geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r1000329 [1/2] - in /geronimo/server/trunk/plugins: j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/ j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/ j2ee/geronimo-w...
Date Thu, 23 Sep 2010 05:53:15 GMT
Author: djencks
Date: Thu Sep 23 05:53:14 2010
New Revision: 1000329

URL: http://svn.apache.org/viewvc?rev=1000329&view=rev
Log:
GERONIMO-5624 patch (slightly modified) from Ivan to use info tree to merge security info from dynamic additions and annotations (this is new for jetty).

Added:
    geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/
    geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SecurityConfigTest.java   (contents, props changed)
      - copied, changed from r1000277, geronimo/server/trunk/plugins/j2ee/geronimo-web/src/test/java/org/apache/geronimo/web/security/SecurityConfigTest.java
    geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SpecSecurityParsingTest.java   (contents, props changed)
      - copied, changed from r1000277, geronimo/server/trunk/plugins/j2ee/geronimo-web/src/test/java/org/apache/geronimo/web/security/SpecSecurityParsingTest.java
    geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/
    geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web-nosecurity.xml   (props changed)
      - copied unchanged from r1000277, geronimo/server/trunk/plugins/j2ee/geronimo-web/src/test/resources/security/web-nosecurity.xml
    geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web1.xml   (props changed)
      - copied unchanged from r1000277, geronimo/server/trunk/plugins/j2ee/geronimo-web/src/test/resources/security/web1.xml
    geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web2.xml   (props changed)
      - copied unchanged from r1000277, geronimo/server/trunk/plugins/j2ee/geronimo-web/src/test/resources/security/web2.xml
    geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web3.xml   (props changed)
      - copied unchanged from r1000277, geronimo/server/trunk/plugins/j2ee/geronimo-web/src/test/resources/security/web3.xml
    geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web4.xml   (props changed)
      - copied unchanged from r1000277, geronimo/server/trunk/plugins/j2ee/geronimo-web/src/test/resources/security/web4.xml
    geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web5.xml   (props changed)
      - copied unchanged from r1000277, geronimo/server/trunk/plugins/j2ee/geronimo-web/src/test/resources/security/web5.xml
    geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web6.xml   (props changed)
      - copied unchanged from r1000277, geronimo/server/trunk/plugins/j2ee/geronimo-web/src/test/resources/security/web6.xml
    geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/WebSecurityConstraintStore.java
    geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoApplicationServletRegistrationAdapter.java
    geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/JACCSecurityEventListener.java
Removed:
    geronimo/server/trunk/plugins/j2ee/geronimo-web/src/test/java/org/apache/geronimo/web/security/
    geronimo/server/trunk/plugins/j2ee/geronimo-web/src/test/resources/security/
Modified:
    geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java
    geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/DefaultWebAppInfoFactory.java
    geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/StandardWebAppInfoFactory.java
    geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/WebAppInfoBuilder.java
    geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/WebAppInfoFactory.java
    geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
    geronimo/server/trunk/plugins/j2ee/j2ee-server/src/main/history/dependencies.xml
    geronimo/server/trunk/plugins/jetty8/geronimo-jetty8-builder/src/main/java/org/apache/geronimo/jetty8/deployment/JettyModuleBuilder.java
    geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/WebAppContextWrapper.java
    geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/EJBWebServiceContext.java
    geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoWebAppContext.java
    geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/test/java/org/apache/geronimo/jetty8/AbstractWebModuleTest.java
    geronimo/server/trunk/plugins/jetty8/jetty8-deployer/src/main/history/dependencies.xml
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/core/GeronimoApplicationContext.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/core/GeronimoApplicationServletRegistrationAdapter.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/listener/JACCSecurityLifecycleListener.java

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/AbstractWebModuleBuilder.java Thu Sep 23 05:53:14 2010
@@ -45,6 +45,7 @@ import javax.xml.parsers.ParserConfigura
 import javax.xml.stream.Location;
 import javax.xml.stream.XMLStreamException;
 import javax.xml.stream.XMLStreamReader;
+
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.components.jaspi.model.AuthModuleType;
 import org.apache.geronimo.components.jaspi.model.ConfigProviderType;
@@ -88,6 +89,7 @@ import org.apache.geronimo.security.jasp
 import org.apache.geronimo.security.jaspi.ServerAuthConfigGBean;
 import org.apache.geronimo.security.jaspi.ServerAuthContextGBean;
 import org.apache.geronimo.security.jaspi.ServerAuthModuleGBean;
+import org.apache.geronimo.web.info.WebAppInfo;
 import org.apache.geronimo.web.security.SpecSecurityBuilder;
 import org.apache.geronimo.web25.deployment.merge.MergeHelper;
 import org.apache.geronimo.web25.deployment.security.AuthenticationWrapper;
@@ -532,7 +534,7 @@ public abstract class AbstractWebModuleB
     }
 
     protected ComponentPermissions buildSpecSecurityConfig(EARContext earContext, WebApp webApp, Bundle bundle) {
-        SpecSecurityBuilder builder = new SpecSecurityBuilder(webApp, bundle, INITIAL_WEB_XML_SCHEMA_VERSION.get(earContext.getGeneralData()) >= 2.5f && !webApp.isMetadataComplete());
+        SpecSecurityBuilder builder = new SpecSecurityBuilder(new WebAppInfo());
         return builder.buildSpecSecurityConfig();
     }
 

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/DefaultWebAppInfoFactory.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/DefaultWebAppInfoFactory.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/DefaultWebAppInfoFactory.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/DefaultWebAppInfoFactory.java Thu Sep 23 05:53:14 2010
@@ -21,13 +21,15 @@
 package org.apache.geronimo.web25.deployment;
 
 import org.apache.geronimo.web.info.FilterInfo;
+import org.apache.geronimo.web.info.SecurityConstraintInfo;
 import org.apache.geronimo.web.info.ServletInfo;
 import org.apache.geronimo.web.info.WebAppInfo;
+import org.apache.geronimo.web25.deployment.WebAppInfoFactory;
 
 /**
  * @version $Rev:$ $Date:$
  */
-public class DefaultWebAppInfoFactory implements WebAppInfoFactory{
+public class DefaultWebAppInfoFactory implements WebAppInfoFactory {
     @Override
     public WebAppInfo newWebAppInfo() {
         return new WebAppInfo();
@@ -53,6 +55,20 @@ public class DefaultWebAppInfoFactory im
     }
 
     @Override
+    public SecurityConstraintInfo newSecurityConstraintInfo() {
+        return new SecurityConstraintInfo();
+    }
+
+    @Override
+    public SecurityConstraintInfo copy(SecurityConstraintInfo securityConstraintInfo) {
+        SecurityConstraintInfo copy = new SecurityConstraintInfo();
+        copy.authConstraint = securityConstraintInfo.authConstraint;
+        copy.userDataConstraint = securityConstraintInfo.userDataConstraint;
+        copy.webResourceCollections.addAll(securityConstraintInfo.webResourceCollections);
+        return copy;
+    }
+
+    @Override
     public ServletInfo copy(ServletInfo servletInfo) {
          ServletInfo copy = new ServletInfo();
          copy.servletClass = servletInfo.servletClass;
@@ -62,6 +78,7 @@ public class DefaultWebAppInfoFactory im
          copy.initParams.putAll(servletInfo.initParams);
          copy.loadOnStartup = servletInfo.loadOnStartup;
          copy.runAsRole = servletInfo.runAsRole;
+         copy.securityRoleRefs.addAll(servletInfo.securityRoleRefs);
          return copy;
      }
 
@@ -76,5 +93,5 @@ public class DefaultWebAppInfoFactory im
          copy.initParams.putAll(filterInfo.initParams);
          return copy;
      }
-    
+
 }

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/StandardWebAppInfoFactory.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/StandardWebAppInfoFactory.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/StandardWebAppInfoFactory.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/StandardWebAppInfoFactory.java Thu Sep 23 05:53:14 2010
@@ -23,6 +23,7 @@ package org.apache.geronimo.web25.deploy
 import java.util.ArrayList;
 
 import org.apache.geronimo.web.info.FilterInfo;
+import org.apache.geronimo.web.info.SecurityConstraintInfo;
 import org.apache.geronimo.web.info.ServletInfo;
 import org.apache.geronimo.web.info.WebAppInfo;
 
@@ -32,6 +33,7 @@ import org.apache.geronimo.web.info.WebA
 public class StandardWebAppInfoFactory extends DefaultWebAppInfoFactory {
 
     private final ServletInfo jspServletInfo;
+
     private final WebAppInfo defaultWebAppInfo;
 
     public StandardWebAppInfoFactory(WebAppInfo defaultWebAppInfo, ServletInfo jspServletInfo) {
@@ -50,6 +52,10 @@ public class StandardWebAppInfoFactory e
         webAppInfo.listeners.addAll(defaultWebAppInfo.listeners);
         webAppInfo.contextParams.putAll(defaultWebAppInfo.contextParams);
         webAppInfo.contextRoot = defaultWebAppInfo.contextRoot;
+        for (SecurityConstraintInfo securityConstraintInfo : defaultWebAppInfo.securityConstraints) {
+            webAppInfo.securityConstraints.add(copy(securityConstraintInfo));
+        }
+        webAppInfo.securityRoles.addAll(defaultWebAppInfo.securityRoles);
     }
 
     @Override

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/WebAppInfoBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/WebAppInfoBuilder.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/WebAppInfoBuilder.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/WebAppInfoBuilder.java Thu Sep 23 05:53:14 2010
@@ -21,6 +21,7 @@
 package org.apache.geronimo.web25.deployment;
 
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.EnumSet;
 import java.util.HashMap;
 import java.util.List;
@@ -28,13 +29,17 @@ import java.util.Map;
 
 import javax.servlet.DispatcherType;
 import org.apache.geronimo.common.DeploymentException;
+import org.apache.geronimo.web.info.AuthConstraintInfo;
 import org.apache.geronimo.web.info.ErrorPageInfo;
 import org.apache.geronimo.web.info.FilterInfo;
 import org.apache.geronimo.web.info.FilterMappingInfo;
 import org.apache.geronimo.web.info.LoginConfigInfo;
 import org.apache.geronimo.web.info.MultipartConfigInfo;
+import org.apache.geronimo.web.info.SecurityConstraintInfo;
+import org.apache.geronimo.web.info.SecurityRoleRefInfo;
 import org.apache.geronimo.web.info.ServletInfo;
 import org.apache.geronimo.web.info.WebAppInfo;
+import org.apache.geronimo.web.info.WebResourceCollectionInfo;
 import org.apache.openejb.jee.Dispatcher;
 import org.apache.openejb.jee.ErrorPage;
 import org.apache.openejb.jee.Filter;
@@ -46,9 +51,13 @@ import org.apache.openejb.jee.LoginConfi
 import org.apache.openejb.jee.MimeMapping;
 import org.apache.openejb.jee.MultipartConfig;
 import org.apache.openejb.jee.ParamValue;
+import org.apache.openejb.jee.SecurityConstraint;
+import org.apache.openejb.jee.SecurityRole;
+import org.apache.openejb.jee.SecurityRoleRef;
 import org.apache.openejb.jee.Servlet;
 import org.apache.openejb.jee.ServletMapping;
 import org.apache.openejb.jee.WebApp;
+import org.apache.openejb.jee.WebResourceCollection;
 import org.apache.openejb.jee.WelcomeFileList;
 
 /**
@@ -57,7 +66,9 @@ import org.apache.openejb.jee.WelcomeFil
 public class WebAppInfoBuilder {
 
     private final WebApp webApp;
+
     private final WebAppInfoFactory webAppInfoFactory;
+
     private WebAppInfo webAppInfo;
 
     public WebAppInfoBuilder(WebApp webApp, WebAppInfoFactory webAppInfoFactory) {
@@ -96,7 +107,7 @@ public class WebAppInfoBuilder {
             }
             servletInfo.loadOnStartup = servlet.getLoadOnStartup();
             if (servlet.getRunAs() != null) {
-                servletInfo.runAsRole = servlet.getRunAs().getRoleName();
+                servletInfo.runAsRole = servlet.getRunAs().getRoleName().trim();
             }
             if (servlet.getMultipartConfig() != null) {
                 MultipartConfig multipartConfig = servlet.getMultipartConfig();
@@ -108,11 +119,19 @@ public class WebAppInfoBuilder {
                 servletInfo.multipartConfigInfo = multipartConfigInfo;
             }
             addParams(servlet.getInitParam(), servletInfo.initParams);
+            for (SecurityRoleRef securityRoleRef : servlet.getSecurityRoleRef()) {
+                SecurityRoleRefInfo securityRoleRefInfo = new SecurityRoleRefInfo();
+                if (securityRoleRef.getRoleLink() != null) {
+                    securityRoleRefInfo.roleLink = securityRoleRef.getRoleLink().trim();
+                }
+                securityRoleRefInfo.roleName = securityRoleRef.getRoleName().trim();
+                servletInfo.securityRoleRefs.add(securityRoleRefInfo);
+            }
             webAppInfo.servlets.add(servletInfo);
             servletMap.put(servletInfo.servletName, servletInfo);
         }
         for (ServletMapping servletMapping : webApp.getServletMapping()) {
-            String servletName = servletMapping.getServletName();
+            String servletName = servletMapping.getServletName().trim();
             ServletInfo servletInfo = servletMap.get(servletName);
             if (servletInfo == null) {
                 problems.add("\nNo servlet matching servlet mappings for " + servletName);
@@ -124,7 +143,7 @@ public class WebAppInfoBuilder {
         Map<String, FilterInfo> filterMap = new HashMap<String, FilterInfo>();
         for (Filter filter : webApp.getFilter()) {
             FilterInfo filterInfo = webAppInfoFactory.newFilterInfo();
-            filterInfo.filterName = filter.getFilterName();
+            filterInfo.filterName = filter.getFilterName().trim();
             filterInfo.filterClass = filter.getFilterClass();
             filterInfo.asyncSupported = filter.isAsyncSupported();
             addParams(filter.getInitParam(), filterInfo.initParams);
@@ -132,7 +151,7 @@ public class WebAppInfoBuilder {
             filterMap.put(filterInfo.filterName, filterInfo);
         }
         for (FilterMapping filterMapping : webApp.getFilterMapping()) {
-            String filterName = filterMapping.getFilterName();
+            String filterName = filterMapping.getFilterName().trim();
             FilterInfo filterInfo = filterMap.get(filterName);
             if (filterInfo == null) {
                 problems.add("\nNo filter matching filter mappings for " + filterName);
@@ -189,6 +208,72 @@ public class WebAppInfoBuilder {
             break;
         }
 
+        for (SecurityConstraint securityConstraint : webApp.getSecurityConstraint()) {
+            SecurityConstraintInfo securityConstraintInfo = webAppInfoFactory.newSecurityConstraintInfo();
+            if (securityConstraint.getAuthConstraint() != null) {
+                securityConstraintInfo.authConstraint = new AuthConstraintInfo();
+                securityConstraintInfo.authConstraint.roleNames.addAll(securityConstraint.getAuthConstraint().getRoleName());
+            }
+            if (securityConstraint.getUserDataConstraint() != null) {
+                securityConstraintInfo.userDataConstraint = securityConstraint.getUserDataConstraint().getTransportGuarantee().value();
+            }
+            for (WebResourceCollection webResourceCollection : securityConstraint.getWebResourceCollection()) {
+                WebResourceCollectionInfo webResourceCollectionInfo = new WebResourceCollectionInfo();
+                webResourceCollectionInfo.webResourceName = webResourceCollection.getWebResourceName();
+                normalizeUrlPatterns(webResourceCollection.getUrlPattern(), webResourceCollectionInfo.urlPatterns);
+                if (webResourceCollection.getHttpMethod().size() > 0) {
+                    webResourceCollectionInfo.omission = false;
+                    webResourceCollectionInfo.httpMethods.addAll(webResourceCollection.getHttpMethod());
+                } else {
+                    webResourceCollectionInfo.omission = true;
+                    webResourceCollectionInfo.httpMethods.addAll(webResourceCollection.getHttpMethodOmission());
+                }
+                securityConstraintInfo.webResourceCollections.add(webResourceCollectionInfo);
+            }
+            webAppInfo.securityConstraints.add(securityConstraintInfo);
+        }
+
+        for (SecurityRole securityRole : webApp.getSecurityRole()) {
+            webAppInfo.securityRoles.add(securityRole.getRoleName().trim());
+        }
+
+        webAppInfo.displayName = webApp.getDisplayName();
+
+        for (ErrorPage errorPage: webApp.getErrorPage()) {
+            ErrorPageInfo errorPageInfo = new ErrorPageInfo();
+            errorPageInfo.location = errorPage.getLocation();
+            if (errorPage.getErrorCode() != null) {
+                errorPageInfo.errorCode = errorPage.getErrorCode().intValue();
+            }
+            errorPageInfo.exceptionType = errorPage.getExceptionType();
+            webAppInfo.errorPages.add(errorPageInfo);
+        }
+
+        for (LocaleEncodingMappingList localeEncodingMappingList: webApp.getLocaleEncodingMappingList()) {
+            for (LocaleEncodingMapping localeEncodingMapping: localeEncodingMappingList.getLocaleEncodingMapping()) {
+                webAppInfo.localeEncodingMappings.put(localeEncodingMapping.getLocale(), localeEncodingMapping.getEncoding());
+            }
+        }
+        for (MimeMapping mimeMapping: webApp.getMimeMapping()) {
+            webAppInfo.mimeMappings.put(mimeMapping.getExtension(), mimeMapping.getMimeType());
+        }
+
+        for (WelcomeFileList welcomeFileList: webApp.getWelcomeFileList()) {
+            webAppInfo.welcomeFiles.addAll(welcomeFileList.getWelcomeFile());
+        }
+
+        for (LoginConfig loginConfig: webApp.getLoginConfig()) {
+            LoginConfigInfo loginConfigInfo = new LoginConfigInfo();
+            loginConfigInfo.authMethod = loginConfig.getAuthMethod();
+            loginConfigInfo.realmName = loginConfig.getRealmName();
+            if (loginConfig.getFormLoginConfig() != null) {
+                loginConfigInfo.formLoginPage = loginConfig.getFormLoginConfig().getFormLoginPage();
+                loginConfigInfo.formErrorPage = loginConfig.getFormLoginConfig().getFormErrorPage();
+            }
+            webAppInfo.loginConfig = loginConfigInfo;
+            break;
+        }
+
         webAppInfoFactory.complete(webAppInfo);
 
         if (!problems.isEmpty()) {
@@ -214,8 +299,7 @@ public class WebAppInfoBuilder {
         return webAppInfoFactory.copy(filterInfo);
     }
 
-
-    public static void normalizeUrlPatterns(List<String> source, List<String> target) {
+    public static void normalizeUrlPatterns(Collection<String> source, Collection<String> target) {
         for (String pattern : source) {
             pattern = pattern.trim();
             if (!pattern.startsWith("*") && !pattern.startsWith("/")) {

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/WebAppInfoFactory.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/WebAppInfoFactory.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/WebAppInfoFactory.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/WebAppInfoFactory.java Thu Sep 23 05:53:14 2010
@@ -21,6 +21,7 @@
 package org.apache.geronimo.web25.deployment;
 
 import org.apache.geronimo.web.info.FilterInfo;
+import org.apache.geronimo.web.info.SecurityConstraintInfo;
 import org.apache.geronimo.web.info.ServletInfo;
 import org.apache.geronimo.web.info.WebAppInfo;
 
@@ -30,7 +31,9 @@ import org.apache.geronimo.web.info.WebA
 public interface WebAppInfoFactory {
 
     WebAppInfo newWebAppInfo();
+
     FilterInfo newFilterInfo();
+
     ServletInfo newServletInfo();
 
     void complete(WebAppInfo webAppInfo);
@@ -40,4 +43,9 @@ public interface WebAppInfoFactory {
     ServletInfo copy(ServletInfo servletInfo);
 
     FilterInfo copy(FilterInfo filterInfo);
+
+    SecurityConstraintInfo newSecurityConstraintInfo();
+
+    SecurityConstraintInfo copy(SecurityConstraintInfo securityConstraint);
+
 }

Copied: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SecurityConfigTest.java (from r1000277, geronimo/server/trunk/plugins/j2ee/geronimo-web/src/test/java/org/apache/geronimo/web/security/SecurityConfigTest.java)
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SecurityConfigTest.java?p2=geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SecurityConfigTest.java&p1=geronimo/server/trunk/plugins/j2ee/geronimo-web/src/test/java/org/apache/geronimo/web/security/SecurityConfigTest.java&r1=1000277&r2=1000329&rev=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web/src/test/java/org/apache/geronimo/web/security/SecurityConfigTest.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SecurityConfigTest.java Thu Sep 23 05:53:14 2010
@@ -15,14 +15,16 @@
  *  limitations under the License.
  */
 
-package org.apache.geronimo.web.security;
+package org.apache.geronimo.web25.deployment.security;
 
 import java.io.InputStream;
 import java.net.URL;
 
-import javax.xml.bind.JAXBException;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.geronimo.testsupport.TestSupport;
+import org.apache.geronimo.web.security.SpecSecurityBuilder;
+import org.apache.geronimo.web25.deployment.DefaultWebAppInfoFactory;
+import org.apache.geronimo.web25.deployment.WebAppInfoBuilder;
 import org.apache.openejb.jee.JaxbJavaee;
 import org.apache.openejb.jee.WebApp;
 
@@ -33,13 +35,14 @@ public class SecurityConfigTest extends 
 
     private ClassLoader classLoader = this.getClass().getClassLoader();
 
-
     public void testNoSecConstraint() throws Exception {
         URL specDDUrl = classLoader.getResource("security/web-nosecurity.xml");
         InputStream in = specDDUrl.openStream();
         try {
             WebApp webApp = (WebApp) JaxbJavaee.unmarshalJavaee(WebApp.class, in);
-            SpecSecurityBuilder builder = new SpecSecurityBuilder(webApp);
+            WebAppInfoBuilder webAppInfoBuilder = new WebAppInfoBuilder(webApp, new DefaultWebAppInfoFactory());
+            webAppInfoBuilder.build();
+            SpecSecurityBuilder builder = new SpecSecurityBuilder(webAppInfoBuilder.getWebAppInfo());
             ComponentPermissions componentPermissions = builder.buildSpecSecurityConfig();
         } finally {
             in.close();

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SecurityConfigTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SecurityConfigTest.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SecurityConfigTest.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Copied: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SpecSecurityParsingTest.java (from r1000277, geronimo/server/trunk/plugins/j2ee/geronimo-web/src/test/java/org/apache/geronimo/web/security/SpecSecurityParsingTest.java)
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SpecSecurityParsingTest.java?p2=geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SpecSecurityParsingTest.java&p1=geronimo/server/trunk/plugins/j2ee/geronimo-web/src/test/java/org/apache/geronimo/web/security/SpecSecurityParsingTest.java&r1=1000277&r2=1000329&rev=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web/src/test/java/org/apache/geronimo/web/security/SpecSecurityParsingTest.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SpecSecurityParsingTest.java Thu Sep 23 05:53:14 2010
@@ -18,18 +18,22 @@
  */
 
 
-package org.apache.geronimo.web.security;
+package org.apache.geronimo.web25.deployment.security;
 
 import java.io.InputStream;
 import java.net.URL;
 import java.security.Permission;
 import java.security.PermissionCollection;
+
 import javax.security.jacc.WebResourcePermission;
 import javax.security.jacc.WebUserDataPermission;
 
 import junit.framework.TestCase;
 
 import org.apache.geronimo.security.jacc.ComponentPermissions;
+import org.apache.geronimo.web.security.SpecSecurityBuilder;
+import org.apache.geronimo.web25.deployment.DefaultWebAppInfoFactory;
+import org.apache.geronimo.web25.deployment.WebAppInfoBuilder;
 import org.apache.openejb.jee.JaxbJavaee;
 import org.apache.openejb.jee.WebApp;
 
@@ -40,10 +44,11 @@ public class SpecSecurityParsingTest ext
 
     private ClassLoader classLoader = this.getClass().getClassLoader();
 
-
     public void testParsing() throws Exception {
         WebApp webApp = parse("security/web1.xml");
-        SpecSecurityBuilder builder = new SpecSecurityBuilder(webApp);
+        WebAppInfoBuilder webAppInfoBuilder = new WebAppInfoBuilder(webApp, new DefaultWebAppInfoFactory());
+        webAppInfoBuilder.build();
+        SpecSecurityBuilder builder = new SpecSecurityBuilder(webAppInfoBuilder.getWebAppInfo());
         ComponentPermissions permissions = builder.buildSpecSecurityConfig();
         PermissionCollection unchecked = permissions.getUncheckedPermissions();
         assertTrue(unchecked.implies(new WebResourcePermission("/login.do", "!")));
@@ -60,7 +65,9 @@ public class SpecSecurityParsingTest ext
      */
     public void testAllMethodsConstraint() throws Exception {
         WebApp webApp = parse("security/web2.xml");
-        SpecSecurityBuilder builder = new SpecSecurityBuilder(webApp);
+        WebAppInfoBuilder webAppInfoBuilder = new WebAppInfoBuilder(webApp, new DefaultWebAppInfoFactory());
+        webAppInfoBuilder.build();
+        SpecSecurityBuilder builder = new SpecSecurityBuilder(webAppInfoBuilder.getWebAppInfo());
         ComponentPermissions permissions = builder.buildSpecSecurityConfig();
         Permission p = new WebResourcePermission("/Test/Foo", "GET,POST");
         assertTrue(implies(p, permissions, "Admin"));
@@ -70,7 +77,9 @@ public class SpecSecurityParsingTest ext
 
     public void testExcludedConstraint() throws Exception {
         WebApp webApp = parse("security/web3.xml");
-        SpecSecurityBuilder builder = new SpecSecurityBuilder(webApp);
+        WebAppInfoBuilder webAppInfoBuilder = new WebAppInfoBuilder(webApp, new DefaultWebAppInfoFactory());
+        webAppInfoBuilder.build();
+        SpecSecurityBuilder builder = new SpecSecurityBuilder(webAppInfoBuilder.getWebAppInfo());
         ComponentPermissions permissions = builder.buildSpecSecurityConfig();
         Permission p = new WebResourcePermission("/Test/Foo", "GET,POST");
         assertTrue(implies(p, permissions, "Admin"));
@@ -96,7 +105,9 @@ public class SpecSecurityParsingTest ext
     }
     public void testExcludedRemovesRoleConstraint() throws Exception {
         WebApp webApp = parse("security/web4.xml");
-        SpecSecurityBuilder builder = new SpecSecurityBuilder(webApp);
+        WebAppInfoBuilder webAppInfoBuilder = new WebAppInfoBuilder(webApp, new DefaultWebAppInfoFactory());
+        webAppInfoBuilder.build();
+        SpecSecurityBuilder builder = new SpecSecurityBuilder(webAppInfoBuilder.getWebAppInfo());
         ComponentPermissions permissions = builder.buildSpecSecurityConfig();
         // test excluding longer path than allowed
         Permission p = new WebResourcePermission("/Foo/Baz", "GET");
@@ -125,7 +136,9 @@ public class SpecSecurityParsingTest ext
     //overlapping excluded and role constraint, excluded constraint wins.
     public void testExcludedAndRoleConstraint() throws Exception {
         WebApp webApp = parse("security/web5.xml");
-        SpecSecurityBuilder builder = new SpecSecurityBuilder(webApp);
+        WebAppInfoBuilder webAppInfoBuilder = new WebAppInfoBuilder(webApp, new DefaultWebAppInfoFactory());
+        webAppInfoBuilder.build();
+        SpecSecurityBuilder builder = new SpecSecurityBuilder(webAppInfoBuilder.getWebAppInfo());
         ComponentPermissions permissions = builder.buildSpecSecurityConfig();
         // test excluding longer path than allowed
         Permission p = new WebResourcePermission("/foo/Baz", "GET");
@@ -141,7 +154,9 @@ public class SpecSecurityParsingTest ext
 
     public void testHTTPOmissionMethodsConstraint() throws Exception {
         WebApp webApp = parse("security/web6.xml");
-        SpecSecurityBuilder builder = new SpecSecurityBuilder(webApp);
+        WebAppInfoBuilder webAppInfoBuilder = new WebAppInfoBuilder(webApp, new DefaultWebAppInfoFactory());
+        webAppInfoBuilder.build();
+        SpecSecurityBuilder builder = new SpecSecurityBuilder(webAppInfoBuilder.getWebAppInfo());
         ComponentPermissions permissions = builder.buildSpecSecurityConfig();
         Permission p = new WebResourcePermission("/app/*", "GET");
         assertFalse(implies(p, permissions, null));

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SpecSecurityParsingTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SpecSecurityParsingTest.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/SpecSecurityParsingTest.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web-nosecurity.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web-nosecurity.xml
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web-nosecurity.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web1.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web1.xml
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web1.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web2.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web2.xml
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web2.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web3.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web3.xml
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web3.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web4.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web4.xml
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web4.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web5.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web5.xml
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web5.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web6.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web6.xml
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/test/resources/security/web6.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java Thu Sep 23 05:53:14 2010
@@ -22,7 +22,6 @@ package org.apache.geronimo.web.security
 import java.security.Permission;
 import java.security.PermissionCollection;
 import java.security.Permissions;
-import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -35,24 +34,13 @@ import javax.security.jacc.PolicyContext
 import javax.security.jacc.WebResourcePermission;
 import javax.security.jacc.WebRoleRefPermission;
 import javax.security.jacc.WebUserDataPermission;
-import javax.servlet.HttpMethodConstraintElement;
-import javax.servlet.ServletSecurityElement;
-import javax.servlet.annotation.HttpConstraint;
-import javax.servlet.annotation.HttpMethodConstraint;
-import javax.servlet.annotation.ServletSecurity;
-import javax.servlet.annotation.ServletSecurity.TransportGuarantee;
 
 import org.apache.geronimo.security.jacc.ComponentPermissions;
-import org.apache.openejb.jee.AuthConstraint;
-import org.apache.openejb.jee.SecurityConstraint;
-import org.apache.openejb.jee.SecurityRole;
-import org.apache.openejb.jee.SecurityRoleRef;
-import org.apache.openejb.jee.Servlet;
-import org.apache.openejb.jee.ServletMapping;
-import org.apache.openejb.jee.UserDataConstraint;
-import org.apache.openejb.jee.WebApp;
-import org.apache.openejb.jee.WebResourceCollection;
-import org.osgi.framework.Bundle;
+import org.apache.geronimo.web.info.SecurityConstraintInfo;
+import org.apache.geronimo.web.info.SecurityRoleRefInfo;
+import org.apache.geronimo.web.info.ServletInfo;
+import org.apache.geronimo.web.info.WebAppInfo;
+import org.apache.geronimo.web.info.WebResourceCollectionInfo;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -81,138 +69,21 @@ public class SpecSecurityBuilder {
 
     private final RecordingPolicyConfiguration policyConfiguration = new RecordingPolicyConfiguration(true);
 
-    /**
-     * webApp is xmlbean object of the initial web.xml ( May be merged all the web-fragment.xml files)
-     */
-    private WebApp initialWebApp;
+    private WebAppInfo webAppInfo;
 
-    private Bundle bundle;
-
-    private boolean annotationScanRequired;
-
-    private Set<String> urlPatternsConfiguredInDeploymentPlans = new HashSet<String>();
-
-    /**
-     *   dynamicSecurityWebApp contains all the servlet security constraints configured by ServletRegistration.Dynamic interface
-     */
-    private WebApp dynamicSecurityWebApp;
-
-    /**
-     * annotationSecurityWebApp contains all the servlet security constraints configured by ServletConstraint annotation
-     */
-    private WebApp annotationSecurityWebApp;
-
-    public SpecSecurityBuilder(WebApp webApp) {
-        this(webApp, null, false);
-    }
-
-    public SpecSecurityBuilder(WebApp initialWebApp, Bundle bundle, boolean annotationScanRequired) {
-        this.initialWebApp = initialWebApp;
-        if (annotationScanRequired && bundle == null) {
-            throw new IllegalArgumentException("Bundle parameter could not be null while annotation scanning is required");
-        }
-        this.bundle = bundle;
-        this.annotationScanRequired = annotationScanRequired;
-        initialize();
-    }
-
-    public void declareRoles(String... roleNames) {
-        //Let's go ahead to directly add the roles to the securityRoles set. The set will be used in the collectRoleNames method.
-        for (String roleName : roleNames) {
-            if (roleName == null || roleName.trim().length() == 0) {
-                throw new IllegalArgumentException("RoleName of null value or empty string is not allowed in declareRoles method");
-            }
-            securityRoles.add(roleName.trim());
-        }
-    }
-
-    public Set<String> setServletSecurity(ServletSecurityElement constraint, Collection<String> urlPatterns) {
-        if (dynamicSecurityWebApp == null) {
-            dynamicSecurityWebApp = new WebApp();
-        }
-        Set<String> uneffectedUrlPatterns = new HashSet<String>();
-        for (String urlPattern : urlPatterns) {
-            if (urlPatternsConfiguredInDeploymentPlans.contains(urlPattern)) {
-                uneffectedUrlPatterns.add(urlPattern);
-            }
-        }
-        Collection<String> effectedUrlPatterns = null;
-        if (uneffectedUrlPatterns.size() == 0) {
-            effectedUrlPatterns = urlPatterns;
-        } else {
-            effectedUrlPatterns = new HashSet<String>();
-            effectedUrlPatterns.addAll(urlPatterns);
-            effectedUrlPatterns.removeAll(uneffectedUrlPatterns);
-        }
-        //Update SecurityConstraint configured by ServletSecurity annotations if required
-        if (annotationSecurityWebApp != null) {
-            overrideSecurityConstraints(annotationSecurityWebApp, effectedUrlPatterns);
-        }
-        //Update SecurityConstraint configured by previous setServletSecurity invocations
-        overrideSecurityConstraints(dynamicSecurityWebApp, effectedUrlPatterns);
-        //Update Role List
-        //Roles that are implicitly declared as a result of their use within the setServletSecurity or setRunAsRole methods of the ServletRegistration interface
-        //need not be declared.
-        //Set SecurityConstraint
-        if (constraint.getHttpMethodConstraints().size() > 0) {
-            for (HttpMethodConstraintElement httpMethodConstraint : constraint.getHttpMethodConstraints()) {
-                //Generate a security-constraint for each HttpMethodConstraint
-                addNewHTTPMethodSecurityConstraint(dynamicSecurityWebApp, httpMethodConstraint.getRolesAllowed(), httpMethodConstraint.getTransportGuarantee(), httpMethodConstraint
-                        .getEmptyRoleSemantic(), httpMethodConstraint.getMethodName(), effectedUrlPatterns);
-               declareRoles(httpMethodConstraint.getRolesAllowed());
-            }
-        }
-        addNewHTTPSecurityConstraint(dynamicSecurityWebApp, constraint.getRolesAllowed(), constraint.getTransportGuarantee(), constraint.getEmptyRoleSemantic(), constraint.getMethodNames()
-                .toArray(new String[0]), effectedUrlPatterns);
-        declareRoles(constraint.getRolesAllowed());
-        return uneffectedUrlPatterns;
-    }
-
-    private void overrideSecurityConstraints(WebApp webApp, Collection<String> urlPatterns) {
-        for (SecurityConstraint securityConstraint : webApp.getSecurityConstraint()) {
-            int iCurrentWebResourceCollectionIndex = 0;
-            for (WebResourceCollection webResourceCollection : securityConstraint.getWebResourceCollection()) {
-                Set<String> validateAnnotationUrlPatterns = new HashSet<String>();
-                for (String urlPattern : webResourceCollection.getUrlPattern()) {
-                    if (!urlPatterns.contains(urlPattern)) {
-                        validateAnnotationUrlPatterns.add(urlPattern);
-                    }
-                }
-                if (validateAnnotationUrlPatterns.size() == 0) {
-                    securityConstraint.getWebResourceCollection().remove(iCurrentWebResourceCollectionIndex);
-                    continue;
-                } else if (validateAnnotationUrlPatterns.size() < webResourceCollection.getUrlPattern().size()) {
-                    for (int i = 0, iLoopSize = webResourceCollection.getUrlPattern().size(); i < iLoopSize; i++) {
-                        webResourceCollection.getUrlPattern().remove(0);
-                    }
-                    for (String validateAnnotationUrlPattern : validateAnnotationUrlPatterns) {
-                        webResourceCollection.getUrlPattern().add(validateAnnotationUrlPattern);
-                    }
-                }
-                iCurrentWebResourceCollectionIndex++;
-            }
-        }
+    public SpecSecurityBuilder(WebAppInfo webAppInfo) {
+        this.webAppInfo = webAppInfo;
     }
 
     public ComponentPermissions buildSpecSecurityConfig() {
-        if (dynamicSecurityWebApp != null) {
-            for (SecurityConstraint securityConstraint : dynamicSecurityWebApp.getSecurityConstraint()) {
-                initialWebApp.getSecurityConstraint().add(securityConstraint);
-            }
-        }
-        if (annotationSecurityWebApp != null) {
-            for (SecurityConstraint securityConstraint : annotationSecurityWebApp.getSecurityConstraint()) {
-                initialWebApp.getSecurityConstraint().add(securityConstraint);
-            }
-        }
-        collectRoleNames(initialWebApp.getSecurityRole());
+        securityRoles.addAll(webAppInfo.securityRoles);
         try {
-            for (Servlet Servlet : initialWebApp.getServlet()) {
-                processRoleRefPermissions(Servlet);
+            for (ServletInfo servlet : webAppInfo.servlets) {
+                processRoleRefPermissions(servlet);
             }
             //add the role-ref permissions for unmapped jsps
             addUnmappedJSPPermissions();
-            analyzeSecurityConstraints(initialWebApp.getSecurityConstraint());
+            analyzeSecurityConstraints(webAppInfo.securityConstraints);
             removeExcludedDups();
             return buildComponentPermissions();
         } catch (PolicyContextException e) {
@@ -220,11 +91,11 @@ public class SpecSecurityBuilder {
         }
     }
 
-    private void analyzeSecurityConstraints(List<SecurityConstraint> securityConstraintArray) {
-        for (SecurityConstraint SecurityConstraint : securityConstraintArray) {
+    private void analyzeSecurityConstraints(List<SecurityConstraintInfo> securityConstraints) {
+        for (SecurityConstraintInfo securityConstraint : securityConstraints) {
             Map<String, URLPattern> currentPatterns;
-            if (SecurityConstraint.getAuthConstraint() != null) {
-                if (SecurityConstraint.getAuthConstraint().getRoleName().size() == 0) {
+            if (securityConstraint.authConstraint != null) {
+                if (securityConstraint.authConstraint.roleNames.size() == 0) {
                     currentPatterns = excludedPatterns;
                 } else {
                     currentPatterns = rolesPatterns;
@@ -232,60 +103,35 @@ public class SpecSecurityBuilder {
             } else {
                 currentPatterns = uncheckedPatterns;
             }
-            org.apache.openejb.jee.TransportGuarantee transport = org.apache.openejb.jee.TransportGuarantee.NONE;
-            if (SecurityConstraint.getUserDataConstraint() != null) {
-                transport = SecurityConstraint.getUserDataConstraint().getTransportGuarantee();
-            }
-            List<WebResourceCollection> WebResourceCollectionArray = SecurityConstraint.getWebResourceCollection();
-            for (WebResourceCollection WebResourceCollection : WebResourceCollectionArray) {
+            String transport = securityConstraint.userDataConstraint == null ? "NONE" : securityConstraint.userDataConstraint;
+            for (WebResourceCollectionInfo webResourceCollection : securityConstraint.webResourceCollections) {
                 //Calculate HTTP methods list
-                Set<String> httpMethods = new HashSet<String>();
-                //While using HTTP omission methods and empty methods (which means all methods) as the configurations, isExcluded value is true
-                //While using HTTP methods as the configurations, isExcluded value is false
-                boolean isExcludedList = true;
-                if (WebResourceCollection.getHttpMethod().size() > 0) {
-                    isExcludedList = false;
-                    for (String httpMethod : WebResourceCollection.getHttpMethod()) {
-                        if (httpMethod != null) {
-                            httpMethods.add(httpMethod.trim());
-                        }
-                    }
-                } else if (WebResourceCollection.getHttpMethodOmission().size() > 0) {
-                    for (String httpMethodOmission : WebResourceCollection.getHttpMethodOmission()) {
-                        if (httpMethodOmission != null) {
-                            httpMethods.add(httpMethodOmission.trim());
-                        }
-                    }
-                }
-                for (String urlPatternType : WebResourceCollection.getUrlPattern()) {
-                    String url = urlPatternType.trim();
-                    URLPattern pattern = currentPatterns.get(url);
+                for (String urlPattern : webResourceCollection.urlPatterns) {
+                    URLPattern pattern = currentPatterns.get(urlPattern);
                     if (pattern == null) {
-                        pattern = new URLPattern(url, httpMethods, isExcludedList);
-                        currentPatterns.put(url, pattern);
+                        pattern = new URLPattern(urlPattern, webResourceCollection.httpMethods, webResourceCollection.omission);
+                        currentPatterns.put(urlPattern, pattern);
                     } else {
-                        pattern.addMethods(httpMethods, isExcludedList);
+                        pattern.addMethods(webResourceCollection.httpMethods, webResourceCollection.omission);
                     }
-                    URLPattern allPattern = allMap.get(url);
+                    URLPattern allPattern = allMap.get(urlPattern);
                     if (allPattern == null) {
-                        allPattern = new URLPattern(url, httpMethods, isExcludedList);
+                        allPattern = new URLPattern(urlPattern, webResourceCollection.httpMethods, webResourceCollection.omission);
                         allSet.add(allPattern);
-                        allMap.put(url, allPattern);
+                        allMap.put(urlPattern, allPattern);
                     } else {
-                        allPattern.addMethods(httpMethods, isExcludedList);
+                        allPattern.addMethods(webResourceCollection.httpMethods, webResourceCollection.omission);
                     }
                     if (currentPatterns == rolesPatterns) {
-                        List<String> roleNameTypeArray = SecurityConstraint.getAuthConstraint().getRoleName();
-                        for (String roleNameType : roleNameTypeArray) {
-                            String role = roleNameType.trim();
-                            if (role.equals("*")) {
+                        for (String roleName : securityConstraint.authConstraint.roleNames) {
+                            if (roleName.equals("*")) {
                                 pattern.addAllRoles(securityRoles);
                             } else {
-                                pattern.addRole(role);
+                                pattern.addRole(roleName);
                             }
                         }
                     }
-                    pattern.setTransport(transport.value());
+                    pattern.setTransport(transport);
                 }
             }
         }
@@ -353,7 +199,7 @@ public class SpecSecurityBuilder {
             addOrUpdatePattern(uncheckedUserPatterns, name, methods, URLPattern.NA);
         }
         if (!allMap.containsKey("/")) {
-            URLPattern pattern = new URLPattern("/", Collections.EMPTY_SET, false);
+            URLPattern pattern = new URLPattern("/", Collections.<String> emptySet(), false);
             String name = pattern.getQualifiedPattern(allSet);
             HTTPMethods methods = pattern.getComplementedHTTPMethods();
             addOrUpdatePattern(uncheckedResourcePatterns, name, methods, URLPattern.NA);
@@ -384,14 +230,11 @@ public class SpecSecurityBuilder {
         }
     }
 
-    protected void processRoleRefPermissions(Servlet Servlet) throws PolicyContextException {
-        String servletName = Servlet.getServletName().trim();
+    protected void processRoleRefPermissions(ServletInfo servlet) throws PolicyContextException {
+        String servletName = servlet.servletName.trim();
         //WebRoleRefPermissions
-        List<SecurityRoleRef> SecurityRoleRefArray = Servlet.getSecurityRoleRef();
         Set<String> unmappedRoles = new HashSet<String>(securityRoles);
-        for (SecurityRoleRef SecurityRoleRef : SecurityRoleRefArray) {
-            String roleName = SecurityRoleRef.getRoleName().trim();
-            String roleLink = SecurityRoleRef.getRoleLink().trim();
+        for (SecurityRoleRefInfo securityRoleRef : servlet.securityRoleRefs) {
             //jacc 3.1.3.2
             /*   The name of the WebRoleRefPermission must be the servlet-name in whose
             * context the security-role-ref is defined. The actions of the  WebRoleRefPermission
@@ -400,8 +243,8 @@ public class SpecSecurityBuilder {
             * WebRoleRefPermission object resulting from the translation to the role
             * identified in the role-link appearing in the security-role-ref.
             */
-            policyConfiguration.addToRole(roleLink, new WebRoleRefPermission(servletName, roleName));
-            unmappedRoles.remove(roleName);
+            policyConfiguration.addToRole(securityRoleRef.roleLink, new WebRoleRefPermission(servletName, securityRoleRef.roleName));
+            unmappedRoles.remove(securityRoleRef.roleName);
         }
         for (String roleName : unmappedRoles) {
             policyConfiguration.addToRole(roleName, new WebRoleRefPermission(servletName, roleName));
@@ -414,176 +257,6 @@ public class SpecSecurityBuilder {
         }
     }
 
-    protected void collectRoleNames(List<SecurityRole> securityRoles) {
-        for (SecurityRole securityRole : securityRoles) {
-            this.securityRoles.add(securityRole.getRoleName());
-        }
-    }
-
-    /**
-     * 1. Scan ServletConstraint annotations to build a map for conflict checking
-     * 2. Build a url-pattern
-     */
-    private void initialize() {
-        // Initialize urlPatternsConfiguredInDeploymentPlans map, which contains all the url patterns configured in portable deployment plan
-        for (SecurityConstraint secuirtyConstrait : initialWebApp.getSecurityConstraint()) {
-            for (WebResourceCollection webResourceCollection : secuirtyConstrait.getWebResourceCollection()) {
-                for (String urlPattern : webResourceCollection.getUrlPattern()) {
-                    urlPatternsConfiguredInDeploymentPlans.add(urlPattern);
-                }
-            }
-        }
-        //Scan ServletConstraint annotations if required
-        if (annotationScanRequired) {
-            annotationSecurityWebApp = new WebApp();
-            scanServletConstraintAnnotations();
-        }
-    }
-
-    private void scanServletConstraintAnnotations() {
-        try {
-            Map<String, Set<String>> servletClassNameUrlPatternsMap = genetateServletClassUrlPatternsMap();
-            for (Servlet servlet : initialWebApp.getServlet()) {
-                if (servlet.getServletClass() == null || servlet.getServletClass().isEmpty()) {
-                    continue;
-                }
-                String servletClassName = servlet.getServletClass();
-                Class<?> cls = bundle.loadClass(servletClassName);
-                if (!javax.servlet.Servlet.class.isAssignableFrom(cls)) {
-                    continue;
-                }
-                ServletSecurity servletSecurity = cls.getAnnotation(ServletSecurity.class);
-                if (servletSecurity == null) {
-                    continue;
-                }
-                Set<String> urlPatterns = servletClassNameUrlPatternsMap.get(servletClassName);
-                if (urlPatterns == null || urlPatterns.isEmpty()) {
-                    if (logger.isDebugEnabled()) {
-                        logger.debug("No url pattern for the servlet class " + servletClassName + " is found in the deployment plan, SecurityConstraint annotation is ignored");
-                    }
-                    continue;
-                }
-                HttpConstraint httpConstraint = servletSecurity.value();
-                if (servletSecurity.httpMethodConstraints().length > 0) {
-                    String[] omissionMethods = new String[servletSecurity.httpMethodConstraints().length];
-                    int iIndex = 0;
-                    for (HttpMethodConstraint httpMethodConstraint : servletSecurity.httpMethodConstraints()) {
-                        //Generate a security-constraint for each HttpMethodConstraint
-                        String httpMethod = httpMethodConstraint.value().trim();
-                        omissionMethods[iIndex++] = httpMethod;
-                        addNewHTTPMethodSecurityConstraint(annotationSecurityWebApp, httpMethodConstraint.rolesAllowed(), httpMethodConstraint.transportGuarantee(), httpMethodConstraint
-                                .emptyRoleSemantic(), httpMethod, urlPatterns);
-                    }
-                    addNewHTTPSecurityConstraint(annotationSecurityWebApp, httpConstraint.rolesAllowed(), httpConstraint.transportGuarantee(), httpConstraint.value(), omissionMethods, urlPatterns);
-                } else {
-                    addNewHTTPSecurityConstraint(annotationSecurityWebApp, httpConstraint.rolesAllowed(), httpConstraint.transportGuarantee(), httpConstraint.value(), new String[] {}, urlPatterns);
-                }
-            }
-        } catch (ClassNotFoundException e) {
-            //Should never occur, as webservice builder  have already checked it.
-            logger.error("Fail to load class", e);
-        }
-    }
-
-    /**
-     * Create Security Constraint based on the arguments
-     * @param webApp
-     * @param rolesAllowed
-     * @param transportGuarantee
-     * @param emptyRoleSemantic
-     * @param force
-     * @return null when emptyRoleSemantic=PERMIT AND rolesAllowed={} AND transportGuarantee=NONE
-     */
-    private SecurityConstraint addNewSecurityConstraint(WebApp webApp, String[] rolesAllowed, TransportGuarantee transportGuarantee, ServletSecurity.EmptyRoleSemantic emptyRoleSemantic, boolean force) {
-        //IF emptyRoleSemantic=PERMIT AND rolesAllowed={} AND transportGuarantee=NONE then
-        //  No Constraint
-        //END IF
-        if (force || rolesAllowed.length > 0 || transportGuarantee.equals(TransportGuarantee.CONFIDENTIAL) || emptyRoleSemantic.equals(ServletSecurity.EmptyRoleSemantic.DENY)) {
-            SecurityConstraint securityConstraint = new SecurityConstraint();
-            WebResourceCollection webResourceCollection = new WebResourceCollection();
-            securityConstraint.getWebResourceCollection().add(webResourceCollection);
-            webApp.getSecurityConstraint().add(securityConstraint);
-            if (transportGuarantee.equals(TransportGuarantee.CONFIDENTIAL)) {
-                UserDataConstraint udc = new UserDataConstraint();
-                udc.setTransportGuarantee(org.apache.openejb.jee.TransportGuarantee.fromValue(TransportGuarantee.CONFIDENTIAL.name()));
-                securityConstraint.setUserDataConstraint(udc);
-            }
-            if (emptyRoleSemantic.equals(ServletSecurity.EmptyRoleSemantic.DENY)) {
-                securityConstraint.setAuthConstraint(new AuthConstraint());
-            } else if (rolesAllowed.length > 0) {
-                //When rolesAllowed.length == 0 and emptyRoleSemantic.equals(ServletSecurity.EmptyRoleSemantic.PERMIT), no need to create the AuthConstraint object, as it means deny all
-                AuthConstraint authConstraint = new AuthConstraint();
-                for (String roleAllowed : rolesAllowed) {
-                    authConstraint.getRoleName().add(roleAllowed);
-                }
-                securityConstraint.setAuthConstraint(authConstraint);
-            }
-            return securityConstraint;
-        }
-        return null;
-    }
-
-    private SecurityConstraint addNewHTTPSecurityConstraint(WebApp webApp, String[] rolesAllowed, TransportGuarantee transportGuarantee, ServletSecurity.EmptyRoleSemantic emptyRoleSemantic,
-            String[] omissionMethods, Collection<String> urlPatterns) {
-        SecurityConstraint securityConstraint = addNewSecurityConstraint(webApp, rolesAllowed, transportGuarantee, emptyRoleSemantic, omissionMethods.length > 0);
-        if (securityConstraint != null) {
-            WebResourceCollection webResourceCollection = securityConstraint.getWebResourceCollection().get(0);
-            for (String omissionMethod : omissionMethods) {
-                webResourceCollection.getHttpMethodOmission().add(omissionMethod);
-            }
-            webResourceCollection.getUrlPattern().addAll(urlPatterns);
-        }
-        return securityConstraint;
-    }
-
-    private SecurityConstraint addNewHTTPMethodSecurityConstraint(WebApp webApp, String[] rolesAllowed, TransportGuarantee transportGuarantee,
-            ServletSecurity.EmptyRoleSemantic emptyRoleSemantic, String httpMethod, Collection<String> urlPatterns) {
-        SecurityConstraint securityConstraint = addNewSecurityConstraint(webApp, rolesAllowed, transportGuarantee, emptyRoleSemantic, true);
-        WebResourceCollection webResourceCollection = securityConstraint.getWebResourceCollection().get(0);
-        webResourceCollection.getUrlPattern().addAll(urlPatterns);
-        webResourceCollection.getHttpMethod().add(httpMethod);
-        return securityConstraint;
-    }
-
-    /**
-     * The return map contains the servlet class -> url patterns pairs, which are not configured in the security-constraint elements in the deployment plan.
-     * Because the security-constraint configurations in the deployment plan have the highest priority, those constraints configured by annotations should not override them
-     * @return
-     */
-    private Map<String, Set<String>> genetateServletClassUrlPatternsMap() {
-        Map<String, Set<String>> servletNameUrlPatternsMap = new HashMap<String, Set<String>>();
-        for (ServletMapping servletMapping : initialWebApp.getServletMapping()) {
-            String servletName = servletMapping.getServletName();
-            Set<String> urlPatterns = servletNameUrlPatternsMap.get(servletName);
-            if (urlPatterns == null) {
-                urlPatterns = new HashSet<String>();
-                servletNameUrlPatternsMap.put(servletName, urlPatterns);
-            }
-            for (String urlPattern : servletMapping.getUrlPattern()) {
-                if (!urlPatternsConfiguredInDeploymentPlans.contains(urlPattern)) {
-                    urlPatterns.add(urlPattern);
-                }
-            }
-        }
-        Map<String, Set<String>> servletClassUrlPatternsMap = new HashMap<String, Set<String>>();
-        for (Servlet servlet : initialWebApp.getServlet()) {
-            if (servlet.getServletClass() == null || servlet.getServletClass().isEmpty()) {
-                continue;
-            }
-            String servletClassName = servlet.getServletClass();
-            Set<String> urlPatterns = servletClassUrlPatternsMap.get(servlet.getServletClass());
-            if (urlPatterns == null) {
-                urlPatterns = new HashSet<String>();
-                servletClassUrlPatternsMap.put(servletClassName, urlPatterns);
-            }
-            Set<String> servletMappingUrlPatterns = servletNameUrlPatternsMap.get(servlet.getServletName());
-            if (servletMappingUrlPatterns != null) {
-                urlPatterns.addAll(servletMappingUrlPatterns);
-            }
-        }
-        return servletClassUrlPatternsMap;
-    }
-
     public void clear() {
         securityRoles.clear();
         uncheckedPatterns.clear();
@@ -593,11 +266,6 @@ public class SpecSecurityBuilder {
         rolesPatterns.clear();
         allSet.clear();
         allMap.clear();
-        initialWebApp = null;
-        bundle = null;
-        urlPatternsConfiguredInDeploymentPlans = null;
-        dynamicSecurityWebApp = null;
-        annotationSecurityWebApp = null;
     }
 
     private static class RecordingPolicyConfiguration implements PolicyConfiguration {

Added: geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/WebSecurityConstraintStore.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/WebSecurityConstraintStore.java?rev=1000329&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/WebSecurityConstraintStore.java (added)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/WebSecurityConstraintStore.java Thu Sep 23 05:53:14 2010
@@ -0,0 +1,266 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.geronimo.web.security;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.IdentityHashMap;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.servlet.HttpMethodConstraintElement;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletSecurityElement;
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.ServletSecurity.TransportGuarantee;
+
+import org.apache.geronimo.web.info.AuthConstraintInfo;
+import org.apache.geronimo.web.info.SecurityConstraintInfo;
+import org.apache.geronimo.web.info.ServletInfo;
+import org.apache.geronimo.web.info.WebAppInfo;
+import org.apache.geronimo.web.info.WebResourceCollectionInfo;
+import org.osgi.framework.Bundle;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class WebSecurityConstraintStore {
+
+    private static final Logger logger = LoggerFactory.getLogger(WebSecurityConstraintStore.class);
+
+    private boolean annotationScanRequired;
+
+    private Bundle bundle;
+
+    /**
+     * containerCreatedDynamicServlets contains all instance created using ServletContext.createServlet(Class<T> c)
+     */
+    private Map<javax.servlet.Servlet, String> containerCreatedDynamicServlets = new IdentityHashMap<javax.servlet.Servlet, String>();
+
+    /**
+     * containerCreatedDynamicServletNameClassMap contains all servlets programmatically added using ServletContext.addServlet(), unless addServlet takes
+     * instance which is not created using ServletContext.createServlet() method
+     */
+    private Map<String, String> containerCreatedDynamicServletNameClassMap = new HashMap<String, String>();
+
+    private Map<String, ServletSecurityElement> dynamicServletNameSecurityElementMap = new LinkedHashMap<String, ServletSecurityElement>();
+
+    private Set<String> securityRoles = new HashSet<String>();
+
+    private ServletContext servletContext;
+
+    private WebAppInfo webXmlAppInfo;
+
+    //Contains all the url patterns configured in the security-constraint from the web.xml file
+    private Set<String> webXmlConstraintUrlPatterns = new HashSet<String>();
+
+    public WebSecurityConstraintStore(WebAppInfo webXmlAppInfo) {
+        this(webXmlAppInfo, null, false, null);
+    }
+
+    public WebSecurityConstraintStore(WebAppInfo webXmlAppInfo, Bundle bundle, boolean annotationScanRequired, ServletContext servletContext) {
+        this.webXmlAppInfo = webXmlAppInfo;
+        if (annotationScanRequired && bundle == null) {
+            throw new IllegalArgumentException("Bundle parameter could not be null while annotation scanning is required");
+        }
+        this.bundle = bundle;
+        this.servletContext = servletContext;
+        this.annotationScanRequired = annotationScanRequired;
+        initialize();
+    }
+
+    public void addContainerCreatedDynamicServlet(javax.servlet.Servlet servlet) {
+        containerCreatedDynamicServlets.put(servlet, null);
+    }
+
+    public void addContainerCreatedDynamicServletEntry(String servletName, String servletClass) {
+        containerCreatedDynamicServletNameClassMap.put(servletName, servletClass);
+    }
+
+    public void declareRoles(String... roleNames) {
+        for (String roleName : roleNames) {
+            if (roleName == null || roleName.trim().length() == 0) {
+                throw new IllegalArgumentException("RoleName of null value or empty string is not allowed in declareRoles method");
+            }
+            securityRoles.add(roleName);
+        }
+    }
+
+    public WebAppInfo exportMergedWebAppInfo() {
+
+        /**
+         *  a. The security constraints in the portable deployment descriptor are of the highest priority,
+         *  b .None security annotations will take effect on the URL patterns explicitly configured in the portable deployment desciptor,
+         *      but for those URL patterns are not configured, the security annotations should take effect, except for META-COMPLETE is set with TRUE
+         *  c. All the dynamic added servlets should take care the ServletSecurity annotation, two exceptions are :
+                c1. Users create the servlet by themselves
+                c2. ServletRegistration.Dynamic.setServletConstraint is called
+         *  d. For those URL patterns added by ServletContext.getServletRegistration().addMappping, and those target servlets are configured
+         *      in the portable deployment plan, ServletSecurity annotation should also be taken care, except for META-COMPLETE is set with TRUE
+         */
+        List<SecurityConstraintInfo> securityConstraints = new ArrayList<SecurityConstraintInfo>();
+        //Scan ServletSecurity annotation if required
+        if (annotationScanRequired) {
+            for (ServletInfo servlet : webXmlAppInfo.servlets) {
+                Collection<String> urlPatterns = servletContext.getServletRegistration(servlet.servletName).getMappings();
+                urlPatterns.removeAll(webXmlConstraintUrlPatterns);
+                processServletConstraintAnnotation(securityConstraints, servlet.servletName, servlet.servletClass, urlPatterns);
+            }
+
+            for (Map.Entry<String, String> entry : containerCreatedDynamicServletNameClassMap.entrySet()) {
+                String servletName = entry.getKey();
+                Collection<String> urlPatterns = servletContext.getServletRegistration(servletName).getMappings();
+                urlPatterns.removeAll(webXmlConstraintUrlPatterns);
+                if (!dynamicServletNameSecurityElementMap.containsKey(servletName)) {
+                    processServletConstraintAnnotation(securityConstraints, servletName, entry.getValue(), urlPatterns);
+                }
+            }
+        }
+
+        //Process servlet security for dynamically added servlets
+        for (Map.Entry<String, ServletSecurityElement> entry : dynamicServletNameSecurityElementMap.entrySet()) {
+            Collection<String> urlPatterns = servletContext.getServletRegistration(entry.getKey()).getMappings();
+            urlPatterns.removeAll(webXmlConstraintUrlPatterns);
+            processServletSecurityElement(securityConstraints, entry.getValue(), urlPatterns);
+        }
+        webXmlAppInfo.securityConstraints.addAll(securityConstraints);
+        return webXmlAppInfo;
+    }
+
+    public boolean isContainerCreatedDynamicServlet(javax.servlet.Servlet servlet) {
+        return containerCreatedDynamicServlets.containsKey(servlet);
+    }
+
+    public Set<String> setDynamicServletSecurity(String servletName, ServletSecurityElement constraint, Collection<String> urlPatterns) {
+        dynamicServletNameSecurityElementMap.put(servletName, constraint);
+        Set<String> uneffectedUrlPatterns = new HashSet<String>(urlPatterns);
+        uneffectedUrlPatterns.retainAll(webXmlConstraintUrlPatterns);
+        return uneffectedUrlPatterns;
+    }
+
+    private void initialize() {
+        for (SecurityConstraintInfo secuirtyConstraint : webXmlAppInfo.securityConstraints) {
+            for (WebResourceCollectionInfo webResourceCollection : secuirtyConstraint.webResourceCollections) {
+                webXmlConstraintUrlPatterns.addAll(webResourceCollection.urlPatterns);
+            }
+        }
+    }
+
+    private SecurityConstraintInfo newHTTPMethodSecurityConstraint(String[] rolesAllowed, TransportGuarantee transportGuarantee, ServletSecurity.EmptyRoleSemantic emptyRoleSemantic,
+            String httpMethod, Collection<String> urlPatterns) {
+        SecurityConstraintInfo securityConstraint = newSecurityConstraint(rolesAllowed, transportGuarantee, emptyRoleSemantic, true);
+        WebResourceCollectionInfo webResourceCollection = securityConstraint.webResourceCollections.get(0);
+        webResourceCollection.urlPatterns.addAll(urlPatterns);
+        webResourceCollection.httpMethods.add(httpMethod);
+        return securityConstraint;
+    }
+
+    private SecurityConstraintInfo newHTTPSecurityConstraint(String[] rolesAllowed, TransportGuarantee transportGuarantee, ServletSecurity.EmptyRoleSemantic emptyRoleSemantic,
+            String[] omissionMethods, Collection<String> urlPatterns) {
+        SecurityConstraintInfo securityConstraint = newSecurityConstraint(rolesAllowed, transportGuarantee, emptyRoleSemantic, omissionMethods.length > 0);
+        if (securityConstraint != null) {
+            WebResourceCollectionInfo webResourceCollection = securityConstraint.webResourceCollections.get(0);
+            for (String omissionMethod : omissionMethods) {
+                webResourceCollection.httpMethods.add(omissionMethod);
+            }
+            webResourceCollection.urlPatterns.addAll(urlPatterns);
+            webResourceCollection.omission = true;
+        }
+        return securityConstraint;
+    }
+
+    private SecurityConstraintInfo newSecurityConstraint(String[] rolesAllowed, TransportGuarantee transportGuarantee, ServletSecurity.EmptyRoleSemantic emptyRoleSemantic, boolean force) {
+        //IF emptyRoleSemantic=PERMIT AND rolesAllowed={} AND transportGuarantee=NONE then
+        //  No Constraint
+        //END IF
+        if (force || rolesAllowed.length > 0 || transportGuarantee.equals(TransportGuarantee.CONFIDENTIAL) || emptyRoleSemantic.equals(ServletSecurity.EmptyRoleSemantic.DENY)) {
+            SecurityConstraintInfo securityConstraint = new SecurityConstraintInfo();
+            WebResourceCollectionInfo webResourceCollection = new WebResourceCollectionInfo();
+            securityConstraint.webResourceCollections.add(webResourceCollection);
+            if (transportGuarantee.equals(TransportGuarantee.CONFIDENTIAL)) {
+                securityConstraint.userDataConstraint = TransportGuarantee.CONFIDENTIAL.name();
+            }
+            if (emptyRoleSemantic.equals(ServletSecurity.EmptyRoleSemantic.DENY)) {
+                securityConstraint.authConstraint = new AuthConstraintInfo();
+            } else if (rolesAllowed.length > 0) {
+                //When rolesAllowed.length == 0 and emptyRoleSemantic.equals(ServletSecurity.EmptyRoleSemantic.PERMIT), no need to create the AuthConstraint object, as it means deny all
+                AuthConstraintInfo authConstraint = new AuthConstraintInfo();
+                for (String roleAllowed : rolesAllowed) {
+                    authConstraint.roleNames.add(roleAllowed);
+                }
+                securityConstraint.authConstraint = authConstraint;
+            }
+            return securityConstraint;
+        }
+        return null;
+    }
+
+    private void processServletConstraintAnnotation(List<SecurityConstraintInfo> securityConstraints, String servletName, String servletClassName, Collection<String> urlPatterns) {
+        try {
+            Class<?> cls = bundle.loadClass(servletClassName);
+            if (!javax.servlet.Servlet.class.isAssignableFrom(cls)) {
+                return;
+            }
+            ServletSecurity servletSecurity = cls.getAnnotation(ServletSecurity.class);
+            if (servletSecurity == null) {
+                return;
+            }
+            if (urlPatterns.isEmpty()) {
+                if (logger.isDebugEnabled()) {
+                    logger.debug("No url pattern for the servlet class " + servletClassName + " is found in the deployment plan, SecurityConstraint annotation is ignored");
+                }
+                return;
+            }
+            processServletSecurityAnnotation(securityConstraints, servletSecurity, urlPatterns);
+        } catch (ClassNotFoundException e) {
+            //Should never occur, as webservice builder  have already checked it.
+            logger.error("Fail to load class", e);
+        }
+    }
+
+    private void processServletSecurityAnnotation(List<SecurityConstraintInfo> securityConstraints, ServletSecurity servletSecurity, Collection<String> urlPatterns) {
+        processServletSecurityElement(securityConstraints, new ServletSecurityElement(servletSecurity), urlPatterns);
+    }
+
+    private void processServletSecurityElement(List<SecurityConstraintInfo> securityConstraints, ServletSecurityElement servletSecurityElement, Collection<String> urlPatterns) {
+        if (servletSecurityElement.getHttpMethodConstraints().size() > 0) {
+            for (HttpMethodConstraintElement httpMethodConstraint : servletSecurityElement.getHttpMethodConstraints()) {
+                //Generate a security-constraint for each HttpMethodConstraint
+                SecurityConstraintInfo securityConstraint = newHTTPMethodSecurityConstraint(httpMethodConstraint.getRolesAllowed(), httpMethodConstraint.getTransportGuarantee(),
+                        httpMethodConstraint.getEmptyRoleSemantic(), httpMethodConstraint.getMethodName(), urlPatterns);
+                if (securityConstraint != null) {
+                    securityConstraints.add(securityConstraint);
+                }
+                declareRoles(httpMethodConstraint.getRolesAllowed());
+            }
+        }
+        SecurityConstraintInfo securityConstraint = newHTTPSecurityConstraint(servletSecurityElement.getRolesAllowed(), servletSecurityElement.getTransportGuarantee(),
+                servletSecurityElement.getEmptyRoleSemantic(), servletSecurityElement.getMethodNames().toArray(new String[0]), urlPatterns);
+        if (securityConstraint != null) {
+            securityConstraints.add(securityConstraint);
+        }
+        declareRoles(servletSecurityElement.getRolesAllowed());
+    }
+
+}

Modified: geronimo/server/trunk/plugins/j2ee/j2ee-server/src/main/history/dependencies.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/j2ee-server/src/main/history/dependencies.xml?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/j2ee-server/src/main/history/dependencies.xml (original)
+++ geronimo/server/trunk/plugins/j2ee/j2ee-server/src/main/history/dependencies.xml Thu Sep 23 05:53:14 2010
@@ -27,8 +27,33 @@
         <type>jar</type>
     </dependency>
     <dependency>
+        <groupId>org.apache.geronimo.specs</groupId>
+        <artifactId>geronimo-osgi-registry</artifactId>
+        <type>jar</type>
+    </dependency>
+    <dependency>
         <groupId>org.apache.servicemix.bundles</groupId>
         <artifactId>org.apache.servicemix.bundles.howl</artifactId>
         <type>jar</type>
     </dependency>
+    <dependency>
+        <groupId>org.apache.servicemix.bundles</groupId>
+        <artifactId>org.apache.servicemix.bundles.xpp3</artifactId>
+        <type>jar</type>
+    </dependency>
+    <dependency>
+        <groupId>org.apache.xbean</groupId>
+        <artifactId>xbean-bundleutils</artifactId>
+        <type>jar</type>
+    </dependency>
+    <dependency>
+        <groupId>org.apache.xbean</groupId>
+        <artifactId>xbean-finder</artifactId>
+        <type>jar</type>
+    </dependency>
+    <dependency>
+        <groupId>org.apache.xbean</groupId>
+        <artifactId>xbean-reflect</artifactId>
+        <type>jar</type>
+    </dependency>
 </plugin-artifact>

Modified: geronimo/server/trunk/plugins/jetty8/geronimo-jetty8-builder/src/main/java/org/apache/geronimo/jetty8/deployment/JettyModuleBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty8/geronimo-jetty8-builder/src/main/java/org/apache/geronimo/jetty8/deployment/JettyModuleBuilder.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty8/geronimo-jetty8-builder/src/main/java/org/apache/geronimo/jetty8/deployment/JettyModuleBuilder.java (original)
+++ geronimo/server/trunk/plugins/jetty8/geronimo-jetty8-builder/src/main/java/org/apache/geronimo/jetty8/deployment/JettyModuleBuilder.java Thu Sep 23 05:53:14 2010
@@ -17,6 +17,9 @@
 
 package org.apache.geronimo.jetty8.deployment;
 
+import static java.lang.Boolean.FALSE;
+import static java.lang.Boolean.TRUE;
+
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
@@ -33,6 +36,7 @@ import java.util.Map;
 import java.util.jar.JarFile;
 
 import javax.xml.bind.JAXBException;
+
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.deployment.Deployable;
 import org.apache.geronimo.deployment.DeployableBundle;
@@ -82,6 +86,7 @@ import org.apache.geronimo.schema.Schema
 import org.apache.geronimo.security.deployment.GeronimoSecurityBuilderImpl;
 import org.apache.geronimo.security.jaas.ConfigurationFactory;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
+import org.apache.geronimo.web.WebAttributeName;
 import org.apache.geronimo.web.deployment.GenericToSpecificPlanConverter;
 import org.apache.geronimo.web.info.ServletInfo;
 import org.apache.geronimo.web.info.WebAppInfo;
@@ -117,9 +122,6 @@ import org.osgi.service.packageadmin.Pac
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import static java.lang.Boolean.FALSE;
-import static java.lang.Boolean.TRUE;
-
 /**
  * @version $Rev:385659 $ $Date$
  */
@@ -558,11 +560,23 @@ public class JettyModuleBuilder extends 
                 webModuleData.setAttribute("compactPath", Boolean.TRUE);
             }
 
+            //Save Deployment Attributes
+            Map<String, Object> deploymentAttributes = new HashMap<String, Object>();
+            deploymentAttributes.put(WebAttributeName.META_COMPLETE.name(), webApp.isMetadataComplete());
+            deploymentAttributes.put(WebAttributeName.SCHEMA_VERSION.name(), INITIAL_WEB_XML_SCHEMA_VERSION.get(earContext.getGeneralData()));
+            deploymentAttributes.put(WebAttributeName.ORDERED_LIBS.name(), AbstractWebModuleBuilder.ORDERED_LIBS.get(earContext.getGeneralData()));
+            deploymentAttributes.put(WebAttributeName.SERVLET_CONTAINER_INITIALIZERS.name(), AbstractWebModuleBuilder.SERVLET_CONTAINER_INITIALIZERS.get(earContext.getGeneralData()));
+            webModuleData.setAttribute("deploymentAttributes", deploymentAttributes);
+
             //TODO this may definitely not be the best place for this!
             for (ModuleBuilderExtension mbe : moduleBuilderExtensions) {
                 mbe.addGBeans(earContext, module, bundle, repository);
             }
 
+            if (jettyWebApp.isSetSecurityRealmName()) {
+                webModuleData.setReferencePattern("applicationPolicyConfigurationManager", EARContext.JACC_MANAGER_NAME_KEY.get(earContext.getGeneralData()));
+            }
+
             //not truly metadata complete until MBEs have run
             if (!webApp.isMetadataComplete()) {
                 webApp.setMetadataComplete(true);



Mime
View raw message