geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r794752 [1/3] - in /geronimo/server/trunk/plugins/tomcat: geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/ geronimo-tomcat6-builder/src/test/resources/deployables/war4/WEB-INF/ geronimo-tomcat6/src/main/java/org...
Date Thu, 16 Jul 2009 17:03:51 GMT
Author: djencks
Date: Thu Jul 16 17:03:50 2009
New Revision: 794752

URL: http://svn.apache.org/viewvc?rev=794752&view=rev
Log:
GERONIMO-4752 rewrite toomcat security to support jaspic and better support jacc

Added:
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EjbWsContextConfig.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/WebContextConfig.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/ServerAuthException.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/TomcatAuthStatus.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/DigestAuthenticator.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/FormAuthenticator.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/NoneAuthenticator.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicAuthenticator.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicMessageInfo.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCAuthorizer.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCEJBWebServiceAuthorizer.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCRealm.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCSecurityValve.java   (with props)
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCUserIdentity.java   (with props)
Removed:
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatEJBWSGeronimoRealm.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java
Modified:
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/resources/deployables/war4/WEB-INF/geronimo-web.xml
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EngineGBean.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEJBWebServiceContext.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEngine.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/DispatchListener.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JAASSecurityTest.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/TomcatModuleBuilderTest.java Thu Jul 16 17:03:50 2009
@@ -32,7 +32,6 @@
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinatorGBean;
 import org.apache.geronimo.deployment.ModuleIDBuilder;
-import org.apache.geronimo.deployment.NamespaceDrivenBuilder;
 import org.apache.geronimo.deployment.service.GBeanBuilder;
 import org.apache.geronimo.deployment.util.UnpackedJarFile;
 import org.apache.geronimo.gbean.AbstractName;
@@ -79,7 +78,6 @@
 import org.apache.geronimo.testsupport.TestSupport;
 import org.apache.geronimo.tomcat.EngineGBean;
 import org.apache.geronimo.tomcat.HostGBean;
-import org.apache.geronimo.tomcat.RealmGBean;
 import org.apache.geronimo.tomcat.TomcatContainer;
 import org.apache.geronimo.tomcat.connector.Http11ConnectorGBean;
 import org.apache.geronimo.transaction.manager.GeronimoTransactionManagerGBean;

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/resources/deployables/war4/WEB-INF/geronimo-web.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/resources/deployables/war4/WEB-INF/geronimo-web.xml?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/resources/deployables/war4/WEB-INF/geronimo-web.xml (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6-builder/src/test/resources/deployables/war4/WEB-INF/geronimo-web.xml Thu Jul 16 17:03:50 2009
@@ -45,14 +45,14 @@
         <!--</default-subject>-->
     <!--</security>-->
 
-    <gbean name="TomcatRealm" class="org.apache.geronimo.tomcat.RealmGBean">
-        <attribute name="className">org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm</attribute>
-        <attribute name="initParams">
-            userClassNames=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal
-            roleClassNames=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
-        </attribute>
-        <reference name="ConfigurationFactory"><name>securityRealm</name></reference>
-    </gbean>
+    <!--<gbean name="TomcatRealm" class="org.apache.geronimo.tomcat.RealmGBean">-->
+        <!--<attribute name="className">org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm</attribute>-->
+        <!--<attribute name="initParams">-->
+            <!--userClassNames=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal-->
+            <!--roleClassNames=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal-->
+        <!--</attribute>-->
+        <!--<reference name="ConfigurationFactory"><name>securityRealm</name></reference>-->
+    <!--</gbean>-->
 
     <gbean name="FirstValve" class="org.apache.geronimo.tomcat.ValveGBean">
         <attribute name="className">org.apache.catalina.authenticator.SingleSignOn</attribute>

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,127 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat;
+
+import java.security.AccessControlContext;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.message.config.AuthConfigFactory;
+import javax.security.auth.message.config.RegistrationListener;
+import javax.security.auth.message.config.AuthConfigProvider;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.AuthException;
+
+import org.apache.catalina.deploy.LoginConfig;
+import org.apache.catalina.deploy.SecurityConstraint;
+import org.apache.catalina.startup.ContextConfig;
+import org.apache.catalina.Context;
+import org.apache.catalina.core.StandardContext;
+import org.apache.geronimo.tomcat.security.Authenticator;
+import org.apache.geronimo.tomcat.security.LoginService;
+import org.apache.geronimo.tomcat.security.IdentityService;
+import org.apache.geronimo.tomcat.security.Authorizer;
+import org.apache.geronimo.tomcat.security.SecurityValve;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+import org.apache.geronimo.tomcat.security.jacc.JACCAuthorizer;
+import org.apache.geronimo.tomcat.security.jacc.JACCRealm;
+import org.apache.geronimo.tomcat.security.jacc.JACCSecurityValve;
+import org.apache.geronimo.tomcat.security.impl.GeronimoLoginService;
+import org.apache.geronimo.tomcat.security.impl.GeronimoIdentityService;
+import org.apache.geronimo.tomcat.security.authentication.BasicAuthenticator;
+import org.apache.geronimo.tomcat.security.authentication.NoneAuthenticator;
+import org.apache.geronimo.tomcat.security.authentication.DigestAuthenticator;
+import org.apache.geronimo.tomcat.security.authentication.ClientCertAuthenticator;
+import org.apache.geronimo.tomcat.security.authentication.FormAuthenticator;
+import org.apache.geronimo.tomcat.security.authentication.jaspic.JaspicCallbackHandler;
+import org.apache.geronimo.tomcat.security.authentication.jaspic.JaspicAuthenticator;
+import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.jaas.ConfigurationFactory;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class BaseGeronimoContextConfig extends ContextConfig {
+    private static final String MESSAGE_LAYER = "HttpServlet";
+
+
+    protected void configureSecurity(StandardContext geronimoContext, String policyContextId, ConfigurationFactory configurationFactory, Subject defaultSubject, String authMethod, String realmName, String loginPage, String errorPage) {
+        IdentityService identityService = new GeronimoIdentityService();
+        if (defaultSubject == null) {
+            defaultSubject = ContextManager.EMPTY;
+        }
+        UserIdentity unauthenticatedIdentity = identityService.newUserIdentity(defaultSubject, null, null);
+        LoginService loginService = new GeronimoLoginService(configurationFactory, identityService);
+        Authenticator authenticator = null;
+        AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
+        RegistrationListener listener = new RegistrationListener() {
+
+            public void notify(String layer, String appContext) {
+            }
+        };
+        //?? TODO is context.getPath() the context root?
+        String appContext = "server " + geronimoContext.getPath();
+        AuthConfigProvider authConfigProvider = authConfigFactory.getConfigProvider(MESSAGE_LAYER, appContext, listener);
+        ServerAuthConfig serverAuthConfig = null;
+        JaspicCallbackHandler callbackHandler = null;
+        if (authConfigProvider != null) {
+            callbackHandler = new JaspicCallbackHandler(loginService);
+            try {
+                serverAuthConfig = authConfigProvider.getServerAuthConfig(MESSAGE_LAYER, appContext, callbackHandler);
+            } catch (AuthException e) {
+                //TODO log exception?  rethrow????
+            }
+        }
+        if (serverAuthConfig != null) {
+            Map authProperties = new HashMap();
+            Subject serviceSubject = new Subject();
+            authenticator = new JaspicAuthenticator(serverAuthConfig, authProperties, serviceSubject, callbackHandler, identityService);
+        } else if ("BASIC".equalsIgnoreCase(authMethod)) {
+            authenticator = new BasicAuthenticator(loginService, realmName, unauthenticatedIdentity);
+        } else if ("CLIENT-CERT".equalsIgnoreCase(authMethod)) {
+            authenticator = new ClientCertAuthenticator(loginService, unauthenticatedIdentity);
+        } else if ("DIGEST".equalsIgnoreCase(authMethod)) {
+            authenticator = new DigestAuthenticator(loginService, realmName, unauthenticatedIdentity);
+        } else if ("FORM".equalsIgnoreCase(authMethod)) {
+            authenticator = new FormAuthenticator(loginService, unauthenticatedIdentity, loginPage, errorPage);
+        } else  if ("NONE".equalsIgnoreCase(authMethod)) {
+            authenticator = new NoneAuthenticator(unauthenticatedIdentity);
+        }
+        if (authenticator == null) {
+            throw new IllegalStateException("No authenticator configured");
+        }
+
+        AccessControlContext defaultAcc = ContextManager.registerSubjectShort(defaultSubject,  null, null);
+        Authorizer authorizer = new JACCAuthorizer(defaultAcc);
+
+        SecurityValve securityValve = new JACCSecurityValve(authenticator, authorizer, identityService, policyContextId);
+
+        geronimoContext.addValve(securityValve);
+        if (log.isDebugEnabled()) {
+            log.debug(sm.getString(
+                    "contextConfig.authenticatorConfigured",
+                    authMethod));
+        }
+
+        geronimoContext.setRealm(new JACCRealm());
+    }
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EjbWsContextConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EjbWsContextConfig.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EjbWsContextConfig.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EjbWsContextConfig.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat;
+
+import javax.security.auth.Subject;
+
+import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.catalina.core.StandardContext;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class EjbWsContextConfig extends BaseGeronimoContextConfig {
+    private final String policyContextId;
+    private final ConfigurationFactory configurationFactory;
+    private final Subject defaultSubject;
+    private final String authMethod;
+    private final String realmName;
+
+    public EjbWsContextConfig(String policyContextId, ConfigurationFactory configurationFactory, Subject defaultSubject, String authMethod, String realmName) {
+        this.policyContextId = policyContextId;
+        this.configurationFactory = configurationFactory;
+        this.defaultSubject = defaultSubject;
+        this.authMethod = authMethod;
+        this.realmName = realmName;
+    }
+
+    @Override
+    protected void authenticatorConfig() {
+        if (policyContextId == null || configurationFactory == null) {
+            return;
+        }
+
+        configureSecurity((StandardContext)context,
+                policyContextId,
+                configurationFactory,
+                defaultSubject,
+                authMethod, realmName, null, null);
+    }
+
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EjbWsContextConfig.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EjbWsContextConfig.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EjbWsContextConfig.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EngineGBean.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EngineGBean.java?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EngineGBean.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/EngineGBean.java Thu Jul 16 17:03:50 2009
@@ -16,8 +16,6 @@
  */
 package org.apache.geronimo.tomcat;
 
-import java.util.Collection;
-import java.util.Iterator;
 import java.util.Map;
 
 import org.apache.catalina.Cluster;
@@ -25,26 +23,20 @@
 import org.apache.catalina.Host;
 import org.apache.catalina.LifecycleListener;
 import org.apache.catalina.Manager;
-import org.apache.catalina.Realm;
 import org.apache.catalina.Valve;
 import org.apache.catalina.core.StandardEngine;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.gbean.GBeanLifecycle;
-import org.apache.geronimo.gbean.ReferenceCollection;
-import org.apache.geronimo.gbean.ReferenceCollectionEvent;
-import org.apache.geronimo.gbean.ReferenceCollectionListener;
 import org.apache.geronimo.gbean.annotation.GBean;
 import org.apache.geronimo.gbean.annotation.ParamAttribute;
 import org.apache.geronimo.gbean.annotation.ParamReference;
-import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+import org.apache.geronimo.security.jaas.ConfigurationFactory;
 import org.apache.geronimo.system.jmx.MBeanServerReference;
 import org.apache.geronimo.tomcat.cluster.CatalinaClusterGBean;
-import org.apache.geronimo.tomcat.realm.TomcatJAASRealm;
-import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.tomcat.security.jacc.JACCRealm;
 import org.apache.tomcat.util.modeler.Registry;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * @version $Rev$ $Date$
@@ -61,100 +53,95 @@
 
     public EngineGBean(
             //fish engine out of server configured with server.xml
-            @ParamReference(name="Server")TomcatServerGBean server,
-            @ParamAttribute(name="serviceName")String serviceName,
+            @ParamReference(name = "Server") TomcatServerGBean server,
+            @ParamAttribute(name = "serviceName") String serviceName,
 
             //Or (deprecated) set up an engine directly
-            @ParamAttribute(name = "className")String className,
-            @ParamAttribute(name = "initParams")Map initParams,
-            @ParamReference(name="DefaultHost", namingType = HostGBean.J2EE_TYPE)HostGBean defaultHost,
-            @ParamReference(name="RealmGBean", namingType = GBeanInfoBuilder.DEFAULT_J2EE_TYPE)ObjectRetriever realmGBean,
-            @ParamReference(name="ConfigurationFactory", namingType = GBeanInfoBuilder.DEFAULT_J2EE_TYPE)ConfigurationFactory configurationFactory,
-            @ParamReference(name="TomcatValveChain", namingType = ValveGBean.J2EE_TYPE)ValveGBean tomcatValveChain,
-            @ParamReference(name="LifecycleListenerChain", namingType = LifecycleListenerGBean.J2EE_TYPE)LifecycleListenerGBean listenerChain,
-            @ParamReference(name="CatalinaCluster", namingType = CatalinaClusterGBean.J2EE_TYPE)CatalinaClusterGBean clusterGBean,
-            @ParamReference(name="Manager", namingType = ManagerGBean.J2EE_TYPE)ManagerGBean manager,
-            @ParamReference(name="MBeanServerReference")MBeanServerReference mbeanServerReference) throws Exception {
+            @ParamAttribute(name = "className") String className,
+            @ParamAttribute(name = "initParams") Map initParams,
+            @ParamReference(name = "DefaultHost", namingType = HostGBean.J2EE_TYPE) HostGBean defaultHost,
+            @ParamReference(name = "RealmGBean", namingType = GBeanInfoBuilder.DEFAULT_J2EE_TYPE) ObjectRetriever realmGBean,
+            @ParamReference(name = "ConfigurationFactory", namingType = GBeanInfoBuilder.DEFAULT_J2EE_TYPE) ConfigurationFactory configurationFactory,
+            @ParamReference(name = "TomcatValveChain", namingType = ValveGBean.J2EE_TYPE) ValveGBean tomcatValveChain,
+            @ParamReference(name = "LifecycleListenerChain", namingType = LifecycleListenerGBean.J2EE_TYPE) LifecycleListenerGBean listenerChain,
+            @ParamReference(name = "CatalinaCluster", namingType = CatalinaClusterGBean.J2EE_TYPE) CatalinaClusterGBean clusterGBean,
+            @ParamReference(name = "Manager", namingType = ManagerGBean.J2EE_TYPE) ManagerGBean manager,
+            @ParamReference(name = "MBeanServerReference") MBeanServerReference mbeanServerReference) throws Exception {
 
         if (server == null) {
             //legacy configuration
 
-        if (className == null){
-            className = "org.apache.geronimo.tomcat.TomcatEngine";
-        }
+            if (className == null) {
+                className = "org.apache.geronimo.tomcat.TomcatEngine";
+            }
 
-        if (initParams == null){
-            throw new IllegalArgumentException("Must have 'name' value in initParams.");
-        }
-        
-        //Be sure the defaulthost has been declared.
-        if (defaultHost == null){
-            throw new IllegalArgumentException("Must have a 'defaultHost' attribute.");
-        }
+            if (initParams == null) {
+                throw new IllegalArgumentException("Must have 'name' value in initParams.");
+            }
 
-        //Be sure the name has been declared.
-        if (!initParams.containsKey(NAME)){
-            throw new IllegalArgumentException("Must have a 'name' value initParams.");
-        }
-        
-        //Deprecate the defaultHost initParam
-        if (initParams.containsKey(DEFAULTHOST)){
-            log.warn("The " + DEFAULTHOST + " initParams value is no longer used and will be ignored.");
-            initParams.remove(DEFAULTHOST);
-        }
+            //Be sure the defaulthost has been declared.
+            if (defaultHost == null) {
+                throw new IllegalArgumentException("Must have a 'defaultHost' attribute.");
+            }
 
-        engine = (Engine)Class.forName(className).newInstance();
+            //Be sure the name has been declared.
+            if (!initParams.containsKey(NAME)) {
+                throw new IllegalArgumentException("Must have a 'name' value initParams.");
+            }
 
-        //Set the parameters
-        setParameters(engine, initParams);
-        
-        //Set realm (must be before Hosts)
-        if (realmGBean != null){
-            engine.setRealm((Realm)realmGBean.getInternalObject());
-        } else if (configurationFactory != null) {
-            Realm realm = new TomcatJAASRealm(configurationFactory);
-            engine.setRealm(realm);
-        }
-        
-        //Set the default Host
-        Host host = (Host) defaultHost.getInternalObject();
-        if (host.getParent() != null) {
-            throw new IllegalStateException("Default host is already in use by another engine: " + host.getParent());
-        }
-        engine.setDefaultHost(host.getName());
-        addHost(host);
+            //Deprecate the defaultHost initParam
+            if (initParams.containsKey(DEFAULTHOST)) {
+                log.warn("The " + DEFAULTHOST + " initParams value is no longer used and will be ignored.");
+                initParams.remove(DEFAULTHOST);
+            }
 
-        if (manager != null)
-            engine.setManager((Manager)manager.getInternalObject());
+            engine = (Engine) Class.forName(className).newInstance();
 
-        //Add the valve and listener lists
-        if (engine instanceof StandardEngine){
-            if (tomcatValveChain != null){
-                ValveGBean valveGBean = tomcatValveChain;
-                while(valveGBean != null){
-                    ((StandardEngine)engine).addValve((Valve)valveGBean.getInternalObject());
-                    valveGBean = valveGBean.getNextValve();
-                }
+            //Set the parameters
+            setParameters(engine, initParams);
+
+            //Set realm (must be before Hosts)
+            engine.setRealm(JACCRealm.INSTANCE);
+
+            //Set the default Host
+            Host host = (Host) defaultHost.getInternalObject();
+            if (host.getParent() != null) {
+                throw new IllegalStateException("Default host is already in use by another engine: " + host.getParent());
             }
-            
-            if (listenerChain != null){
-                LifecycleListenerGBean listenerGBean = listenerChain;
-                while(listenerGBean != null){
-                    ((StandardEngine)engine).addLifecycleListener((LifecycleListener)listenerGBean.getInternalObject());
-                    listenerGBean = listenerGBean.getNextListener();
+            engine.setDefaultHost(host.getName());
+            addHost(host);
+
+            if (manager != null)
+                engine.setManager((Manager) manager.getInternalObject());
+
+            //Add the valve and listener lists
+            if (engine instanceof StandardEngine) {
+                if (tomcatValveChain != null) {
+                    ValveGBean valveGBean = tomcatValveChain;
+                    while (valveGBean != null) {
+                        ((StandardEngine) engine).addValve((Valve) valveGBean.getInternalObject());
+                        valveGBean = valveGBean.getNextValve();
+                    }
+                }
+
+                if (listenerChain != null) {
+                    LifecycleListenerGBean listenerGBean = listenerChain;
+                    while (listenerGBean != null) {
+                        ((StandardEngine) engine).addLifecycleListener((LifecycleListener) listenerGBean.getInternalObject());
+                        listenerGBean = listenerGBean.getNextListener();
+                    }
                 }
             }
-        }
 
-        if(mbeanServerReference != null) {
-            Registry.setServer(mbeanServerReference.getMBeanServer());
-        }
-        
+            if (mbeanServerReference != null) {
+                Registry.setServer(mbeanServerReference.getMBeanServer());
+            }
 
-        //Add clustering
-        if (clusterGBean != null){
-            engine.setCluster((Cluster)clusterGBean.getInternalObject());
-        }
+
+            //Add clustering
+            if (clusterGBean != null) {
+                engine.setCluster((Cluster) clusterGBean.getInternalObject());
+            }
         } else {
             //get engine from server gbean
             engine = (Engine) server.getService(serviceName).getContainer();

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java Thu Jul 16 17:03:50 2009
@@ -42,6 +42,7 @@
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.jaas.ConfigurationFactory;
 import org.apache.geronimo.security.jacc.RunAsSource;
 import org.apache.geronimo.tomcat.interceptor.BeforeAfter;
 import org.apache.geronimo.tomcat.interceptor.ComponentContextBeforeAfter;
@@ -63,6 +64,11 @@
 public class GeronimoStandardContext extends StandardContext {
 
     private static final long serialVersionUID = 3834587716552831032L;
+    private static final boolean allowLinking;
+
+    static {
+        allowLinking = new Boolean(System.getProperty("org.apache.geronimo.tomcat.GeronimoStandardContext.allowLinking", "false"));
+    }
 
     private Subject defaultSubject = null;
     private RunAsSource runAsSource = RunAsSource.NULL;
@@ -73,12 +79,10 @@
 
     private BeforeAfter beforeAfter = null;
     private int contextCount = 0;
-    
-    private static final boolean allowLinking;
-    
-    static {
-        allowLinking = new Boolean(System.getProperty("org.apache.geronimo.tomcat.GeronimoStandardContext.allowLinking", "false"));
-    }
+
+    private boolean authenticatorInstalled;
+    private ConfigurationFactory configurationFactory;
+    private String policyContextId;
 
     public void setContextProperties(TomcatContext ctx) throws DeploymentException {
 
@@ -104,6 +108,9 @@
                     getServletContext().setAttribute(entry.getKey(), entry.getValue());
                 }
             }
+            if (tctx.getSecurityHolder() != null) {
+                configurationFactory = tctx.getSecurityHolder().getConfigurationFactory();
+            }
         }
 
         int index = 0;
@@ -127,8 +134,8 @@
             
             if (securityHolder.getPolicyContextID() != null) {
 
-                PolicyContext.setContextID(securityHolder.getPolicyContextID());
-
+                policyContextId = securityHolder.getPolicyContextID();
+                PolicyContext.setContextID(policyContextId);
                 /**
                  * Register our default subject with the ContextManager
                  */
@@ -138,7 +145,7 @@
                     defaultSubject = ContextManager.EMPTY;
                 }
 
-                interceptor = new PolicyContextBeforeAfter(interceptor, index++, index++, index++, securityHolder.getPolicyContextID(), defaultSubject);
+                interceptor = new PolicyContextBeforeAfter(interceptor, index++, index++, index++, policyContextId, defaultSubject);
 
             }
         }
@@ -448,4 +455,24 @@
     public Subject getSubjectForRole(String runAsRole) {
         return runAsSource.getSubjectForRole(runAsRole);
     }
+
+    public boolean isAuthenticatorInstalled() {
+        return authenticatorInstalled;
+    }
+
+    public void setAuthenticatorInstalled(boolean authenticatorInstalled) {
+        this.authenticatorInstalled = authenticatorInstalled;
+    }
+
+    public ConfigurationFactory getConfigurationFactory() {
+        return configurationFactory;
+    }
+
+    public Subject getDefaultSubject() {
+        return defaultSubject;
+    }
+
+    public String getPolicyContextId() {
+        return policyContextId;
+    }
 }

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java Thu Jul 16 17:03:50 2009
@@ -34,6 +34,12 @@
         this.name = name;
     }
 
+    public JAASTomcatPrincipal(String name, Subject subject, List roles) {
+        this.name = name;
+        this.subject = subject;
+        this.roles = roles;
+    }
+
     public String getName() {
         return name;
     }

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java Thu Jul 16 17:03:50 2009
@@ -25,19 +25,18 @@
 
 import javax.management.ObjectName;
 import javax.management.MalformedObjectNameException;
+import javax.security.auth.Subject;
 
 import org.apache.catalina.Container;
 import org.apache.catalina.Context;
 import org.apache.catalina.Engine;
 import org.apache.catalina.LifecycleListener;
-import org.apache.catalina.Realm;
 import org.apache.catalina.Service;
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.Lifecycle;
 import org.apache.catalina.core.StandardService;
 import org.apache.catalina.startup.ContextConfig;
 import org.apache.catalina.connector.Connector;
-import org.apache.catalina.realm.JAASRealm;
 import org.apache.geronimo.gbean.GBeanLifecycle;
 import org.apache.geronimo.gbean.annotation.GBean;
 import org.apache.geronimo.gbean.annotation.ParamAttribute;
@@ -48,9 +47,8 @@
 import org.apache.geronimo.management.geronimo.NetworkConnector;
 import org.apache.geronimo.management.geronimo.WebManager;
 import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
-import org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm;
-import org.apache.geronimo.tomcat.realm.TomcatJAASRealm;
 import org.apache.geronimo.tomcat.util.SecurityHolder;
 import org.apache.geronimo.webservices.SoapHandler;
 import org.apache.geronimo.webservices.WebServiceContainer;
@@ -262,22 +260,22 @@
      * <p/>
      * It simply delegates the call to Tomcat's Embedded and Host classes
      *
-     * @param ctx the context to be added
+     * @param contextInfo the context to be added
      * @see org.apache.catalina.startup.Embedded
      * @see org.apache.catalina.Host
      */
-    public void addContext(TomcatContext ctx) throws Exception {
-        Context anotherCtxObj = createContext(ctx.getContextPath(), ctx.getDocBase(), ctx.getClassLoader());
+    public void addContext(TomcatContext contextInfo) throws Exception {
+        Context context = createContext(contextInfo.getContextPath(), contextInfo.getDocBase(), contextInfo.getClassLoader());
 
         // Set the context for the Tomcat implementation
-        ctx.setContext(anotherCtxObj);
+        contextInfo.setContext(context);
 
         // Have the context to set its properties if its a GeronimoStandardContext
-        if (anotherCtxObj instanceof GeronimoStandardContext) {
-            ((GeronimoStandardContext) anotherCtxObj).setContextProperties(ctx);
+        if (context instanceof GeronimoStandardContext) {
+            ((GeronimoStandardContext) context).setContextProperties(contextInfo);
         }
         //Was a virtual server defined?
-        String virtualServer = ctx.getVirtualServer();
+        String virtualServer = contextInfo.getVirtualServer();
         if (virtualServer == null) {
             virtualServer = engine.getDefaultHost();
         }
@@ -287,60 +285,60 @@
         }
 
         //Get the security-realm-name if there is one
-        SecurityHolder secHolder = ctx.getSecurityHolder() == null? new SecurityHolder(): ctx.getSecurityHolder();
+        SecurityHolder secHolder = contextInfo.getSecurityHolder() == null? new SecurityHolder(): contextInfo.getSecurityHolder();
 
         //Did we declare a GBean at the context level?
-        if (ctx.getRealm() != null) {
-            Realm realm = ctx.getRealm();
-
-            //Allow for the <security-realm-name> override from the
-            //geronimo-web.xml file to be used if our Realm is a JAAS type
-            if (secHolder.getConfigurationFactory() != null) {
-                if (realm instanceof JAASRealm) {
-                    ((JAASRealm) realm).setAppName(secHolder.getConfigurationFactory().getConfigurationName());
-                }
-            }
-            anotherCtxObj.setRealm(realm);
-        } else {
-            Realm realm = host.getRealm();
-            //Check and see if we have a declared realm name and no match to a parent name
-            if (secHolder.getConfigurationFactory() != null) {
-                    //Is the context requiring JACC?
-                    if (secHolder.isSecurity()) {
-                        //JACC
-                        realm = new TomcatGeronimoRealm(secHolder.getConfigurationFactory());
-                    } else {
-                        //JAAS
-                        realm = new TomcatJAASRealm(secHolder.getConfigurationFactory());
-                        ((JAASRealm) realm).setUserClassNames("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
-                        ((JAASRealm) realm).setRoleClassNames("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
-                    }
-
-                    if (log.isDebugEnabled()) {
-                        log.debug("The security-realm-name '" + secHolder.getConfigurationFactory().getConfigurationName() +
-                            "' was specified and a parent (Engine/Host) is not named the same or no RealmGBean was configured for this context. " +
-                            "Creating a default " + realm.getClass().getName() +
-                            " adapter for this context.");
-                    }
-
-                    anotherCtxObj.setRealm(realm);
-            } else {
-                //The same reason with the above
-                //anotherCtxObj.setRealm(realm);
-            }
-        }
+//        if (contextInfo.getRealm() != null) {
+//            Realm realm = contextInfo.getRealm();
+//
+//            //Allow for the <security-realm-name> override from the
+//            //geronimo-web.xml file to be used if our Realm is a JAAS type
+//            if (secHolder.getConfigurationFactory() != null) {
+//                if (realm instanceof JAASRealm) {
+//                    ((JAASRealm) realm).setAppName(secHolder.getConfigurationFactory().getConfigurationName());
+//                }
+//            }
+//            context.setRealm(realm);
+//        } else {
+//            Realm realm = host.getRealm();
+//            //Check and see if we have a declared realm name and no match to a parent name
+//            if (secHolder.getConfigurationFactory() != null) {
+//                    //Is the context requiring JACC?
+//                    if (secHolder.isSecurity()) {
+//                        //JACC
+//                        realm = new TomcatGeronimoRealm(secHolder.getConfigurationFactory());
+//                    } else {
+//                        //JAAS
+//                        realm = new TomcatJAASRealm(secHolder.getConfigurationFactory());
+//                        ((JAASRealm) realm).setUserClassNames("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
+//                        ((JAASRealm) realm).setRoleClassNames("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
+//                    }
+//
+//                    if (log.isDebugEnabled()) {
+//                        log.debug("The security-realm-name '" + secHolder.getConfigurationFactory().getConfigurationName() +
+//                            "' was specified and a parent (Engine/Host) is not named the same or no RealmGBean was configured for this context. " +
+//                            "Creating a default " + realm.getClass().getName() +
+//                            " adapter for this context.");
+//                    }
+//
+//                    context.setRealm(realm);
+//            } else {
+//                //The same reason with the above
+//                //anotherCtxObj.setRealm(realm);
+//            }
+//        }
         
         // add application listeners to the new context
         if (applicationListeners != null) {
             for (String listener : applicationListeners) {
-                anotherCtxObj.addApplicationListener(listener);
+                context.addApplicationListener(listener);
             }
         }
         
         try {
-            host.addChild(anotherCtxObj);
+            host.addChild(context);
         } catch (IllegalArgumentException ex) {
-            log.error("Unable to add the child container: " + anotherCtxObj.getName() 
+            log.error("Unable to add the child container: " + context.getName()
                     + " .  Please check if your project's context-root is unique.", ex);
         }
     }
@@ -385,7 +383,16 @@
                               String[] protectedMethods, 
                               Properties properties,
                               ClassLoader classLoader) throws Exception {
-        Context webServiceContext = createEJBWebServiceContext(contextPath, webServiceContainer, configurationFactory, realmName, transportGuarantee, authMethod, protectedMethods, classLoader);
+
+        if( log.isDebugEnabled() )
+            log.debug("Creating EJBWebService context '" + contextPath + "'.");
+
+        TomcatEJBWebServiceContext context = new TomcatEJBWebServiceContext(contextPath, webServiceContainer, classLoader);
+        Subject defaultSubject = ContextManager.EMPTY;
+        ContextConfig config = new EjbWsContextConfig(policyContextId,  configurationFactory, defaultSubject, authMethod, realmName);
+        context.addLifecycleListener(config);
+
+        Context webServiceContext = (context);
 
         String virtualServer;
         if (virtualHosts != null && virtualHosts.length > 0) {
@@ -415,51 +422,6 @@
         webServices.remove(contextPath);
     }
 
-//    public static final GBeanInfo GBEAN_INFO;
-//
-//    static {
-//        GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic("Tomcat Web Container", TomcatContainer.class);
-//
-//        infoFactory.setConstructor(new String[]{
-//                "classLoader",
-//                "catalinaHome",
-//                "applicationListeners",
-//                "EngineGBean",
-//                "LifecycleListenerChain",
-//                "ServerInfo",
-//                "objectName",
-//                "WebManager"});
-//
-//        infoFactory.addAttribute("classLoader", ClassLoader.class, false);
-//
-//        infoFactory.addAttribute("catalinaHome", String.class, true);
-//
-//        infoFactory.addAttribute("applicationListeners", String[].class, true);
-//
-//        infoFactory.addAttribute("objectName", String.class, false);
-//
-//        infoFactory.addReference("EngineGBean", ObjectRetriever.class, GBeanInfoBuilder.DEFAULT_J2EE_TYPE);
-//        infoFactory.addReference("LifecycleListenerChain", LifecycleListenerGBean.class, LifecycleListenerGBean.J2EE_TYPE);
-//
-//        infoFactory.addReference("ServerInfo", ServerInfo.class, "GBean");
-//        infoFactory.addReference("WebManager", WebManager.class);
-//
-//        infoFactory.addOperation("addContext", new Class[]{TomcatContext.class});
-//        infoFactory.addOperation("removeContext", new Class[]{TomcatContext.class});
-//
-//        infoFactory.addOperation("addConnector", new Class[]{Connector.class});
-//        infoFactory.addOperation("removeConnector", new Class[]{Connector.class});
-//
-//        infoFactory.addInterface(SoapHandler.class);
-//        infoFactory.addInterface(TomcatWebContainer.class);
-//
-//        GBEAN_INFO = infoFactory.getBeanInfo();
-//    }
-//
-//    public static GBeanInfo getGBeanInfo() {
-//        return GBEAN_INFO;
-//    }
-
     public Context createContext(String path, String docBase, ClassLoader cl) {
 
         if( log.isDebugEnabled() )
@@ -474,35 +436,12 @@
         if (cl != null)
             context.setParentClassLoader(cl);
 
-        ContextConfig config = new ContextConfig();
-//        config.setCustomAuthenticators(authenticators);
+        ContextConfig config = new WebContextConfig();
         context.addLifecycleListener(config);
 
         context.setDelegate(true);
         return context;
 
     }
-    
-    public Context createEJBWebServiceContext(String contextPath,
-            WebServiceContainer webServiceContainer,
-            ConfigurationFactory configurationFactory,
-            String realmName,
-            String transportGuarantee,
-            String authMethod,
-            String[] protectedMethods,
-            ClassLoader classLoader) {
-
-         if( log.isDebugEnabled() )
-             log.debug("Creating EJBWebService context '" + contextPath + "'.");
-
-         TomcatEJBWebServiceContext context = new TomcatEJBWebServiceContext(contextPath, webServiceContainer, configurationFactory, realmName, transportGuarantee, authMethod, protectedMethods, classLoader);
-
-         ContextConfig config = new ContextConfig();
-//         config.setCustomAuthenticators(authenticators);
-         ((Lifecycle) context).addLifecycleListener(config);
-
-         return (context);
-
-     }
 
 }

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEJBWebServiceContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEJBWebServiceContext.java?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEJBWebServiceContext.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEJBWebServiceContext.java Thu Jul 16 17:03:50 2009
@@ -22,9 +22,7 @@
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.HashMap;
-import java.util.HashSet;
 import java.util.Map;
-import java.util.Set;
 
 import javax.security.jacc.PolicyContext;
 import javax.servlet.ServletException;
@@ -32,114 +30,30 @@
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.catalina.Wrapper;
-import org.apache.catalina.authenticator.BasicAuthenticator;
-import org.apache.catalina.authenticator.DigestAuthenticator;
-import org.apache.catalina.authenticator.NonLoginAuthenticator;
-import org.apache.catalina.authenticator.SSLAuthenticator;
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
 import org.apache.catalina.core.StandardContext;
-import org.apache.catalina.deploy.LoginConfig;
-import org.apache.catalina.deploy.SecurityCollection;
-import org.apache.catalina.deploy.SecurityConstraint;
 import org.apache.catalina.valves.ValveBase;
+import org.apache.geronimo.webservices.WebServiceContainer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.apache.geronimo.tomcat.realm.TomcatEJBWSGeronimoRealm;
-import org.apache.geronimo.webservices.WebServiceContainer;
-import org.apache.geronimo.security.jaas.ConfigurationFactory;
 
 public class TomcatEJBWebServiceContext extends StandardContext{
 
     private static final Logger log = LoggerFactory.getLogger(TomcatEJBWebServiceContext.class);
 
-    private final String contextPath;
     private final WebServiceContainer webServiceContainer;
-    private final boolean isSecureTransportGuarantee;
     private final ClassLoader classLoader;
-    private final Set<String> secureMethods;
 
-    public TomcatEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer, ConfigurationFactory configurationFactory, String realmName, String transportGuarantee, String authMethod, String[] protectedMethods, ClassLoader classLoader) {
-        this.contextPath = contextPath;
+    public TomcatEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer, ClassLoader classLoader) {
         this.webServiceContainer = webServiceContainer;
-        this.secureMethods = initSecureMethods(protectedMethods);
         this.setPath(contextPath);
         this.setDocBase("");
         this.setParentClassLoader(classLoader);
         this.setDelegate(true);
 
         log.debug("EJB Webservice Context = " + contextPath);
-        if (configurationFactory != null) {
-
-            TomcatEJBWSGeronimoRealm realm = new TomcatEJBWSGeronimoRealm(configurationFactory);
-            setRealm(realm);
-
-            if ("NONE".equals(transportGuarantee)) {
-                isSecureTransportGuarantee = false;
-            } else if ("INTEGRAL".equals(transportGuarantee) ||
-                       "CONFIDENTIAL".equals(transportGuarantee)) {
-                isSecureTransportGuarantee = true;
-            } else {
-                throw new IllegalArgumentException("Invalid transport-guarantee: " + transportGuarantee);
-            }
 
-            if ("NONE".equals(authMethod) ||
-                "BASIC".equals(authMethod) ||
-                "DIGEST".equals(authMethod) ||
-                "CLIENT-CERT".equals(authMethod)) {
-
-                //Setup a login configuration
-                LoginConfig loginConfig = new LoginConfig();
-                loginConfig.setAuthMethod(authMethod);
-                loginConfig.setRealmName(realmName);
-                this.setLoginConfig(loginConfig);
-
-                //Setup a default Security Constraint
-                SecurityCollection collection = new SecurityCollection();
-                if (secureMethods == null) {
-                    // protect all
-                    collection.addMethod("GET");
-                    collection.addMethod("POST");
-                    collection.addMethod("PUT");
-                    collection.addMethod("DELETE");
-                    collection.addMethod("HEAD");
-                    collection.addMethod("OPTIONS");
-                    collection.addMethod("TRACE");
-                    collection.addMethod("CONNECT");
-                } else {
-                    // protect specified
-                    for (String method : secureMethods) {
-                        collection.addMethod(method);
-                    }
-                }
-                collection.addPattern("/*");
-                collection.setName("default");
-                SecurityConstraint sc = new SecurityConstraint();
-                sc.addAuthRole("*");
-                sc.addCollection(collection);
-                sc.setAuthConstraint(true);
-                sc.setUserConstraint(transportGuarantee);
-                this.addConstraint(sc);
-                this.addSecurityRole("default");
-
-                //Set the proper authenticator
-                if ("BASIC".equals(authMethod) ){
-                    this.addValve(new BasicAuthenticator());
-                } else if ("DIGEST".equals(authMethod) ){
-                    this.addValve(new DigestAuthenticator());
-                } else if ("CLIENT-CERT".equals(authMethod) ){
-                    this.addValve(new SSLAuthenticator());
-                } else if ("NONE".equals(authMethod)) {
-                    this.addValve(new NonLoginAuthenticator());
-                }
-
-            } else {
-                throw new IllegalArgumentException("Invalid authMethod: " + authMethod);
-            }
-        } else {
-            isSecureTransportGuarantee = false;
-        }
-        
         this.classLoader = classLoader;
         this.addValve(new EJBWebServiceValve());
         
@@ -152,29 +66,6 @@
 
     }
     
-    private Set<String> initSecureMethods(String[] protectedMethods) {
-        if (protectedMethods == null) {
-            return null;
-        }
-        Set<String> methods = null;
-        for (String method : protectedMethods) {
-            if (method == null) {
-                continue;
-            }
-            method = method.trim();
-            if (method.length() == 0) {
-                continue;
-            }
-            method = method.toUpperCase();
-            
-            if (methods == null) {
-                methods = new HashSet<String>();
-            }
-            methods.add(method);
-        }
-        return methods;
-    }
-    
     public class EJBWebServiceValve extends ValveBase {
 
         public void invoke(Request req, Response res) throws IOException, ServletException {
@@ -201,12 +92,6 @@
 
             req.finishRequest();
             
-            if (secureMethods == null || secureMethods.contains(req.getMethod())) {
-                if (isSecureTransportGuarantee && !req.isSecure()) {
-                    res.sendError(403);
-                    return;
-                }
-            }
             if (isWSDLRequest(req)) {
                 try {
                     webServiceContainer.getWsdl(request, response);

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEngine.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEngine.java?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEngine.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEngine.java Thu Jul 16 17:03:50 2009
@@ -19,7 +19,6 @@
 import org.apache.catalina.Engine;
 import org.apache.catalina.Realm;
 import org.apache.catalina.core.StandardEngine;
-import org.apache.geronimo.tomcat.realm.TomcatJAASRealm;
 
 public class TomcatEngine extends StandardEngine implements Engine{
 

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/WebContextConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/WebContextConfig.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/WebContextConfig.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/WebContextConfig.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat;
+
+import org.apache.catalina.deploy.SecurityConstraint;
+import org.apache.catalina.deploy.LoginConfig;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class WebContextConfig extends BaseGeronimoContextConfig {
+    @Override
+    protected void authenticatorConfig() {
+        if (!(context instanceof GeronimoStandardContext)) {
+            throw new IllegalStateException("Unexpected context type");
+        }
+        GeronimoStandardContext geronimoContext = (GeronimoStandardContext) context;
+        if (geronimoContext.isAuthenticatorInstalled()) {
+            return;
+        }
+        SecurityConstraint constraints[] = context.findConstraints();
+        if ((constraints == null) || (constraints.length == 0)) {
+            return;
+        }
+        LoginConfig loginConfig = context.getLoginConfig();
+        String authMethod = loginConfig.getAuthMethod();
+        String realmName = loginConfig.getRealmName();
+        String loginPage = loginConfig.getLoginPage();
+        String errorPage = loginConfig.getErrorPage();
+
+        configureSecurity(geronimoContext,
+                geronimoContext.getPolicyContextId(),
+                geronimoContext.getConfigurationFactory(),
+                geronimoContext.getDefaultSubject(),
+                authMethod,
+                realmName,
+                loginPage,
+                errorPage);
+    }
+    
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/WebContextConfig.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/WebContextConfig.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/WebContextConfig.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java Thu Jul 16 17:03:50 2009
@@ -48,12 +48,12 @@
 
         //Save the old
 
-        context[policyContextIDIndex] = PolicyContext.getContextID();
+//        context[policyContextIDIndex] = PolicyContext.getContextID();
         context[callersIndex] = ContextManager.getCallers();
 
         //Set the new
-        PolicyContext.setContextID(policyContextID);
-        PolicyContext.setHandlerData(httpRequest);
+//        PolicyContext.setContextID(policyContextID);
+//        PolicyContext.setHandlerData(httpRequest);
         if (httpRequest != null){
             context[defaultSubjectIndex] = httpRequest.getAttribute(DEFAULT_SUBJECT);
             httpRequest.setAttribute(DEFAULT_SUBJECT, defaultSubject);
@@ -71,9 +71,9 @@
         }
 
         //Replace the old
-        PolicyContext.setContextID((String)context[policyContextIDIndex]);
+//        PolicyContext.setContextID((String)context[policyContextIDIndex]);
         // Must unset handler data from thread - see GERONIMO-4574
-        PolicyContext.setHandlerData(null);
+//        PolicyContext.setHandlerData(null);
         ContextManager.popCallers((Callers) context[callersIndex]);
         if (httpRequest != null)
             httpRequest.setAttribute(DEFAULT_SUBJECT, context[defaultSubjectIndex]);

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/DispatchListener.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/DispatchListener.java?rev=794752&r1=794751&r2=794752&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/DispatchListener.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/DispatchListener.java Thu Jul 16 17:03:50 2009
@@ -17,6 +17,7 @@
 package org.apache.geronimo.tomcat.listener;
 
 import java.util.Stack;
+
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 
@@ -25,14 +26,14 @@
 import org.apache.catalina.InstanceEvent;
 import org.apache.catalina.InstanceListener;
 import org.apache.catalina.core.StandardWrapper;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.apache.geronimo.tomcat.GeronimoStandardContext;
 import org.apache.geronimo.tomcat.interceptor.BeforeAfter;
-import org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm;
+import org.apache.geronimo.tomcat.security.jacc.JACCRealm;
 import org.apache.tomcat.util.buf.MessageBytes;
 import org.apache.tomcat.util.http.mapper.Mapper;
 import org.apache.tomcat.util.http.mapper.MappingData;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 public class DispatchListener implements InstanceListener {
 
@@ -68,7 +69,7 @@
             Stack<Object[]> stack = currentContext.get();
             Object context[] = new Object[webContext.getContextCount() + 1];
             String wrapperName = getWrapperName(request, webContext);
-            context[webContext.getContextCount()] = TomcatGeronimoRealm.setRequestWrapperName(wrapperName);
+            context[webContext.getContextCount()] = JACCRealm.setRequestWrapperName(wrapperName);
 
             beforeAfter.before(context, request, response, BeforeAfter.DISPATCHED);
 
@@ -85,7 +86,7 @@
 
             beforeAfter.after(context, request, response, BeforeAfter.DISPATCHED);
 
-            TomcatGeronimoRealm.setRequestWrapperName((String) context[webContext.getContextCount()]);
+            JACCRealm.setRequestWrapperName((String) context[webContext.getContextCount()]);
         }
     }
 

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class AuthResult {
+
+    private final TomcatAuthStatus authStatus;
+    private final UserIdentity userIdentity;
+
+    public AuthResult(TomcatAuthStatus authStatus, UserIdentity userIdentity) {
+        this.authStatus = authStatus;
+        this.userIdentity = userIdentity;
+    }
+
+    public TomcatAuthStatus getAuthStatus() {
+        return authStatus;
+    }
+
+    public UserIdentity getUserIdentity() {
+        return userIdentity;
+    }
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+
+
+/**
+ * @version $Rev$ $Date$
+ */
+public interface Authenticator {
+
+    AuthResult validateRequest(Request request, Response response, boolean isAuthMandatory) throws ServerAuthException;
+
+    boolean secureResponse(Request request, Response response, AuthResult authResult) throws ServerAuthException;
+
+    String getAuthType();
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security;
+
+import org.apache.catalina.connector.Request;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public interface Authorizer {
+
+    Object getConstraints(Request request);
+
+    boolean hasUserDataPermissions(Request request, Object constraints);
+
+    boolean isAuthMandatory(Request request, Object constraints);
+
+    boolean hasResourcePermissions(Request request, AuthResult authResult, Object constraints, UserIdentity userIdentity);
+
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security;
+
+import javax.security.auth.Subject;
+import java.security.Principal;
+import java.util.List;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public interface IdentityService {
+
+    Object associate(UserIdentity userIdentity);
+
+    void dissociate(Object previous);
+
+    UserIdentity newUserIdentity(Subject subject, Principal userPrincipal, List<String> gropus);
+
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public interface LoginService {
+
+    UserIdentity login(String userName, String password);
+
+    void logout(UserIdentity userIdentity);
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,104 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security;
+
+import java.io.IOException;
+import java.security.Principal;
+
+import javax.servlet.ServletException;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.valves.ValveBase;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class SecurityValve extends ValveBase {
+
+    private final Authenticator authenticator;
+    private final Authorizer authorizer;
+    private final IdentityService identityService;
+
+    public SecurityValve(Authenticator authenticator, Authorizer authorizer, IdentityService identityService) {
+        this.authenticator = authenticator;
+        this.authorizer = authorizer;
+        this.identityService = identityService;
+    }
+
+    public void invoke(Request request, Response response) throws IOException, ServletException {
+
+        Object constraints = authorizer.getConstraints(request);
+
+        if (!authorizer.hasUserDataPermissions(request, constraints)) {
+            //TODO redirect to secure port?
+            if (!response.isError()) {
+                response.sendError(Response.SC_FORBIDDEN);
+            }
+            return;
+        }
+        boolean isAuthMandatory = authorizer.isAuthMandatory(request, constraints);
+
+        try {
+            AuthResult authResult = authenticator.validateRequest(request, response, isAuthMandatory);
+
+            TomcatAuthStatus authStatus = authResult.getAuthStatus();
+
+            if (authStatus == TomcatAuthStatus.FAILURE) {
+                return;
+            } else if (authStatus == TomcatAuthStatus.SEND_CONTINUE) {
+                return;
+            } else if (authStatus == TomcatAuthStatus.SEND_FAILURE) {
+                return;
+            } else if (authStatus == TomcatAuthStatus.SEND_SUCCESS) {
+                return;
+            } else if (authStatus == TomcatAuthStatus.SUCCESS) {
+                request.setAuthType(authenticator.getAuthType());
+                UserIdentity userIdentity = authResult.getUserIdentity();
+                Principal principal = userIdentity == null? null: userIdentity.getUserPrincipal();
+                request.setUserPrincipal(principal);
+                if (isAuthMandatory) {
+                    if (!authorizer.hasResourcePermissions(request, authResult, constraints, userIdentity)) {
+                        if (!response.isError()) {
+                            response.sendError(Response.SC_FORBIDDEN);
+                        }
+                        return;
+                    }
+                }
+                Object previous = identityService.associate(userIdentity);
+                try {
+                    getNext().invoke(request, response);
+                } finally {
+                    identityService.dissociate(previous);
+                }
+                //This returns a success code but I'm not sure what to do with it.
+                authenticator.secureResponse(request, response, authResult);
+            } else {
+                //illegal state?
+                throw new ServletException("unexpected auth status: " + authStatus);
+            }
+        } catch (ServerAuthException e) {
+            throw new ServletException(e);
+        }
+
+
+    }
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/ServerAuthException.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/ServerAuthException.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/ServerAuthException.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/ServerAuthException.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class ServerAuthException extends Exception {
+    public ServerAuthException() {
+    }
+
+    public ServerAuthException(String s) {
+        super(s);
+    }
+
+    public ServerAuthException(String s, Throwable throwable) {
+        super(s, throwable);
+    }
+
+    public ServerAuthException(Throwable throwable) {
+        super(throwable);
+    }
+}



Mime
View raw message