From scm-return-44157-apmail-geronimo-scm-archive=geronimo.apache.org@geronimo.apache.org Mon Sep 27 17:50:27 2010 Return-Path: Delivered-To: apmail-geronimo-scm-archive@www.apache.org Received: (qmail 71849 invoked from network); 27 Sep 2010 17:50:26 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 27 Sep 2010 17:50:26 -0000 Received: (qmail 99197 invoked by uid 500); 27 Sep 2010 17:50:26 -0000 Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org Received: (qmail 99067 invoked by uid 500); 27 Sep 2010 17:50:26 -0000 Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list scm@geronimo.apache.org Received: (qmail 99060 invoked by uid 99); 27 Sep 2010 17:50:25 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Sep 2010 17:50:25 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Sep 2010 17:50:25 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id E9D1523889B9; Mon, 27 Sep 2010 17:50:04 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1001836 - in /geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat: GeronimoStandardContext.java core/ listener/JACCSecurityLifecycleListener.java stats/ModuleStats.java Date: Mon, 27 Sep 2010 17:50:04 -0000 To: scm@geronimo.apache.org From: djencks@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20100927175004.E9D1523889B9@eris.apache.org> Author: djencks Date: Mon Sep 27 17:50:04 2010 New Revision: 1001836 URL: http://svn.apache.org/viewvc?rev=1001836&view=rev Log: GERONIMO-5624, GERONIMO-5577 Use proposed modifications in tomcat securiity contracts to avoid wrapping servlet context and ServletRegistration.Dynamic Removed: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/core/ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/listener/JACCSecurityLifecycleListener.java Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/stats/ModuleStats.java Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java?rev=1001836&r1=1001835&r2=1001836&view=diff ============================================================================== --- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java (original) +++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java Mon Sep 27 17:50:04 2010 @@ -30,17 +30,20 @@ import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; -import java.util.Map.Entry; import java.util.zip.ZipEntry; import java.util.zip.ZipInputStream; import javax.naming.directory.DirContext; import javax.security.auth.Subject; +import javax.security.auth.login.LoginException; import javax.security.jacc.PolicyContext; +import javax.security.jacc.PolicyContextException; import javax.servlet.Servlet; import javax.servlet.ServletContainerInitializer; import javax.servlet.ServletContext; import javax.servlet.ServletException; +import javax.servlet.ServletRegistration; +import javax.servlet.ServletSecurityElement; import org.apache.catalina.Container; import org.apache.catalina.ContainerListener; @@ -55,7 +58,7 @@ import org.apache.catalina.Valve; import org.apache.catalina.Wrapper; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; -import org.apache.catalina.core.ApplicationContext; +import org.apache.catalina.core.ApplicationServletRegistration; import org.apache.catalina.core.StandardContext; import org.apache.catalina.core.StandardWrapper; import org.apache.catalina.ha.CatalinaCluster; @@ -67,19 +70,21 @@ import org.apache.geronimo.kernel.util.I import org.apache.geronimo.osgi.web.WebApplicationUtils; import org.apache.geronimo.security.ContextManager; import org.apache.geronimo.security.jaas.ConfigurationFactory; +import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager; +import org.apache.geronimo.security.jacc.ComponentPermissions; import org.apache.geronimo.security.jacc.RunAsSource; -import org.apache.geronimo.tomcat.core.GeronimoApplicationContext; import org.apache.geronimo.tomcat.interceptor.BeforeAfter; import org.apache.geronimo.tomcat.interceptor.ComponentContextBeforeAfter; import org.apache.geronimo.tomcat.interceptor.InstanceContextBeforeAfter; import org.apache.geronimo.tomcat.interceptor.UserTransactionBeforeAfter; import org.apache.geronimo.tomcat.listener.DispatchListener; -import org.apache.geronimo.tomcat.listener.JACCSecurityLifecycleListener; import org.apache.geronimo.tomcat.listener.RunAsInstanceListener; import org.apache.geronimo.tomcat.util.SecurityHolder; import org.apache.geronimo.tomcat.valve.GeronimoBeforeAfterValve; import org.apache.geronimo.tomcat.valve.ProtectedTargetValve; import org.apache.geronimo.web.WebAttributeName; +import org.apache.geronimo.web.security.SpecSecurityBuilder; +import org.apache.geronimo.web.security.WebSecurityConstraintStore; import org.apache.geronimo.webservices.POJOWebServiceServlet; import org.apache.geronimo.webservices.WebServiceContainer; import org.apache.geronimo.webservices.WebServiceContainerInvoker; @@ -114,6 +119,8 @@ public class GeronimoStandardContext ext private boolean authenticatorInstalled; private ConfigurationFactory configurationFactory; private String policyContextId; + private WebSecurityConstraintStore webSecurityConstraintStore; + private ApplicationPolicyConfigurationManager applicationPolicyConfigurationManager; private Bundle bundle; private ServiceRegistration serviceRegistration; @@ -156,11 +163,13 @@ public class GeronimoStandardContext ext getServletContext().setAttribute(entry.getKey(), entry.getValue()); } } + applicationPolicyConfigurationManager = tomcatWebAppContext.getApplicationPolicyConfigurationManager(); if (tomcatWebAppContext.getSecurityHolder() != null) { configurationFactory = tomcatWebAppContext.getSecurityHolder().getConfigurationFactory(); - //Add JACCSecurityLifecycleListener, it will calculate the security configurations when web module is initialized - addJACCSecurityLifecycleListener(tomcatWebAppContext); } + float schemaVersion = (Float) tomcatWebAppContext.getDeploymentAttribute(WebAttributeName.SCHEMA_VERSION.name()); + boolean metaComplete = (Boolean) tomcatWebAppContext.getDeploymentAttribute(WebAttributeName.META_COMPLETE.name()); + webSecurityConstraintStore = new WebSecurityConstraintStore(tomcatWebAppContext.getWebAppInfo(), bundle, schemaVersion >= 2.5f && !metaComplete, getInternalServletContext()); ServletContext servletContext = getServletContext(); servletContext.setAttribute(InstanceManager.class.getName(), ctx.getInstanceManager()); @@ -313,23 +322,10 @@ public class GeronimoStandardContext ext } } - private void addJACCSecurityLifecycleListener(TomcatWebAppContext tomcatWebAppContext) throws DeploymentException { - float schemaVersion = (Float) tomcatWebAppContext.getDeploymentAttribute(WebAttributeName.SCHEMA_VERSION.name()); - boolean metaComplete = (Boolean) tomcatWebAppContext.getDeploymentAttribute(WebAttributeName.META_COMPLETE.name()); - try { - addLifecycleListener(new JACCSecurityLifecycleListener(bundle, tomcatWebAppContext.getWebAppInfo(), schemaVersion >= 2.5f && !metaComplete, tomcatWebAppContext.getApplicationPolicyConfigurationManager(), - tomcatWebAppContext.getSecurityHolder().getPolicyContextID())); - } catch (DeploymentException e) { - throw e; - } catch (Exception e) { - logger.error("fail to parse the web.xml file while starting the web application", e); - throw new DeploymentException("fail to parse the web.xml file while starting the web application", e); - } - } - private final Object instanceListenersLock = new Object(); private final Object wrapperLifecyclesLock = new Object(); private final Object wrapperListenersLock = new Object(); + @Override public Wrapper createWrapper() { Wrapper wrapper = null; @@ -389,6 +385,7 @@ public class GeronimoStandardContext ext /* This method is called by a background thread to destroy sessions (among other things) * so we need to apply appropriate context to the thread to expose JNDI, etc. */ + @Override public void backgroundProcess() { Object context[] = null; @@ -428,12 +425,14 @@ public class GeronimoStandardContext ext } } + @Override protected void initInternal() throws LifecycleException { String docBase = getDocBase(); super.initInternal(); setDocBase(docBase); } + @Override protected void startInternal() throws LifecycleException { if (pipelineInitialized) { try { @@ -458,16 +457,38 @@ public class GeronimoStandardContext ext } catch (ServletException e) { throw new LifecycleException(e); } + SpecSecurityBuilder specSecurityBuilder = new SpecSecurityBuilder(webSecurityConstraintStore.exportMergedWebAppInfo()); + Map contextIdPermissionsMap = new HashMap(); + contextIdPermissionsMap.put(getPolicyContextId(), specSecurityBuilder.buildSpecSecurityConfig()); + //Update ApplicationPolicyConfigurationManager + if (applicationPolicyConfigurationManager != null) { + try { + applicationPolicyConfigurationManager.updateApplicationPolicyConfiguration(contextIdPermissionsMap); + } catch (LoginException e) { + logger.error("Fail to set application policy configurations", e); + throw new RuntimeException("Fail to set application policy configurations", e); + } catch (PolicyContextException e) { + logger.error("Fail to set application policy configurations", e); + throw new RuntimeException("Fail to set application policy configurations", e); + } catch (ClassNotFoundException e) { + logger.error("Fail to set application policy configurations", e); + throw new RuntimeException("Fail to set application policy configurations", e); + } finally { + //Clear SpecSecurityBuilder + specSecurityBuilder.clear(); + } + } + + // for OSGi Web Applications support register ServletContext in service registry + if (WebApplicationUtils.isWebApplicationBundle(bundle)) { + serviceRegistration = WebApplicationUtils.registerServletContext(bundle, getServletContext()); + } } else { super.startInternal(); } - - // for OSGi Web Applications support register ServletContext in service registry - if (WebApplicationUtils.isWebApplicationBundle(bundle)) { - serviceRegistration = WebApplicationUtils.registerServletContext(bundle, getServletContext()); - } } + @Override public void addChild(Container child) { Wrapper wrapper = (Wrapper) child; @@ -514,6 +535,7 @@ public class GeronimoStandardContext ext super.addChild(child); } + @Override public synchronized void setLoader(final Loader delegate) { Loader loader = new Loader() { @@ -581,16 +603,6 @@ public class GeronimoStandardContext ext super.setLoader(loader); } - @Override - public ServletContext getServletContext() { - if (context == null) { - context = new GeronimoApplicationContext(this); - if (getAltDDName() != null) - context.setAttribute(Globals.ALT_DD_ATTR, getAltDDName()); - } - return super.getServletContext(); - } - public ServletContext getInternalServletContext() { return context; } @@ -686,6 +698,7 @@ public class GeronimoStandardContext ext super(true); } + @Override public void invoke(Request request, Response response) throws IOException, ServletException { if (request == null && response == null) { try { @@ -765,4 +778,29 @@ public class GeronimoStandardContext ext return super.getBasePath(); } } + + @Override + public ServletRegistration.Dynamic dynamicServletAdded(Wrapper wrapper) { + ServletRegistration.Dynamic registration = new ApplicationServletRegistration(wrapper, this); + if (wrapper.getServlet() == null || webSecurityConstraintStore.isContainerCreatedDynamicServlet(wrapper.getServlet())) { + webSecurityConstraintStore.addContainerCreatedDynamicServletEntry(registration, wrapper.getServletClass()); + } + return registration; + } + + @Override + public void dynamicServletCreated(Servlet servlet) { + webSecurityConstraintStore.addContainerCreatedDynamicServlet(servlet); + } + + @Override + public Set addServletSecurity(ApplicationServletRegistration registration, ServletSecurityElement servletSecurityElement) { + return webSecurityConstraintStore.setDynamicServletSecurity(registration, servletSecurityElement); + } + + @Override + public void addSecurityRole(String role) { + super.addSecurityRole(role); + webSecurityConstraintStore.declareRoles(role); + } } Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/stats/ModuleStats.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/stats/ModuleStats.java?rev=1001836&r1=1001835&r2=1001836&view=diff ============================================================================== --- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/stats/ModuleStats.java (original) +++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/stats/ModuleStats.java Mon Sep 27 17:50:04 2010 @@ -120,9 +120,9 @@ public class ModuleStats { stats.setSessionAliveTime(maxActive, -1, sessionMaxAliveTime, sessionAverageAliveTime * maxActive); stats.setRejectedSessionCount(rejectedSessions); - stats.setExpiredSessionCount(expiredSessions); + stats.setExpiredSessionCount((int)expiredSessions); stats.setActiveSessionCount(activeSessions); - stats.setSessionCount(sessionCounter); + stats.setSessionCount((int)sessionCounter); } catch (Exception ex) { log.error("Error getting attribute " + mgrName + " " + ex.toString());