geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r1000329 [2/2] - in /geronimo/server/trunk/plugins: j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/ j2ee/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/security/ j2ee/geronimo-w...
Date Thu, 23 Sep 2010 05:53:15 GMT
Modified: geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/WebAppContextWrapper.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/WebAppContextWrapper.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/WebAppContextWrapper.java (original)
+++ geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/WebAppContextWrapper.java Thu Sep 23 05:53:14 2010
@@ -18,7 +18,10 @@
 package org.apache.geronimo.jetty8;
 
 import java.net.URL;
-import java.util.*;
+import java.util.HashMap;
+import java.util.Hashtable;
+import java.util.Map;
+import java.util.Set;
 
 import javax.management.MalformedObjectNameException;
 import javax.management.ObjectName;
@@ -36,12 +39,12 @@ import org.apache.geronimo.gbean.annotat
 import org.apache.geronimo.gbean.annotation.SpecialAttributeType;
 import org.apache.geronimo.j2ee.RuntimeCustomizer;
 import org.apache.geronimo.j2ee.annotation.Holder;
-import org.apache.geronimo.j2ee.annotation.LifecycleMethod;
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.j2ee.jndi.ContextSource;
 import org.apache.geronimo.j2ee.management.impl.InvalidObjectNameException;
 import org.apache.geronimo.jetty8.handler.GeronimoWebAppContext;
 import org.apache.geronimo.jetty8.handler.IntegrationContext;
+import org.apache.geronimo.jetty8.security.JACCSecurityEventListener;
 import org.apache.geronimo.jetty8.security.SecurityHandlerFactory;
 import org.apache.geronimo.kernel.Kernel;
 import org.apache.geronimo.kernel.ObjectNameUtil;
@@ -49,19 +52,19 @@ import org.apache.geronimo.management.J2
 import org.apache.geronimo.management.J2EEServer;
 import org.apache.geronimo.management.geronimo.WebContainer;
 import org.apache.geronimo.management.geronimo.WebModule;
+import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
 import org.apache.geronimo.security.jacc.RunAsSource;
 import org.apache.geronimo.transaction.GeronimoUserTransaction;
+import org.apache.geronimo.web.WebAttributeName;
 import org.apache.geronimo.web.info.WebAppInfo;
 import org.eclipse.jetty.http.MimeTypes;
 import org.eclipse.jetty.security.SecurityHandler;
 import org.eclipse.jetty.server.session.SessionHandler;
 import org.eclipse.jetty.servlet.ErrorPageErrorHandler;
 import org.eclipse.jetty.servlet.ServletHandler;
-import org.eclipse.jetty.servlet.ServletHolder;
-import org.eclipse.jetty.servlet.ServletMapping;
+import org.osgi.framework.Bundle;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.osgi.framework.Bundle;
 
 /**
  * Wrapper for a WebApplicationContext that sets up its J2EE environment.
@@ -120,6 +123,7 @@ public class WebAppContextWrapper implem
                                 @ParamAttribute(name = "policyContextID") String policyContextID,
                                 @ParamReference(name = "SecurityHandlerFactory") SecurityHandlerFactory securityHandlerFactory,
                                 @ParamReference(name = "RunAsSource") RunAsSource runAsSource,
+                                @ParamReference(name = "applicationPolicyConfigurationManager") ApplicationPolicyConfigurationManager applicationPolicyConfigurationManager,
 
                                 @ParamAttribute(name = "holder") Holder holder,
                                 @ParamAttribute(name = "webAppInfo") WebAppInfo webAppInfo,
@@ -133,6 +137,8 @@ public class WebAppContextWrapper implem
                                 @ParamReference(name = "J2EEApplication") J2EEApplication application,
                                 @ParamReference(name = "ContextSource") ContextSource contextSource,
                                 @ParamReference(name = "TransactionManager") TransactionManager transactionManager,
+
+                                @ParamAttribute(name = "deploymentAttributes") Map<String, Object> deploymentAttributes,
                                 @ParamSpecial(type = SpecialAttributeType.kernel) Kernel kernel) throws Exception {
 
         assert contextSource != null;
@@ -240,6 +246,13 @@ public class WebAppContextWrapper implem
         }
         //supply web.xml to jasper
         webAppContext.setAttribute(JASPER_WEB_XML_NAME, originalSpecDD);
+
+        if (securityHandlerFactory != null) {
+            float schemaVersion = (Float) deploymentAttributes.get(WebAttributeName.SCHEMA_VERSION.name());
+            boolean metaComplete = (Boolean) deploymentAttributes.get(WebAttributeName.META_COMPLETE.name());
+            webAppContext.addLifeCycleListener(new JACCSecurityEventListener(bundle, webAppInfo, schemaVersion >= 2.5f && !metaComplete, applicationPolicyConfigurationManager, policyContextID,
+                    (GeronimoWebAppContext.SecurityContext) webAppContext.getServletContext()));
+        }
     }
 
 
@@ -283,7 +296,7 @@ public class WebAppContextWrapper implem
     public void fullyStarted() {
         webAppContext.registerServletContext();
     }
-    
+
     public void doStart() throws Exception {
         // reset the classsloader... jetty likes to set it to null when stopping
         webAppContext.setClassLoader(webClassLoader);

Modified: geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/EJBWebServiceContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/EJBWebServiceContext.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/EJBWebServiceContext.java (original)
+++ geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/EJBWebServiceContext.java Thu Sep 23 05:53:14 2010
@@ -16,26 +16,9 @@
  */
 package org.apache.geronimo.jetty8.handler;
 
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.geronimo.webservices.WebServiceContainer;
-import org.apache.geronimo.jetty8.security.SecurityHandlerFactory;
-import org.eclipse.jetty.server.Request;
-import org.eclipse.jetty.server.Response;
-import org.eclipse.jetty.http.HttpException;
-import org.eclipse.jetty.servlet.ServletHandler;
-import org.eclipse.jetty.servlet.ServletContextHandler;
 import org.eclipse.jetty.security.SecurityHandler;
+import org.eclipse.jetty.servlet.ServletContextHandler;
+import org.eclipse.jetty.servlet.ServletHandler;
 
 /**
  * Specialization of ContextHandler that just has a security and servlet handler.

Added: geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoApplicationServletRegistrationAdapter.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoApplicationServletRegistrationAdapter.java?rev=1000329&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoApplicationServletRegistrationAdapter.java (added)
+++ geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoApplicationServletRegistrationAdapter.java Thu Sep 23 05:53:14 2010
@@ -0,0 +1,122 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.geronimo.jetty8.handler;
+
+import java.util.Collection;
+import java.util.Map;
+import java.util.Set;
+
+import javax.servlet.MultipartConfigElement;
+import javax.servlet.ServletRegistration;
+import javax.servlet.ServletSecurityElement;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class GeronimoApplicationServletRegistrationAdapter implements ServletRegistration.Dynamic {
+
+    private ServletRegistration.Dynamic applicationServletRegistration;
+
+    private GeronimoWebAppContext webAppContext;
+
+    private GeronimoWebAppContext.SecurityContext applicationContext;
+
+    public GeronimoApplicationServletRegistrationAdapter(GeronimoWebAppContext webAppContext, ServletRegistration.Dynamic applicationServletRegistration) {
+        this.webAppContext = webAppContext;
+        this.applicationServletRegistration = applicationServletRegistration;
+        this.applicationContext = (GeronimoWebAppContext.SecurityContext) webAppContext.getServletContext();
+    }
+
+    @Override
+    public void setLoadOnStartup(int loadOnStartup) {
+        applicationServletRegistration.setLoadOnStartup(loadOnStartup);
+    }
+
+    @Override
+    public void setMultipartConfig(MultipartConfigElement multipartConfig) {
+        applicationServletRegistration.setMultipartConfig(multipartConfig);
+    }
+
+    @Override
+    public void setRunAsRole(String roleName) {
+        applicationServletRegistration.setRunAsRole(roleName);
+        applicationContext.getWebSecurityConstraintStore().declareRoles(roleName);
+    }
+
+    @Override
+    public Set<String> setServletSecurity(ServletSecurityElement constraint) {
+        if (constraint == null) {
+            throw new IllegalArgumentException("ServletSecurityElement configured by setServletSecurity should not be null");
+        }
+        if (webAppContext.isStarted())
+            throw new IllegalStateException();
+        if (!applicationContext.isEnabled())
+            throw new UnsupportedOperationException();
+        return applicationContext.getWebSecurityConstraintStore().setDynamicServletSecurity(getName(), constraint, getMappings());
+    }
+
+    @Override
+    public Set<String> addMapping(String... urlPatterns) {
+        return applicationServletRegistration.addMapping(urlPatterns);
+    }
+
+    @Override
+    public Collection<String> getMappings() {
+        return applicationServletRegistration.getMappings();
+    }
+
+    @Override
+    public String getRunAsRole() {
+        return applicationServletRegistration.getRunAsRole();
+    }
+
+    @Override
+    public void setAsyncSupported(boolean asyncSupported) {
+        applicationServletRegistration.setAsyncSupported(asyncSupported);
+    }
+
+    @Override
+    public String getClassName() {
+        return applicationServletRegistration.getClassName();
+    }
+
+    @Override
+    public String getInitParameter(String name) {
+        return applicationServletRegistration.getInitParameter(name);
+    }
+
+    @Override
+    public Map<String, String> getInitParameters() {
+        return applicationServletRegistration.getInitParameters();
+    }
+
+    @Override
+    public String getName() {
+        return applicationServletRegistration.getName();
+    }
+
+    @Override
+    public boolean setInitParameter(String name, String value) {
+        return applicationServletRegistration.setInitParameter(name, value);
+    }
+
+    @Override
+    public Set<String> setInitParameters(Map<String, String> initParameters) {
+        return applicationServletRegistration.setInitParameters(initParameters);
+    }
+}

Modified: geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoWebAppContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoWebAppContext.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoWebAppContext.java (original)
+++ geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoWebAppContext.java Thu Sep 23 05:53:14 2010
@@ -30,32 +30,33 @@ import java.util.HashSet;
 import java.util.Set;
 
 import javax.naming.NamingException;
-
 import javax.servlet.Filter;
 import javax.servlet.Servlet;
 import javax.servlet.ServletException;
+import javax.servlet.ServletRegistration.Dynamic;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.geronimo.connector.outbound.connectiontracking.ConnectorInstanceContext;
+import org.apache.geronimo.connector.outbound.connectiontracking.SharedConnectorInstanceContext;
+import org.apache.geronimo.osgi.web.WebApplicationConstants;
+import org.apache.geronimo.osgi.web.WebApplicationUtils;
 import org.apache.geronimo.web.assembler.Assembler;
 import org.apache.geronimo.web.info.WebAppInfo;
+import org.apache.geronimo.web.security.WebSecurityConstraintStore;
+import org.apache.xbean.osgi.bundle.util.BundleUtils;
+import org.eclipse.jetty.security.SecurityHandler;
 import org.eclipse.jetty.server.Request;
 import org.eclipse.jetty.server.handler.ErrorHandler;
-import org.eclipse.jetty.security.SecurityHandler;
-import org.eclipse.jetty.servlet.ServletHandler;
 import org.eclipse.jetty.server.session.SessionHandler;
-import org.eclipse.jetty.webapp.WebAppContext;
+import org.eclipse.jetty.servlet.ServletHandler;
 import org.eclipse.jetty.util.StringUtil;
 import org.eclipse.jetty.util.URIUtil;
 import org.eclipse.jetty.util.resource.Resource;
 import org.eclipse.jetty.util.resource.URLResource;
+import org.eclipse.jetty.webapp.WebAppContext;
 import org.osgi.framework.Bundle;
 import org.osgi.framework.ServiceRegistration;
-import org.apache.geronimo.connector.outbound.connectiontracking.ConnectorInstanceContext;
-import org.apache.geronimo.connector.outbound.connectiontracking.SharedConnectorInstanceContext;
-import org.apache.xbean.osgi.bundle.util.BundleUtils;
-import org.apache.geronimo.osgi.web.WebApplicationConstants;
-import org.apache.geronimo.osgi.web.WebApplicationUtils;
 
 /**
  * @version $Rev$ $Date$
@@ -71,18 +72,18 @@ public class GeronimoWebAppContext exten
 
     public GeronimoWebAppContext(SecurityHandler securityHandler, SessionHandler sessionHandler, ServletHandler servletHandler, ErrorHandler errorHandler, IntegrationContext integrationContext, ClassLoader classLoader, String modulePath, WebAppInfo webAppInfo) {
         super(sessionHandler, securityHandler, servletHandler, errorHandler);
-        _scontext = new Context();
+        _scontext = securityHandler == null ? new Context() : new SecurityContext();
         this.integrationContext = integrationContext;
         setClassLoader(classLoader);
         this.classLoader = classLoader;
         setAttribute(WebApplicationConstants.BUNDLE_CONTEXT_ATTRIBUTE, integrationContext.getBundle().getBundleContext());
-        // now set the module context ValidatorFactory in a context property. 
+        // now set the module context ValidatorFactory in a context property.
         try {
             javax.naming.Context ctx = integrationContext.getComponentContext();
             Object validatorFactory = ctx.lookup("comp/ValidatorFactory");
             setAttribute("javax.faces.validator.beanValidator.ValidatorFactory", validatorFactory);
         } catch (NamingException e) {
-            // ignore.  We just don't set the property if it's not available. 
+            // ignore.  We just don't set the property if it's not available.
         }
         this.modulePath = modulePath;
         this.webAppInfo = webAppInfo;
@@ -95,13 +96,13 @@ public class GeronimoWebAppContext exten
             serviceRegistration = WebApplicationUtils.registerServletContext(bundle, getServletContext());
         }
     }
-    
+
     public void unregisterServletContext() {
         if (serviceRegistration != null) {
             serviceRegistration.unregister();
         }
     }
-    
+
     @Override
     protected void doStart() throws Exception {
         javax.naming.Context context = integrationContext.setContext();
@@ -113,6 +114,7 @@ public class GeronimoWebAppContext exten
             try {
                 Assembler assembler = new Assembler();
                 assembler.assemble(getServletContext(), webAppInfo);
+                ((GeronimoWebAppContext.Context) _scontext).webXmlProcessed = true;
                 super.doStart();
                 fullyStarted = true;
             } finally {
@@ -162,17 +164,17 @@ public class GeronimoWebAppContext exten
     }
 
     @Override
-    protected boolean isProtectedTarget(String target) {    
+    protected boolean isProtectedTarget(String target) {
         while (target.startsWith("//")) {
             target=URIUtil.compactPath(target);
         }
-         
-        return StringUtil.startsWithIgnoreCase(target, "/web-inf") || 
+
+        return StringUtil.startsWithIgnoreCase(target, "/web-inf") ||
                StringUtil.startsWithIgnoreCase(target, "/meta-inf") ||
                StringUtil.startsWithIgnoreCase(target, "/osgi-inf") ||
                StringUtil.startsWithIgnoreCase(target, "/osgi-opt");
     }
-    
+
     @Override
     public Resource newResource(String url) throws IOException {
         if (url == null) {
@@ -180,7 +182,7 @@ public class GeronimoWebAppContext exten
         }
         return newResource(new URL(url));
     }
-    
+
     @Override
     public Resource newResource(URL url) throws IOException {
         if (url == null) {
@@ -194,7 +196,7 @@ public class GeronimoWebAppContext exten
             return super.newResource(url);
         }
     }
-    
+
     @Override
     public Resource getResource(String uriInContext) throws MalformedURLException {
         if (uriInContext == null || !uriInContext.startsWith("/")) {
@@ -244,9 +246,9 @@ public class GeronimoWebAppContext exten
         protected BundleFileResource(URL url) {
             super(url, null);
         }
-        
-        /* 
-         * Always return true as we are pretty sure the resource does exist. This prevents 
+
+        /*
+         * Always return true as we are pretty sure the resource does exist. This prevents
          * NPE as described at https://bugs.eclipse.org/bugs/show_bug.cgi?id=193269
          */
         @Override
@@ -257,6 +259,8 @@ public class GeronimoWebAppContext exten
 
     public class Context extends WebAppContext.Context {
 
+        protected boolean webXmlProcessed = false;
+
         @Override
         public <T extends Filter> T createFilter(Class<T> c) throws ServletException {
             try {
@@ -290,4 +294,80 @@ public class GeronimoWebAppContext exten
             }
         }
     }
+
+    public class SecurityContext extends Context {
+
+        private WebSecurityConstraintStore webSecurityConstraintStore;
+
+        @Override
+        public Dynamic addServlet(String servletName, Class<? extends Servlet> servletClass) {
+            Dynamic dynamic = super.addServlet(servletName, servletClass);
+            if (!webXmlProcessed) {
+                return dynamic;
+            }
+            webSecurityConstraintStore.addContainerCreatedDynamicServletEntry(servletName, servletClass.getName());
+            return createGeronimoApplicationServletRegistrationAdapter(dynamic, servletName);
+        }
+
+        @Override
+        public Dynamic addServlet(String servletName, Servlet servlet) {
+            Dynamic dynamic = super.addServlet(servletName, servlet);
+            if (!webXmlProcessed) {
+                return dynamic;
+            }
+            if (webSecurityConstraintStore.isContainerCreatedDynamicServlet(servlet)) {
+                webSecurityConstraintStore.addContainerCreatedDynamicServletEntry(servletName, servlet.getClass().getName());
+            }
+            return createGeronimoApplicationServletRegistrationAdapter(dynamic, servletName);
+        }
+
+        @Override
+        public Dynamic addServlet(String servletName, String className) {
+            Dynamic dynamic = super.addServlet(servletName, className);
+            if (!webXmlProcessed) {
+                return dynamic;
+            }
+            webSecurityConstraintStore.addContainerCreatedDynamicServletEntry(servletName, className);
+            return createGeronimoApplicationServletRegistrationAdapter(dynamic, servletName);
+        }
+
+        @Override
+        public void declareRoles(String... roles) {
+            if (!isStarting())
+                throw new IllegalStateException();
+            if (!_enabled)
+                throw new UnsupportedOperationException();
+            webSecurityConstraintStore.declareRoles(roles);
+        }
+
+        protected Dynamic createGeronimoApplicationServletRegistrationAdapter(Dynamic applicationServletRegistration, String servletName) {
+            if (applicationServletRegistration == null) {
+                return null;
+            }
+            return new GeronimoApplicationServletRegistrationAdapter(GeronimoWebAppContext.this, applicationServletRegistration);
+        }
+
+        public WebSecurityConstraintStore getWebSecurityConstraintStore() {
+            return webSecurityConstraintStore;
+        }
+
+        public void setWebSecurityConstraintStore(WebSecurityConstraintStore webSecurityConstraintStore) {
+            this.webSecurityConstraintStore = webSecurityConstraintStore;
+        }
+
+        @Override
+        public <T extends Servlet> T createServlet(Class<T> c) throws ServletException {
+            try {
+                T servlet = (T) integrationContext.getHolder().newInstance(c.getName(), classLoader, integrationContext.getComponentContext());
+                if (isStarting()) {
+                    webSecurityConstraintStore.addContainerCreatedDynamicServlet(servlet);
+                }
+                return servlet;
+            } catch (IllegalAccessException e) {
+                throw new ServletException("Could not create servlet " + c.getName(), e);
+            } catch (InstantiationException e) {
+                throw new ServletException("Could not create servlet " + c.getName(), e);
+            }
+        }
+    }
 }

Added: geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/JACCSecurityEventListener.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/JACCSecurityEventListener.java?rev=1000329&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/JACCSecurityEventListener.java (added)
+++ geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/JACCSecurityEventListener.java Thu Sep 23 05:53:14 2010
@@ -0,0 +1,112 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.geronimo.jetty8.security;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.login.LoginException;
+import javax.security.jacc.PolicyContextException;
+
+import org.apache.geronimo.common.DeploymentException;
+import org.apache.geronimo.jetty8.handler.GeronimoWebAppContext;
+import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
+import org.apache.geronimo.security.jacc.ComponentPermissions;
+import org.apache.geronimo.web.info.WebAppInfo;
+import org.apache.geronimo.web.security.SpecSecurityBuilder;
+import org.apache.geronimo.web.security.WebSecurityConstraintStore;
+import org.eclipse.jetty.util.component.LifeCycle;
+import org.osgi.framework.Bundle;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class JACCSecurityEventListener implements LifeCycle.Listener {
+
+    private static final Logger logger = LoggerFactory.getLogger(JACCSecurityEventListener.class);
+
+    private Bundle bundle;
+
+    private boolean annotationScanRequired;
+
+    private String contextId;
+
+    private ApplicationPolicyConfigurationManager applicationPolicyConfigurationManager;
+
+    private WebAppInfo webXmlAppInfo;
+
+    private GeronimoWebAppContext.SecurityContext applicationContext;
+
+    private WebSecurityConstraintStore webSecurityConstraintStore;
+
+    public JACCSecurityEventListener(Bundle bundle, WebAppInfo webXmlAppInfo, boolean annotationScanRequired, ApplicationPolicyConfigurationManager applicationPolicyConfigurationManager,
+            String contextId, GeronimoWebAppContext.SecurityContext applicationContext) {
+        this.bundle = bundle;
+        this.contextId = contextId;
+        this.annotationScanRequired = annotationScanRequired;
+        this.applicationPolicyConfigurationManager = applicationPolicyConfigurationManager;
+        this.webXmlAppInfo = webXmlAppInfo == null ? new WebAppInfo() : webXmlAppInfo;
+        this.applicationContext = applicationContext;
+    }
+
+    @Override
+    public void lifeCycleStarting(LifeCycle event) {
+        webSecurityConstraintStore = new WebSecurityConstraintStore(webXmlAppInfo, bundle, annotationScanRequired, applicationContext);
+        applicationContext.setWebSecurityConstraintStore(webSecurityConstraintStore);
+    }
+
+    @Override
+    public void lifeCycleStarted(LifeCycle event) {
+        //Calculate the final Security Permissions
+        SpecSecurityBuilder specSecurityBuilder = new SpecSecurityBuilder(webSecurityConstraintStore.exportMergedWebAppInfo());
+        Map<String, ComponentPermissions> contextIdPermissionsMap = new HashMap<String, ComponentPermissions>();
+        contextIdPermissionsMap.put(contextId, specSecurityBuilder.buildSpecSecurityConfig());
+        //Update ApplicationPolicyConfigurationManager
+        try {
+            applicationPolicyConfigurationManager.updateApplicationPolicyConfiguration(contextIdPermissionsMap);
+        } catch (LoginException e) {
+            logger.error("Fail to set application policy configurations", e);
+            throw new RuntimeException("Fail to set application policy configurations", e);
+        } catch (PolicyContextException e) {
+            logger.error("Fail to set application policy configurations", e);
+            throw new RuntimeException("Fail to set application policy configurations", e);
+        } catch (ClassNotFoundException e) {
+            logger.error("Fail to set application policy configurations", e);
+            throw new RuntimeException("Fail to set application policy configurations", e);
+        } finally {
+            //Clear SpecSecurityBuilder
+            specSecurityBuilder.clear();
+            applicationContext.setWebSecurityConstraintStore(null);
+        }
+    }
+
+    @Override
+    public void lifeCycleFailure(LifeCycle event, Throwable cause) {
+    }
+
+    @Override
+    public void lifeCycleStopping(LifeCycle event) {
+    }
+
+    @Override
+    public void lifeCycleStopped(LifeCycle event) {
+    }
+
+}

Modified: geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/test/java/org/apache/geronimo/jetty8/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/test/java/org/apache/geronimo/jetty8/AbstractWebModuleTest.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/test/java/org/apache/geronimo/jetty8/AbstractWebModuleTest.java (original)
+++ geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/test/java/org/apache/geronimo/jetty8/AbstractWebModuleTest.java Thu Sep 23 05:53:14 2010
@@ -18,10 +18,10 @@ package org.apache.geronimo.jetty8;
 
 import java.io.File;
 import java.net.URL;
+import java.security.AccessControlContext;
 import java.security.PermissionCollection;
 import java.security.Permissions;
 import java.security.Principal;
-import java.security.AccessControlContext;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -29,11 +29,13 @@ import java.util.Map;
 import java.util.Set;
 
 import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+import javax.security.jacc.PolicyContextException;
 import javax.security.jacc.WebResourcePermission;
 import javax.security.jacc.WebUserDataPermission;
-import javax.transaction.TransactionManager;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
+import javax.transaction.TransactionManager;
 
 import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator;
 import org.apache.geronimo.connector.outbound.connectiontracking.GeronimoTransactionListener;
@@ -41,14 +43,14 @@ import org.apache.geronimo.j2ee.annotati
 import org.apache.geronimo.j2ee.jndi.ContextSource;
 import org.apache.geronimo.j2ee.jndi.WebContextSource;
 import org.apache.geronimo.jetty8.connector.HTTPSocketConnector;
+import org.apache.geronimo.jetty8.handler.GeronimoUserIdentity;
 import org.apache.geronimo.jetty8.security.SecurityHandlerFactory;
 import org.apache.geronimo.jetty8.security.ServerAuthenticationGBean;
-import org.apache.geronimo.jetty8.handler.GeronimoUserIdentity;
 import org.apache.geronimo.kernel.config.ConfigurationData;
 import org.apache.geronimo.kernel.osgi.MockBundleContext;
 import org.apache.geronimo.kernel.repository.Artifact;
-import org.apache.geronimo.security.SecurityServiceImpl;
 import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.SecurityServiceImpl;
 import org.apache.geronimo.security.deploy.SubjectInfo;
 import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
 import org.apache.geronimo.security.jacc.ComponentPermissions;
@@ -63,16 +65,17 @@ import org.apache.geronimo.system.server
 import org.apache.geronimo.system.serverinfo.ServerInfo;
 import org.apache.geronimo.testsupport.TestSupport;
 import org.apache.geronimo.transaction.manager.TransactionManagerImpl;
+import org.apache.geronimo.web.WebAttributeName;
 import org.apache.geronimo.web.info.ServletInfo;
 import org.apache.geronimo.web.info.WebAppInfo;
-import org.eclipse.jetty.server.UserIdentity;
-import org.eclipse.jetty.server.Authentication;
-import org.eclipse.jetty.security.LoginService;
-import org.eclipse.jetty.security.ServerAuthException;
 import org.eclipse.jetty.security.Authenticator;
 import org.eclipse.jetty.security.IdentityService;
+import org.eclipse.jetty.security.LoginService;
+import org.eclipse.jetty.security.ServerAuthException;
 import org.eclipse.jetty.security.UserAuthentication;
 import org.eclipse.jetty.security.authentication.FormAuthenticator;
+import org.eclipse.jetty.server.Authentication;
+import org.eclipse.jetty.server.UserIdentity;
 import org.osgi.framework.Bundle;
 
 
@@ -108,12 +111,14 @@ public class AbstractWebModuleTest exten
 
     protected WebAppContextWrapper setUpAppContext(String securityRealmName, SecurityHandlerFactory securityHandlerFactory, String policyContextId, RunAsSource runAsSource, String uriString, WebAppInfo webAppInfo) throws Exception {
 
+        ApplicationPolicyConfigurationManager applicationPolicyConfigurationManager = null;
+
         if (securityHandlerFactory == null) {
             Permissions unchecked = new Permissions();
             unchecked.add(new WebUserDataPermission("/", null));
             unchecked.add(new WebResourcePermission("/", ""));
             ComponentPermissions componentPermissions = new ComponentPermissions(new Permissions(), unchecked, Collections.<String, PermissionCollection>emptyMap());
-            setUpJACC(Collections.<String, SubjectInfo>emptyMap(), Collections.<Principal, Set<String>>emptyMap(), componentPermissions, policyContextId);
+            applicationPolicyConfigurationManager = setUpJACC(Collections.<String, SubjectInfo>emptyMap(), Collections.<Principal, Set<String>>emptyMap(), componentPermissions, policyContextId);
             LoginService loginService = newLoginService();
 //            final ServletCallbackHandler callbackHandler = new ServletCallbackHandler(loginService);
             final Subject subject = new Subject();
@@ -137,6 +142,9 @@ public class AbstractWebModuleTest exten
             }, loginService);
         }
         String contextPath = "/test";
+        Map<String, Object> deploymentAttributes = new HashMap<String, Object>();
+        deploymentAttributes.put(WebAttributeName.META_COMPLETE.name(), Boolean.TRUE);
+        deploymentAttributes.put(WebAttributeName.SCHEMA_VERSION.name(), 3.0f);
         ContextSource contextSource = new WebContextSource(Collections.<String, Object>emptyMap(),
                 Collections.<String, Object>emptyMap(),
                 transactionManager,
@@ -167,6 +175,7 @@ public class AbstractWebModuleTest exten
                 policyContextId,
                 securityHandlerFactory,
                 runAsSource,
+                applicationPolicyConfigurationManager == null ? (ApplicationPolicyConfigurationManager) runAsSource : applicationPolicyConfigurationManager,
                 new Holder(),
                 webAppInfo,
                 null,
@@ -176,7 +185,9 @@ public class AbstractWebModuleTest exten
                 null,
                 null,
                 contextSource,
-                transactionManager, null);
+                transactionManager,
+                deploymentAttributes,
+                null);
         app.doStart();
         return app;
     }
@@ -205,7 +216,13 @@ public class AbstractWebModuleTest exten
         PrincipalRoleMapper roleMapper = new ApplicationPrincipalRoleConfigurationManager(principalRoleMap, null, roleDesignates, null);
         Map<String, ComponentPermissions> contextIDToPermissionsMap = new HashMap<String, ComponentPermissions>();
         contextIDToPermissionsMap.put(policyContextId, componentPermissions);
-        ApplicationPolicyConfigurationManager jacc = new ApplicationPolicyConfigurationManager(contextIDToPermissionsMap, roleMapper, cl);
+        ApplicationPolicyConfigurationManager jacc = new ApplicationPolicyConfigurationManager(contextIDToPermissionsMap, roleMapper, cl) {
+
+            @Override
+            public void updateApplicationPolicyConfiguration(Map<String, ComponentPermissions> arg0) throws PolicyContextException, ClassNotFoundException, LoginException {
+              //JACCSecurity Test build the ComponnentPermissions manually, use an empty update method to prevent JACCSecurityListener to update the permissions
+            }
+        };
         jacc.doStart();
         return jacc;
     }

Modified: geronimo/server/trunk/plugins/jetty8/jetty8-deployer/src/main/history/dependencies.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty8/jetty8-deployer/src/main/history/dependencies.xml?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty8/jetty8-deployer/src/main/history/dependencies.xml (original)
+++ geronimo/server/trunk/plugins/jetty8/jetty8-deployer/src/main/history/dependencies.xml Thu Sep 23 05:53:14 2010
@@ -26,4 +26,29 @@
         <artifactId>geronimo-jetty8-builder</artifactId>
         <type>jar</type>
     </dependency>
+    <dependency>
+        <groupId>org.apache.geronimo.modules</groupId>
+        <artifactId>geronimo-web</artifactId>
+        <type>jar</type>
+    </dependency>
+    <dependency>
+        <groupId>org.apache.geronimo.specs</groupId>
+        <artifactId>geronimo-jacc_1.4_spec</artifactId>
+        <type>jar</type>
+    </dependency>
+    <dependency>
+        <groupId>org.apache.geronimo.specs</groupId>
+        <artifactId>geronimo-jaspic_1.0_spec</artifactId>
+        <type>jar</type>
+    </dependency>
+    <dependency>
+        <groupId>org.apache.geronimo.specs</groupId>
+        <artifactId>geronimo-osgi-locator</artifactId>
+        <type>jar</type>
+    </dependency>
+    <dependency>
+        <groupId>org.apache.xbean</groupId>
+        <artifactId>xbean-bundleutils</artifactId>
+        <type>jar</type>
+    </dependency>
 </plugin-artifact>

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java Thu Sep 23 05:53:14 2010
@@ -16,12 +16,7 @@
  */
 package org.apache.geronimo.tomcat;
 
-import java.io.DataInputStream;
-import java.io.DataOutputStream;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
 import java.beans.PropertyChangeListener;
-import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
@@ -45,6 +40,7 @@ import javax.servlet.Servlet;
 import javax.servlet.ServletContainerInitializer;
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
+
 import org.apache.catalina.Container;
 import org.apache.catalina.ContainerListener;
 import org.apache.catalina.Engine;
@@ -58,6 +54,7 @@ import org.apache.catalina.Valve;
 import org.apache.catalina.Wrapper;
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
+import org.apache.catalina.core.ApplicationContext;
 import org.apache.catalina.core.StandardContext;
 import org.apache.catalina.core.StandardWrapper;
 import org.apache.catalina.ha.CatalinaCluster;
@@ -86,8 +83,6 @@ import org.apache.geronimo.webservices.P
 import org.apache.geronimo.webservices.WebServiceContainer;
 import org.apache.geronimo.webservices.WebServiceContainerInvoker;
 import org.apache.naming.resources.FileDirContext;
-import org.apache.openejb.jee.JaxbJavaee;
-import org.apache.openejb.jee.WebApp;
 import org.apache.tomcat.InstanceManager;
 import org.osgi.framework.Bundle;
 import org.osgi.framework.ServiceRegistration;
@@ -161,7 +156,6 @@ public class GeronimoStandardContext ext
             }
             if (tomcatWebAppContext.getSecurityHolder() != null) {
                 configurationFactory = tomcatWebAppContext.getSecurityHolder().getConfigurationFactory();
-
                 //Add JACCSecurityLifecycleListener, it will calculate the security configurations when web module is initialized
                 addJACCSecurityLifecycleListener(tomcatWebAppContext);
             }
@@ -314,9 +308,7 @@ public class GeronimoStandardContext ext
         float schemaVersion = (Float) tomcatWebAppContext.getDeploymentAttribute(WebAttributeName.SCHEMA_VERSION.name());
         boolean metaComplete = (Boolean) tomcatWebAppContext.getDeploymentAttribute(WebAttributeName.META_COMPLETE.name());
         try {
-            WebApp webApp = tomcatWebAppContext.getDeploymentDescriptor() == null ? null : (WebApp) JaxbJavaee.unmarshalJavaee(WebApp.class, new ByteArrayInputStream(tomcatWebAppContext
-                    .getDeploymentDescriptor().getBytes()));
-            addLifecycleListener(new JACCSecurityLifecycleListener(bundle, webApp, schemaVersion >= 2.5f && !metaComplete, tomcatWebAppContext.getApplicationPolicyConfigurationManager(),
+            addLifecycleListener(new JACCSecurityLifecycleListener(bundle, tomcatWebAppContext.getWebAppInfo(), schemaVersion >= 2.5f && !metaComplete, tomcatWebAppContext.getApplicationPolicyConfigurationManager(),
                     tomcatWebAppContext.getSecurityHolder().getPolicyContextID()));
         } catch (DeploymentException e) {
             throw e;
@@ -580,11 +572,10 @@ public class GeronimoStandardContext ext
         super.setLoader(loader);
     }
 
-
     @Override
     public ServletContext getServletContext() {
         if (context == null) {
-            context = new GeronimoApplicationContext(this);
+            context =  new GeronimoApplicationContext(this);
             if (getAltDDName() != null)
                 context.setAttribute(Globals.ALT_DD_ATTR, getAltDDName());
         }

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/core/GeronimoApplicationContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/core/GeronimoApplicationContext.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/core/GeronimoApplicationContext.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/core/GeronimoApplicationContext.java Thu Sep 23 05:53:14 2010
@@ -18,13 +18,14 @@
 package org.apache.geronimo.tomcat.core;
 
 import javax.servlet.Servlet;
+import javax.servlet.ServletException;
 import javax.servlet.ServletRegistration.Dynamic;
 
 import org.apache.catalina.LifecycleState;
 import org.apache.catalina.Wrapper;
 import org.apache.catalina.core.ApplicationContext;
 import org.apache.geronimo.tomcat.GeronimoStandardContext;
-import org.apache.geronimo.web.security.SpecSecurityBuilder;
+import org.apache.geronimo.web.security.WebSecurityConstraintStore;
 
 /**
  * @version $Rev$ $Date$
@@ -33,8 +34,7 @@ public class GeronimoApplicationContext 
 
     private GeronimoStandardContext context;
 
-    private SpecSecurityBuilder specSecurityBuilder;
-
+    private WebSecurityConstraintStore webSecurityConstraintStore;
     /**
      * @param context
      */
@@ -45,26 +45,55 @@ public class GeronimoApplicationContext 
 
     @Override
     public Dynamic addServlet(String servletName, Class<? extends Servlet> servletClass) throws IllegalStateException {
-        return createGeronimoApplicationServletRegistrationAdapter(super.addServlet(servletName, servletClass), servletName);
+        Dynamic dynamic = super.addServlet(servletName, servletClass);
+        if (!context.getConfigured() || webSecurityConstraintStore == null) {
+            return dynamic;
+        }
+        webSecurityConstraintStore.addContainerCreatedDynamicServletEntry(servletName, servletClass.getName());
+        return createGeronimoApplicationServletRegistrationAdapter(dynamic, servletName);
     }
 
     @Override
     public Dynamic addServlet(String servletName, Servlet servlet) throws IllegalStateException {
-        return createGeronimoApplicationServletRegistrationAdapter(super.addServlet(servletName, servlet), servletName);
+        Dynamic dynamic = super.addServlet(servletName, servlet);
+        if (!context.getConfigured() || webSecurityConstraintStore == null) {
+            return dynamic;
+        }
+        if (webSecurityConstraintStore.isContainerCreatedDynamicServlet(servlet)) {
+            webSecurityConstraintStore.addContainerCreatedDynamicServletEntry(servletName, servlet.getClass().getName());
+        }
+        return createGeronimoApplicationServletRegistrationAdapter(dynamic, servletName);
     }
 
     @Override
     public Dynamic addServlet(String servletName, String servletClass) throws IllegalStateException {
-        return createGeronimoApplicationServletRegistrationAdapter(super.addServlet(servletName, servletClass), servletName);
+        Dynamic dynamic = super.addServlet(servletName, servletClass);
+        if (!context.getConfigured() || webSecurityConstraintStore == null) {
+            return dynamic;
+        }
+        webSecurityConstraintStore.addContainerCreatedDynamicServletEntry(servletName, servletClass);
+        return createGeronimoApplicationServletRegistrationAdapter(dynamic, servletName);
+    }
+
+    @Override
+    public <T extends Servlet> T createServlet(Class<T> c) throws ServletException  {
+        T servlet = super.createServlet(c);
+        if (!context.getConfigured() || webSecurityConstraintStore == null) {
+            webSecurityConstraintStore.addContainerCreatedDynamicServlet(servlet);
+        }
+        return servlet;
     }
 
     @Override
     public void declareRoles(String... roles) {
+        if (!context.getConfigured() || webSecurityConstraintStore == null) {
+            super.declareRoles(roles);
+            return;
+        }
         if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
             throw new IllegalStateException("declareRoles is not allowed to invoke after the ServletContext is initialized");
         }
-        specSecurityBuilder.declareRoles(roles);
-        //super.declareRoles(roles);
+        webSecurityConstraintStore.declareRoles(roles);
     }
 
     protected Dynamic createGeronimoApplicationServletRegistrationAdapter(Dynamic applicationServletRegistration, String servletName) {
@@ -74,11 +103,11 @@ public class GeronimoApplicationContext 
         return new GeronimoApplicationServletRegistrationAdapter(context, this, (Wrapper) context.findChild(servletName), applicationServletRegistration);
     }
 
-    public SpecSecurityBuilder getSpecSecurityBuilder() {
-        return specSecurityBuilder;
+    public WebSecurityConstraintStore getWebSecurityConstraintStore() {
+        return webSecurityConstraintStore;
     }
 
-    public void setSpecSecurityBuilder(SpecSecurityBuilder specSecurityBuilder) {
-        this.specSecurityBuilder = specSecurityBuilder;
+    public void setWebSecurityConstraintStore(WebSecurityConstraintStore webSecurityConstraintStore) {
+        this.webSecurityConstraintStore = webSecurityConstraintStore;
     }
 }

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/core/GeronimoApplicationServletRegistrationAdapter.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/core/GeronimoApplicationServletRegistrationAdapter.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/core/GeronimoApplicationServletRegistrationAdapter.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/core/GeronimoApplicationServletRegistrationAdapter.java Thu Sep 23 05:53:14 2010
@@ -28,7 +28,6 @@ import javax.servlet.ServletSecurityElem
 import org.apache.catalina.LifecycleState;
 import org.apache.catalina.Wrapper;
 import org.apache.geronimo.tomcat.GeronimoStandardContext;
-import org.apache.geronimo.web.security.SpecSecurityBuilder;
 
 /**
  * @version $Rev$ $Date$
@@ -65,10 +64,7 @@ public class GeronimoApplicationServletR
     public void setRunAsRole(String roleName) {
         if (roleName != null) {
             applicationServletRegistration.setRunAsRole(roleName);
-            SpecSecurityBuilder specSecurityBuilder = applicationContext.getSpecSecurityBuilder();
-            if (specSecurityBuilder != null) {
-                specSecurityBuilder.declareRoles(roleName);
-            }
+            applicationContext.getWebSecurityConstraintStore().declareRoles(roleName);
         }
     }
 
@@ -80,13 +76,7 @@ public class GeronimoApplicationServletR
         if (standardContext.getState() != LifecycleState.STARTING_PREP) {
             throw new IllegalStateException("setServletSecurity action is not allowed after the context " + standardContext.getPath() + " is initialized");
         }
-        SpecSecurityBuilder specSecurityBuilder = applicationContext.getSpecSecurityBuilder();
-        if (specSecurityBuilder == null) {
-            //Should Never Happen ?
-            throw new IllegalStateException(
-                    "Web security builder is null, setServletSecurity action is not supported, you must make sure enable the security configuration while deploying the web application");
-        }
-        return specSecurityBuilder.setServletSecurity(constraint, getMappings());
+        return applicationContext.getWebSecurityConstraintStore().setDynamicServletSecurity(getName(), constraint, getMappings());
     }
 
     @Override

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/listener/JACCSecurityLifecycleListener.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/listener/JACCSecurityLifecycleListener.java?rev=1000329&r1=1000328&r2=1000329&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/listener/JACCSecurityLifecycleListener.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/listener/JACCSecurityLifecycleListener.java Thu Sep 23 05:53:14 2010
@@ -22,6 +22,7 @@ import java.util.Map;
 
 import javax.security.auth.login.LoginException;
 import javax.security.jacc.PolicyContextException;
+
 import org.apache.catalina.Lifecycle;
 import org.apache.catalina.LifecycleEvent;
 import org.apache.catalina.LifecycleListener;
@@ -30,8 +31,9 @@ import org.apache.geronimo.security.jacc
 import org.apache.geronimo.security.jacc.ComponentPermissions;
 import org.apache.geronimo.tomcat.GeronimoStandardContext;
 import org.apache.geronimo.tomcat.core.GeronimoApplicationContext;
+import org.apache.geronimo.web.info.WebAppInfo;
 import org.apache.geronimo.web.security.SpecSecurityBuilder;
-import org.apache.openejb.jee.WebApp;
+import org.apache.geronimo.web.security.WebSecurityConstraintStore;
 import org.osgi.framework.Bundle;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -52,15 +54,15 @@ public class JACCSecurityLifecycleListen
 
     private ApplicationPolicyConfigurationManager applicationPolicyConfigurationManager;
 
-    private WebApp deploymentDescriptor;
+    private WebAppInfo webXmlAppInfo;
 
-    public JACCSecurityLifecycleListener(Bundle bundle, WebApp deploymentDescriptor, boolean annotationScanRequired, ApplicationPolicyConfigurationManager applicationPolicyConfigurationManager,
+    public JACCSecurityLifecycleListener(Bundle bundle, WebAppInfo webXmlAppInfo, boolean annotationScanRequired, ApplicationPolicyConfigurationManager applicationPolicyConfigurationManager,
             String contextId) throws DeploymentException {
         this.bundle = bundle;
         this.contextId = contextId;
         this.annotationScanRequired = annotationScanRequired;
         this.applicationPolicyConfigurationManager = applicationPolicyConfigurationManager;
-        this.deploymentDescriptor = deploymentDescriptor == null? new WebApp(): deploymentDescriptor;
+        this.webXmlAppInfo = webXmlAppInfo == null ? new WebAppInfo() : webXmlAppInfo;
     }
 
     @Override
@@ -68,15 +70,15 @@ public class JACCSecurityLifecycleListen
         String lifecycleEventType = lifecycleEvent.getType();
         if (lifecycleEventType.equals(Lifecycle.BEFORE_START_EVENT)) {
             //Initialize SpecSecurityBuilder
-            SpecSecurityBuilder specSecurityBuilder = new SpecSecurityBuilder(deploymentDescriptor, bundle, annotationScanRequired);
             GeronimoStandardContext standardContext = (GeronimoStandardContext) lifecycleEvent.getSource();
             GeronimoApplicationContext applicationContext = (GeronimoApplicationContext) standardContext.getInternalServletContext();
-            applicationContext.setSpecSecurityBuilder(specSecurityBuilder);
+            WebSecurityConstraintStore webSecurityConstraintStore = new WebSecurityConstraintStore(webXmlAppInfo, bundle, annotationScanRequired, applicationContext);
+            applicationContext.setWebSecurityConstraintStore(webSecurityConstraintStore);
         } else if (lifecycleEventType.equals(Lifecycle.START_EVENT)) {
             GeronimoStandardContext standardContext = (GeronimoStandardContext) lifecycleEvent.getSource();
             GeronimoApplicationContext applicationContext = (GeronimoApplicationContext) standardContext.getInternalServletContext();
             //Calculate the final Security Permissions
-            SpecSecurityBuilder specSecurityBuilder = applicationContext.getSpecSecurityBuilder();
+            SpecSecurityBuilder specSecurityBuilder = new SpecSecurityBuilder(applicationContext.getWebSecurityConstraintStore().exportMergedWebAppInfo());
             Map<String, ComponentPermissions> contextIdPermissionsMap = new HashMap<String, ComponentPermissions>();
             contextIdPermissionsMap.put(contextId, specSecurityBuilder.buildSpecSecurityConfig());
             //Update ApplicationPolicyConfigurationManager
@@ -94,7 +96,7 @@ public class JACCSecurityLifecycleListen
             } finally {
                 //Clear SpecSecurityBuilder
                 specSecurityBuilder.clear();
-                applicationContext.setSpecSecurityBuilder(null);
+                applicationContext.setWebSecurityConstraintStore(null);
             }
         }
     }



Mime
View raw message