geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r1331047 [1/2] - in /geronimo/server/branches/3.0-beta: ./ framework/modules/geronimo-security/ framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/ framework/modules/geronimo-security/src/main/java/org/apac...
Date Thu, 26 Apr 2012 19:40:52 GMT
Author: djencks
Date: Thu Apr 26 19:40:50 2012
New Revision: 1331047

URL: http://svn.apache.org/viewvc?rev=1331047&view=rev
Log:
GERONIMO-6337, GERONIMO-6338 more unified implementation of correct CallbackHandler behavior

Added:
    geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/IdentityService.java
      - copied, changed from r1330031, geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java
    geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/LoginService.java
      - copied, changed from r1327711, geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java
    geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/UserIdentity.java
      - copied, changed from r1327711, geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java
    geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/
    geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/GeronimoIdentityService.java
      - copied, changed from r1330031, geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java
    geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/GeronimoLoginService.java
      - copied, changed from r1330031, geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java
    geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/JACCUserIdentity.java
      - copied, changed from r1330031, geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCUserIdentity.java
    geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/JaspicCallbackHandler.java
      - copied, changed from r1330031, geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java
    geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/WrappingCallerPrincipal.java   (with props)
    geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoJettyUserIdentity.java   (contents, props changed)
      - copied, changed from r1327711, geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoUserIdentity.java
    geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/auth/GeronimoJaspiAuthenticator.java
Removed:
    geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/WrappingCallerPrincipal.java
    geronimo/server/branches/3.0-beta/plugins/connector-1_6/geronimo-connector-1_6/src/main/java/org/apache/geronimo/connector/wrapper/work/ConnectorCallbackHandler.java
    geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoUserIdentity.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCUserIdentity.java
Modified:
    geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/pom.xml
    geronimo/server/branches/3.0-beta/plugins/aries/aries-deployer/src/main/history/dependencies.xml
    geronimo/server/branches/3.0-beta/plugins/aries/aries/src/main/history/dependencies.xml
    geronimo/server/branches/3.0-beta/plugins/client/client/src/main/history/dependencies.xml
    geronimo/server/branches/3.0-beta/plugins/connector-1_6/geronimo-connector-1_6/src/main/java/org/apache/geronimo/connector/wrapper/work/SecurityContextHandler.java
    geronimo/server/branches/3.0-beta/plugins/j2ee/jsr88-jar-configurer/src/main/history/dependencies.xml
    geronimo/server/branches/3.0-beta/plugins/j2ee/jsr88-rar-configurer/src/main/history/dependencies.xml
    geronimo/server/branches/3.0-beta/plugins/j2ee/jsr88-war-configurer/src/main/history/dependencies.xml
    geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/JaccSecurityHandler.java
    geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/AuthConfigProviderHandlerFactory.java
    geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/JettyIdentityService.java
    geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/JettySecurityHandlerFactory.java
    geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/SecurityHandlerFactory.java
    geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/auth/JAASLoginService.java
    geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/test/java/org/apache/geronimo/jetty8/AbstractWebModuleTest.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/DigestAuthenticator.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/FormAuthenticator.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/GenericHeaderAuthenticator.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/NoneAuthenticator.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/SpnegoAuthenticator.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicAuthenticator.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCAuthorizer.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCEJBWebServiceAuthorizer.java
    geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCSecurityValve.java
    geronimo/server/branches/3.0-beta/pom.xml

Modified: geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/pom.xml?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/pom.xml (original)
+++ geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/pom.xml Thu Apr 26 19:40:50 2012
@@ -82,14 +82,14 @@
             <artifactId>geronimo-jaspi</artifactId>
         </dependency>
 
-        <dependency>
-           <groupId>org.apache.geronimo.bundles</groupId>
-           <artifactId>sxc-jaxb</artifactId>
-        </dependency>
-        <dependency>
-           <groupId>org.apache.geronimo.bundles</groupId>
-           <artifactId>sxc-runtime</artifactId>
-        </dependency>
+        <!--<dependency>-->
+           <!--<groupId>org.apache.geronimo.bundles</groupId>-->
+           <!--<artifactId>sxc-jaxb</artifactId>-->
+        <!--</dependency>-->
+        <!--<dependency>-->
+           <!--<groupId>org.apache.geronimo.bundles</groupId>-->
+           <!--<artifactId>sxc-runtime</artifactId>-->
+        <!--</dependency>-->
 
         <dependency>
             <groupId>org.apache.geronimo.testsupport</groupId>
@@ -109,6 +109,16 @@
     <build>
         <plugins>
             <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-bundle-plugin</artifactId>
+                <configuration>
+                    <instructions>
+                        <Export-Package>org.apache.geronimo.security.*,
+                            org.apache.geronimo.security.jaspi.impl</Export-Package>
+                    </instructions>
+                </configuration>
+            </plugin>
+            <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <configuration>

Copied: geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/IdentityService.java (from r1330031, geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java)
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/IdentityService.java?p2=geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/IdentityService.java&p1=geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java&r1=1330031&r2=1331047&rev=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/IdentityService.java (original)
+++ geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/IdentityService.java Thu Apr 26 19:40:50 2012
@@ -18,11 +18,9 @@
  */
 
 
-package org.apache.geronimo.tomcat.security;
+package org.apache.geronimo.security.jaspi;
 
 import javax.security.auth.Subject;
-import java.security.Principal;
-import java.util.List;
 
 /**
  * @version $Rev$ $Date$

Copied: geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/LoginService.java (from r1327711, geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java)
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/LoginService.java?p2=geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/LoginService.java&p1=geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java&r1=1327711&r2=1331047&rev=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java (original)
+++ geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/LoginService.java Thu Apr 26 19:40:50 2012
@@ -18,7 +18,7 @@
  */
 
 
-package org.apache.geronimo.tomcat.security;
+package org.apache.geronimo.security.jaspi;
 
 import java.security.cert.X509Certificate;
 
@@ -33,8 +33,8 @@ public interface LoginService {
 
     UserIdentity login(X509Certificate[] certs);
 
-    void logout(UserIdentity userIdentity);
-
     UserIdentity login(CallbackHandler callbackHandler);
 
+    void logout(UserIdentity userIdentity);
+
 }

Copied: geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/UserIdentity.java (from r1327711, geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java)
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/UserIdentity.java?p2=geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/UserIdentity.java&p1=geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java&r1=1327711&r2=1331047&rev=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java (original)
+++ geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/UserIdentity.java Thu Apr 26 19:40:50 2012
@@ -18,9 +18,11 @@
  */
 
 
-package org.apache.geronimo.tomcat.security;
+package org.apache.geronimo.security.jaspi;
 
 import javax.security.auth.Subject;
+
+import java.security.AccessControlContext;
 import java.security.Principal;
 
 /**
@@ -29,4 +31,6 @@ import java.security.Principal;
 public interface UserIdentity {
     Principal getUserPrincipal();
     Subject getSubject();
+
+    AccessControlContext getAccessControlContext();
 }

Copied: geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/GeronimoIdentityService.java (from r1330031, geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java)
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/GeronimoIdentityService.java?p2=geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/GeronimoIdentityService.java&p1=geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java&r1=1330031&r2=1331047&rev=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java (original)
+++ geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/GeronimoIdentityService.java Thu Apr 26 19:40:50 2012
@@ -18,18 +18,16 @@
  */
 
 
-package org.apache.geronimo.tomcat.security.impl;
+package org.apache.geronimo.security.jaspi.impl;
 
 import java.security.AccessControlContext;
 import java.security.Principal;
 
 import javax.security.auth.Subject;
 
+import org.apache.geronimo.security.jaspi.IdentityService;
+import org.apache.geronimo.security.jaspi.UserIdentity;
 import org.apache.geronimo.security.realm.providers.GeronimoCallerPrincipal;
-import org.apache.geronimo.security.realm.providers.WrappingCallerPrincipal;
-import org.apache.geronimo.tomcat.security.IdentityService;
-import org.apache.geronimo.tomcat.security.UserIdentity;
-import org.apache.geronimo.tomcat.security.jacc.JACCUserIdentity;
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.security.Callers;
 

Copied: geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/GeronimoLoginService.java (from r1330031, geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java)
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/GeronimoLoginService.java?p2=geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/GeronimoLoginService.java&p1=geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java&r1=1330031&r2=1331047&rev=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java (original)
+++ geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/GeronimoLoginService.java Thu Apr 26 19:40:50 2012
@@ -18,7 +18,7 @@
  */
 
 
-package org.apache.geronimo.tomcat.security.impl;
+package org.apache.geronimo.security.jaspi.impl;
 
 import java.security.cert.X509Certificate;
 
@@ -27,10 +27,10 @@ import javax.security.auth.login.LoginCo
 import javax.security.auth.login.LoginException;
 import javax.security.auth.Subject;
 
-import org.apache.geronimo.tomcat.security.LoginService;
-import org.apache.geronimo.tomcat.security.UserIdentity;
-import org.apache.geronimo.tomcat.security.IdentityService;
 import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.security.jaspi.IdentityService;
+import org.apache.geronimo.security.jaspi.LoginService;
+import org.apache.geronimo.security.jaspi.UserIdentity;
 import org.apache.geronimo.security.realm.providers.CertificateChainCallbackHandler;
 import org.apache.geronimo.security.realm.providers.PasswordCallbackHandler;
 import org.apache.geronimo.security.ContextManager;
@@ -55,7 +55,7 @@ public class GeronimoLoginService implem
     public UserIdentity login(X509Certificate[] certs) {
         return login(new CertificateChainCallbackHandler(certs));
     }
-    
+
     public UserIdentity login(CallbackHandler callbackHandler) {
         try {
             LoginContext loginContext = ContextManager.login(configurationFactory.getConfigurationName(), callbackHandler, configurationFactory.getConfiguration());

Copied: geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/JACCUserIdentity.java (from r1330031, geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCUserIdentity.java)
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/JACCUserIdentity.java?p2=geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/JACCUserIdentity.java&p1=geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCUserIdentity.java&r1=1330031&r2=1331047&rev=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCUserIdentity.java (original)
+++ geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/JACCUserIdentity.java Thu Apr 26 19:40:50 2012
@@ -18,16 +18,16 @@
  */
 
 
-package org.apache.geronimo.tomcat.security.jacc;
+package org.apache.geronimo.security.jaspi.impl;
 
-import org.apache.geronimo.tomcat.security.UserIdentity;
 
 import java.security.AccessControlContext;
 import java.security.Principal;
-import java.util.List;
 
 import javax.security.auth.Subject;
 
+import org.apache.geronimo.security.jaspi.UserIdentity;
+
 /**
  * @version $Rev$ $Date$
  */
@@ -43,14 +43,17 @@ public class JACCUserIdentity implements
         this.acc = acc;
     }
 
+    @Override
     public Principal getUserPrincipal() {
         return userPrincipal;
     }
 
+    @Override
     public Subject getSubject() {
         return subject;
     }
 
+    @Override
     public AccessControlContext getAccessControlContext() {
         return acc;
     }

Copied: geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/JaspicCallbackHandler.java (from r1330031, geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java)
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/JaspicCallbackHandler.java?p2=geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/JaspicCallbackHandler.java&p1=geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java&r1=1330031&r2=1331047&rev=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java (original)
+++ geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/JaspicCallbackHandler.java Thu Apr 26 19:40:50 2012
@@ -18,7 +18,7 @@
  */
 
 
-package org.apache.geronimo.tomcat.security.authentication.jaspic;
+package org.apache.geronimo.security.jaspi.impl;
 
 import java.io.IOException;
 import java.security.Principal;
@@ -36,12 +36,11 @@ import javax.security.auth.message.callb
 import javax.security.auth.message.callback.TrustStoreCallback;
 import javax.security.auth.Subject;
 
+import org.apache.geronimo.security.jaspi.LoginService;
+import org.apache.geronimo.security.jaspi.UserIdentity;
 import org.apache.geronimo.security.realm.providers.GeronimoCallerPrincipal;
 import org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal;
 import org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal;
-import org.apache.geronimo.security.realm.providers.WrappingCallerPrincipal;
-import org.apache.geronimo.tomcat.security.LoginService;
-import org.apache.geronimo.tomcat.security.UserIdentity;
 
 /**
  * @version $Rev$ $Date$
@@ -60,14 +59,12 @@ public class JaspicCallbackHandler imple
                 CallerPrincipalCallback callerPrincipalCallback = (CallerPrincipalCallback) callback;
                 if (callerPrincipalCallback.getPrincipal() != null) {
                     Principal callerPrincipal = callerPrincipalCallback.getPrincipal();
-                    if (callerPrincipal instanceof GeronimoCallerPrincipal) {
-                        callerPrincipalCallback.getSubject().getPrincipals().add(callerPrincipal);
-                    } else {
-                        callerPrincipalCallback.getSubject().getPrincipals().add(new WrappingCallerPrincipal(callerPrincipal));
-                    }
+                    callerPrincipalCallback.getSubject().getPrincipals().add(callerPrincipal);
+                    callerPrincipalCallback.getSubject().getPrincipals().add(new WrappingCallerPrincipal(callerPrincipal));
                 } else if (callerPrincipalCallback.getName() != null) {
                     Principal callerPrincipal = new GeronimoUserPrincipal(callerPrincipalCallback.getName());
                     callerPrincipalCallback.getSubject().getPrincipals().add(callerPrincipal);
+                    callerPrincipalCallback.getSubject().getPrincipals().add(new WrappingCallerPrincipal(callerPrincipal));
                 }
             } else if (callback instanceof GroupPrincipalCallback) {
                 GroupPrincipalCallback groupPrincipalCallback = ( GroupPrincipalCallback ) callback;

Added: geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/WrappingCallerPrincipal.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/WrappingCallerPrincipal.java?rev=1331047&view=auto
==============================================================================
--- geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/WrappingCallerPrincipal.java (added)
+++ geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/WrappingCallerPrincipal.java Thu Apr 26 19:40:50 2012
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.security.jaspi.impl;
+
+
+import java.security.Principal;
+
+import org.apache.geronimo.security.realm.providers.GeronimoCallerPrincipal;
+
+/**
+ * @version $Rev$ $Date$
+ */
+class WrappingCallerPrincipal implements GeronimoCallerPrincipal {
+
+    private final Principal wrapped;
+
+    public WrappingCallerPrincipal(Principal wrapped) {
+        this.wrapped = wrapped;
+    }
+
+    public Principal getWrapped() {
+        return wrapped;
+    }
+
+    @Override
+    public String getName() {
+        return null;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o instanceof WrappingCallerPrincipal) {
+            return wrapped.equals(((WrappingCallerPrincipal)o).wrapped);
+        }
+        return wrapped.equals(o);
+    }
+
+    @Override
+    public int hashCode() {
+        return wrapped.hashCode();
+    }
+}

Propchange: geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/WrappingCallerPrincipal.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/WrappingCallerPrincipal.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/branches/3.0-beta/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaspi/impl/WrappingCallerPrincipal.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/server/branches/3.0-beta/plugins/aries/aries-deployer/src/main/history/dependencies.xml
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/aries/aries-deployer/src/main/history/dependencies.xml?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/aries/aries-deployer/src/main/history/dependencies.xml (original)
+++ geronimo/server/branches/3.0-beta/plugins/aries/aries-deployer/src/main/history/dependencies.xml Thu Apr 26 19:40:50 2012
@@ -53,16 +53,6 @@
     </dependency>
     <dependency>
         <groupId>org.apache.geronimo.bundles</groupId>
-        <artifactId>sxc-jaxb</artifactId>
-        <type>jar</type>
-    </dependency>
-    <dependency>
-        <groupId>org.apache.geronimo.bundles</groupId>
-        <artifactId>sxc-runtime</artifactId>
-        <type>jar</type>
-    </dependency>
-    <dependency>
-        <groupId>org.apache.geronimo.bundles</groupId>
         <artifactId>woodstox-core-asl</artifactId>
         <type>jar</type>
     </dependency>

Modified: geronimo/server/branches/3.0-beta/plugins/aries/aries/src/main/history/dependencies.xml
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/aries/aries/src/main/history/dependencies.xml?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/aries/aries/src/main/history/dependencies.xml (original)
+++ geronimo/server/branches/3.0-beta/plugins/aries/aries/src/main/history/dependencies.xml Thu Apr 26 19:40:50 2012
@@ -68,16 +68,6 @@
     </dependency>
     <dependency>
         <groupId>org.apache.geronimo.bundles</groupId>
-        <artifactId>sxc-jaxb</artifactId>
-        <type>jar</type>
-    </dependency>
-    <dependency>
-        <groupId>org.apache.geronimo.bundles</groupId>
-        <artifactId>sxc-runtime</artifactId>
-        <type>jar</type>
-    </dependency>
-    <dependency>
-        <groupId>org.apache.geronimo.bundles</groupId>
         <artifactId>woodstox-core-asl</artifactId>
         <type>jar</type>
     </dependency>

Modified: geronimo/server/branches/3.0-beta/plugins/client/client/src/main/history/dependencies.xml
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/client/client/src/main/history/dependencies.xml?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/client/client/src/main/history/dependencies.xml (original)
+++ geronimo/server/branches/3.0-beta/plugins/client/client/src/main/history/dependencies.xml Thu Apr 26 19:40:50 2012
@@ -3,7 +3,7 @@
     <module-id>
         <groupId>org.apache.geronimo.configs</groupId>
         <artifactId>client</artifactId>
-        <version>3.0-SNAPSHOT</version>
+        <version>3.0-beta-2-SNAPSHOT</version>
         <type>car</type>
     </module-id>
     <dependency>
@@ -52,16 +52,6 @@
         <type>jar</type>
     </dependency>
     <dependency>
-        <groupId>org.apache.geronimo.bundles</groupId>
-        <artifactId>sxc-jaxb</artifactId>
-        <type>jar</type>
-    </dependency>
-    <dependency>
-        <groupId>org.apache.geronimo.bundles</groupId>
-        <artifactId>sxc-runtime</artifactId>
-        <type>jar</type>
-    </dependency>
-    <dependency>
         <groupId>org.apache.geronimo.components</groupId>
         <artifactId>geronimo-connector</artifactId>
         <type>jar</type>

Modified: geronimo/server/branches/3.0-beta/plugins/connector-1_6/geronimo-connector-1_6/src/main/java/org/apache/geronimo/connector/wrapper/work/SecurityContextHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/connector-1_6/geronimo-connector-1_6/src/main/java/org/apache/geronimo/connector/wrapper/work/SecurityContextHandler.java?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/connector-1_6/geronimo-connector-1_6/src/main/java/org/apache/geronimo/connector/wrapper/work/SecurityContextHandler.java (original)
+++ geronimo/server/branches/3.0-beta/plugins/connector-1_6/geronimo-connector-1_6/src/main/java/org/apache/geronimo/connector/wrapper/work/SecurityContextHandler.java Thu Apr 26 19:40:50 2012
@@ -27,6 +27,8 @@ import javax.resource.spi.work.WorkCompl
 import javax.resource.spi.work.SecurityContext;
 import javax.resource.spi.work.WorkContext;
 import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.Configuration;
 import javax.security.auth.login.LoginException;
 
 import org.apache.geronimo.security.credentialstore.CredentialStore;
@@ -36,8 +38,13 @@ import org.apache.geronimo.gbean.annotat
 import org.apache.geronimo.gbean.annotation.GBean;
 import org.apache.geronimo.gbean.annotation.ParamReference;
 import org.apache.geronimo.connector.work.WorkContextHandler;
+import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.security.jaspi.IdentityService;
+import org.apache.geronimo.security.jaspi.LoginService;
+import org.apache.geronimo.security.jaspi.impl.GeronimoIdentityService;
+import org.apache.geronimo.security.jaspi.impl.GeronimoLoginService;
+import org.apache.geronimo.security.jaspi.impl.JaspicCallbackHandler;
 import org.apache.geronimo.security.realm.providers.GeronimoCallerPrincipal;
-import org.apache.geronimo.security.realm.providers.WrappingCallerPrincipal;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -48,7 +55,7 @@ import org.slf4j.LoggerFactory;
 public class SecurityContextHandler implements WorkContextHandler<SecurityContext> {
     private static final Logger log = LoggerFactory.getLogger(SecurityContextHandler.class);
 
-    private final String realm;
+    private final String m_realm;
     private final Subject defaultSubject;
     private final Subject serviceSubject;
 
@@ -58,6 +65,8 @@ public class SecurityContextHandler impl
             return new Stack<Callers>();
         }
     };
+    private final CallbackHandler callbackHandler;
+    private final IdentityService identityService;
 
     public SecurityContextHandler(@ParamAttribute(name="realm") String realm,
                                         @ParamAttribute(name="defaultSubjectRealm")String defaultSubjectRealm, 
@@ -78,7 +87,21 @@ public class SecurityContextHandler impl
         } else {
             serviceSubject = null;
         }
-        this.realm = realm;
+        this.m_realm = realm;
+        identityService = new GeronimoIdentityService(defaultSubject);
+        LoginService loginService = new GeronimoLoginService(new ConfigurationFactory() {
+            @Override
+            public String getConfigurationName() {
+                return m_realm;
+            }
+
+            @Override
+            public Configuration getConfiguration() {
+                return null;
+            }
+        }, identityService);
+
+        callbackHandler = new JaspicCallbackHandler(loginService);
     }
 
     public void before(SecurityContext securityContext) throws WorkCompletedException {
@@ -87,17 +110,8 @@ public class SecurityContextHandler impl
             clientSubject = defaultSubject;
         } else {
             clientSubject = new Subject();
-            ConnectorCallbackHandler callbackHandler = new ConnectorCallbackHandler(realm);
             securityContext.setupSecurityContext(callbackHandler, clientSubject, serviceSubject);
-            Principal callerPrincipal = null;
-            for (GeronimoCallerPrincipal principal: clientSubject.getPrincipals(GeronimoCallerPrincipal.class)) {
-                if (principal instanceof WrappingCallerPrincipal) {
-                    callerPrincipal = ((WrappingCallerPrincipal)principal).getWrapped();
-                } else {
-                    callerPrincipal = principal;
-                }
-            }
-            ContextManager.registerSubjectShort(clientSubject, callerPrincipal);
+            identityService.newUserIdentity(clientSubject);
         }
         callers.get().push(ContextManager.getCallers());
         ContextManager.setCallers(clientSubject, clientSubject);

Modified: geronimo/server/branches/3.0-beta/plugins/j2ee/jsr88-jar-configurer/src/main/history/dependencies.xml
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/j2ee/jsr88-jar-configurer/src/main/history/dependencies.xml?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/j2ee/jsr88-jar-configurer/src/main/history/dependencies.xml (original)
+++ geronimo/server/branches/3.0-beta/plugins/j2ee/jsr88-jar-configurer/src/main/history/dependencies.xml Thu Apr 26 19:40:50 2012
@@ -58,16 +58,6 @@
     </dependency>
     <dependency>
         <groupId>org.apache.geronimo.bundles</groupId>
-        <artifactId>sxc-jaxb</artifactId>
-        <type>jar</type>
-    </dependency>
-    <dependency>
-        <groupId>org.apache.geronimo.bundles</groupId>
-        <artifactId>sxc-runtime</artifactId>
-        <type>jar</type>
-    </dependency>
-    <dependency>
-        <groupId>org.apache.geronimo.bundles</groupId>
         <artifactId>woodstox-core-asl</artifactId>
         <type>jar</type>
     </dependency>

Modified: geronimo/server/branches/3.0-beta/plugins/j2ee/jsr88-rar-configurer/src/main/history/dependencies.xml
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/j2ee/jsr88-rar-configurer/src/main/history/dependencies.xml?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/j2ee/jsr88-rar-configurer/src/main/history/dependencies.xml (original)
+++ geronimo/server/branches/3.0-beta/plugins/j2ee/jsr88-rar-configurer/src/main/history/dependencies.xml Thu Apr 26 19:40:50 2012
@@ -58,16 +58,6 @@
     </dependency>
     <dependency>
         <groupId>org.apache.geronimo.bundles</groupId>
-        <artifactId>sxc-jaxb</artifactId>
-        <type>jar</type>
-    </dependency>
-    <dependency>
-        <groupId>org.apache.geronimo.bundles</groupId>
-        <artifactId>sxc-runtime</artifactId>
-        <type>jar</type>
-    </dependency>
-    <dependency>
-        <groupId>org.apache.geronimo.bundles</groupId>
         <artifactId>woodstox-core-asl</artifactId>
         <type>jar</type>
     </dependency>

Modified: geronimo/server/branches/3.0-beta/plugins/j2ee/jsr88-war-configurer/src/main/history/dependencies.xml
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/j2ee/jsr88-war-configurer/src/main/history/dependencies.xml?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/j2ee/jsr88-war-configurer/src/main/history/dependencies.xml (original)
+++ geronimo/server/branches/3.0-beta/plugins/j2ee/jsr88-war-configurer/src/main/history/dependencies.xml Thu Apr 26 19:40:50 2012
@@ -43,16 +43,6 @@
     </dependency>
     <dependency>
         <groupId>org.apache.geronimo.bundles</groupId>
-        <artifactId>sxc-jaxb</artifactId>
-        <type>jar</type>
-    </dependency>
-    <dependency>
-        <groupId>org.apache.geronimo.bundles</groupId>
-        <artifactId>sxc-runtime</artifactId>
-        <type>jar</type>
-    </dependency>
-    <dependency>
-        <groupId>org.apache.geronimo.bundles</groupId>
         <artifactId>woodstox-core-asl</artifactId>
         <type>jar</type>
     </dependency>

Copied: geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoJettyUserIdentity.java (from r1327711, geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoUserIdentity.java)
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoJettyUserIdentity.java?p2=geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoJettyUserIdentity.java&p1=geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoUserIdentity.java&r1=1327711&r2=1331047&rev=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoUserIdentity.java (original)
+++ geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoJettyUserIdentity.java Thu Apr 26 19:40:50 2012
@@ -24,49 +24,31 @@ import java.security.AccessControlContex
 import java.security.AccessControlException;
 import java.security.Principal;
 
-import javax.security.jacc.WebRoleRefPermission;
 import javax.security.auth.Subject;
+import javax.security.jacc.WebRoleRefPermission;
 
-import org.eclipse.jetty.servlet.ServletHolder;
-import org.eclipse.jetty.server.UserIdentity;
-import org.eclipse.jetty.security.RunAsToken;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.jaspi.UserIdentity;
 
 /**
  * @version $Rev$ $Date$
  */
-public class GeronimoUserIdentity implements UserIdentity {
-    private final Logger log = LoggerFactory.getLogger(GeronimoUserIdentity.class);
+public class GeronimoJettyUserIdentity implements org.eclipse.jetty.server.UserIdentity {
 
-    private final Subject subject;
-    private final Principal userPrincipal;
-    private final AccessControlContext acc;
-    private RunAsToken runAsToken;
-    private ServletHolder servletHolder;
-
-    public GeronimoUserIdentity(Subject subject, Principal userPrincipal, AccessControlContext acc) {
-//        if ((subject == null) != (userPrincipal == null)) throw new IllegalArgumentException("both or neither of subject (" + subject + ") and userPrincipal (" + userPrincipal + ") must be null");
-        if (acc == null) throw new NullPointerException("AccessControlContext acc required");
-        this.subject = subject;
-        this.userPrincipal = userPrincipal;
-        this.acc = acc;
+    private final UserIdentity userIdentity;
+
+    public GeronimoJettyUserIdentity(UserIdentity userIdentity) {
+        this.userIdentity = userIdentity;
     }
 
+    @Override
     public Subject getSubject() {
-        return subject;
+        return userIdentity.getSubject();
     }
 
+    @Override
     public Principal getUserPrincipal() {
-        //not clear whether this should reflect any run-as identity.  Currently it does not.
-        return userPrincipal;
-    }
-
-    public String[] getRoles() {
-        RuntimeException e = new RuntimeException("Not implemented");
-        log.info("getRoles called on identity " + this, e);
-        throw e;
+        return userIdentity.getUserPrincipal();
     }
 
     public boolean isUserInRole(String role, Scope scope) {
@@ -85,17 +67,12 @@ public class GeronimoUserIdentity implem
         }
     }
 
-    //jaspi called from FormAuthenticator.valueUnbound (when session is unbound)
-    //TODO usable???
-    public void logout(Principal user) {
+    @Override
+    public String toString() {
+        return "GeronimoJettyUserIdentity[Subject: " + getSubject() + ", Principal: " + getUserPrincipal() + "]";
     }
 
     public AccessControlContext getAccessControlContext() {
-        return acc;
-    }
-
-    @Override
-    public String toString() {
-        return "GeronimoUserIdentity[Subject: " + subject + ", Principal: " + userPrincipal + ", acc: " + acc + "]";
+        return userIdentity.getAccessControlContext();
     }
 }

Propchange: geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoJettyUserIdentity.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoJettyUserIdentity.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoJettyUserIdentity.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/JaccSecurityHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/JaccSecurityHandler.java?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/JaccSecurityHandler.java (original)
+++ geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/JaccSecurityHandler.java Thu Apr 26 19:40:50 2012
@@ -19,15 +19,11 @@ package org.apache.geronimo.jetty8.handl
 import java.io.IOException;
 import java.security.AccessControlContext;
 import java.security.AccessControlException;
-import java.util.Collections;
-import java.util.Set;
 
 import javax.security.jacc.PolicyContext;
 import javax.security.jacc.WebResourcePermission;
 import javax.security.jacc.WebUserDataPermission;
 import javax.servlet.ServletException;
-import javax.servlet.ServletRegistration;
-import javax.servlet.ServletSecurityElement;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -136,11 +132,11 @@ public class JaccSecurityHandler extends
 
     @Override
     protected boolean checkWebResourcePermissions(String pathInContext, Request request, Response response, Object constraintInfo, UserIdentity userIdentity) throws IOException {
-        if (!(userIdentity instanceof GeronimoUserIdentity)){
+        if (!(userIdentity instanceof GeronimoJettyUserIdentity)){
             //we already checked against default_acc and got false
             return false;
         }
-        AccessControlContext acc = ((GeronimoUserIdentity)userIdentity).getAccessControlContext();
+        AccessControlContext acc = ((GeronimoJettyUserIdentity)userIdentity).getAccessControlContext();
         return checkWebResourcePermission(request, acc);
     }
 

Modified: geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/AuthConfigProviderHandlerFactory.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/AuthConfigProviderHandlerFactory.java?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/AuthConfigProviderHandlerFactory.java (original)
+++ geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/AuthConfigProviderHandlerFactory.java Thu Apr 26 19:40:50 2012
@@ -25,6 +25,7 @@ import java.util.Map;
 import java.security.AccessControlContext;
 
 import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.message.AuthException;
 import javax.security.auth.message.config.AuthConfigFactory;
 import javax.security.auth.message.config.AuthConfigProvider;
@@ -35,10 +36,13 @@ import org.apache.geronimo.gbean.annotat
 import org.apache.geronimo.gbean.annotation.ParamAttribute;
 import org.apache.geronimo.gbean.annotation.ParamReference;
 import org.apache.geronimo.jetty8.handler.JaccSecurityHandler;
+import org.apache.geronimo.jetty8.security.auth.GeronimoJaspiAuthenticator;
 import org.apache.geronimo.jetty8.security.auth.JAASLoginService;
 import org.apache.geronimo.security.jacc.RunAsSource;
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.security.jaspi.impl.GeronimoLoginService;
+import org.apache.geronimo.security.jaspi.impl.JaspicCallbackHandler;
 import org.eclipse.jetty.security.Authenticator;
 import org.eclipse.jetty.security.LoginService;
 import org.eclipse.jetty.security.IdentityService;
@@ -60,10 +64,9 @@ public class AuthConfigProviderHandlerFa
     private final Map authConfigProperties = new HashMap<Object, Object>();
     private final Subject serviceSubject = null;
     private final boolean allowLazyAuthentication;
-//    private final Authenticator authenticator;
-    private final LoginService loginService;
-    private final ServerAuthConfig serverAuthConfig;
-    private final ServletCallbackHandler servletCallbackHandler;
+    private final ConfigurationFactory configurationFactory;
+    private final String messageLayer;
+    private final String appContext;
 
 
     public AuthConfigProviderHandlerFactory(@ParamAttribute(name = "messageLayer")String messageLayer,
@@ -73,6 +76,19 @@ public class AuthConfigProviderHandlerFa
     ) throws AuthException {
         String appContext1 = appContext;
         this.allowLazyAuthentication = allowLazyAuthentication;
+        this.configurationFactory = configurationFactory;
+        this.messageLayer = messageLayer;
+        this.appContext = appContext;
+    }
+
+    public SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource, boolean checkRolePermissions) throws AuthException {
+        if (defaultSubject == null) {
+            defaultSubject = ContextManager.EMPTY;
+        }
+        AccessControlContext defaultAcc = ContextManager.registerSubjectShort(defaultSubject, null);
+        JettyIdentityService identityService = new JettyIdentityService(defaultAcc, defaultSubject, runAsSource);
+        GeronimoLoginService loginService = new GeronimoLoginService(configurationFactory, identityService);
+        authConfigProperties.put(POLICY_CONTEXT_ID_KEY, policyContextID);
         AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
         RegistrationListener listener = new RegistrationListener() {
 
@@ -80,23 +96,12 @@ public class AuthConfigProviderHandlerFa
             }
         };
         AuthConfigProvider authConfigProvider = authConfigFactory.getConfigProvider(messageLayer, appContext, listener);
-        this.loginService = new JAASLoginService(configurationFactory, null);
-        servletCallbackHandler = new ServletCallbackHandler(loginService);
-        serverAuthConfig = authConfigProvider.getServerAuthConfig(messageLayer, appContext, servletCallbackHandler);
+        CallbackHandler callbackHandler = new JaspicCallbackHandler(loginService);
+        ServerAuthConfig serverAuthConfig = authConfigProvider.getServerAuthConfig(messageLayer, appContext, callbackHandler);
         //TODO appContext is supposed to be server-name<space>context-root
-
-    }
-
-    public SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource, boolean checkRolePermissions) {
-        if (defaultSubject == null) {
-            defaultSubject = ContextManager.EMPTY;
-        }
-        AccessControlContext defaultAcc = ContextManager.registerSubjectShort(defaultSubject, null);
-        IdentityService identityService = new JettyIdentityService(defaultAcc, defaultSubject, runAsSource);
-        authConfigProperties.put(POLICY_CONTEXT_ID_KEY, policyContextID);
-        Authenticator authenticator = new JaspiAuthenticator(serverAuthConfig, authConfigProperties, servletCallbackHandler, serviceSubject, allowLazyAuthentication, identityService);
+        Authenticator authenticator = new GeronimoJaspiAuthenticator(serverAuthConfig, authConfigProperties, callbackHandler, serviceSubject, allowLazyAuthentication, identityService);
         //login service functionality is already inside the servletCallbackHandler
-        return new JaccSecurityHandler(policyContextID, authenticator, loginService, identityService, defaultAcc);
+        return new JaccSecurityHandler(policyContextID, authenticator, new JAASLoginService(null, loginService), identityService, defaultAcc);
     }
 
 }
\ No newline at end of file

Modified: geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/JettyIdentityService.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/JettyIdentityService.java?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/JettyIdentityService.java (original)
+++ geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/JettyIdentityService.java Thu Apr 26 19:40:50 2012
@@ -22,37 +22,35 @@ package org.apache.geronimo.jetty8.secur
 
 import java.security.AccessControlContext;
 import java.security.Principal;
-import java.util.Arrays;
 
 import javax.security.auth.Subject;
 
+import org.apache.geronimo.jetty8.handler.GeronimoJettyUserIdentity;
 import org.apache.geronimo.jetty8.handler.GeronimoRunAsToken;
-import org.apache.geronimo.jetty8.handler.GeronimoUserIdentity;
 import org.apache.geronimo.security.Callers;
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.security.jacc.RunAsSource;
+import org.apache.geronimo.security.jaspi.impl.GeronimoIdentityService;
 import org.apache.geronimo.security.realm.providers.GeronimoCallerPrincipal;
-import org.apache.geronimo.security.realm.providers.WrappingCallerPrincipal;
-import org.eclipse.jetty.security.IdentityService;
 import org.eclipse.jetty.security.RunAsToken;
-import org.eclipse.jetty.server.UserIdentity;
 
 /**
  * @version $Rev$ $Date$
  */
-public class JettyIdentityService implements IdentityService {
+public class JettyIdentityService extends GeronimoIdentityService implements org.eclipse.jetty.security.IdentityService {
 
     private final AccessControlContext defaultAcc;
     private final Subject defaultSubject;
     private final RunAsSource runAsSource;
 
     public JettyIdentityService(AccessControlContext defaultAcc, Subject defaultSubject, RunAsSource runAsSource) {
+        super(defaultSubject);
         this.defaultAcc = defaultAcc;
         this.defaultSubject = defaultSubject;
         this.runAsSource = runAsSource;
     }
 
-    public Object associate(UserIdentity user) {
+    public Object associate(org.eclipse.jetty.server.UserIdentity user) {
         Callers oldCallers = ContextManager.getCallers();
         if (user == null) {
             //exit
@@ -69,7 +67,7 @@ public class JettyIdentityService implem
 
     }
 
-    public Object setRunAs(UserIdentity userIdentity, RunAsToken token) {
+    public Object setRunAs(org.eclipse.jetty.server.UserIdentity userIdentity, RunAsToken token) {
         GeronimoRunAsToken geronimoRunAsToken = (GeronimoRunAsToken) token;
         Subject runAsSubject = geronimoRunAsToken == null? null: geronimoRunAsToken.getRunAsSubject();
         return ContextManager.pushNextCaller(runAsSubject);
@@ -79,21 +77,8 @@ public class JettyIdentityService implem
         ContextManager.popCallers((Callers) previousToken);
     }
 
-    public UserIdentity newUserIdentity(Subject subject, Principal userPrincipal, String[] roles) {
-        if (subject != null) {
-            Principal callerPrincipal = null;
-            for (GeronimoCallerPrincipal principal: subject.getPrincipals(GeronimoCallerPrincipal.class)) {
-                if (principal instanceof WrappingCallerPrincipal) {
-                    callerPrincipal = ((WrappingCallerPrincipal)principal).getWrapped();
-                } else {
-                    callerPrincipal = principal;
-                }
-            }
-
-            AccessControlContext acc = ContextManager.registerSubjectShort(subject, callerPrincipal);
-            return new GeronimoUserIdentity(subject, userPrincipal, acc);
-        }
-        return new GeronimoUserIdentity(null, null, defaultAcc);
+    public org.eclipse.jetty.server.UserIdentity newUserIdentity(Subject subject, Principal userPrincipal, String[] roles) {
+        return new GeronimoJettyUserIdentity(newUserIdentity(subject));
     }
 
     public RunAsToken newRunAsToken(String runAsName) {
@@ -101,7 +86,7 @@ public class JettyIdentityService implem
         return new GeronimoRunAsToken(runAsSubject);
     }
 
-    public UserIdentity getSystemUserIdentity() {
-        return new GeronimoUserIdentity(null, null, defaultAcc);
+    public org.eclipse.jetty.server.UserIdentity getSystemUserIdentity() {
+        return new GeronimoJettyUserIdentity(newUserIdentity(defaultSubject));
     }
 }

Modified: geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/JettySecurityHandlerFactory.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/JettySecurityHandlerFactory.java?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/JettySecurityHandlerFactory.java (original)
+++ geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/JettySecurityHandlerFactory.java Thu Apr 26 19:40:50 2012
@@ -21,22 +21,21 @@
 package org.apache.geronimo.jetty8.security;
 
 import java.security.AccessControlContext;
-import java.security.Permissions;
 
 import javax.security.auth.Subject;
 
 import org.apache.geronimo.gbean.annotation.GBean;
 import org.apache.geronimo.gbean.annotation.ParamAttribute;
 import org.apache.geronimo.gbean.annotation.ParamReference;
-import org.apache.geronimo.jetty8.handler.JaccSecurityHandler;
 import org.apache.geronimo.jetty8.handler.EJBWebServiceSecurityHandler;
+import org.apache.geronimo.jetty8.handler.JaccSecurityHandler;
 import org.apache.geronimo.jetty8.security.auth.JAASLoginService;
 import org.apache.geronimo.jetty8.security.auth.NoneAuthenticator;
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.security.jaas.ConfigurationFactory;
 import org.apache.geronimo.security.jacc.RunAsSource;
+import org.apache.geronimo.security.jaspi.impl.GeronimoLoginService;
 import org.eclipse.jetty.security.Authenticator;
-import org.eclipse.jetty.security.IdentityService;
 import org.eclipse.jetty.security.LoginService;
 import org.eclipse.jetty.security.SecurityHandler;
 import org.eclipse.jetty.security.authentication.BasicAuthenticator;
@@ -75,13 +74,13 @@ public class JettySecurityHandlerFactory
     }
 
     public SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource, boolean checkRolePermissions) {
-        final LoginService loginService = new JAASLoginService(configurationFactory, realmName);
         Authenticator authenticator = buildAuthenticator();
         if (defaultSubject == null) {
             defaultSubject = ContextManager.EMPTY;
         }
         AccessControlContext defaultAcc = ContextManager.registerSubjectShort(defaultSubject, null);
-        IdentityService identityService = new JettyIdentityService(defaultAcc, defaultSubject, runAsSource);
+        JettyIdentityService identityService = new JettyIdentityService(defaultAcc, defaultSubject, runAsSource);
+        final LoginService loginService = new JAASLoginService(realmName, new GeronimoLoginService(configurationFactory, identityService));
         if (checkRolePermissions) {
             return new JaccSecurityHandler(policyContextID, authenticator, loginService, identityService, defaultAcc);
         } else {

Modified: geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/SecurityHandlerFactory.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/SecurityHandlerFactory.java?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/SecurityHandlerFactory.java (original)
+++ geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/SecurityHandlerFactory.java Thu Apr 26 19:40:50 2012
@@ -21,6 +21,7 @@
 package org.apache.geronimo.jetty8.security;
 
 import javax.security.auth.Subject;
+import javax.security.auth.message.AuthException;
 
 import org.apache.geronimo.security.jacc.RunAsSource;
 import org.eclipse.jetty.security.SecurityHandler;
@@ -30,6 +31,6 @@ import org.eclipse.jetty.security.Securi
  */
 public interface SecurityHandlerFactory {
 
-    SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource, boolean checkRolePermissions);
+    SecurityHandler buildSecurityHandler(String policyContextID, Subject defaultSubject, RunAsSource runAsSource, boolean checkRolePermissions) throws AuthException;
 
 }

Added: geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/auth/GeronimoJaspiAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/auth/GeronimoJaspiAuthenticator.java?rev=1331047&view=auto
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/auth/GeronimoJaspiAuthenticator.java (added)
+++ geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/auth/GeronimoJaspiAuthenticator.java Thu Apr 26 19:40:50 2012
@@ -0,0 +1,178 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+// ========================================================================
+// Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd.
+// ------------------------------------------------------------------------
+// All rights reserved. This program and the accompanying materials
+// are made available under the terms of the Eclipse Public License v1.0
+// and Apache License v2.0 which accompanies this distribution.
+// The Eclipse Public License is available at
+// http://www.eclipse.org/legal/epl-v10.html
+// The Apache License v2.0 is available at
+// http://www.opensource.org/licenses/apache2.0.php
+// You may elect to redistribute this code under either of these licenses.
+// ========================================================================
+/*
+ This is a (hopefully temporary) copy of jetty 8's JaspiAuthenticator modified for correct handling of CallerPrincipalCallback and GroupsCallback.
+
+ See GERONIMO-6337 and GERONIMO-6338
+ */
+
+package org.apache.geronimo.jetty8.security.auth;
+
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.config.ServerAuthContext;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+import org.eclipse.jetty.security.Authenticator;
+import org.eclipse.jetty.security.IdentityService;
+import org.eclipse.jetty.security.ServerAuthException;
+import org.eclipse.jetty.security.UserAuthentication;
+import org.eclipse.jetty.security.authentication.DeferredAuthentication;
+import org.eclipse.jetty.security.jaspi.JaspiMessageInfo;
+import org.eclipse.jetty.server.Authentication;
+import org.eclipse.jetty.server.UserIdentity;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class GeronimoJaspiAuthenticator implements Authenticator {
+
+        private final ServerAuthConfig _authConfig;
+        private final Map _authProperties;
+        private final CallbackHandler _callbackHandler;
+        private final Subject _serviceSubject;
+        private final boolean _allowLazyAuthentication;
+        private final IdentityService _identityService;
+        private final DeferredAuthentication _deferred;
+
+        public GeronimoJaspiAuthenticator(ServerAuthConfig authConfig, Map authProperties, CallbackHandler callbackHandler,
+                                  Subject serviceSubject, boolean allowLazyAuthentication, IdentityService identityService)
+        {
+            // TODO maybe pass this in via setConfiguration ?
+            if (callbackHandler == null)
+                throw new NullPointerException("No CallbackHandler");
+            if (authConfig == null)
+                throw new NullPointerException("No AuthConfig");
+            this._authConfig = authConfig;
+            this._authProperties = authProperties;
+            this._callbackHandler = callbackHandler;
+            this._serviceSubject = serviceSubject;
+            this._allowLazyAuthentication = allowLazyAuthentication;
+            this._identityService = identityService;
+            this._deferred=new DeferredAuthentication(this);
+        }
+
+
+        public void setConfiguration(AuthConfiguration configuration)
+        {
+        }
+
+
+        public String getAuthMethod()
+        {
+            return "JASPI";
+        }
+
+        public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException
+        {
+            if (_allowLazyAuthentication && !mandatory)
+                return _deferred;
+
+            JaspiMessageInfo info = new JaspiMessageInfo(request, response, mandatory);
+            request.setAttribute("org.eclipse.jetty.security.jaspi.info",info);
+            return validateRequest(info);
+        }
+
+        // most likely validatedUser is not needed here.
+        public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, Authentication.User validatedUser) throws ServerAuthException
+        {
+            JaspiMessageInfo info = (JaspiMessageInfo)req.getAttribute("org.eclipse.jetty.security.jaspi.info");
+            if (info==null) throw new NullPointerException("MeesageInfo from request missing: " + req);
+            return secureResponse(info,validatedUser);
+        }
+
+        public Authentication validateRequest(JaspiMessageInfo messageInfo) throws ServerAuthException
+        {
+            try
+            {
+                String authContextId = _authConfig.getAuthContextID(messageInfo);
+                ServerAuthContext authContext = _authConfig.getAuthContext(authContextId,_serviceSubject,_authProperties);
+                Subject clientSubject = new Subject();
+
+                AuthStatus authStatus = authContext.validateRequest(messageInfo,clientSubject,_serviceSubject);
+//            String authMethod = (String)messageInfo.getMap().get(JaspiMessageInfo.AUTH_METHOD_KEY);
+
+                if (authStatus == AuthStatus.SEND_CONTINUE)
+                    return Authentication.SEND_CONTINUE;
+                if (authStatus == AuthStatus.SEND_FAILURE)
+                    return Authentication.SEND_FAILURE;
+
+                if (authStatus == AuthStatus.SUCCESS)
+                {
+                Set<UserIdentity> ids = clientSubject.getPrivateCredentials(UserIdentity.class);
+                    UserIdentity userIdentity;
+                    if (ids.size() > 0)
+                    {
+                        userIdentity = ids.iterator().next();
+                    } else {
+                        userIdentity = _identityService.newUserIdentity(clientSubject, null, null);
+                    }
+                    return new UserAuthentication(getAuthMethod(), userIdentity);
+                }
+                if (authStatus == AuthStatus.SEND_SUCCESS)
+                {
+                    //we are processing a message in a secureResponse dialog.
+                    return Authentication.SEND_SUCCESS;
+                }
+                //should not happen
+                throw new NullPointerException("No AuthStatus returned");
+            }
+            catch (AuthException e)
+            {
+                throw new ServerAuthException(e);
+            }
+        }
+
+        public boolean secureResponse(JaspiMessageInfo messageInfo, Authentication validatedUser) throws ServerAuthException
+        {
+            try
+            {
+                String authContextId = _authConfig.getAuthContextID(messageInfo);
+                ServerAuthContext authContext = _authConfig.getAuthContext(authContextId,_serviceSubject,_authProperties);
+                // TODO authContext.cleanSubject(messageInfo,validatedUser.getUserIdentity().getSubject());
+                AuthStatus status = authContext.secureResponse(messageInfo,_serviceSubject);
+                return (AuthStatus.SEND_SUCCESS.equals(status));
+            }
+            catch (AuthException e)
+            {
+                throw new ServerAuthException(e);
+            }
+        }
+
+    }

Modified: geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/auth/JAASLoginService.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/auth/JAASLoginService.java?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/auth/JAASLoginService.java (original)
+++ geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/security/auth/JAASLoginService.java Thu Apr 26 19:40:50 2012
@@ -20,17 +20,13 @@
 
 package org.apache.geronimo.jetty8.security.auth;
 
-import java.security.Principal;
-
-import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
 
-import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.jetty8.handler.GeronimoJettyUserIdentity;
 import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.security.jaspi.IdentityService;
+import org.apache.geronimo.security.jaspi.impl.GeronimoLoginService;
 import org.apache.geronimo.security.realm.providers.PasswordCallbackHandler;
-import org.eclipse.jetty.security.IdentityService;
 import org.eclipse.jetty.security.LoginService;
 import org.eclipse.jetty.server.UserIdentity;
 
@@ -39,17 +35,17 @@ import org.eclipse.jetty.server.UserIden
  */
 public class JAASLoginService implements LoginService {
     private final String realmName;
-    private final ConfigurationFactory configurationFactory;
-    private IdentityService identityService;
+
+    private final GeronimoLoginService geronimoLoginService;
 
     /**
      * Construct a JAASLoginService
-     * @param configurationFactory may be null if auth system does not require local jaas login (such as openid)
      * @param realmName may be null e.g. for jaspi.
+     * @param geronimoLoginService
      */
-    public JAASLoginService(ConfigurationFactory configurationFactory, String realmName) {
-        this.configurationFactory = configurationFactory;
+    public JAASLoginService(String realmName, GeronimoLoginService geronimoLoginService) {
         this.realmName = realmName;
+        this.geronimoLoginService = geronimoLoginService;
     }
 
     public void logout(UserIdentity userIdentity) {
@@ -63,28 +59,18 @@ public class JAASLoginService implements
     public UserIdentity login(String username, Object credentials) {
         char[] password = credentials instanceof  String? ((String)credentials).toCharArray(): (char[]) credentials;
         CallbackHandler callbackHandler = new PasswordCallbackHandler(username, password);
-        try {
-            LoginContext loginContext = ContextManager.login(configurationFactory.getConfigurationName(), callbackHandler, configurationFactory.getConfiguration());
-            Subject establishedSubject = loginContext.getSubject();
-            Principal userPrincipal = ContextManager.getCurrentPrincipal(establishedSubject);
-            return identityService.newUserIdentity(establishedSubject, userPrincipal, null);
-        } catch (LoginException e) {
-            return null;
-//        } catch (Throwable t) {
-//            t.printStackTrace();
-//            return null;
-        }
+        org.apache.geronimo.security.jaspi.UserIdentity userIdentity = geronimoLoginService.login(callbackHandler);
+        return new GeronimoJettyUserIdentity(userIdentity);
     }
 
     public boolean validate(UserIdentity user) {
         return true;
     }
 
-    public IdentityService getIdentityService() {
-        return identityService;
+    public org.eclipse.jetty.security.IdentityService getIdentityService() {
+        return null;
     }
 
-    public void setIdentityService(IdentityService identityService) {
-        this.identityService = identityService;
+    public void setIdentityService(org.eclipse.jetty.security.IdentityService identityService) {
     }
 }

Modified: geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/test/java/org/apache/geronimo/jetty8/AbstractWebModuleTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/test/java/org/apache/geronimo/jetty8/AbstractWebModuleTest.java?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/test/java/org/apache/geronimo/jetty8/AbstractWebModuleTest.java (original)
+++ geronimo/server/branches/3.0-beta/plugins/jetty8/geronimo-jetty8/src/test/java/org/apache/geronimo/jetty8/AbstractWebModuleTest.java Thu Apr 26 19:40:50 2012
@@ -45,7 +45,7 @@ import org.apache.geronimo.j2ee.annotati
 import org.apache.geronimo.j2ee.jndi.ContextSource;
 import org.apache.geronimo.j2ee.jndi.WebContextSource;
 import org.apache.geronimo.jetty8.connector.HTTPSocketConnector;
-import org.apache.geronimo.jetty8.handler.GeronimoUserIdentity;
+import org.apache.geronimo.jetty8.handler.GeronimoJettyUserIdentity;
 import org.apache.geronimo.jetty8.security.SecurityHandlerFactory;
 import org.apache.geronimo.jetty8.security.ServerAuthenticationGBean;
 import org.apache.geronimo.kernel.config.ConfigurationData;
@@ -61,6 +61,7 @@ import org.apache.geronimo.security.jacc
 import org.apache.geronimo.security.jacc.mappingprovider.ApplicationPrincipalRoleConfigurationManager;
 import org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicy;
 import org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicyConfigurationFactory;
+import org.apache.geronimo.security.jaspi.impl.JACCUserIdentity;
 import org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal;
 import org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal;
 import org.apache.geronimo.system.serverinfo.BasicServerInfo;
@@ -131,7 +132,7 @@ public class AbstractWebModuleTest exten
             final AccessControlContext acc = ContextManager.registerSubjectShort(subject, null);
             securityHandlerFactory = new ServerAuthenticationGBean(new Authenticator() {
                 public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException {
-                    return new UserAuthentication("test", new GeronimoUserIdentity(subject, new GeronimoUserPrincipal("foo"), acc));
+                    return new UserAuthentication("test", new GeronimoJettyUserIdentity(new JACCUserIdentity(subject, new GeronimoUserPrincipal("foo"), acc)));
                 }// most likely validatedUser is not needed here.
 
                 public boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory, Authentication.User validatedUser) throws ServerAuthException {

Modified: geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java (original)
+++ geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java Thu Apr 26 19:40:50 2012
@@ -25,6 +25,7 @@ import java.util.HashMap;
 import java.util.Map;
 
 import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.message.AuthException;
 import javax.security.auth.message.config.AuthConfigFactory;
 import javax.security.auth.message.config.AuthConfigProvider;
@@ -39,12 +40,15 @@ import org.apache.catalina.deploy.WebXml
 import org.apache.catalina.startup.ContextConfig;
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.security.jaspi.IdentityService;
+import org.apache.geronimo.security.jaspi.LoginService;
+import org.apache.geronimo.security.jaspi.UserIdentity;
+import org.apache.geronimo.security.jaspi.impl.GeronimoIdentityService;
+import org.apache.geronimo.security.jaspi.impl.GeronimoLoginService;
+import org.apache.geronimo.security.jaspi.impl.JaspicCallbackHandler;
 import org.apache.geronimo.tomcat.security.Authenticator;
 import org.apache.geronimo.tomcat.security.Authorizer;
-import org.apache.geronimo.tomcat.security.IdentityService;
-import org.apache.geronimo.tomcat.security.LoginService;
 import org.apache.geronimo.tomcat.security.SecurityValve;
-import org.apache.geronimo.tomcat.security.UserIdentity;
 import org.apache.geronimo.tomcat.security.authentication.BasicAuthenticator;
 import org.apache.geronimo.tomcat.security.authentication.ClientCertAuthenticator;
 import org.apache.geronimo.tomcat.security.authentication.DigestAuthenticator;
@@ -53,9 +57,6 @@ import org.apache.geronimo.tomcat.securi
 import org.apache.geronimo.tomcat.security.authentication.NoneAuthenticator;
 import org.apache.geronimo.tomcat.security.authentication.SpnegoAuthenticator;
 import org.apache.geronimo.tomcat.security.authentication.jaspic.JaspicAuthenticator;
-import org.apache.geronimo.tomcat.security.authentication.jaspic.JaspicCallbackHandler;
-import org.apache.geronimo.tomcat.security.impl.GeronimoIdentityService;
-import org.apache.geronimo.tomcat.security.impl.GeronimoLoginService;
 import org.apache.geronimo.tomcat.security.jacc.JACCAuthorizer;
 import org.apache.geronimo.tomcat.security.jacc.JACCRealm;
 import org.apache.geronimo.tomcat.security.jacc.JACCSecurityValve;
@@ -153,7 +154,7 @@ public abstract class BaseGeronimoContex
         String appContext = "server " + geronimoContext.getPath();
         AuthConfigProvider authConfigProvider = authConfigFactory.getConfigProvider(MESSAGE_LAYER, appContext, listener);
         ServerAuthConfig serverAuthConfig = null;
-        JaspicCallbackHandler callbackHandler = null;
+        CallbackHandler callbackHandler = null;
         if (authConfigProvider != null) {
             callbackHandler = new JaspicCallbackHandler(loginService);
             try {

Modified: geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java (original)
+++ geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/AuthResult.java Thu Apr 26 19:40:50 2012
@@ -20,6 +20,8 @@
 
 package org.apache.geronimo.tomcat.security;
 
+import org.apache.geronimo.security.jaspi.UserIdentity;
+
 /**
  * @version $Rev$ $Date$
  */

Modified: geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java (original)
+++ geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/Authenticator.java Thu Apr 26 19:40:50 2012
@@ -25,6 +25,7 @@ import javax.servlet.http.HttpServletRes
 
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
+import org.apache.geronimo.security.jaspi.UserIdentity;
 
 
 /**

Modified: geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java (original)
+++ geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/Authorizer.java Thu Apr 26 19:40:50 2012
@@ -21,6 +21,7 @@
 package org.apache.geronimo.tomcat.security;
 
 import org.apache.catalina.connector.Request;
+import org.apache.geronimo.security.jaspi.UserIdentity;
 
 /**
  * @version $Rev$ $Date$

Modified: geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java (original)
+++ geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java Thu Apr 26 19:40:50 2012
@@ -31,6 +31,8 @@ import org.apache.catalina.connector.Req
 import org.apache.catalina.connector.Response;
 import org.apache.catalina.deploy.LoginConfig;
 import org.apache.catalina.valves.ValveBase;
+import org.apache.geronimo.security.jaspi.IdentityService;
+import org.apache.geronimo.security.jaspi.UserIdentity;
 
 /**
  * @version $Rev$ $Date$

Modified: geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java?rev=1331047&r1=1331046&r2=1331047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java (original)
+++ geronimo/server/branches/3.0-beta/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java Thu Apr 26 19:40:50 2012
@@ -29,12 +29,12 @@ import javax.servlet.http.HttpServletRes
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
 import org.apache.catalina.util.Base64;
+import org.apache.geronimo.security.jaspi.LoginService;
+import org.apache.geronimo.security.jaspi.UserIdentity;
 import org.apache.geronimo.tomcat.security.AuthResult;
 import org.apache.geronimo.tomcat.security.Authenticator;
-import org.apache.geronimo.tomcat.security.LoginService;
 import org.apache.geronimo.tomcat.security.ServerAuthException;
 import org.apache.geronimo.tomcat.security.TomcatAuthStatus;
-import org.apache.geronimo.tomcat.security.UserIdentity;
 import org.apache.tomcat.util.buf.ByteChunk;
 import org.apache.tomcat.util.buf.CharChunk;
 import org.apache.tomcat.util.buf.MessageBytes;



Mime
View raw message