[Jboss-cvs] JBossAS SVN: r56125 - in trunk/tomcat/src: main/org/jboss/web/tomcat/security main/org/jboss/web/tomcat/tc6 resources
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Aug 21 12:48:06 EDT 2006
Author: anil.saldhana at jboss.com
Date: 2006-08-21 12:48:04 -0400 (Mon, 21 Aug 2006)
New Revision: 56125
Modified:
trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
trunk/tomcat/src/main/org/jboss/web/tomcat/tc6/DeployerConfig.java
trunk/tomcat/src/main/org/jboss/web/tomcat/tc6/Tomcat6.java
trunk/tomcat/src/main/org/jboss/web/tomcat/tc6/TomcatDeployer.java
trunk/tomcat/src/resources/jboss-service-all.xml
trunk/tomcat/src/resources/jboss-service.xml
trunk/tomcat/src/resources/webserver-xmbean.xml
Log:
JBAS-3535:AuthorizationManager from JNDI
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2006-08-21 16:44:24 UTC (rev 56124)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2006-08-21 16:48:04 UTC (rev 56125)
@@ -51,21 +51,18 @@
import org.apache.catalina.realm.RealmBase;
import org.jboss.logging.Logger;
import org.jboss.metadata.SecurityRoleRefMetaData;
-import org.jboss.metadata.WebMetaData;
-import org.jboss.mx.util.MBeanProxy;
-import org.jboss.mx.util.MBeanProxyCreationException;
+import org.jboss.metadata.WebMetaData;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.CertificatePrincipal;
import org.jboss.security.RealmMapping;
-import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityConstants;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.SubjectSecurityManager;
import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
import org.jboss.security.auth.certs.SubjectDNMapping;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.AuthorizationException;
-import org.jboss.security.authorization.ResourceKeys;
-import org.jboss.security.plugins.AuthorizationManagerServiceMBean;
+import org.jboss.security.authorization.ResourceKeys;
import org.jboss.web.tomcat.security.authorization.WebResource;
//$Id$
@@ -90,7 +87,7 @@
/**
* The JBossSecurityMgrRealm category trace flag
*/
- private boolean trace;
+ private boolean trace = log.isTraceEnabled();
/** The current servlet request */
private static ThreadLocal activeRequest = new ThreadLocal();
@@ -704,34 +701,17 @@
*/
private AuthorizationManager getAuthorizationManager()
{
- //Get the app security domain if available
- String appSecurityDomain = securityDomain;
+ AuthorizationManager am = null;
try
{
- SubjectSecurityManager ssm = (SubjectSecurityManager)getSecurityContext().lookup("securityMgr");
- appSecurityDomain = ssm.getSecurityDomain();
+ am = (AuthorizationManager)getSecurityContext().lookup("authorizationMgr");
}
- catch(NamingException ne)
+ catch (Exception e)
{
if(trace)
- {
- log.trace("Naming exception looking up security domain:",ne);
- log.trace("Security Domain for Authorization Manager defaults to="+ securityDomain);
- }
- appSecurityDomain = securityDomain;
+ log.trace("Lookup of authorization manager failed", e);
}
- AuthorizationManagerServiceMBean mbean = null;
- try
- {
- mbean = (AuthorizationManagerServiceMBean)
- MBeanProxy.get(AuthorizationManagerServiceMBean.class,
- AuthorizationManagerServiceMBean.OBJECT_NAME,this.mserver);
- }
- catch (MBeanProxyCreationException e)
- {
- log.error("Cannot obtain proxy for AuthorizationManagerService",e);
- }
- return mbean != null ? mbean.getAuthorizationManager(appSecurityDomain): null;
+ return am;
}
private Context getSecurityContext()
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/tc6/DeployerConfig.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/tc6/DeployerConfig.java 2006-08-21 16:44:24 UTC (rev 56124)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/tc6/DeployerConfig.java 2006-08-21 16:48:04 UTC (rev 56125)
@@ -22,8 +22,7 @@
package org.jboss.web.tomcat.tc6;
import javax.management.ObjectName;
-
-import org.jboss.security.plugins.AuthorizationManagerServiceMBean;
+
import org.jboss.security.plugins.JaasSecurityManagerServiceMBean;
/**
@@ -126,10 +125,7 @@
*/
private boolean allowSelfPrivilegedWebApps = false;
/** The service used to flush authentication cache on session invalidation. */
- private JaasSecurityManagerServiceMBean secMgrService;
-
- /** Service used to register policies */
- private AuthorizationManagerServiceMBean authorizationMgrService;
+ private JaasSecurityManagerServiceMBean secMgrService;
public ClassLoader getServiceClassLoader()
{
@@ -334,19 +330,8 @@
public void setAllowSelfPrivilegedWebApps(boolean allowSelfPrivilegedWebApps)
{
this.allowSelfPrivilegedWebApps = allowSelfPrivilegedWebApps;
- }
+ }
-
- public AuthorizationManagerServiceMBean getAuthorizationManagerService()
- {
- return authorizationMgrService;
- }
-
- public void setAuthorizationManagerService(AuthorizationManagerServiceMBean authorizationMgrService)
- {
- this.authorizationMgrService = authorizationMgrService;
- }
-
public JaasSecurityManagerServiceMBean getSecurityManagerService()
{
return secMgrService;
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/tc6/Tomcat6.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/tc6/Tomcat6.java 2006-08-21 16:44:24 UTC (rev 56124)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/tc6/Tomcat6.java 2006-08-21 16:48:04 UTC (rev 56125)
@@ -155,11 +155,8 @@
private boolean allowSelfPrivilegedWebApps = false;
/** The service used to flush authentication cache on session invalidation. */
- private JaasSecurityManagerServiceMBean secMgrService;
-
- /** Authorization Manager Service that is used to register xacml policies */
- private AuthorizationManagerServiceMBean authorizationMgrService;
-
+ private JaasSecurityManagerServiceMBean secMgrService;
+
/** */
private String[] filteredPackages;
@@ -357,13 +354,8 @@
public void setAllowSelfPrivilegedWebApps(boolean allowSelfPrivilegedWebApps)
{
this.allowSelfPrivilegedWebApps = allowSelfPrivilegedWebApps;
- }
+ }
- public void setAuthorizationManagerService(AuthorizationManagerServiceMBean mgr)
- {
- this.authorizationMgrService = mgr;
- }
-
public void setSecurityManagerService(JaasSecurityManagerServiceMBean mgr)
{
this.secMgrService = mgr;
@@ -684,8 +676,7 @@
config.setUseJK(this.useJK);
config.setSubjectAttributeName(this.subjectAttributeName);
config.setUseJBossWebLoader(this.useJBossWebLoader);
- config.setAllowSelfPrivilegedWebApps(this.allowSelfPrivilegedWebApps);
- config.setAuthorizationManagerService(this.authorizationMgrService);
+ config.setAllowSelfPrivilegedWebApps(this.allowSelfPrivilegedWebApps);
config.setSecurityManagerService(this.secMgrService);
config.setFilteredPackages(filteredPackages);
deployer.setServer(server);
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/tc6/TomcatDeployer.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/tc6/TomcatDeployer.java 2006-08-21 16:44:24 UTC (rev 56124)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/tc6/TomcatDeployer.java 2006-08-21 16:48:04 UTC (rev 56125)
@@ -396,8 +396,7 @@
{
String secDomain = Util.unprefixSecurityDomain(metaData.getSecurityDomain());
//Associate the Context Id with the Security Domain
- String contextID = metaData.getJaccContextID();
- mapSecurityDomain(secDomain, contextID);
+ String contextID = metaData.getJaccContextID();
//Check if xacml policy is available
URL xacmlPolicyFile = null;
@@ -405,11 +404,8 @@
{
xacmlPolicyFile = this.findXACMLFile(url);
if(xacmlPolicyFile != null)
- {
- AuthorizationManagerServiceMBean authzmgrService = config.getAuthorizationManagerService();
- if(authzmgrService == null)
- throw new IllegalStateException("AuthorizationManagerService not configured in Tomcat5");
- AuthorizationManager authzmgr= authzmgrService.getAuthorizationManager(secDomain);
+ {
+ AuthorizationManager authzmgr= Util.getAuthorizationManager(secDomain);
if(authzmgr instanceof PolicyRegistration)
{
PolicyRegistration xam = (PolicyRegistration)authzmgr;
@@ -632,20 +628,5 @@
return ".../" + warUrl.substring(serverHomeUrl.length());
else
return warUrl;
- }
-
- protected void mapSecurityDomain(String securityDomain, String contextId)
- {
- //Register the context id with the authentication service
- ObjectName oname = null;
- try
- {
- oname = new ObjectName("jboss.security:service=JASPISecurityManager");
- server.invoke(oname,"registerSecurityDomain", new Object[]{securityDomain,contextId},
- new String[]{"java.lang.String", "java.lang.String"} );
- }catch(JMException me)
- {
- log.error("mapSecurityDomain::" + me.getLocalizedMessage());
- }
- }
+ }
}
Modified: trunk/tomcat/src/resources/jboss-service-all.xml
===================================================================
--- trunk/tomcat/src/resources/jboss-service-all.xml 2006-08-21 16:44:24 UTC (rev 56124)
+++ trunk/tomcat/src/resources/jboss-service-all.xml 2006-08-21 16:48:04 UTC (rev 56125)
@@ -140,11 +140,6 @@
<attribute name="Domain">jboss.web</attribute>
- <!-- Depends on the Authorization Manager Service-->
- <depends optional-attribute-name="AuthorizationManagerService"
- proxy-type="attribute">jboss.security:service=AuthorizationManager
- </depends>
-
<!-- A mapping to the server security manager service which must be
operation compatible with type
org.jboss.security.plugins.JaasSecurityManagerServiceMBean. This is only
Modified: trunk/tomcat/src/resources/jboss-service.xml
===================================================================
--- trunk/tomcat/src/resources/jboss-service.xml 2006-08-21 16:44:24 UTC (rev 56124)
+++ trunk/tomcat/src/resources/jboss-service.xml 2006-08-21 16:48:04 UTC (rev 56125)
@@ -142,11 +142,6 @@
<attribute name="Domain">jboss.web</attribute>
- <!-- Depends on the Authorization Manager Service-->
- <depends optional-attribute-name="AuthorizationManagerService"
- proxy-type="attribute">jboss.security:service=AuthorizationManager
- </depends>
-
<!-- A mapping to the server security manager service which must be
operation compatible with type
org.jboss.security.plugins.JaasSecurityManagerServiceMBean. This is only
Modified: trunk/tomcat/src/resources/webserver-xmbean.xml
===================================================================
--- trunk/tomcat/src/resources/webserver-xmbean.xml 2006-08-21 16:44:24 UTC (rev 56124)
+++ trunk/tomcat/src/resources/webserver-xmbean.xml 2006-08-21 16:48:04 UTC (rev 56125)
@@ -129,11 +129,6 @@
<type>java.util.Iterator</type>
</attribute>
- <attribute access="write-only" setMethod="setAuthorizationManagerService">
- <name>AuthorizationManagerService</name>
- <type>org.jboss.security.plugins.AuthorizationManagerServiceMBean</type>
- </attribute>
-
<attribute access="write-only" setMethod="setSecurityManagerService">
<name>SecurityManagerService</name>
<type>org.jboss.security.plugins.JaasSecurityManagerServiceMBean</type>
@@ -174,4 +169,4 @@
&defaultOperations;
&interceptable;
-</mbean>
\ No newline at end of file
+</mbean>
More information about the jboss-cvs-commits
mailing list