity.getRealmName().trim());                    
                     }
@@ -171,7 +230,8 @@
                         protectedMethods = methods.toArray(protectedMethods);                    
                         ejbWebServiceGBean.setAttribute("protectedMethods", protectedMethods);
                     }
-                    Properties properties = wsSecurity.getProperties();
+                    String policyContextID = sessionName.toString();
+                    ejbWebServiceGBean.setAttribute("policyContextID", policyContextID);
                     ejbWebServiceGBean.setAttribute("properties", properties);
                 }
             }

Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java (original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java Fri Jul 10 07:36:58 2009
@@ -212,7 +212,8 @@
 
     public void addWebService(String contextPath, 
                               String[] virtualHosts, 
-                              WebServiceContainer webServiceContainer, 
+                              WebServiceContainer webServiceContainer,
+                              String policyContextID,
                               ConfigurationFactory configurationFactory, 
                               String realmName, 
                               String transportGuarantee, 

Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java (original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java Fri Jul 10 07:36:58 2009
@@ -46,7 +46,7 @@
 
         String contextPath = "/foo/webservice.ws";
         MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
-        container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, cl);
+        container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, null, cl);
 
         HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678" + contextPath).openConnection();
         try {
@@ -71,11 +71,11 @@
 
         String contextPath = "/foo/webservice.ws";
         MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
-        container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, cl);
+        container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, null, cl);
 
         String contextPath2 = "/bar/webservice.ws";
         MockWebServiceContainer webServiceInvoker2 = new MockWebServiceContainer();
-        container.addWebService(contextPath2, null, webServiceInvoker2, null, null, null, null, null, null, cl);
+        container.addWebService(contextPath2, null, webServiceInvoker2, null, null, null, null, null, null, null, cl);
 
         HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678" + contextPath).openConnection();
         try {

Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyContainerImpl.java Fri Jul 10 07:36:58 2009
@@ -22,6 +22,8 @@
 import java.util.Map;
 import java.util.Properties;
 import java.security.Permission;
+import java.security.Permissions;
+import java.security.PermissionCollection;
 
 import javax.management.j2ee.statistics.Stats;
 import javax.security.jacc.WebUserDataPermission;
@@ -223,6 +225,7 @@
     public void addWebService(String contextPath,
                               String[] virtualHosts,
                               WebServiceContainer webServiceContainer,
+                              String contextID,
                               ConfigurationFactory configurationFactory,
                               String realmName,
                               String transportGuarantee,
@@ -234,9 +237,7 @@
         if (configurationFactory != null) {
             BuiltInAuthMethod builtInAuthMethod = BuiltInAuthMethod.getValueOf(authMethod);
             JettySecurityHandlerFactory  factory = new JettySecurityHandlerFactory(builtInAuthMethod, null, null, realmName, configurationFactory);
-            Permission permission = new WebUserDataPermission("/*", protectedMethods, transportGuarantee);
-            boolean authMandatory = builtInAuthMethod != BuiltInAuthMethod.NONE;
-            securityHandler = factory.buildEJBSecurityHandler(permission, authMandatory);
+            securityHandler = factory.buildSecurityHandler(contextID, null, null, false);
         }
         ServletHandler servletHandler = new EJBServletHandler(webServiceContainer);
         EJBWebServiceContext webServiceContext = new EJBWebServiceContext(contextPath, securityHandler, servletHandler, classLoader);

Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/WebAppContextWrapper.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/WebAppContextWrapper.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/WebAppContextWrapper.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/WebAppContextWrapper.java Fri Jul 10 07:36:58 2009
@@ -175,7 +175,7 @@
 //            JAASJettyRealm realm = new JAASJettyRealm(realmName, internalJAASJettyRealm);
         if (securityHandlerFactory != null) {
             Subject defaultSubject =  this.runAsSource.getDefaultSubject();
-            securityHandler = securityHandlerFactory.buildSecurityHandler(policyContextID, defaultSubject, runAsSource);
+            securityHandler = securityHandlerFactory.buildSecurityHandler(policyContextID, defaultSubject, runAsSource, true);
         } else {
             //TODO may need to turn off security with Context._options.
 //            securityHandler = new NoSecurityHandler();

Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/EJBWebServiceSecurityHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/EJBWebServiceSecurityHandler.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/EJBWebServiceSecurityHandler.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/EJBWebServiceSecurityHandler.java Fri Jul 10 07:36:58 2009
@@ -21,15 +21,15 @@
 package org.apache.geronimo.jetty7.handler;
 
 import java.io.IOException;
+import java.security.Permissions;
 import java.security.AccessControlContext;
-import java.security.Permission;
 
 import javax.security.jacc.WebUserDataPermission;
 
-import org.eclipse.jetty.security.SecurityHandler;
 import org.eclipse.jetty.security.Authenticator;
-import org.eclipse.jetty.security.LoginService;
 import org.eclipse.jetty.security.IdentityService;
+import org.eclipse.jetty.security.LoginService;
+import org.eclipse.jetty.security.SecurityHandler;
 import org.eclipse.jetty.server.Request;
 import org.eclipse.jetty.server.Response;
 import org.eclipse.jetty.server.UserIdentity;
@@ -37,35 +37,10 @@
 /**
  * @version $Rev$ $Date$
  */
-public class EJBWebServiceSecurityHandler extends SecurityHandler {
-
-    private final Permission permission;
-    private final boolean authMandatory;
-
-    public EJBWebServiceSecurityHandler(
-            Authenticator authenticator,
-            final LoginService loginService,
-            IdentityService identityService,
-            Permission permission, boolean authMandatory) {
-        setAuthenticator(authenticator);
-
-        loginService.setIdentityService(identityService);
-        setLoginService(loginService);
-        setIdentityService(identityService);
-        this.permission = permission;
-        this.authMandatory = authMandatory;
-    }
-
-    protected Object prepareConstraintInfo(String pathInContext, Request request) {
-        return null;
-    }
-
-    protected boolean checkUserDataPermissions(String pathInContext, Request request, Response response, Object constraintInfo) throws IOException {
-        return permission.implies(new WebUserDataPermission(request));
-    }
+public class EJBWebServiceSecurityHandler extends JaccSecurityHandler {
 
-    protected boolean isAuthMandatory(Request baseRequest, Response base_response, Object constraintInfo) {
-        return authMandatory;
+    public EJBWebServiceSecurityHandler(String policyContextID, Authenticator authenticator, LoginService loginService, IdentityService identityService, AccessControlContext defaultAcc) {
+        super(policyContextID, authenticator, loginService, identityService, defaultAcc);
     }
 
     protected boolean checkWebResourcePermissions(String pathInContext, Request request, Response response, Object constraintInfo, UserIdentity userIdentity) throws IOException {

Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/AuthConfigProviderHandlerFactory.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/AuthConfigProviderHandlerFactory.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/AuthConfigProviderHandlerFactory.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/AuthConfigProviderHandlerFactory.java Fri Jul 10 07:36:58 2009
@@ -88,7 +88,7 @@
 
     }
 
-    public SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource) {
+    public SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource, boolean checkRolePermissions) {
         if (defaultSubject == null) {
             defaultSubject = ContextManager.EMPTY;
         }

Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/JettySecurityHandlerFactory.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/JettySecurityHandlerFactory.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/JettySecurityHandlerFactory.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/JettySecurityHandlerFactory.java Fri Jul 10 07:36:58 2009
@@ -21,7 +21,7 @@
 package org.apache.geronimo.jetty7.security;
 
 import java.security.AccessControlContext;
-import java.security.Permission;
+import java.security.Permissions;
 
 import javax.security.auth.Subject;
 
@@ -75,7 +75,7 @@
         this.configurationFactory = configurationFactory;
     }
 
-    public SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource) {
+    public SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource, boolean checkRolePermissions) {
         final LoginService loginService = new JAASLoginService(configurationFactory, realmName);
         Authenticator authenticator = buildAuthenticator();
         if (defaultSubject == null) {
@@ -83,15 +83,11 @@
         }
         AccessControlContext defaultAcc = ContextManager.registerSubjectShort(defaultSubject, null, null);
         IdentityService identityService = new JettyIdentityService(defaultAcc, runAsSource);
-        return new JaccSecurityHandler(policyContextID, authenticator, loginService, identityService, defaultAcc);
-    }
-
-    public SecurityHandler buildEJBSecurityHandler(Permission permission, boolean authMandatory) {
-        final LoginService loginService = new JAASLoginService(configurationFactory, realmName);
-        Authenticator authenticator = buildAuthenticator();
-        AccessControlContext defaultAcc = ContextManager.registerSubjectShort(ContextManager.EMPTY, null, null);
-        IdentityService identityService = new JettyIdentityService(defaultAcc, null);
-        return new EJBWebServiceSecurityHandler(authenticator, loginService, identityService, permission, authMandatory);
+        if (checkRolePermissions) {
+            return new JaccSecurityHandler(policyContextID, authenticator, loginService, identityService, defaultAcc);
+        } else {
+            return new EJBWebServiceSecurityHandler(policyContextID, authenticator, loginService, identityService, defaultAcc);
+        }
     }
 
     private Authenticator buildAuthenticator() {

Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/security/SecurityHandlerFactory.java Fri Jul 10 07:36:58 2009
@@ -30,6 +30,6 @@
  */
 public interface SecurityHandlerFactory {
 
-    SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource);
+    SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource, boolean checkRolePermissions);
 
 }

Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ContainerTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ContainerTest.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ContainerTest.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/ContainerTest.java Fri Jul 10 07:36:58 2009
@@ -46,7 +46,7 @@
 
         String contextPath = "/foo/webservice.ws";
         MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
-        container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, cl);
+        container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, null, cl);
 
         HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678" + contextPath).openConnection();
         try {
@@ -71,11 +71,11 @@
 
         String contextPath = "/foo/webservice.ws";
         MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
-        container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, cl);
+        container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, null, cl);
 
         String contextPath2 = "/bar/webservice.ws";
         MockWebServiceContainer webServiceInvoker2 = new MockWebServiceContainer();
-        container.addWebService(contextPath2, null, webServiceInvoker2, null, null, null, null, null, null, cl);
+        container.addWebService(contextPath2, null, webServiceInvoker2, null, null, null, null, null, null, null, cl);
 
         HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678" + contextPath).openConnection();
         try {

Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/security/ServerAuthenticationGBean.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/security/ServerAuthenticationGBean.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/security/ServerAuthenticationGBean.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/test/java/org/apache/geronimo/jetty7/security/ServerAuthenticationGBean.java Fri Jul 10 07:36:58 2009
@@ -56,7 +56,7 @@
         this.loginService = loginService;
     }
 
-    public SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource) {
+    public SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource, boolean checkRolePermissions) {
         if (defaultSubject == null) {
             defaultSubject = ContextManager.EMPTY;
         }

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java Fri Jul 10 07:36:58 2009
@@ -376,7 +376,8 @@
 
     public void addWebService(String contextPath, 
                               String[] virtualHosts, 
-                              WebServiceContainer webServiceContainer, 
+                              WebServiceContainer webServiceContainer,
+                              String policyContextId,
                               ConfigurationFactory configurationFactory, 
                               String realmName, 
                               String transportGuarantee,

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java Fri Jul 10 07:36:58 2009
@@ -35,7 +35,7 @@
 
         String contextPath = "/foo/webservice.ws";
         MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
-        container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, cl);
+        container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, null, null, cl);
         HttpURLConnection connection = (HttpURLConnection) new URL(connector.getConnectUrl() + contextPath).openConnection();
         try {
             BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
@@ -62,7 +62,7 @@
 
         String contextPath = "/foo/webservice.ws";
         MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
-        container.addWebService(contextPath, null, webServiceInvoker, realm, securityRealmName, "NONE", "BASIC", null, null, cl);
+        container.addWebService(contextPath, null, webServiceInvoker, "ContextID", realm, securityRealmName, "NONE", "BASIC", null, null, cl);
 
         //Veryify its secured
         HttpURLConnection connection = (HttpURLConnection) new URL(connector.getConnectUrl() + contextPath).openConnection();

Modified: geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java (original)
+++ geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java Fri Jul 10 07:36:58 2009
@@ -25,15 +25,16 @@
  */
 public interface SoapHandler {
 
-    void addWebService(String contextPath, 
-                       String[] virtualHosts, 
-                       WebServiceContainer webServiceContainer, 
-                       ConfigurationFactory configurationFactory, 
-                       String realmName, 
-                       String transportGuarantee, 
-                       String authMethod, 
-                       String[] protectedMethods, 
-                       Properties properties, 
+    void addWebService(String contextPath,
+                       String[] virtualHosts,
+                       WebServiceContainer webServiceContainer,
+                       String contextID,
+                       ConfigurationFactory configurationFactory,
+                       String realmName,
+                       String transportGuarantee,
+                       String authMethod,
+                       String[] protectedMethods,
+                       Properties properties,
                        ClassLoader classLoader) throws Exception;
 
     void removeWebService(String contextPath);

Modified: geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/ejb-jar.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/ejb-jar.xml?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/ejb-jar.xml (original)
+++ geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/ejb-jar.xml Fri Jul 10 07:36:58 2009
@@ -54,4 +54,32 @@
     </session>
   </enterprise-beans>
 
+    <assembly-descriptor>
+        <security-role>
+            <role-name>admin</role-name>
+        </security-role>
+        <method-permission>
+            <role-name>admin</role-name>
+            <method>
+                <ejb-name>BeanBasic</ejb-name>
+                <method-name>greetMe</method-name>
+            </method>
+            <method>
+                <ejb-name>BeanBasicAllowGet</ejb-name>
+                <method-name>greetMe</method-name>
+            </method>
+        </method-permission>
+        <method-permission>
+            <unchecked/>
+            <method>
+                <ejb-name>BeanHttps</ejb-name>
+                <method-name>greetMe</method-name>
+            </method>
+            <method>
+                <ejb-name>BeanHttpsAllowGet</ejb-name>
+                <method-name>greetMe</method-name>
+            </method>
+        </method-permission>
+    </assembly-descriptor>
+
 </ejb-jar>

Modified: geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/openejb-jar.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/openejb-jar.xml?rev=792824&r1=792823&r2=792824&view=diff
==============================================================================
--- geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/openejb-jar.xml (original)
+++ geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/openejb-jar.xml Fri Jul 10 07:36:58 2009
@@ -20,7 +20,8 @@
 <openejb-jar xmlns="http://openejb.apache.org/xml/ns/openejb-jar-2.2"
   xmlns:pkgen="http://openejb.apache.org/xml/ns/pkgen-2.1"
   xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.2"
-  xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2">
+  xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2"
+  xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0">
 
     <environment>
         <moduleId>
@@ -50,6 +51,8 @@
                 <transport-guarantee>NONE</transport-guarantee>
                 <auth-method>BASIC</auth-method>
                 <http-method>POST</http-method>
+                <properties>getProtected=false
+                getSecured=false</properties>
             </web-service-security>
         </session>
 
@@ -60,6 +63,7 @@
                 <security-realm-name>geronimo-admin</security-realm-name>
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
                 <auth-method>NONE</auth-method>
+                <!--<properties>getSecured=false</properties>-->
             </web-service-security>
         </session>
 
@@ -71,8 +75,17 @@
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
                 <auth-method>NONE</auth-method>
                 <http-method>POST</http-method>
+                <properties>getProtected=false</properties>
             </web-service-security>
         </session>
     </enterprise-beans>
 
+    <sec:security>
+        <sec:role-mappings>
+            <sec:role role-name="admin">
+                <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
+                               name="admin"/>
+            </sec:role>
+        </sec:role-mappings>
+    </sec:security>
 </openejb-jar>



Mime
View raw message