[jboss-cvs] JBossAS SVN: r72657 - in projects/security/security-jboss-sx/tags: 2.0.2.Beta7 and 34 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Apr 23 22:14:45 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-04-23 22:14:44 -0400 (Wed, 23 Apr 2008)
New Revision: 72657
Added:
projects/security/security-jboss-sx/tags/2.0.2.Beta7/
projects/security/security-jboss-sx/tags/2.0.2.Beta7/acl/.classpath
projects/security/security-jboss-sx/tags/2.0.2.Beta7/acl/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.Beta7/assembly/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.Beta7/assembly/src/assembly/
projects/security/security-jboss-sx/tags/2.0.2.Beta7/identity/.classpath
projects/security/security-jboss-sx/tags/2.0.2.Beta7/identity/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx-client/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/.classpath
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/AbstractPasswordCredentialLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/CallerIdentityLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/GetPrincipalInfoAction.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/JaasSecurityDomainIdentityLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/PBEIdentityLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/SecureIdentityLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/SubjectActions.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/ClientLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityAssociation.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityRoleRef.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/audit/config/AuditConfigEntryHolder.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationModuleEntry.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractAuthorizationModule.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/XACMLAuthorizationModule.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLUtil.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/resources/JavaEEResource.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/util/
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/client/JBossSecurityClient.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/identitytrust/config/IdentityTrustModuleEntry.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/jacc/SubjectPolicyContextHandler.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/JBossPolicyRegistration.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContext.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/javaee/
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/WebJASPIAuthMgrUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaas/
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPILoginModuleDelgateUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestAuthConfigProvider.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestClientAuthConfig.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestServerAuthConfig.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthZMgrSafetyUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/acl/JBossAuthorizationManagerACLUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBAuthorizationUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/web/TestWebAuthorizationModuleDelegate.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/web/WebAuthorizationUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/xacml/WebXACMLUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/security/client/JBossSecurityClientTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/security/helpers/
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securityassociation/LegacySecurityAssociationTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securitycontext/IdentityUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securitycontext/SubjectInfoUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/util/SecurityTestUtil.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/pom.xml
Removed:
projects/security/security-jboss-sx/tags/2.0.2.Beta7/acl/.classpath
projects/security/security-jboss-sx/tags/2.0.2.Beta7/acl/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.Beta7/assembly/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.Beta7/assembly/src/assembly/
projects/security/security-jboss-sx/tags/2.0.2.Beta7/identity/.classpath
projects/security/security-jboss-sx/tags/2.0.2.Beta7/identity/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx-client/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/.classpath
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/AbstractPasswordCredentialLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/CallerIdentityLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/GetPrincipalInfoAction.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/JaasSecurityDomainIdentityLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/PBEIdentityLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/SecureIdentityLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/SubjectActions.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/ClientLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityAssociation.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityRoleRef.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/audit/config/AuditConfigEntryHolder.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationModuleEntry.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractAuthorizationModule.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/XACMLAuthorizationModule.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLUtil.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/resources/JavaEEResource.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/client/JBossSecurityClient.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/identitytrust/config/IdentityTrustModuleEntry.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/jacc/SubjectPolicyContextHandler.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/JBossPolicyRegistration.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContext.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/WebJASPIAuthMgrUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPILoginModuleDelgateUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestAuthConfigProvider.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestClientAuthConfig.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestServerAuthConfig.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthZMgrSafetyUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/acl/JBossAuthorizationManagerACLUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBAuthorizationUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/web/WebAuthorizationUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/xacml/WebXACMLUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/security/client/JBossSecurityClientTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securityassociation/LegacySecurityAssociationTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securitycontext/IdentityUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securitycontext/SubjectInfoUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.Beta7/pom.xml
Log:
[maven-release-plugin] copy for tag 2.0.2.Beta7
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7 (from rev 72024, projects/security/security-jboss-sx/trunk)
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/acl/.classpath
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/.classpath 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/acl/.classpath 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,46 +0,0 @@
-<classpath>
- <classpathentry kind="src" path="." including="JBossORG-EULA.txt" excluding="**/*.java"/>
- <classpathentry kind="src" path="src/main/java"/>
- <classpathentry kind="src" path="src/main/resources" including="**/*.dtd|**/*.xsd" excluding="**/*.java"/>
- <classpathentry kind="src" path="src/tests/java" output="target/test-classes"/>
- <classpathentry kind="src" path="src/tests/resources" output="target/test-classes" including="**/*.xml" excluding="**/*.java"/>
- <classpathentry kind="output" path="target/classes"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.2.GA/jboss-logging-spi-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-slide/webdavlib/2.0/webdavlib-2.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-test/1.0.4.GA/jboss-test-1.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-core/2.0.2.GA/jboss-common-core-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.1.GA/jboss-common-core-2.2.1.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-spi/2.0.2-SNAPSHOT/identity-spi-2.0.2-SNAPSHOT.jar"/>
- <classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-entitymanager/3.3.1.ga/hibernate-entitymanager-3.3.1.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/authorization-spi/2.0.2-SNAPSHOT/authorization-spi-2.0.2-SNAPSHOT.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/profiler/jvmti/jboss-profiler-jvmti/1.0.0.CR5/jboss-profiler-jvmti-1.0.0.CR5.jar"/>
- <classpathentry kind="var" path="M2_REPO/ant/ant-junit/1.6.5/ant-junit-1.6.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/javassist/3.3.ga/javassist-3.3.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-log4j/2.0.4.GA/jboss-common-logging-log4j-2.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/hsqldb/hsqldb/1.8.0.2/hsqldb-1.8.0.2.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-xerces/xml-apis/2.7.1/xml-apis-2.7.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/ant/ant/1.6.5/ant-1.6.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-commons-annotations/3.0.0.ga/hibernate-commons-annotations-3.0.0.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.3/ehcache-1.2.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/cglib/cglib/2.1_3/cglib-2.1_3.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/acl-spi/2.0.2-SNAPSHOT/acl-spi-2.0.2-SNAPSHOT.jar"/>
- <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
- <classpathentry kind="var" path="M2_REPO/asm/asm-attrs/1.5.3/asm-attrs-1.5.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-validator/3.0.0.ga/hibernate-validator-3.0.0.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate/3.2.4.sp1/hibernate-3.2.4.sp1.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/2.1.1/commons-collections-2.1.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-log4j/2.0.2.GA/jboss-logging-log4j-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/asm/asm/1.5.3/asm-1.5.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-annotations/3.3.0.ga/hibernate-annotations-3.3.0.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/transaction/jta/1.0.1B/jta-1.0.1B.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-httpclient/commons-httpclient/2.0.2/commons-httpclient-2.0.2.jar"/>
- <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
-</classpath>
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/acl/.classpath (from rev 72655, projects/security/security-jboss-sx/trunk/acl/.classpath)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/acl/.classpath (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/acl/.classpath 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry excluding="**/*.java" including="JBossORG-EULA.txt" kind="src" path=""/>
+ <classpathentry kind="src" path="src/main/java"/>
+ <classpathentry excluding="**/*.java" including="**/*.dtd|**/*.xsd" kind="src" path="src/main/resources"/>
+ <classpathentry kind="src" output="target/test-classes" path="src/tests/java"/>
+ <classpathentry excluding="**/*.java" including="**/*.xml" kind="src" output="target/test-classes" path="src/tests/resources"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.2.GA/jboss-logging-spi-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-slide/webdavlib/2.0/webdavlib-2.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-test/1.0.4.GA/jboss-test-1.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-core/2.0.2.GA/jboss-common-core-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.1.GA/jboss-common-core-2.2.1.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.Beta7/jboss-security-spi-2.0.2.Beta7.jar"/>
+ <classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-entitymanager/3.3.1.ga/hibernate-entitymanager-3.3.1.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/profiler/jvmti/jboss-profiler-jvmti/1.0.0.CR5/jboss-profiler-jvmti-1.0.0.CR5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/ant/ant-junit/1.6.5/ant-junit-1.6.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/javassist/3.3.GA/javassist-3.3.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-log4j/2.0.4.GA/jboss-common-logging-log4j-2.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/hsqldb/hsqldb/1.8.0.2/hsqldb-1.8.0.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-xerces/xml-apis/2.7.1/xml-apis-2.7.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/ant/ant/1.6.5/ant-1.6.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-commons-annotations/3.0.0.ga/hibernate-commons-annotations-3.0.0.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.3/ehcache-1.2.3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/cglib/cglib/2.1_3/cglib-2.1_3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var" path="M2_REPO/asm/asm-attrs/1.5.3/asm-attrs-1.5.3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-validator/3.0.0.ga/hibernate-validator-3.0.0.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate/3.2.4.sp1/hibernate-3.2.4.sp1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/2.1.1/commons-collections-2.1.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-log4j/2.0.2.GA/jboss-logging-log4j-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/asm/asm/1.5.3/asm-1.5.3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-annotations/3.3.0.ga/hibernate-annotations-3.3.0.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/transaction/jta/1.0.1B/jta-1.0.1B.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-httpclient/commons-httpclient/2.0.2/commons-httpclient-2.0.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/acl/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/pom.xml 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/acl/pom.xml 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,152 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.security</groupId>
- <artifactId>jbosssx-parent</artifactId>
- <version>2.0.2-SNAPSHOT</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>jboss-security-acl-impl</artifactId>
- <packaging>jar</packaging>
- <name>JBoss Security ACL Implementation</name>
- <url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <profiles>
- <!-- mvn install -Psecurity-manager -->
- <profile>
- <id>security-manager</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <properties>
- <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
- <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
- <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} ${test.env}</surefire.jvm.args>
- </properties>
- </profile>
- <!-- mvn install -Psecurity-manager-debug -->
- <!-- Best Practice: mvn install -Psecurity-manager-debug 2>&1 > logfile2>&1 > logfile -->
- <profile>
- <id>security-manager-debug</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <properties>
- <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
- <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
- <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} -Djava.security.debug=failure,access ${test.env}</surefire.jvm.args>
- </properties>
- </profile>
- </profiles>
- <build>
- <sourceDirectory>src/main/java</sourceDirectory>
- <outputDirectory>target/classes</outputDirectory>
- <testSourceDirectory>src/tests/java</testSourceDirectory>
- <testOutputDirectory>target/test-classes</testOutputDirectory>
- <finalName>${artifactId}</finalName>
- <resources>
- <resource>
- <directory>${basedir}</directory>
- <includes>
- <include>JBossORG-EULA.txt</include>
- </includes>
- </resource>
- <resource>
- <directory>src/main/resources</directory>
- <includes>
- <include>**/*.dtd</include>
- <include>**/*.xsd</include>
- </includes>
- </resource>
- </resources>
- <testResources>
- <testResource>
- <directory>src/tests/resources/</directory>
- <includes>
- <include>**/*.xml</include>
- </includes>
- </testResource>
- </testResources>
- </build>
- <dependencies>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>acl-spi</artifactId>
- <version>2.0.2-SNAPSHOT</version>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>identity-spi</artifactId>
- <version>2.0.2.Beta5</version>
- </dependency>
- <dependency>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-common-core</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-logging-spi</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-logging-log4j</artifactId>
- <scope>runtime</scope>
- </dependency>
- <dependency>
- <groupId>org.hibernate</groupId>
- <artifactId>hibernate</artifactId>
- <version>3.2.4.sp1</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.hibernate</groupId>
- <artifactId>hibernate-annotations</artifactId>
- <version>3.3.0.ga</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.hibernate</groupId>
- <artifactId>hibernate-entitymanager</artifactId>
- <version>3.3.1.ga</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>hsqldb</groupId>
- <artifactId>hsqldb</artifactId>
- <version>1.8.0.2</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>apache-log4j</groupId>
- <artifactId>log4j</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-test</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>identity-impl</artifactId>
- <version>${project.version}</version>
- <scope>compile</scope>
- </dependency>
- </dependencies>
-</project>
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/acl/pom.xml (from rev 72656, projects/security/security-jboss-sx/trunk/acl/pom.xml)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/acl/pom.xml (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/acl/pom.xml 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,150 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx-parent</artifactId>
+ <version>2.0.2.Beta7</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jboss-security-acl-impl</artifactId>
+ <packaging>jar</packaging>
+ <name>JBoss Security ACL Implementation</name>
+ <url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <profiles>
+ <!-- mvn install -Psecurity-manager -->
+ <profile>
+ <id>security-manager</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <properties>
+ <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
+ <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
+ <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} ${test.env}</surefire.jvm.args>
+ </properties>
+ </profile>
+ <!-- mvn install -Psecurity-manager-debug -->
+ <!-- Best Practice: mvn install -Psecurity-manager-debug 2>&1 > logfile2>&1 > logfile -->
+ <profile>
+ <id>security-manager-debug</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <properties>
+ <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
+ <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
+ <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} -Djava.security.debug=failure,access ${test.env}</surefire.jvm.args>
+ </properties>
+ </profile>
+ </profiles>
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <outputDirectory>target/classes</outputDirectory>
+ <testSourceDirectory>src/tests/java</testSourceDirectory>
+ <testOutputDirectory>target/test-classes</testOutputDirectory>
+ <finalName>${artifactId}</finalName>
+ <resources>
+ <resource>
+ <directory>${basedir}</directory>
+ <includes>
+ <include>JBossORG-EULA.txt</include>
+ </includes>
+ </resource>
+ <resource>
+ <directory>src/main/resources</directory>
+ <includes>
+ <include>**/*.dtd</include>
+ <include>**/*.xsd</include>
+ </includes>
+ </resource>
+ </resources>
+ <testResources>
+ <testResource>
+ <directory>src/tests/resources/</directory>
+ <includes>
+ <include>**/*.xml</include>
+ </includes>
+ </testResource>
+ </testResources>
+ </build>
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>acl-spi</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>identity-spi</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-common-core</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-logging-spi</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-logging-log4j</artifactId>
+ <scope>runtime</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate</artifactId>
+ <version>3.2.4.sp1</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-annotations</artifactId>
+ <version>3.3.0.ga</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-entitymanager</artifactId>
+ <version>3.3.1.ga</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>hsqldb</groupId>
+ <artifactId>hsqldb</artifactId>
+ <version>1.8.0.2</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>apache-log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>identity-impl</artifactId>
+ <version>${project.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ </dependencies>
+</project>
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/assembly/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/assembly/pom.xml 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/assembly/pom.xml 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,62 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.security</groupId>
- <artifactId>jbosssx-parent</artifactId>
- <version>2.0.2-SNAPSHOT</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <groupId>org.jboss.security</groupId>
- <artifactId>jbosssx</artifactId>
- <packaging>pom</packaging>
- <name>JBoss Security Implementation for the JBAS - Assembly</name>
- <url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-assembly-plugin</artifactId>
- <version>2.1</version>
- <executions>
- <execution>
- <phase>package</phase>
- <goals>
- <goal>attached</goal>
- </goals>
- </execution>
- </executions>
- <configuration>
- <archive>
- <manifestEntries>
- <Specification-Title>JBoss Security Implementation for the JBAS</Specification-Title>
- <Specification-Version>${project.version}</Specification-Version>
- <Specification-Vendor>Red Hat Middleware LLC</Specification-Vendor>
- <Implementation-Title>JBoss Security Implementation for the JBAS</Implementation-Title>
- <Implementation-Version>${project.version}</Implementation-Version>
- <Implementation-VendorId>org.jboss.security</Implementation-VendorId>
- <Implementation-Vendor>Red Hat Middleware LLC</Implementation-Vendor>
- <Implementation-URL>http://labs.jboss.org/portal/jbosssecurity/</Implementation-URL>
- </manifestEntries>
- </archive>
- <descriptors>
- <descriptor>src/assembly/bin.xml</descriptor>
- <descriptor>src/assembly/sources.xml</descriptor>
- </descriptors>
- </configuration>
- <inherited>false</inherited>
- </plugin>
- </plugins>
- </build>
-
-</project>
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/assembly/pom.xml (from rev 72656, projects/security/security-jboss-sx/trunk/assembly/pom.xml)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/assembly/pom.xml (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/assembly/pom.xml 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,62 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx-parent</artifactId>
+ <version>2.0.2.Beta7</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx</artifactId>
+ <packaging>pom</packaging>
+ <name>JBoss Security Implementation for the JBAS - Assembly</name>
+ <url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <version>2.1</version>
+ <executions>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>attached</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <archive>
+ <manifestEntries>
+ <Specification-Title>JBoss Security Implementation for the JBAS</Specification-Title>
+ <Specification-Version>${project.version}</Specification-Version>
+ <Specification-Vendor>Red Hat Middleware LLC</Specification-Vendor>
+ <Implementation-Title>JBoss Security Implementation for the JBAS</Implementation-Title>
+ <Implementation-Version>${project.version}</Implementation-Version>
+ <Implementation-VendorId>org.jboss.security</Implementation-VendorId>
+ <Implementation-Vendor>Red Hat Middleware LLC</Implementation-Vendor>
+ <Implementation-URL>http://labs.jboss.org/portal/jbosssecurity/</Implementation-URL>
+ </manifestEntries>
+ </archive>
+ <descriptors>
+ <descriptor>src/assembly/bin.xml</descriptor>
+ <descriptor>src/assembly/sources.xml</descriptor>
+ </descriptors>
+ </configuration>
+ <inherited>false</inherited>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/assembly/src/assembly (from rev 72448, projects/security/security-jboss-sx/trunk/assembly/src/assembly)
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/identity/.classpath
===================================================================
--- projects/security/security-jboss-sx/trunk/identity/.classpath 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/identity/.classpath 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
- <classpathentry kind="src" path="src/main"/>
- <classpathentry kind="src" path="src/resources"/>
- <classpathentry excluding="resources/" kind="src" output="target/test-classes" path="src/tests"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
- <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-spi/2.0.2-SNAPSHOT/identity-spi-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2-SNAPSHOT/spi-2.0.2-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-test/1.0.4.GA/jboss-test-1.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.1.GA/jboss-common-core-2.2.1.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.2.GA/jboss-logging-spi-2.0.2.GA.jar"/>
- <classpathentry kind="output" path="target/eclipse-classes"/>
-</classpath>
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/identity/.classpath (from rev 72655, projects/security/security-jboss-sx/trunk/identity/.classpath)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/identity/.classpath (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/identity/.classpath 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="src" path="src/main"/>
+ <classpathentry kind="src" path="src/resources"/>
+ <classpathentry excluding="resources/" kind="src" output="target/test-classes" path="src/tests"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.Beta7/jboss-security-spi-2.0.2.Beta7.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2-SNAPSHOT/spi-2.0.2-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-test/1.0.4.GA/jboss-test-1.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.1.GA/jboss-common-core-2.2.1.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.2.GA/jboss-logging-spi-2.0.2.GA.jar"/>
+ <classpathentry kind="output" path="target/eclipse-classes"/>
+</classpath>
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/identity/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/identity/pom.xml 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/identity/pom.xml 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,123 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.security</groupId>
- <artifactId>jbosssx-parent</artifactId>
- <version>2.0.2-SNAPSHOT</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>identity-impl</artifactId>
- <packaging>jar</packaging>
- <name>JBoss Security Identity Implementation</name>
- <url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <profiles>
- <!-- mvn install -Psecurity-manager -->
- <profile>
- <id>security-manager</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <properties>
- <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
- <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
- <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} ${test.env}</surefire.jvm.args>
- </properties>
- </profile>
- <!-- mvn install -Psecurity-manager-debug -->
- <!-- Best Practice: mvn install -Psecurity-manager-debug 2>&1 > logfile2>&1 > logfile -->
- <profile>
- <id>security-manager-debug</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <properties>
- <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
- <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
- <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} -Djava.security.debug=failure,access ${test.env}</surefire.jvm.args>
- </properties>
- </profile>
- </profiles>
- <build>
- <sourceDirectory>src/main</sourceDirectory>
- <testSourceDirectory>src/tests</testSourceDirectory>
- <testOutputDirectory>target/test-classes</testOutputDirectory>
- <finalName>${artifactId}</finalName>
- <outputDirectory>target/classes</outputDirectory>
- <resources>
- <resource>
- <directory>src/main</directory>
- <includes>
- <include>**/*.xml</include>
- </includes>
- </resource>
- <resource>
- <directory>${basedir}</directory>
- <includes>
- <include>JBossORG-EULA.txt</include>
- </includes>
- </resource>
- <resource>
- <directory>src/resources</directory>
- <includes>
- <include>**/*.dtd</include>
- <include>**/*.xsd</include>
- </includes>
- </resource>
- </resources>
- <testResources>
- <testResource>
- <directory>src/tests/resources/</directory>
- </testResource>
- <testResource>
- <directory>src/main</directory>
- </testResource>
- </testResources>
- </build>
- <dependencies>
- <dependency>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-common-core</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-logging-spi</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-logging-log4j</artifactId>
- <scope>runtime</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>identity-spi</artifactId>
- <version>2.0.2.Beta5</version>
- </dependency>
- <dependency>
- <groupId>apache-log4j</groupId>
- <artifactId>log4j</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-test</artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
-</project>
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/identity/pom.xml (from rev 72656, projects/security/security-jboss-sx/trunk/identity/pom.xml)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/identity/pom.xml (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/identity/pom.xml 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,123 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx-parent</artifactId>
+ <version>2.0.2.Beta7</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>identity-impl</artifactId>
+ <packaging>jar</packaging>
+ <name>JBoss Security Identity Implementation</name>
+ <url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <profiles>
+ <!-- mvn install -Psecurity-manager -->
+ <profile>
+ <id>security-manager</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <properties>
+ <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
+ <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
+ <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} ${test.env}</surefire.jvm.args>
+ </properties>
+ </profile>
+ <!-- mvn install -Psecurity-manager-debug -->
+ <!-- Best Practice: mvn install -Psecurity-manager-debug 2>&1 > logfile2>&1 > logfile -->
+ <profile>
+ <id>security-manager-debug</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <properties>
+ <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
+ <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
+ <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} -Djava.security.debug=failure,access ${test.env}</surefire.jvm.args>
+ </properties>
+ </profile>
+ </profiles>
+ <build>
+ <sourceDirectory>src/main</sourceDirectory>
+ <testSourceDirectory>src/tests</testSourceDirectory>
+ <testOutputDirectory>target/test-classes</testOutputDirectory>
+ <finalName>${artifactId}</finalName>
+ <outputDirectory>target/classes</outputDirectory>
+ <resources>
+ <resource>
+ <directory>src/main</directory>
+ <includes>
+ <include>**/*.xml</include>
+ </includes>
+ </resource>
+ <resource>
+ <directory>${basedir}</directory>
+ <includes>
+ <include>JBossORG-EULA.txt</include>
+ </includes>
+ </resource>
+ <resource>
+ <directory>src/resources</directory>
+ <includes>
+ <include>**/*.dtd</include>
+ <include>**/*.xsd</include>
+ </includes>
+ </resource>
+ </resources>
+ <testResources>
+ <testResource>
+ <directory>src/tests/resources/</directory>
+ </testResource>
+ <testResource>
+ <directory>src/main</directory>
+ </testResource>
+ </testResources>
+ </build>
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-common-core</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-logging-spi</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-logging-log4j</artifactId>
+ <scope>runtime</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>identity-spi</artifactId>
+ <version>2.0.2.Beta5</version>
+ </dependency>
+ <dependency>
+ <groupId>apache-log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/.classpath
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/.classpath 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/.classpath 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,67 +0,0 @@
-<classpath>
- <classpathentry kind="src" path="." including="JBossORG-EULA.txt" excluding="**/*.java"/>
- <classpathentry kind="src" path="src/main"/>
- <classpathentry kind="src" path="src/resources" including="**/*.dtd|**/*.xsd" excluding="**/*.java"/>
- <classpathentry kind="src" path="src/tests" output="target/test-classes"/>
- <classpathentry kind="src" path="src/tests/resources" output="target/test-classes" excluding="**/*.java"/>
- <classpathentry kind="src" path="target/generated-sources/javacc"/>
- <classpathentry kind="output" path="target/classes"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/acl-spi/2.0.2-SNAPSHOT/acl-spi-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/acl-spi/2.0.2-SNAPSHOT/acl-spi-2.0.2-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/ant/ant/1.6.5/ant-1.6.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/ant/ant-junit/1.6.5/ant-junit-1.6.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar"/>
- <classpathentry kind="var" path="M2_REPO/asm/asm/1.5.3/asm-1.5.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/asm/asm-attrs/1.5.3/asm-attrs-1.5.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/authorization-spi/2.0.2-SNAPSHOT/authorization-spi-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/authorization-spi/2.0.2-SNAPSHOT/authorization-spi-2.0.2-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/cglib/cglib/2.1_3/cglib-2.1_3.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/2.1.1/commons-collections-2.1.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-httpclient/commons-httpclient/2.0.2/commons-httpclient-2.0.2.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/oswego-concurrent/concurrent/1.3.4/concurrent-1.3.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/wutka-dtdparser/dtdparser121/1.2.1/dtdparser121-1.2.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.3/ehcache-1.2.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate/3.2.4.sp1/hibernate-3.2.4.sp1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-annotations/3.3.0.ga/hibernate-annotations-3.3.0.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-commons-annotations/3.0.0.ga/hibernate-commons-annotations-3.0.0.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-entitymanager/3.3.1.ga/hibernate-entitymanager-3.3.1.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-validator/3.0.0.ga/hibernate-validator-3.0.0.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-spi/2.0.2-SNAPSHOT/identity-spi-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/identity-spi/2.0.2-SNAPSHOT/identity-spi-2.0.2-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/javassist/javassist/3.4.GA/javassist-3.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/javassist/3.3.ga/javassist-3.3.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-core/2.0.4.GA/jboss-common-core-2.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.1.GA/jboss-common-core-2.2.1.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-log4j/2.0.4.GA/jboss-common-logging-log4j-2.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jacc-api/1.1.0.Beta3Update1/jboss-jacc-api-1.1.0.Beta3Update1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jaspi-api/1.0.0.Beta3Update1/jboss-jaspi-api-1.0.0.Beta3Update1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-javaee/5.0.0.Beta3/jboss-javaee-5.0.0.Beta3.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-jmx/4.2.1.GA/jboss-jmx-4.2.1.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-log4j/2.0.2.GA/jboss-logging-log4j-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.2.GA/jboss-logging-spi-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/profiler/jvmti/jboss-profiler-jvmti/1.0.0.CR5/jboss-profiler-jvmti-1.0.0.CR5.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-acl-impl/2.0.2-SNAPSHOT/jboss-security-acl-impl-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-acl-impl/2.0.2-SNAPSHOT/jboss-security-acl-impl-2.0.2-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi-bare/2.0.2-SNAPSHOT/jboss-security-spi-bare-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-spi-bare/2.0.2-SNAPSHOT/jboss-security-spi-bare-2.0.2-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-servlet-api/2.5.0.Beta3Update1/jboss-servlet-api-2.5.0.Beta3Update1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-test/1.0.4.GA/jboss-test-1.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-transaction-api/1.0.1.Beta3Update1/jboss-transaction-api-1.0.1.Beta3Update1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jbossxb/2.0.0.CR4/jbossxb-2.0.0.CR4.jar"/>
- <classpathentry kind="var" path="M2_REPO/sleepycat/je/3.2.43/je-3.2.43.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jnpserver/5.0.0.Beta3/jnpserver-5.0.0.Beta3.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/transaction/jta/1.0.1B/jta-1.0.1B.jar"/>
- <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
- <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/sun-opends/opends-core/1.0.0-BUILD04/opends-core-1.0.0-BUILD04.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.5/servlet-api-2.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/sun-xacml/sun-xacml/2.0/sun-xacml-2.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/sun-xacml/sunxacml-support/2.0/sunxacml-support-2.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-slide/webdavlib/2.0/webdavlib-2.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-xerces/xercesImpl/2.7.1/xercesImpl-2.7.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-xerces/xml-apis/2.7.1/xml-apis-2.7.1.jar"/>
-</classpath>
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/.classpath (from rev 72655, projects/security/security-jboss-sx/trunk/jbosssx/.classpath)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/.classpath (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/.classpath 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry excluding="**/*.java|src/tests/resources/" including="JBossORG-EULA.txt" kind="src" path=""/>
+ <classpathentry kind="src" path="src/tests/resources"/>
+ <classpathentry kind="src" path="src/main"/>
+ <classpathentry excluding="**/*.java" including="**/*.dtd|**/*.xsd" kind="src" path="src/resources"/>
+ <classpathentry excluding="resources/" kind="src" output="target/test-classes" path="src/tests"/>
+ <classpathentry kind="src" path="target/generated-sources/javacc"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/ant/ant/1.6.5/ant-1.6.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/ant/ant-junit/1.6.5/ant-junit-1.6.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar"/>
+ <classpathentry kind="var" path="M2_REPO/asm/asm/1.5.3/asm-1.5.3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/asm/asm-attrs/1.5.3/asm-attrs-1.5.3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/cglib/cglib/2.1_3/cglib-2.1_3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/2.1.1/commons-collections-2.1.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-httpclient/commons-httpclient/2.0.2/commons-httpclient-2.0.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/oswego-concurrent/concurrent/1.3.4/concurrent-1.3.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/wutka-dtdparser/dtdparser121/1.2.1/dtdparser121-1.2.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.3/ehcache-1.2.3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate/3.2.4.sp1/hibernate-3.2.4.sp1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-annotations/3.3.0.ga/hibernate-annotations-3.3.0.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-commons-annotations/3.0.0.ga/hibernate-commons-annotations-3.0.0.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-entitymanager/3.3.1.ga/hibernate-entitymanager-3.3.1.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-validator/3.0.0.ga/hibernate-validator-3.0.0.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/javassist/3.3.GA/javassist-3.3.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-core/2.0.4.GA/jboss-common-core-2.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.1.GA/jboss-common-core-2.2.1.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-log4j/2.0.4.GA/jboss-common-logging-log4j-2.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jacc-api/1.1.0.Beta3Update1/jboss-jacc-api-1.1.0.Beta3Update1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jaspi-api/1.0.0.Beta3Update1/jboss-jaspi-api-1.0.0.Beta3Update1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-javaee/5.0.0.Beta3/jboss-javaee-5.0.0.Beta3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-jmx/4.2.1.GA/jboss-jmx-4.2.1.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-log4j/2.0.2.GA/jboss-logging-log4j-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.2.GA/jboss-logging-spi-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/profiler/jvmti/jboss-profiler-jvmti/1.0.0.CR5/jboss-profiler-jvmti-1.0.0.CR5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-acl-impl/2.0.2-SNAPSHOT/jboss-security-acl-impl-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-acl-impl/2.0.2-SNAPSHOT/jboss-security-acl-impl-2.0.2-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.Beta7/jboss-security-spi-2.0.2.Beta7.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-spi-bare/2.0.2-SNAPSHOT/jboss-security-spi-bare-2.0.2-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-servlet-api/2.5.0.Beta3Update1/jboss-servlet-api-2.5.0.Beta3Update1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-test/1.0.4.GA/jboss-test-1.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-transaction-api/1.0.1.Beta3Update1/jboss-transaction-api-1.0.1.Beta3Update1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jbossxb/2.0.0.CR4/jbossxb-2.0.0.CR4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/sleepycat/je/3.2.43/je-3.2.43.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jnpserver/5.0.0.Beta3/jnpserver-5.0.0.Beta3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/transaction/jta/1.0.1B/jta-1.0.1B.jar"/>
+ <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/sun-opends/opends-core/1.0.0-BUILD04/opends-core-1.0.0-BUILD04.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.5/servlet-api-2.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-xacml/2.0.2.GA/jboss-xacml-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-sunxacml/2.0.2.GA/jboss-sunxacml-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-slide/webdavlib/2.0/webdavlib-2.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-xerces/xercesImpl/2.7.1/xercesImpl-2.7.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-xerces/xml-apis/2.7.1/xml-apis-2.7.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/sun-jaxb/jaxb-api/2.1.4/jaxb-api-2.1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/sun-jaxb/jaxb-impl/2.1.4/jaxb-impl-2.1.4.jar"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/pom.xml 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/pom.xml 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,223 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.security</groupId>
- <artifactId>jbosssx-parent</artifactId>
- <version>2.0.2-SNAPSHOT</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>jbosssx-bare</artifactId>
- <packaging>jar</packaging>
- <name>JBoss Security Implementation for the JBAS</name>
- <url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <profiles>
- <!-- mvn install -Psecurity-manager -->
- <profile>
- <id>security-manager</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <properties>
- <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
- <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
- <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} ${test.env}</surefire.jvm.args>
- </properties>
- </profile>
- <!-- mvn install -Psecurity-manager-debug -->
- <!-- Best Practice: mvn install -Psecurity-manager-debug 2>&1 > logfile2>&1 > logfile -->
- <profile>
- <id>security-manager-debug</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <properties>
- <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
- <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
- <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} -Djava.security.debug=failure,access ${test.env}</surefire.jvm.args>
- </properties>
- </profile>
- </profiles>
- <build>
- <sourceDirectory>src/main</sourceDirectory>
- <testSourceDirectory>src/tests</testSourceDirectory>
- <testOutputDirectory>target/test-classes</testOutputDirectory>
- <finalName>${artifactId}</finalName>
- <outputDirectory>target/classes</outputDirectory>
- <resources>
- <resource>
- <directory>src/main</directory>
- <includes>
- <include>**/*.xml</include>
- </includes>
- </resource>
- <resource>
- <directory>${basedir}</directory>
- <includes>
- <include>JBossORG-EULA.txt</include>
- </includes>
- </resource>
- <resource>
- <directory>src/resources</directory>
- <includes>
- <include>**/*.dtd</include>
- <include>**/*.xsd</include>
- </includes>
- </resource>
- <resource>
- <directory>target/generated-sources/javacc</directory>
- <includes>
- <include>**/*.class</include>
- </includes>
- </resource>
- </resources>
- <testResources>
- <testResource>
- <directory>src/tests/resources/</directory>
- </testResource>
- <testResource>
- <directory>src/main</directory>
- </testResource>
- </testResources>
- <plugins>
- <!-- generate java files from grammar -->
- <plugin>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>javacc-maven-plugin</artifactId>
- <version>2.3-jboss-1</version>
- <configuration>
- <packageName>org/jboss/security/auth/login</packageName>
- <sourceDirectory>src/main</sourceDirectory>
- <isStatic>false</isStatic>
- </configuration>
- <executions>
- <execution>
- <goals>
- <goal>javacc</goal>
- </goals>
- <id>javacc</id>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
- <dependencies>
- <dependency>
- <groupId>org.jboss.javaee</groupId>
- <artifactId>jboss-jacc-api</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.javaee</groupId>
- <artifactId>jboss-transaction-api</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.javaee</groupId>
- <artifactId>jboss-jaspi-api</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss</groupId>
- <artifactId>jbossxb</artifactId>
- <version>2.0.0.CR4</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-security-acl-impl</artifactId>
- <version>${project.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>identity-impl</artifactId>
- <version>${project.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>javassist</groupId>
- <artifactId>javassist</artifactId>
- <version>3.4.GA</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.javaee</groupId>
- <artifactId>jboss-javaee</artifactId>
- <version>5.0.0.Beta3</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-jmx</artifactId>
- <version>4.2.1.GA</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>sun-xacml</groupId>
- <artifactId>sun-xacml</artifactId>
- <version>2.0</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>sun-xacml</groupId>
- <artifactId>sunxacml-support</artifactId>
- <version>2.0</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
- <version>2.5</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>javax.mail</groupId>
- <artifactId>mail</artifactId>
- <version>1.4</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>apache-xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- <version>2.7.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss</groupId>
- <artifactId>jnpserver</artifactId>
- <version>5.0.0.Beta3</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-test</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-security-spi-bare</artifactId>
- </dependency>
- <dependency>
- <groupId>sun-opends</groupId>
- <artifactId>opends-core</artifactId>
- <version>1.0.0-BUILD04</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>sleepycat</groupId>
- <artifactId>je</artifactId>
- <version>3.2.43</version>
- <scope>test</scope>
- </dependency>
- </dependencies>
-</project>
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/pom.xml (from rev 72656, projects/security/security-jboss-sx/trunk/jbosssx/pom.xml)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/pom.xml (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/pom.xml 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,223 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx-parent</artifactId>
+ <version>2.0.2.Beta7</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jbosssx-bare</artifactId>
+ <packaging>jar</packaging>
+ <name>JBoss Security Implementation for the JBAS</name>
+ <url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <profiles>
+ <!-- mvn install -Psecurity-manager -->
+ <profile>
+ <id>security-manager</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <properties>
+ <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
+ <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
+ <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} ${test.env}</surefire.jvm.args>
+ </properties>
+ </profile>
+ <!-- mvn install -Psecurity-manager-debug -->
+ <!-- Best Practice: mvn install -Psecurity-manager-debug 2>&1 > logfile2>&1 > logfile -->
+ <profile>
+ <id>security-manager-debug</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <properties>
+ <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
+ <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
+ <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} -Djava.security.debug=failure,access ${test.env}</surefire.jvm.args>
+ </properties>
+ </profile>
+ </profiles>
+ <build>
+ <sourceDirectory>src/main</sourceDirectory>
+ <testSourceDirectory>src/tests</testSourceDirectory>
+ <testOutputDirectory>target/test-classes</testOutputDirectory>
+ <finalName>${artifactId}</finalName>
+ <outputDirectory>target/classes</outputDirectory>
+ <resources>
+ <resource>
+ <directory>src/main</directory>
+ <includes>
+ <include>**/*.xml</include>
+ </includes>
+ </resource>
+ <resource>
+ <directory>${basedir}</directory>
+ <includes>
+ <include>JBossORG-EULA.txt</include>
+ </includes>
+ </resource>
+ <resource>
+ <directory>src/resources</directory>
+ <includes>
+ <include>**/*.dtd</include>
+ <include>**/*.xsd</include>
+ </includes>
+ </resource>
+ <resource>
+ <directory>target/generated-sources/javacc</directory>
+ <includes>
+ <include>**/*.class</include>
+ </includes>
+ </resource>
+ </resources>
+ <testResources>
+ <testResource>
+ <directory>src/tests/resources/</directory>
+ </testResource>
+ <testResource>
+ <directory>src/main</directory>
+ </testResource>
+ </testResources>
+ <plugins>
+ <!-- generate java files from grammar -->
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>javacc-maven-plugin</artifactId>
+ <version>2.3-jboss-1</version>
+ <configuration>
+ <packageName>org/jboss/security/auth/login</packageName>
+ <sourceDirectory>src/main</sourceDirectory>
+ <isStatic>false</isStatic>
+ </configuration>
+ <executions>
+ <execution>
+ <goals>
+ <goal>javacc</goal>
+ </goals>
+ <id>javacc</id>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.javaee</groupId>
+ <artifactId>jboss-jacc-api</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.javaee</groupId>
+ <artifactId>jboss-transaction-api</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.javaee</groupId>
+ <artifactId>jboss-jaspi-api</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jbossxb</artifactId>
+ <version>2.0.0.CR4</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-security-acl-impl</artifactId>
+ <version>${project.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>identity-impl</artifactId>
+ <version>${project.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>javassist</groupId>
+ <artifactId>javassist</artifactId>
+ <version>3.4.GA</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.javaee</groupId>
+ <artifactId>jboss-javaee</artifactId>
+ <version>5.0.0.Beta3</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-jmx</artifactId>
+ <version>4.2.1.GA</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-xacml</artifactId>
+ <version>2.0.2.GA</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-sunxacml</artifactId>
+ <version>2.0.2.GA</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>2.5</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>javax.mail</groupId>
+ <artifactId>mail</artifactId>
+ <version>1.4</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>apache-xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.7.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jnpserver</artifactId>
+ <version>5.0.0.Beta3</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-security-spi-bare</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>sun-opends</groupId>
+ <artifactId>opends-core</artifactId>
+ <version>1.0.0-BUILD04</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>sleepycat</groupId>
+ <artifactId>je</artifactId>
+ <version>3.2.43</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/AbstractPasswordCredentialLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/resource/security/AbstractPasswordCredentialLoginModule.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/AbstractPasswordCredentialLoginModule.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,156 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2006, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.resource.security;
-
-import java.util.Map;
-import javax.management.MBeanServer;
-import javax.management.MalformedObjectNameException;
-import javax.management.ObjectName;
-import javax.resource.spi.ManagedConnectionFactory;
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
-
-import org.jboss.logging.Logger;
-import org.jboss.mx.util.MBeanServerLocator;
-import org.jboss.security.auth.spi.AbstractServerLoginModule;
-
-
-/** A base login module that provides access to the ManagedConnectionFactory
- * needed by the PasswordCredential.
- *
- * @see javax.resource.spi.security.PasswordCredential
- *
- * @author <a href="mailto:d_jencks at users.sourceforge.net">David Jencks</a>
- * @author Scott.Stark at jboss.org
- * @version $Revision: 71545 $
- */
-public abstract class AbstractPasswordCredentialLoginModule
- extends AbstractServerLoginModule
-{
- private static final Logger log = Logger.getLogger(AbstractPasswordCredentialLoginModule.class);
- private MBeanServer server;
- private ObjectName managedConnectionFactoryName;
- private ManagedConnectionFactory mcf;
- /** A flag that allows a missing MCF service to be ignored */
- private Boolean ignoreMissigingMCF;
-
- public AbstractPasswordCredentialLoginModule()
- {
-
- }
-
- public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
- {
- super.initialize(subject, handler, sharedState, options);
- String name = (String) options.get("managedConnectionFactoryName");
- try
- {
- managedConnectionFactoryName = new ObjectName(name);
- }
- catch (MalformedObjectNameException mone)
- {
- throw new IllegalArgumentException("Malformed ObjectName: " + name);
- }
-
- if (managedConnectionFactoryName == null)
- {
- throw new IllegalArgumentException("Must supply a managedConnectionFactoryName!");
- }
- Object flag = options.get("ignoreMissigingMCF");
- if( flag instanceof Boolean )
- ignoreMissigingMCF = (Boolean) flag;
- else if( flag != null )
- ignoreMissigingMCF = Boolean.valueOf(flag.toString());
- server = MBeanServerLocator.locateJBoss();
- getMcf();
- }
-
- /** Return false if there is no mcf, else return super.login(). Override
- * to provide custom authentication.
- *
- * @return false if there is no mcf, else return super.login().
- * @exception LoginException if an error occurs
- */
- public boolean login() throws LoginException
- {
- if (mcf == null)
- {
- return false;
- }
- return super.login();
- }
-
- public boolean logout() throws LoginException
- {
- removeCredentials();
- return super.logout();
- }
-
- protected ManagedConnectionFactory getMcf()
- {
- if (mcf == null)
- {
- try
- {
- mcf = (ManagedConnectionFactory) server.getAttribute(
- managedConnectionFactoryName,
- "ManagedConnectionFactory");
- }
- catch (Exception e)
- {
- log.error("The ConnectionManager mbean: " + managedConnectionFactoryName
- + " specified in a ConfiguredIdentityLoginModule could not be found."
- + " ConnectionFactory will be unusable!");
- if( Boolean.TRUE != ignoreMissigingMCF )
- {
- throw new IllegalArgumentException("Managed Connection Factory not found: "
- + managedConnectionFactoryName);
- }
- } // end of try-catch
- if (log.isTraceEnabled())
- {
- log.trace("mcfname: " + managedConnectionFactoryName);
- }
- } // end of if ()
-
- return mcf;
- }
-
- protected MBeanServer getServer()
- {
- return server;
- }
-
- /** This removes the javax.security.auth.login.name and
- * javax.security.auth.login.password settings from the sharteState map
- * along with any PasswordCredential found in the PrivateCredentials set
- */
- protected void removeCredentials()
- {
- sharedState.remove("javax.security.auth.login.name");
- sharedState.remove("javax.security.auth.login.password");
- SubjectActions.removeCredentials(subject, mcf);
- }
-
-}
-
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/AbstractPasswordCredentialLoginModule.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/resource/security/AbstractPasswordCredentialLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/AbstractPasswordCredentialLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/AbstractPasswordCredentialLoginModule.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,157 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.resource.security;
+
+import java.util.Map;
+
+import javax.management.MBeanServer;
+import javax.management.MalformedObjectNameException;
+import javax.management.ObjectName;
+import javax.resource.spi.ManagedConnectionFactory;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.logging.Logger;
+import org.jboss.mx.util.MBeanServerLocator;
+import org.jboss.security.auth.spi.AbstractServerLoginModule;
+
+
+/** A base login module that provides access to the ManagedConnectionFactory
+ * needed by the PasswordCredential.
+ *
+ * @see javax.resource.spi.security.PasswordCredential
+ *
+ * @author <a href="mailto:d_jencks at users.sourceforge.net">David Jencks</a>
+ * @author Scott.Stark at jboss.org
+ * @version $Revision: 71545 $
+ */
+public abstract class AbstractPasswordCredentialLoginModule
+ extends AbstractServerLoginModule
+{
+ private static final Logger log = Logger.getLogger(AbstractPasswordCredentialLoginModule.class);
+ private MBeanServer server;
+ private ObjectName managedConnectionFactoryName;
+ private ManagedConnectionFactory mcf;
+ /** A flag that allows a missing MCF service to be ignored */
+ private Boolean ignoreMissigingMCF;
+
+ public AbstractPasswordCredentialLoginModule()
+ {
+
+ }
+
+ public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
+ {
+ super.initialize(subject, handler, sharedState, options);
+ String name = (String) options.get("managedConnectionFactoryName");
+ try
+ {
+ managedConnectionFactoryName = new ObjectName(name);
+ }
+ catch (MalformedObjectNameException mone)
+ {
+ throw new IllegalArgumentException("Malformed ObjectName: " + name);
+ }
+
+ if (managedConnectionFactoryName == null)
+ {
+ throw new IllegalArgumentException("Must supply a managedConnectionFactoryName!");
+ }
+ Object flag = options.get("ignoreMissigingMCF");
+ if( flag instanceof Boolean )
+ ignoreMissigingMCF = (Boolean) flag;
+ else if( flag != null )
+ ignoreMissigingMCF = Boolean.valueOf(flag.toString());
+ server = MBeanServerLocator.locateJBoss();
+ getMcf();
+ }
+
+ /** Return false if there is no mcf, else return super.login(). Override
+ * to provide custom authentication.
+ *
+ * @return false if there is no mcf, else return super.login().
+ * @exception LoginException if an error occurs
+ */
+ public boolean login() throws LoginException
+ {
+ if (mcf == null)
+ {
+ return false;
+ }
+ return super.login();
+ }
+
+ public boolean logout() throws LoginException
+ {
+ removeCredentials();
+ return super.logout();
+ }
+
+ protected ManagedConnectionFactory getMcf()
+ {
+ if (mcf == null)
+ {
+ try
+ {
+ mcf = (ManagedConnectionFactory) server.getAttribute(
+ managedConnectionFactoryName,
+ "ManagedConnectionFactory");
+ }
+ catch (Exception e)
+ {
+ log.error("The ConnectionManager mbean: " + managedConnectionFactoryName
+ + " specified in a ConfiguredIdentityLoginModule could not be found."
+ + " ConnectionFactory will be unusable!");
+ if( Boolean.TRUE != ignoreMissigingMCF )
+ {
+ throw new IllegalArgumentException("Managed Connection Factory not found: "
+ + managedConnectionFactoryName);
+ }
+ } // end of try-catch
+ if (log.isTraceEnabled())
+ {
+ log.trace("mcfname: " + managedConnectionFactoryName);
+ }
+ } // end of if ()
+
+ return mcf;
+ }
+
+ protected MBeanServer getServer()
+ {
+ return server;
+ }
+
+ /** This removes the javax.security.auth.login.name and
+ * javax.security.auth.login.password settings from the sharteState map
+ * along with any PasswordCredential found in the PrivateCredentials set
+ */
+ protected void removeCredentials()
+ {
+ sharedState.remove("javax.security.auth.login.name");
+ sharedState.remove("javax.security.auth.login.password");
+ SubjectActions.removeCredentials(subject, mcf);
+ }
+
+}
+
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/CallerIdentityLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/resource/security/CallerIdentityLoginModule.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/CallerIdentityLoginModule.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,213 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2006, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.resource.security;
-
-import java.security.acl.Group;
-import java.security.Principal;
-import java.util.Map;
-import java.util.Set;
-import javax.resource.spi.security.PasswordCredential;
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
-
-import org.jboss.security.SimplePrincipal;
-import org.jboss.security.RunAsIdentity;
-import org.jboss.logging.Logger;
-
-/**
- * A simple login module that simply associates the principal making the
- * connection request with the actual EIS connection requirements.
- *
- * The type of Principal class used is
- * <code>org.jboss.security.SimplePrincipal.</code>
- * <p>
- *
- * @see org.jboss.resource.security.ConfiguredIdentityLoginModule
- *
- * @author Scott.Stark at jboss.org
- * @author <a href="mailto:d_jencks at users.sourceforge.net">David Jencks</a>
- * @author <a href="mailto:dan.bunker at pbs.proquest.com">Dan Bunker</a>
- * @version $Revision: 71545 $
- */
-public class CallerIdentityLoginModule
- extends AbstractPasswordCredentialLoginModule
-{
- /**
- * Class logger
- */
- private static final Logger log = Logger.getLogger(CallerIdentityLoginModule.class);
-
- /**
- * The default username/principal to use for basic connections
- */
- private String userName;
-
- /**
- * The default password to use for basic connections
- */
- private char[] password;
- /** A flag indicating if the run-as principal roles should be added to the subject */
- private boolean addRunAsRoles;
- private Set runAsRoles;
-
- /**
- * Default Constructor
- */
- public CallerIdentityLoginModule()
- {
- }
-
- /**
- * The initialize method sets up some default connection information for
- * basic connections. This is useful for container initialization connection
- * use or running the application in a non-secure manner. This method is
- * called before the login method.
- *
- * @param subject
- * @param handler
- * @param sharedState
- * @param options
- */
- public void initialize(Subject subject, CallbackHandler handler,
- Map sharedState, Map options)
- {
- super.initialize(subject, handler, sharedState, options);
-
- userName = (String) options.get("userName");
- if (userName == null)
- {
- log.debug("No default username supplied.");
- }
-
- String pass = (String) options.get("password");
- if (pass == null)
- {
- log.debug("No default password supplied.");
- }
- else
- {
- password = pass.toCharArray();
- }
-
- // Check the addRunAsRoles
- String flag = (String) options.get("addRunAsRoles");
- addRunAsRoles = Boolean.valueOf(flag).booleanValue();
-
- log.debug("got default principal: " + userName + ", username: "
- + userName + ", password: " + (password == null ? "null" : "****")
- + " addRunAsRoles: "+addRunAsRoles);
-
- }
-
- /**
- * Performs the login association between the caller and the resource for a
- * 1 to 1 mapping. This acts as a login propagation strategy and is useful
- * for single-sign on requirements
- *
- * @return True if authentication succeeds
- * @throws LoginException
- */
- public boolean login() throws LoginException
- {
- log.trace("Caller Association login called");
-
- //setup to use the default connection info. This will be overiden if security
- //associations are found
- String username = userName;
-
- //ask the security association class for the principal info making this request
- try
- {
- Principal user = GetPrincipalInfoAction.getPrincipal();
- char[] userPassword = GetPrincipalInfoAction.getCredential();
-
- if( userPassword != null )
- {
- password = userPassword;
- }
-
- if (user != null)
- {
- username = user.getName();
- if (log.isTraceEnabled())
- {
- log.trace("Current Calling principal is: " + username
- + " ThreadName: " + Thread.currentThread().getName());
- }
- // Check for a RunAsIdentity
- RunAsIdentity runAs = GetPrincipalInfoAction.peekRunAsIdentity();
- if( runAs != null )
- {
- runAsRoles = runAs.getRunAsRoles();
- }
- }
- }
- catch (Throwable e)
- {
- throw new LoginException("Unable to get the calling principal or its credentials for resource association");
- }
-
- // Update userName so that getIdentity is consistent
- userName = username;
- if (super.login() == true)
- {
- return true;
- }
-
- // Put the principal name into the sharedState map
- sharedState.put("javax.security.auth.login.name", username);
- super.loginOk = true;
-
- return true;
- }
-
- public boolean commit() throws LoginException
- {
- // Put the principal name into the sharedState map
- sharedState.put("javax.security.auth.login.name", userName);
- // Add any run-as roles if addRunAsRoles is true
- if( addRunAsRoles && runAsRoles != null )
- {
- SubjectActions.addRoles(subject, runAsRoles);
- }
-
- // Add the PasswordCredential
- PasswordCredential cred = new PasswordCredential(userName, password);
- cred.setManagedConnectionFactory(getMcf());
- SubjectActions.addCredentials(subject, cred);
- return super.commit();
- }
-
- protected Principal getIdentity()
- {
- log.trace("getIdentity called");
- Principal principal = new SimplePrincipal(userName);
- return principal;
- }
-
- protected Group[] getRoleSets() throws LoginException
- {
- log.trace("getRoleSets called");
- return new Group[]{};
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/CallerIdentityLoginModule.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/resource/security/CallerIdentityLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/CallerIdentityLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/CallerIdentityLoginModule.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,214 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.resource.security;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Map;
+import java.util.Set;
+
+import javax.resource.spi.security.PasswordCredential;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SimplePrincipal;
+
+/**
+ * A simple login module that simply associates the principal making the
+ * connection request with the actual EIS connection requirements.
+ *
+ * The type of Principal class used is
+ * <code>org.jboss.security.SimplePrincipal.</code>
+ * <p>
+ *
+ * @see org.jboss.resource.security.ConfiguredIdentityLoginModule
+ *
+ * @author Scott.Stark at jboss.org
+ * @author <a href="mailto:d_jencks at users.sourceforge.net">David Jencks</a>
+ * @author <a href="mailto:dan.bunker at pbs.proquest.com">Dan Bunker</a>
+ * @version $Revision: 71545 $
+ */
+public class CallerIdentityLoginModule
+ extends AbstractPasswordCredentialLoginModule
+{
+ /**
+ * Class logger
+ */
+ private static final Logger log = Logger.getLogger(CallerIdentityLoginModule.class);
+
+ /**
+ * The default username/principal to use for basic connections
+ */
+ private String userName;
+
+ /**
+ * The default password to use for basic connections
+ */
+ private char[] password;
+ /** A flag indicating if the run-as principal roles should be added to the subject */
+ private boolean addRunAsRoles;
+ private Set runAsRoles;
+
+ /**
+ * Default Constructor
+ */
+ public CallerIdentityLoginModule()
+ {
+ }
+
+ /**
+ * The initialize method sets up some default connection information for
+ * basic connections. This is useful for container initialization connection
+ * use or running the application in a non-secure manner. This method is
+ * called before the login method.
+ *
+ * @param subject
+ * @param handler
+ * @param sharedState
+ * @param options
+ */
+ public void initialize(Subject subject, CallbackHandler handler,
+ Map sharedState, Map options)
+ {
+ super.initialize(subject, handler, sharedState, options);
+
+ userName = (String) options.get("userName");
+ if (userName == null)
+ {
+ log.debug("No default username supplied.");
+ }
+
+ String pass = (String) options.get("password");
+ if (pass == null)
+ {
+ log.debug("No default password supplied.");
+ }
+ else
+ {
+ password = pass.toCharArray();
+ }
+
+ // Check the addRunAsRoles
+ String flag = (String) options.get("addRunAsRoles");
+ addRunAsRoles = Boolean.valueOf(flag).booleanValue();
+
+ log.debug("got default principal: " + userName + ", username: "
+ + userName + ", password: " + (password == null ? "null" : "****")
+ + " addRunAsRoles: "+addRunAsRoles);
+
+ }
+
+ /**
+ * Performs the login association between the caller and the resource for a
+ * 1 to 1 mapping. This acts as a login propagation strategy and is useful
+ * for single-sign on requirements
+ *
+ * @return True if authentication succeeds
+ * @throws LoginException
+ */
+ public boolean login() throws LoginException
+ {
+ log.trace("Caller Association login called");
+
+ //setup to use the default connection info. This will be overiden if security
+ //associations are found
+ String username = userName;
+
+ //ask the security association class for the principal info making this request
+ try
+ {
+ Principal user = GetPrincipalInfoAction.getPrincipal();
+ char[] userPassword = GetPrincipalInfoAction.getCredential();
+
+ if( userPassword != null )
+ {
+ password = userPassword;
+ }
+
+ if (user != null)
+ {
+ username = user.getName();
+ if (log.isTraceEnabled())
+ {
+ log.trace("Current Calling principal is: " + username
+ + " ThreadName: " + Thread.currentThread().getName());
+ }
+ // Check for a RunAsIdentity
+ RunAsIdentity runAs = GetPrincipalInfoAction.peekRunAsIdentity();
+ if( runAs != null )
+ {
+ runAsRoles = runAs.getRunAsRoles();
+ }
+ }
+ }
+ catch (Throwable e)
+ {
+ throw new LoginException("Unable to get the calling principal or its credentials for resource association");
+ }
+
+ // Update userName so that getIdentity is consistent
+ userName = username;
+ if (super.login() == true)
+ {
+ return true;
+ }
+
+ // Put the principal name into the sharedState map
+ sharedState.put("javax.security.auth.login.name", username);
+ super.loginOk = true;
+
+ return true;
+ }
+
+ public boolean commit() throws LoginException
+ {
+ // Put the principal name into the sharedState map
+ sharedState.put("javax.security.auth.login.name", userName);
+ // Add any run-as roles if addRunAsRoles is true
+ if( addRunAsRoles && runAsRoles != null )
+ {
+ SubjectActions.addRoles(subject, runAsRoles);
+ }
+
+ // Add the PasswordCredential
+ PasswordCredential cred = new PasswordCredential(userName, password);
+ cred.setManagedConnectionFactory(getMcf());
+ SubjectActions.addCredentials(subject, cred);
+ return super.commit();
+ }
+
+ protected Principal getIdentity()
+ {
+ log.trace("getIdentity called");
+ Principal principal = new SimplePrincipal(userName);
+ return principal;
+ }
+
+ protected Group[] getRoleSets() throws LoginException
+ {
+ log.trace("getRoleSets called");
+ return new Group[]{};
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/GetPrincipalInfoAction.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/resource/security/GetPrincipalInfoAction.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/GetPrincipalInfoAction.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,175 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2006, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.resource.security;
-
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.Principal;
-import java.io.UnsupportedEncodingException;
-
-import org.jboss.security.SecurityAssociation;
-import org.jboss.security.RunAsIdentity;
-
-/** PrivilegedActions used by this package
- *
- * @author Scott.Stark at jboss.org
- * @version $Revision: 71545 $
- */
-class GetPrincipalInfoAction
-{
- /* Obtain the password credential by trying char[], byte[],
- and toString()
- */
- private static char[] getPassword()
- {
- Object credential = SecurityAssociation.getCredential();
- char[] password = null;
- if( credential instanceof char[] )
- {
- password = (char[]) credential;
- }
- else if( credential instanceof byte[] )
- {
- try
- {
- String tmp = new String((byte[]) credential, "UTF-8");
- password = tmp.toCharArray();
- }
- catch (UnsupportedEncodingException e)
- {
- throw new SecurityException(e.getMessage());
- }
- }
- else if( credential != null )
- {
- String tmp = credential.toString();
- password = tmp.toCharArray();
- }
- return password;
- }
-
- interface PrincipalActions
- {
- PrincipalActions PRIVILEGED = new PrincipalActions()
- {
- private final PrivilegedAction peekAction = new PrivilegedAction()
- {
- public Object run()
- {
- return SecurityAssociation.peekRunAsIdentity();
- }
- };
-
- private final PrivilegedAction getPrincipalAction = new PrivilegedAction()
- {
- public Object run()
- {
- return SecurityAssociation.getPrincipal();
- }
- };
-
- private final PrivilegedAction getCredentialAction = new PrivilegedAction()
- {
- public Object run()
- {
- return getPassword();
- }
- };
-
- public RunAsIdentity peek()
- {
- return (RunAsIdentity)AccessController.doPrivileged(peekAction);
- }
-
- public Principal getPrincipal()
- {
- return (Principal)AccessController.doPrivileged(getPrincipalAction);
- }
-
- public char[] getCredential()
- {
- return (char[]) AccessController.doPrivileged(getCredentialAction);
- }
- };
-
- PrincipalActions NON_PRIVILEGED = new PrincipalActions()
- {
- public RunAsIdentity peek()
- {
- return SecurityAssociation.peekRunAsIdentity();
- }
-
- public Principal getPrincipal()
- {
- return SecurityAssociation.getPrincipal();
- }
-
- public char[] getCredential()
- {
- return getPassword();
- }
- };
-
- Principal getPrincipal();
- char[] getCredential();
- RunAsIdentity peek();
- }
-
- static Principal getPrincipal()
- {
- Principal principal;
- if(System.getSecurityManager() == null)
- {
- principal = PrincipalActions.NON_PRIVILEGED.getPrincipal();
- }
- else
- {
- principal = PrincipalActions.PRIVILEGED.getPrincipal();
- }
- return principal;
- }
- static char[] getCredential()
- {
- char[] credential;
- if(System.getSecurityManager() == null)
- {
- credential = PrincipalActions.NON_PRIVILEGED.getCredential();
- }
- else
- {
- credential = PrincipalActions.PRIVILEGED.getCredential();
- }
- return credential;
- }
- static RunAsIdentity peekRunAsIdentity()
- {
- if(System.getSecurityManager() == null)
- {
- return PrincipalActions.NON_PRIVILEGED.peek();
- }
- else
- {
- return PrincipalActions.PRIVILEGED.peek();
- }
- }
-
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/GetPrincipalInfoAction.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/resource/security/GetPrincipalInfoAction.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/GetPrincipalInfoAction.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/GetPrincipalInfoAction.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,175 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.resource.security;
+
+import java.io.UnsupportedEncodingException;
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+
+import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SecurityAssociation;
+
+/** PrivilegedActions used by this package
+ *
+ * @author Scott.Stark at jboss.org
+ * @version $Revision: 71545 $
+ */
+class GetPrincipalInfoAction
+{
+ /* Obtain the password credential by trying char[], byte[],
+ and toString()
+ */
+ private static char[] getPassword()
+ {
+ Object credential = SecurityAssociation.getCredential();
+ char[] password = null;
+ if( credential instanceof char[] )
+ {
+ password = (char[]) credential;
+ }
+ else if( credential instanceof byte[] )
+ {
+ try
+ {
+ String tmp = new String((byte[]) credential, "UTF-8");
+ password = tmp.toCharArray();
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new SecurityException(e.getMessage());
+ }
+ }
+ else if( credential != null )
+ {
+ String tmp = credential.toString();
+ password = tmp.toCharArray();
+ }
+ return password;
+ }
+
+ interface PrincipalActions
+ {
+ PrincipalActions PRIVILEGED = new PrincipalActions()
+ {
+ private final PrivilegedAction peekAction = new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return SecurityAssociation.peekRunAsIdentity();
+ }
+ };
+
+ private final PrivilegedAction getPrincipalAction = new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return SecurityAssociation.getPrincipal();
+ }
+ };
+
+ private final PrivilegedAction getCredentialAction = new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return getPassword();
+ }
+ };
+
+ public RunAsIdentity peek()
+ {
+ return (RunAsIdentity)AccessController.doPrivileged(peekAction);
+ }
+
+ public Principal getPrincipal()
+ {
+ return (Principal)AccessController.doPrivileged(getPrincipalAction);
+ }
+
+ public char[] getCredential()
+ {
+ return (char[]) AccessController.doPrivileged(getCredentialAction);
+ }
+ };
+
+ PrincipalActions NON_PRIVILEGED = new PrincipalActions()
+ {
+ public RunAsIdentity peek()
+ {
+ return SecurityAssociation.peekRunAsIdentity();
+ }
+
+ public Principal getPrincipal()
+ {
+ return SecurityAssociation.getPrincipal();
+ }
+
+ public char[] getCredential()
+ {
+ return getPassword();
+ }
+ };
+
+ Principal getPrincipal();
+ char[] getCredential();
+ RunAsIdentity peek();
+ }
+
+ static Principal getPrincipal()
+ {
+ Principal principal;
+ if(System.getSecurityManager() == null)
+ {
+ principal = PrincipalActions.NON_PRIVILEGED.getPrincipal();
+ }
+ else
+ {
+ principal = PrincipalActions.PRIVILEGED.getPrincipal();
+ }
+ return principal;
+ }
+ static char[] getCredential()
+ {
+ char[] credential;
+ if(System.getSecurityManager() == null)
+ {
+ credential = PrincipalActions.NON_PRIVILEGED.getCredential();
+ }
+ else
+ {
+ credential = PrincipalActions.PRIVILEGED.getCredential();
+ }
+ return credential;
+ }
+ static RunAsIdentity peekRunAsIdentity()
+ {
+ if(System.getSecurityManager() == null)
+ {
+ return PrincipalActions.NON_PRIVILEGED.peek();
+ }
+ else
+ {
+ return PrincipalActions.PRIVILEGED.peek();
+ }
+ }
+
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/JaasSecurityDomainIdentityLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/resource/security/JaasSecurityDomainIdentityLoginModule.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/JaasSecurityDomainIdentityLoginModule.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,224 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2006, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.resource.security;
-
-import java.security.acl.Group;
-import java.security.Principal;
-import java.security.PrivilegedExceptionAction;
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.util.Map;
-import javax.resource.spi.security.PasswordCredential;
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
-import javax.management.ObjectName;
-import javax.management.MBeanServer;
-
-import org.jboss.security.SimplePrincipal;
-import org.jboss.logging.Logger;
-
-/** A login module for statically defining a data source username and password
- that uses a password that has been ecrypted by a JaasSecurityDomain. The
- base64 format of the data source password may be generated using the PBEUtils
- command:
-
- java -cp jbosssx.jar org.jboss.security.plugins.PBEUtils salt count
- domain-password data-source-password
-
- salt : the Salt attribute from the JaasSecurityDomain
- count : the IterationCount attribute from the JaasSecurityDomain
- domain-password : the plaintext password that maps to the KeyStorePass
- attribute from the JaasSecurityDomain
- data-source-password : the plaintext password for the data source that
- should be encrypted with the JaasSecurityDomain password
-
- for example:
-
- java -cp jbosssx.jar org.jboss.security.plugins.PBEUtils abcdefgh 13 master ''
- Encoded password: E5gtGMKcXPP
-
- A sample login-config.xml configuration entry would be:
-
- <application-policy name = "EncryptedHsqlDbRealm">
- <authentication>
- <login-module code = "org.jboss.resource.security.JaasSecurityDomainIdentityLoginModule"
- flag = "required">
- <module-option name = "userName">sa</module-option>
- <module-option name = "password">E5gtGMKcXPP</module-option>
- <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
- <module-option name = "jaasSecurityDomain">jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword</module-option>
- </login-module>
- </authentication>
- </application-policy>
-
-
- @author Scott.Stark at jboss.org
- @author <a href="mailto:noel.rocher at jboss.org">Noel Rocher</a> 29, june 2004 username & userName issue
- @version $Revision: 71545 $
- */
-public class JaasSecurityDomainIdentityLoginModule
- extends AbstractPasswordCredentialLoginModule
-{
- private static final Logger log = Logger.getLogger(JaasSecurityDomainIdentityLoginModule.class);
-
- private String username;
- private String password;
- private ObjectName jaasSecurityDomain;
-
- public void initialize(Subject subject, CallbackHandler handler,
- Map sharedState, Map options)
- {
- super.initialize(subject, handler, sharedState, options);
- // NR : we keep this username for compatibility
- username = (String) options.get("username");
- if( username == null )
- {
- // NR : try with userName
- username = (String) options.get("userName");
- if( username == null )
- {
- throw new IllegalArgumentException("The user name is a required option");
- }
- }
-
- password = (String) options.get("password");
- if( password == null )
- {
- throw new IllegalArgumentException("The password is a required option");
- }
-
- String name = (String) options.get("jaasSecurityDomain");
- if( name == null )
- {
- throw new IllegalArgumentException("The jaasSecurityDomain is a required option");
- }
-
- try
- {
- jaasSecurityDomain = new ObjectName(name);
- }
- catch(Exception e)
- {
- throw new IllegalArgumentException("Invalid jaasSecurityDomain: " + e.getMessage());
- }
- }
-
- public boolean login() throws LoginException
- {
- log.trace("login called");
- if( super.login() == true )
- return true;
-
- super.loginOk = true;
- return true;
- }
-
- public boolean commit() throws LoginException
- {
- Principal principal = new SimplePrincipal(username);
- SubjectActions.addPrincipals(subject, principal);
- sharedState.put("javax.security.auth.login.name", username);
- // Decode the encrypted password
- try
- {
- char[] decodedPassword = DecodeAction.decode(password,
- jaasSecurityDomain, getServer());
- PasswordCredential cred = new PasswordCredential(username, decodedPassword);
- cred.setManagedConnectionFactory(getMcf());
- SubjectActions.addCredentials(subject, cred);
- }
- catch(Exception e)
- {
- log.debug("Failed to decode password", e);
- throw new LoginException("Failed to decode password: " + e.getMessage());
- }
- return true;
- }
-
- public boolean abort()
- {
- username = null;
- password = null;
- return true;
- }
-
- protected Principal getIdentity()
- {
- log.trace("getIdentity called, username=" + username);
- Principal principal = new SimplePrincipal(username);
- return principal;
- }
-
- protected Group[] getRoleSets() throws LoginException
- {
- Group[] empty = new Group[0];
- return empty;
- }
-
- private static class DecodeAction implements PrivilegedExceptionAction
- {
- String password;
- ObjectName jaasSecurityDomain;
- MBeanServer server;
-
- DecodeAction(String password, ObjectName jaasSecurityDomain,
- MBeanServer server)
- {
- this.password = password;
- this.jaasSecurityDomain = jaasSecurityDomain;
- this.server = server;
- }
-
- /**
- *
- * @return
- * @throws Exception
- */
- public Object run() throws Exception
- {
- // Invoke the jaasSecurityDomain.decodeb64 op
- Object[] args = {password};
- String[] sig = {String.class.getName()};
- byte[] secret = (byte[]) server.invoke(jaasSecurityDomain,
- "decode64", args, sig);
- // Convert to UTF-8 base char array
- String secretPassword = new String(secret, "UTF-8");
- return secretPassword.toCharArray();
- }
- static char[] decode(String password, ObjectName jaasSecurityDomain,
- MBeanServer server)
- throws Exception
- {
- DecodeAction action = new DecodeAction(password, jaasSecurityDomain, server);
- try
- {
- char[] decode = (char[]) AccessController.doPrivileged(action);
- return decode;
- }
- catch(PrivilegedActionException e)
- {
- throw e.getException();
- }
- }
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/JaasSecurityDomainIdentityLoginModule.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/resource/security/JaasSecurityDomainIdentityLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/JaasSecurityDomainIdentityLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/JaasSecurityDomainIdentityLoginModule.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,225 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.resource.security;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.security.acl.Group;
+import java.util.Map;
+
+import javax.management.MBeanServer;
+import javax.management.ObjectName;
+import javax.resource.spi.security.PasswordCredential;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SimplePrincipal;
+
+/** A login module for statically defining a data source username and password
+ that uses a password that has been ecrypted by a JaasSecurityDomain. The
+ base64 format of the data source password may be generated using the PBEUtils
+ command:
+
+ java -cp jbosssx.jar org.jboss.security.plugins.PBEUtils salt count
+ domain-password data-source-password
+
+ salt : the Salt attribute from the JaasSecurityDomain
+ count : the IterationCount attribute from the JaasSecurityDomain
+ domain-password : the plaintext password that maps to the KeyStorePass
+ attribute from the JaasSecurityDomain
+ data-source-password : the plaintext password for the data source that
+ should be encrypted with the JaasSecurityDomain password
+
+ for example:
+
+ java -cp jbosssx.jar org.jboss.security.plugins.PBEUtils abcdefgh 13 master ''
+ Encoded password: E5gtGMKcXPP
+
+ A sample login-config.xml configuration entry would be:
+
+ <application-policy name = "EncryptedHsqlDbRealm">
+ <authentication>
+ <login-module code = "org.jboss.resource.security.JaasSecurityDomainIdentityLoginModule"
+ flag = "required">
+ <module-option name = "userName">sa</module-option>
+ <module-option name = "password">E5gtGMKcXPP</module-option>
+ <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
+ <module-option name = "jaasSecurityDomain">jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+
+ @author Scott.Stark at jboss.org
+ @author <a href="mailto:noel.rocher at jboss.org">Noel Rocher</a> 29, june 2004 username & userName issue
+ @version $Revision: 71545 $
+ */
+public class JaasSecurityDomainIdentityLoginModule
+ extends AbstractPasswordCredentialLoginModule
+{
+ private static final Logger log = Logger.getLogger(JaasSecurityDomainIdentityLoginModule.class);
+
+ private String username;
+ private String password;
+ private ObjectName jaasSecurityDomain;
+
+ public void initialize(Subject subject, CallbackHandler handler,
+ Map sharedState, Map options)
+ {
+ super.initialize(subject, handler, sharedState, options);
+ // NR : we keep this username for compatibility
+ username = (String) options.get("username");
+ if( username == null )
+ {
+ // NR : try with userName
+ username = (String) options.get("userName");
+ if( username == null )
+ {
+ throw new IllegalArgumentException("The user name is a required option");
+ }
+ }
+
+ password = (String) options.get("password");
+ if( password == null )
+ {
+ throw new IllegalArgumentException("The password is a required option");
+ }
+
+ String name = (String) options.get("jaasSecurityDomain");
+ if( name == null )
+ {
+ throw new IllegalArgumentException("The jaasSecurityDomain is a required option");
+ }
+
+ try
+ {
+ jaasSecurityDomain = new ObjectName(name);
+ }
+ catch(Exception e)
+ {
+ throw new IllegalArgumentException("Invalid jaasSecurityDomain: " + e.getMessage());
+ }
+ }
+
+ public boolean login() throws LoginException
+ {
+ log.trace("login called");
+ if( super.login() == true )
+ return true;
+
+ super.loginOk = true;
+ return true;
+ }
+
+ public boolean commit() throws LoginException
+ {
+ Principal principal = new SimplePrincipal(username);
+ SubjectActions.addPrincipals(subject, principal);
+ sharedState.put("javax.security.auth.login.name", username);
+ // Decode the encrypted password
+ try
+ {
+ char[] decodedPassword = DecodeAction.decode(password,
+ jaasSecurityDomain, getServer());
+ PasswordCredential cred = new PasswordCredential(username, decodedPassword);
+ cred.setManagedConnectionFactory(getMcf());
+ SubjectActions.addCredentials(subject, cred);
+ }
+ catch(Exception e)
+ {
+ log.debug("Failed to decode password", e);
+ throw new LoginException("Failed to decode password: " + e.getMessage());
+ }
+ return true;
+ }
+
+ public boolean abort()
+ {
+ username = null;
+ password = null;
+ return true;
+ }
+
+ protected Principal getIdentity()
+ {
+ log.trace("getIdentity called, username=" + username);
+ Principal principal = new SimplePrincipal(username);
+ return principal;
+ }
+
+ protected Group[] getRoleSets() throws LoginException
+ {
+ Group[] empty = new Group[0];
+ return empty;
+ }
+
+ private static class DecodeAction implements PrivilegedExceptionAction
+ {
+ String password;
+ ObjectName jaasSecurityDomain;
+ MBeanServer server;
+
+ DecodeAction(String password, ObjectName jaasSecurityDomain,
+ MBeanServer server)
+ {
+ this.password = password;
+ this.jaasSecurityDomain = jaasSecurityDomain;
+ this.server = server;
+ }
+
+ /**
+ *
+ * @return
+ * @throws Exception
+ */
+ public Object run() throws Exception
+ {
+ // Invoke the jaasSecurityDomain.decodeb64 op
+ Object[] args = {password};
+ String[] sig = {String.class.getName()};
+ byte[] secret = (byte[]) server.invoke(jaasSecurityDomain,
+ "decode64", args, sig);
+ // Convert to UTF-8 base char array
+ String secretPassword = new String(secret, "UTF-8");
+ return secretPassword.toCharArray();
+ }
+ static char[] decode(String password, ObjectName jaasSecurityDomain,
+ MBeanServer server)
+ throws Exception
+ {
+ DecodeAction action = new DecodeAction(password, jaasSecurityDomain, server);
+ try
+ {
+ char[] decode = (char[]) AccessController.doPrivileged(action);
+ return decode;
+ }
+ catch(PrivilegedActionException e)
+ {
+ throw e.getException();
+ }
+ }
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/PBEIdentityLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/resource/security/PBEIdentityLoginModule.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/PBEIdentityLoginModule.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,270 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2006, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.resource.security;
-
-import java.security.acl.Group;
-import java.security.Principal;
-import java.util.Map;
-import javax.resource.spi.security.PasswordCredential;
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.PBEKeySpec;
-import javax.crypto.spec.PBEParameterSpec;
-
-import org.jboss.security.Base64Utils;
-import org.jboss.security.SimplePrincipal;
-import org.jboss.security.Util;
-import org.jboss.logging.Logger;
-
-/** An example of how one could encrypt the database password for a jca
- connection factory. The corresponding login config entry illustrates
- the usage:
-
- <application-policy name = "testPBEIdentityLoginModule">
- <authentication>
- <login-module code = "org.jboss.resource.security.PBEIdentityLoginModule"
- flag = "required">
- <module-option name = "principal">sa</module-option>
- <module-option name = "userName">sa</module-option>
- <!--
- output from:
- org.jboss.resource.security.PBEIdentityLoginModule
- thesecret testPBEIdentityLoginModule abcdefgh 19 PBEWithMD5AndDES
- -->
- <module-option name = "password">3fp7R/7TMjyTTxhmePdJVk</module-option>
- <module-option name = "ignoreMissigingMCF">true</module-option>
- <module-option name = "pbealgo">PBEWithMD5AndDES</module-option>
- <module-option name = "pbepass">testPBEIdentityLoginModule</module-option>
- <module-option name = "salt">abcdefgh</module-option>
- <module-option name = "iterationCount">19</module-option>
- <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
- </login-module>
- </authentication>
- </application-policy>
-
- This uses password based encryption (PBE) with algorithm parameters dervived
- from pbealgo, pbepass, salt, iterationCount options:
- + pbealgo - the PBE algorithm to use. Defaults to PBEwithMD5andDES.
- + pbepass - the PBE password to use. Can use the JaasSecurityDomain {CLASS}
- and {EXT} syntax to obtain the password from outside of the configuration.
- Defaults to "jaas is the way".
- + salt - the PBE salt as a string. Defaults to {1, 7, 2, 9, 3, 11, 4, 13}.
- + iterationCount - the PBE iterationCount. Defaults to 37.
-
- * @author Scott.Stark at jboss.org
- * @author <a href="mailto:noel.rocher at jboss.org">Noel Rocher</a> 29, june 2004 username & userName issue
- * @version $Revision: 57189 $
- */
-public class PBEIdentityLoginModule
- extends AbstractPasswordCredentialLoginModule
-{
- /**
- * Class logger
- */
- private static final Logger log = Logger.getLogger(SecureIdentityLoginModule.class);
-
- private String username;
- private String password;
- /** The Blowfish key material */
- private char[] pbepass = "jaas is the way".toCharArray();
- private String pbealgo = "PBEwithMD5andDES";
- private byte[] salt = {1, 7, 2, 9, 3, 11, 4, 13};
- private int iterationCount = 37;
- private PBEParameterSpec cipherSpec;
-
- public PBEIdentityLoginModule()
- {
- }
- PBEIdentityLoginModule(String algo, char[] pass, byte[] pbesalt, int iter)
- {
- if( pass != null )
- pbepass = pass;
- if( algo != null )
- pbealgo = algo;
- if( pbesalt != null )
- salt = pbesalt;
- if( iter > 0 )
- iterationCount = iter;
- }
-
- @SuppressWarnings("unchecked")
- @Override
- public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
- {
- super.initialize(subject, handler, sharedState, options);
- // NR : we keep this username for compatibility
- username = (String) options.get("username");
- if( username == null )
- {
- // NR : try with userName
- username = (String) options.get("userName");
- if( username == null )
- {
- throw new IllegalArgumentException("The user name is a required option");
- }
- }
- password = (String) options.get("password");
- if( password == null )
- {
- throw new IllegalArgumentException("The password is a required option");
- }
- // Look for the cipher password and algo parameters
- String tmp = (String) options.get("pbepass");
- if( tmp != null )
- {
- try
- {
- pbepass = Util.loadPassword(tmp);
- }
- catch(Exception e)
- {
- throw new IllegalStateException(e);
- }
- }
- tmp = (String) options.get("pbealgo");
- if( tmp != null )
- pbealgo = tmp;
- tmp = (String) options.get("salt");
- if( tmp != null )
- salt = tmp.substring(0, 8).getBytes();
- tmp = (String) options.get("iterationCount");
- if( tmp != null )
- iterationCount = Integer.parseInt(tmp);
- }
-
- public boolean login() throws LoginException
- {
- log.trace("login called");
- if( super.login() == true )
- return true;
-
- super.loginOk = true;
- return true;
- }
-
- @SuppressWarnings("unchecked")
- public boolean commit() throws LoginException
- {
- Principal principal = new SimplePrincipal(username);
- SubjectActions.addPrincipals(subject, principal);
- sharedState.put("javax.security.auth.login.name", username);
- // Decode the encrypted password
- try
- {
- char[] decodedPassword = decode(password);
- PasswordCredential cred = new PasswordCredential(username, decodedPassword);
- cred.setManagedConnectionFactory(getMcf());
- SubjectActions.addCredentials(subject, cred);
- }
- catch(Exception e)
- {
- log.debug("Failed to decode password", e);
- throw new LoginException("Failed to decode password: "+e.getMessage());
- }
- return true;
- }
-
- public boolean abort()
- {
- username = null;
- password = null;
- return true;
- }
-
- protected Principal getIdentity()
- {
- log.trace("getIdentity called, username="+username);
- Principal principal = new SimplePrincipal(username);
- return principal;
- }
-
- protected Group[] getRoleSets() throws LoginException
- {
- Group[] empty = new Group[0];
- return empty;
- }
-
- private String encode(String secret)
- throws Exception
- {
- // Create the PBE secret key
- cipherSpec = new PBEParameterSpec(salt, iterationCount);
- PBEKeySpec keySpec = new PBEKeySpec(pbepass);
- SecretKeyFactory factory = SecretKeyFactory.getInstance(pbealgo);
- SecretKey cipherKey = factory.generateSecret(keySpec);
-
- // Decode the secret
- Cipher cipher = Cipher.getInstance(pbealgo);
- cipher.init(Cipher.ENCRYPT_MODE, cipherKey, cipherSpec);
- byte[] encoding = cipher.doFinal(secret.getBytes());
- return Base64Utils.tob64(encoding);
- }
-
- private char[] decode(String secret)
- throws Exception
- {
- // Create the PBE secret key
- cipherSpec = new PBEParameterSpec(salt, iterationCount);
- PBEKeySpec keySpec = new PBEKeySpec(pbepass);
- SecretKeyFactory factory = SecretKeyFactory.getInstance(pbealgo);
- SecretKey cipherKey = factory.generateSecret(keySpec);
- // Decode the secret
- byte[] encoding = Base64Utils.fromb64(secret);
- Cipher cipher = Cipher.getInstance(pbealgo);
- cipher.init(Cipher.DECRYPT_MODE, cipherKey, cipherSpec);
- byte[] decode = cipher.doFinal(encoding);
- return new String(decode).toCharArray();
- }
-
- /** Main entry point to encrypt a password using the hard-coded pass phrase
- *
- * @param args - [0] = the password to encode
- * [1] = PBE password
- * [2] = PBE salt
- * [3] = PBE iterationCount
- * [4] = PBE algo
- * @throws Exception
- */
- public static void main(String[] args) throws Exception
- {
- String algo = null;
- char[] pass = "jaas is the way".toCharArray();
- byte[] salt = null;
- int iter = -1;
- if( args.length >= 2 )
- pass = args[1].toCharArray();
- if( args.length >= 3 )
- salt = args[2].getBytes();
- if( args.length >= 4 )
- iter = Integer.decode(args[3]).intValue();
- if( args.length >= 5 )
- algo = args[4];
-
- PBEIdentityLoginModule pbe = new PBEIdentityLoginModule(algo, pass, salt, iter);
- String encode = pbe.encode(args[0]);
- System.out.println("Encoded password: "+encode);
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/PBEIdentityLoginModule.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/resource/security/PBEIdentityLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/PBEIdentityLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/PBEIdentityLoginModule.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,271 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.resource.security;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Map;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+import javax.resource.spi.security.PasswordCredential;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.Base64Utils;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.Util;
+
+/** An example of how one could encrypt the database password for a jca
+ connection factory. The corresponding login config entry illustrates
+ the usage:
+
+ <application-policy name = "testPBEIdentityLoginModule">
+ <authentication>
+ <login-module code = "org.jboss.resource.security.PBEIdentityLoginModule"
+ flag = "required">
+ <module-option name = "principal">sa</module-option>
+ <module-option name = "userName">sa</module-option>
+ <!--
+ output from:
+ org.jboss.resource.security.PBEIdentityLoginModule
+ thesecret testPBEIdentityLoginModule abcdefgh 19 PBEWithMD5AndDES
+ -->
+ <module-option name = "password">3fp7R/7TMjyTTxhmePdJVk</module-option>
+ <module-option name = "ignoreMissigingMCF">true</module-option>
+ <module-option name = "pbealgo">PBEWithMD5AndDES</module-option>
+ <module-option name = "pbepass">testPBEIdentityLoginModule</module-option>
+ <module-option name = "salt">abcdefgh</module-option>
+ <module-option name = "iterationCount">19</module-option>
+ <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ This uses password based encryption (PBE) with algorithm parameters dervived
+ from pbealgo, pbepass, salt, iterationCount options:
+ + pbealgo - the PBE algorithm to use. Defaults to PBEwithMD5andDES.
+ + pbepass - the PBE password to use. Can use the JaasSecurityDomain {CLASS}
+ and {EXT} syntax to obtain the password from outside of the configuration.
+ Defaults to "jaas is the way".
+ + salt - the PBE salt as a string. Defaults to {1, 7, 2, 9, 3, 11, 4, 13}.
+ + iterationCount - the PBE iterationCount. Defaults to 37.
+
+ * @author Scott.Stark at jboss.org
+ * @author <a href="mailto:noel.rocher at jboss.org">Noel Rocher</a> 29, june 2004 username & userName issue
+ * @version $Revision: 57189 $
+ */
+public class PBEIdentityLoginModule
+ extends AbstractPasswordCredentialLoginModule
+{
+ /**
+ * Class logger
+ */
+ private static final Logger log = Logger.getLogger(SecureIdentityLoginModule.class);
+
+ private String username;
+ private String password;
+ /** The Blowfish key material */
+ private char[] pbepass = "jaas is the way".toCharArray();
+ private String pbealgo = "PBEwithMD5andDES";
+ private byte[] salt = {1, 7, 2, 9, 3, 11, 4, 13};
+ private int iterationCount = 37;
+ private PBEParameterSpec cipherSpec;
+
+ public PBEIdentityLoginModule()
+ {
+ }
+ PBEIdentityLoginModule(String algo, char[] pass, byte[] pbesalt, int iter)
+ {
+ if( pass != null )
+ pbepass = pass;
+ if( algo != null )
+ pbealgo = algo;
+ if( pbesalt != null )
+ salt = pbesalt;
+ if( iter > 0 )
+ iterationCount = iter;
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
+ {
+ super.initialize(subject, handler, sharedState, options);
+ // NR : we keep this username for compatibility
+ username = (String) options.get("username");
+ if( username == null )
+ {
+ // NR : try with userName
+ username = (String) options.get("userName");
+ if( username == null )
+ {
+ throw new IllegalArgumentException("The user name is a required option");
+ }
+ }
+ password = (String) options.get("password");
+ if( password == null )
+ {
+ throw new IllegalArgumentException("The password is a required option");
+ }
+ // Look for the cipher password and algo parameters
+ String tmp = (String) options.get("pbepass");
+ if( tmp != null )
+ {
+ try
+ {
+ pbepass = Util.loadPassword(tmp);
+ }
+ catch(Exception e)
+ {
+ throw new IllegalStateException(e);
+ }
+ }
+ tmp = (String) options.get("pbealgo");
+ if( tmp != null )
+ pbealgo = tmp;
+ tmp = (String) options.get("salt");
+ if( tmp != null )
+ salt = tmp.substring(0, 8).getBytes();
+ tmp = (String) options.get("iterationCount");
+ if( tmp != null )
+ iterationCount = Integer.parseInt(tmp);
+ }
+
+ public boolean login() throws LoginException
+ {
+ log.trace("login called");
+ if( super.login() == true )
+ return true;
+
+ super.loginOk = true;
+ return true;
+ }
+
+ @SuppressWarnings("unchecked")
+ public boolean commit() throws LoginException
+ {
+ Principal principal = new SimplePrincipal(username);
+ SubjectActions.addPrincipals(subject, principal);
+ sharedState.put("javax.security.auth.login.name", username);
+ // Decode the encrypted password
+ try
+ {
+ char[] decodedPassword = decode(password);
+ PasswordCredential cred = new PasswordCredential(username, decodedPassword);
+ cred.setManagedConnectionFactory(getMcf());
+ SubjectActions.addCredentials(subject, cred);
+ }
+ catch(Exception e)
+ {
+ log.debug("Failed to decode password", e);
+ throw new LoginException("Failed to decode password: "+e.getMessage());
+ }
+ return true;
+ }
+
+ public boolean abort()
+ {
+ username = null;
+ password = null;
+ return true;
+ }
+
+ protected Principal getIdentity()
+ {
+ log.trace("getIdentity called, username="+username);
+ Principal principal = new SimplePrincipal(username);
+ return principal;
+ }
+
+ protected Group[] getRoleSets() throws LoginException
+ {
+ Group[] empty = new Group[0];
+ return empty;
+ }
+
+ private String encode(String secret)
+ throws Exception
+ {
+ // Create the PBE secret key
+ cipherSpec = new PBEParameterSpec(salt, iterationCount);
+ PBEKeySpec keySpec = new PBEKeySpec(pbepass);
+ SecretKeyFactory factory = SecretKeyFactory.getInstance(pbealgo);
+ SecretKey cipherKey = factory.generateSecret(keySpec);
+
+ // Decode the secret
+ Cipher cipher = Cipher.getInstance(pbealgo);
+ cipher.init(Cipher.ENCRYPT_MODE, cipherKey, cipherSpec);
+ byte[] encoding = cipher.doFinal(secret.getBytes());
+ return Base64Utils.tob64(encoding);
+ }
+
+ private char[] decode(String secret)
+ throws Exception
+ {
+ // Create the PBE secret key
+ cipherSpec = new PBEParameterSpec(salt, iterationCount);
+ PBEKeySpec keySpec = new PBEKeySpec(pbepass);
+ SecretKeyFactory factory = SecretKeyFactory.getInstance(pbealgo);
+ SecretKey cipherKey = factory.generateSecret(keySpec);
+ // Decode the secret
+ byte[] encoding = Base64Utils.fromb64(secret);
+ Cipher cipher = Cipher.getInstance(pbealgo);
+ cipher.init(Cipher.DECRYPT_MODE, cipherKey, cipherSpec);
+ byte[] decode = cipher.doFinal(encoding);
+ return new String(decode).toCharArray();
+ }
+
+ /** Main entry point to encrypt a password using the hard-coded pass phrase
+ *
+ * @param args - [0] = the password to encode
+ * [1] = PBE password
+ * [2] = PBE salt
+ * [3] = PBE iterationCount
+ * [4] = PBE algo
+ * @throws Exception
+ */
+ public static void main(String[] args) throws Exception
+ {
+ String algo = null;
+ char[] pass = "jaas is the way".toCharArray();
+ byte[] salt = null;
+ int iter = -1;
+ if( args.length >= 2 )
+ pass = args[1].toCharArray();
+ if( args.length >= 3 )
+ salt = args[2].getBytes();
+ if( args.length >= 4 )
+ iter = Integer.decode(args[3]).intValue();
+ if( args.length >= 5 )
+ algo = args[4];
+
+ PBEIdentityLoginModule pbe = new PBEIdentityLoginModule(algo, pass, salt, iter);
+ String encode = pbe.encode(args[0]);
+ System.out.println("Encoded password: "+encode);
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/SecureIdentityLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/resource/security/SecureIdentityLoginModule.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/SecureIdentityLoginModule.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,187 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2006, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.resource.security;
-
-import java.security.acl.Group;
-import java.security.Principal;
-import java.security.NoSuchAlgorithmException;
-import java.security.InvalidKeyException;
-import java.util.Map;
-import java.math.BigInteger;
-import javax.resource.spi.security.PasswordCredential;
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.BadPaddingException;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.Cipher;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.jboss.security.SimplePrincipal;
-import org.jboss.logging.Logger;
-
-/** An example of how one could encrypt the database password for a jca
- connection factory. The corresponding
-
-<application-policy name = "HsqlDbRealm">
- <authentication>
- <login-module code = "org.jboss.resource.security.SecureIdentityLoginMdule"
- flag = "required">
- <module-option name = "userName">sa</module-option>
- <module-option name = "password">-207a6df87216de44</module-option>
- <module-option name = "managedConnectionFactoryName">jboss.jca:servce=LocalTxCM,name=DefaultDS</module-option>
- </login-module>
- </authentication>
-</application-policy>
-
- This uses a hard-coded cipher algo of Blowfish, and key derived from the
- phrase 'jaas is the way'. Adjust to your requirements.
-
- * @author Scott.Stark at jboss.org
- * @author <a href="mailto:noel.rocher at jboss.org">Noel Rocher</a> 29, june 2004 username & userName issue
- * @version $Revision: 71545 $
- */
-public class SecureIdentityLoginModule
- extends AbstractPasswordCredentialLoginModule
-{
- /**
- * Class logger
- */
- private static final Logger log = Logger.getLogger(SecureIdentityLoginModule.class);
-
- private String username;
- private String password;
-
- public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
- {
- super.initialize(subject, handler, sharedState, options);
- // NR : we keep this username for compatibility
- username = (String) options.get("username");
- if( username == null )
- {
- // NR : try with userName
- username = (String) options.get("userName");
- if( username == null )
- {
- throw new IllegalArgumentException("The user name is a required option");
- }
- }
- password = (String) options.get("password");
- if( password == null )
- {
- throw new IllegalArgumentException("The password is a required option");
- }
- }
-
- public boolean login() throws LoginException
- {
- log.trace("login called");
- if( super.login() == true )
- return true;
-
- super.loginOk = true;
- return true;
- }
-
- public boolean commit() throws LoginException
- {
- Principal principal = new SimplePrincipal(username);
- SubjectActions.addPrincipals(subject, principal);
- sharedState.put("javax.security.auth.login.name", username);
- // Decode the encrypted password
- try
- {
- char[] decodedPassword = decode(password);
- PasswordCredential cred = new PasswordCredential(username, decodedPassword);
- cred.setManagedConnectionFactory(getMcf());
- SubjectActions.addCredentials(subject, cred);
- }
- catch(Exception e)
- {
- log.debug("Failed to decode password", e);
- throw new LoginException("Failed to decode password: "+e.getMessage());
- }
- return true;
- }
-
- public boolean abort()
- {
- username = null;
- password = null;
- return true;
- }
-
- protected Principal getIdentity()
- {
- log.trace("getIdentity called, username="+username);
- Principal principal = new SimplePrincipal(username);
- return principal;
- }
-
- protected Group[] getRoleSets() throws LoginException
- {
- Group[] empty = new Group[0];
- return empty;
- }
-
- private static String encode(String secret)
- throws NoSuchPaddingException, NoSuchAlgorithmException,
- InvalidKeyException, BadPaddingException, IllegalBlockSizeException
- {
- byte[] kbytes = "jaas is the way".getBytes();
- SecretKeySpec key = new SecretKeySpec(kbytes, "Blowfish");
-
- Cipher cipher = Cipher.getInstance("Blowfish");
- cipher.init(Cipher.ENCRYPT_MODE, key);
- byte[] encoding = cipher.doFinal(secret.getBytes());
- BigInteger n = new BigInteger(encoding);
- return n.toString(16);
- }
-
- private static char[] decode(String secret)
- throws NoSuchPaddingException, NoSuchAlgorithmException,
- InvalidKeyException, BadPaddingException, IllegalBlockSizeException
- {
- byte[] kbytes = "jaas is the way".getBytes();
- SecretKeySpec key = new SecretKeySpec(kbytes, "Blowfish");
-
- BigInteger n = new BigInteger(secret, 16);
- byte[] encoding = n.toByteArray();
-
- Cipher cipher = Cipher.getInstance("Blowfish");
- cipher.init(Cipher.DECRYPT_MODE, key);
- byte[] decode = cipher.doFinal(encoding);
- return new String(decode).toCharArray();
- }
-
- /** Main entry point to encrypt a password using the hard-coded pass phrase
- *
- * @param args - [0] = the password to encode
- * @throws Exception
- */
- public static void main(String[] args) throws Exception
- {
- String encode = encode(args[0]);
- System.out.println("Encoded password: "+encode);
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/SecureIdentityLoginModule.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/resource/security/SecureIdentityLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/SecureIdentityLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/SecureIdentityLoginModule.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,188 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.resource.security;
+
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Map;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.SecretKeySpec;
+import javax.resource.spi.security.PasswordCredential;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SimplePrincipal;
+
+/** An example of how one could encrypt the database password for a jca
+ connection factory. The corresponding
+
+<application-policy name = "HsqlDbRealm">
+ <authentication>
+ <login-module code = "org.jboss.resource.security.SecureIdentityLoginMdule"
+ flag = "required">
+ <module-option name = "userName">sa</module-option>
+ <module-option name = "password">-207a6df87216de44</module-option>
+ <module-option name = "managedConnectionFactoryName">jboss.jca:servce=LocalTxCM,name=DefaultDS</module-option>
+ </login-module>
+ </authentication>
+</application-policy>
+
+ This uses a hard-coded cipher algo of Blowfish, and key derived from the
+ phrase 'jaas is the way'. Adjust to your requirements.
+
+ * @author Scott.Stark at jboss.org
+ * @author <a href="mailto:noel.rocher at jboss.org">Noel Rocher</a> 29, june 2004 username & userName issue
+ * @version $Revision: 71545 $
+ */
+public class SecureIdentityLoginModule
+ extends AbstractPasswordCredentialLoginModule
+{
+ /**
+ * Class logger
+ */
+ private static final Logger log = Logger.getLogger(SecureIdentityLoginModule.class);
+
+ private String username;
+ private String password;
+
+ public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
+ {
+ super.initialize(subject, handler, sharedState, options);
+ // NR : we keep this username for compatibility
+ username = (String) options.get("username");
+ if( username == null )
+ {
+ // NR : try with userName
+ username = (String) options.get("userName");
+ if( username == null )
+ {
+ throw new IllegalArgumentException("The user name is a required option");
+ }
+ }
+ password = (String) options.get("password");
+ if( password == null )
+ {
+ throw new IllegalArgumentException("The password is a required option");
+ }
+ }
+
+ public boolean login() throws LoginException
+ {
+ log.trace("login called");
+ if( super.login() == true )
+ return true;
+
+ super.loginOk = true;
+ return true;
+ }
+
+ public boolean commit() throws LoginException
+ {
+ Principal principal = new SimplePrincipal(username);
+ SubjectActions.addPrincipals(subject, principal);
+ sharedState.put("javax.security.auth.login.name", username);
+ // Decode the encrypted password
+ try
+ {
+ char[] decodedPassword = decode(password);
+ PasswordCredential cred = new PasswordCredential(username, decodedPassword);
+ cred.setManagedConnectionFactory(getMcf());
+ SubjectActions.addCredentials(subject, cred);
+ }
+ catch(Exception e)
+ {
+ log.debug("Failed to decode password", e);
+ throw new LoginException("Failed to decode password: "+e.getMessage());
+ }
+ return true;
+ }
+
+ public boolean abort()
+ {
+ username = null;
+ password = null;
+ return true;
+ }
+
+ protected Principal getIdentity()
+ {
+ log.trace("getIdentity called, username="+username);
+ Principal principal = new SimplePrincipal(username);
+ return principal;
+ }
+
+ protected Group[] getRoleSets() throws LoginException
+ {
+ Group[] empty = new Group[0];
+ return empty;
+ }
+
+ private static String encode(String secret)
+ throws NoSuchPaddingException, NoSuchAlgorithmException,
+ InvalidKeyException, BadPaddingException, IllegalBlockSizeException
+ {
+ byte[] kbytes = "jaas is the way".getBytes();
+ SecretKeySpec key = new SecretKeySpec(kbytes, "Blowfish");
+
+ Cipher cipher = Cipher.getInstance("Blowfish");
+ cipher.init(Cipher.ENCRYPT_MODE, key);
+ byte[] encoding = cipher.doFinal(secret.getBytes());
+ BigInteger n = new BigInteger(encoding);
+ return n.toString(16);
+ }
+
+ private static char[] decode(String secret)
+ throws NoSuchPaddingException, NoSuchAlgorithmException,
+ InvalidKeyException, BadPaddingException, IllegalBlockSizeException
+ {
+ byte[] kbytes = "jaas is the way".getBytes();
+ SecretKeySpec key = new SecretKeySpec(kbytes, "Blowfish");
+
+ BigInteger n = new BigInteger(secret, 16);
+ byte[] encoding = n.toByteArray();
+
+ Cipher cipher = Cipher.getInstance("Blowfish");
+ cipher.init(Cipher.DECRYPT_MODE, key);
+ byte[] decode = cipher.doFinal(encoding);
+ return new String(decode).toCharArray();
+ }
+
+ /** Main entry point to encrypt a password using the hard-coded pass phrase
+ *
+ * @param args - [0] = the password to encode
+ * @throws Exception
+ */
+ public static void main(String[] args) throws Exception
+ {
+ String encode = encode(args[0]);
+ System.out.println("Encoded password: "+encode);
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/SubjectActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/resource/security/SubjectActions.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/SubjectActions.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,185 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2006, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.resource.security;
-
-import java.security.AccessController;
-import java.security.Principal;
-import java.security.PrivilegedAction;
-import java.security.acl.Group;
-import java.util.Iterator;
-import java.util.Set;
-import javax.resource.spi.ManagedConnectionFactory;
-import javax.resource.spi.security.PasswordCredential;
-import javax.security.auth.Subject;
-
-import org.jboss.security.SimpleGroup;
-
-/**
- * Common package privileged actions.
- *
- * @author Scott.Stark at jboss.org
- * @version $Revision: 71545 $
- */
-class SubjectActions
-{
- interface AddRolesActions
- {
- AddRolesActions PRIVILEGED = new AddRolesActions()
- {
- public void addRoles(final Subject subject, final Set roles)
- {
- AccessController.doPrivileged(new PrivilegedAction()
- {
- public Object run()
- {
- addSubjectRoles(subject, roles);
- return null;
- }
- });
- }
- };
-
- AddRolesActions NON_PRIVILEGED = new AddRolesActions()
- {
- public void addRoles(final Subject subject, final Set roles)
- {
- addSubjectRoles(subject, roles);
- }
- };
-
- void addRoles(Subject subject, Set roles);
- }
-
- static class AddCredentialsAction implements PrivilegedAction
- {
- Subject subject;
- PasswordCredential cred;
- AddCredentialsAction(Subject subject, PasswordCredential cred)
- {
- this.subject = subject;
- this.cred = cred;
- }
- public Object run()
- {
- subject.getPrivateCredentials().add(cred);
- return null;
- }
- }
- static class AddPrincipalsAction implements PrivilegedAction
- {
- Subject subject;
- Principal p;
- AddPrincipalsAction(Subject subject, Principal p)
- {
- this.subject = subject;
- this.p = p;
- }
- public Object run()
- {
- subject.getPrincipals().add(p);
- return null;
- }
- }
- static class RemoveCredentialsAction implements PrivilegedAction
- {
- Subject subject;
- ManagedConnectionFactory mcf;
- RemoveCredentialsAction(Subject subject, ManagedConnectionFactory mcf)
- {
- this.subject = subject;
- this.mcf = mcf;
- }
- public Object run()
- {
- Iterator i = subject.getPrivateCredentials().iterator();
- while( i.hasNext() )
- {
- Object o = i.next();
- if ( o instanceof PasswordCredential )
- {
- PasswordCredential pc = (PasswordCredential) o;
- if( pc.getManagedConnectionFactory() == mcf )
- i.remove();
- }
- }
- return null;
- }
- }
-
- static void addCredentials(Subject subject, PasswordCredential cred)
- {
- AddCredentialsAction action = new AddCredentialsAction(subject, cred);
- AccessController.doPrivileged(action);
- }
- static void addPrincipals(Subject subject, Principal p)
- {
- AddPrincipalsAction action = new AddPrincipalsAction(subject, p);
- AccessController.doPrivileged(action);
- }
- static void removeCredentials(Subject subject, ManagedConnectionFactory mcf)
- {
- RemoveCredentialsAction action = new RemoveCredentialsAction(subject, mcf);
- AccessController.doPrivileged(action);
- }
-
- static void addRoles(Subject subject, Set runAsRoles)
- {
- if( System.getSecurityManager() != null )
- {
- AddRolesActions.PRIVILEGED.addRoles(subject, runAsRoles);
- }
- else
- {
- AddRolesActions.NON_PRIVILEGED.addRoles(subject, runAsRoles);
- }
- }
-
- private static Group addSubjectRoles(Subject theSubject, Set roles)
- {
- Set subjectGroups = theSubject.getPrincipals(Group.class);
- Iterator iter = subjectGroups.iterator();
- Group roleGrp = null;
- while (iter.hasNext())
- {
- Group grp = (Group) iter.next();
- String name = grp.getName();
- if (name.equals("Roles"))
- roleGrp = grp;
- }
-
- // Create the Roles group if it was not found
- if (roleGrp == null)
- {
- roleGrp = new SimpleGroup("Roles");
- theSubject.getPrincipals().add(roleGrp);
- }
-
- iter = roles.iterator();
- while (iter.hasNext())
- {
- Principal role = (Principal) iter.next();
- roleGrp.addMember(role);
- }
- return roleGrp;
- }
-
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/SubjectActions.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/resource/security/SubjectActions.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/SubjectActions.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/resource/security/SubjectActions.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,186 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.resource.security;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.security.acl.Group;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.resource.spi.ManagedConnectionFactory;
+import javax.resource.spi.security.PasswordCredential;
+import javax.security.auth.Subject;
+
+import org.jboss.security.SimpleGroup;
+
+/**
+ * Common package privileged actions.
+ *
+ * @author Scott.Stark at jboss.org
+ * @version $Revision: 71545 $
+ */
+class SubjectActions
+{
+ interface AddRolesActions
+ {
+ AddRolesActions PRIVILEGED = new AddRolesActions()
+ {
+ public void addRoles(final Subject subject, final Set roles)
+ {
+ AccessController.doPrivileged(new PrivilegedAction()
+ {
+ public Object run()
+ {
+ addSubjectRoles(subject, roles);
+ return null;
+ }
+ });
+ }
+ };
+
+ AddRolesActions NON_PRIVILEGED = new AddRolesActions()
+ {
+ public void addRoles(final Subject subject, final Set roles)
+ {
+ addSubjectRoles(subject, roles);
+ }
+ };
+
+ void addRoles(Subject subject, Set roles);
+ }
+
+ static class AddCredentialsAction implements PrivilegedAction
+ {
+ Subject subject;
+ PasswordCredential cred;
+ AddCredentialsAction(Subject subject, PasswordCredential cred)
+ {
+ this.subject = subject;
+ this.cred = cred;
+ }
+ public Object run()
+ {
+ subject.getPrivateCredentials().add(cred);
+ return null;
+ }
+ }
+ static class AddPrincipalsAction implements PrivilegedAction
+ {
+ Subject subject;
+ Principal p;
+ AddPrincipalsAction(Subject subject, Principal p)
+ {
+ this.subject = subject;
+ this.p = p;
+ }
+ public Object run()
+ {
+ subject.getPrincipals().add(p);
+ return null;
+ }
+ }
+ static class RemoveCredentialsAction implements PrivilegedAction
+ {
+ Subject subject;
+ ManagedConnectionFactory mcf;
+ RemoveCredentialsAction(Subject subject, ManagedConnectionFactory mcf)
+ {
+ this.subject = subject;
+ this.mcf = mcf;
+ }
+ public Object run()
+ {
+ Iterator i = subject.getPrivateCredentials().iterator();
+ while( i.hasNext() )
+ {
+ Object o = i.next();
+ if ( o instanceof PasswordCredential )
+ {
+ PasswordCredential pc = (PasswordCredential) o;
+ if( pc.getManagedConnectionFactory() == mcf )
+ i.remove();
+ }
+ }
+ return null;
+ }
+ }
+
+ static void addCredentials(Subject subject, PasswordCredential cred)
+ {
+ AddCredentialsAction action = new AddCredentialsAction(subject, cred);
+ AccessController.doPrivileged(action);
+ }
+ static void addPrincipals(Subject subject, Principal p)
+ {
+ AddPrincipalsAction action = new AddPrincipalsAction(subject, p);
+ AccessController.doPrivileged(action);
+ }
+ static void removeCredentials(Subject subject, ManagedConnectionFactory mcf)
+ {
+ RemoveCredentialsAction action = new RemoveCredentialsAction(subject, mcf);
+ AccessController.doPrivileged(action);
+ }
+
+ static void addRoles(Subject subject, Set runAsRoles)
+ {
+ if( System.getSecurityManager() != null )
+ {
+ AddRolesActions.PRIVILEGED.addRoles(subject, runAsRoles);
+ }
+ else
+ {
+ AddRolesActions.NON_PRIVILEGED.addRoles(subject, runAsRoles);
+ }
+ }
+
+ private static Group addSubjectRoles(Subject theSubject, Set roles)
+ {
+ Set subjectGroups = theSubject.getPrincipals(Group.class);
+ Iterator iter = subjectGroups.iterator();
+ Group roleGrp = null;
+ while (iter.hasNext())
+ {
+ Group grp = (Group) iter.next();
+ String name = grp.getName();
+ if (name.equals("Roles"))
+ roleGrp = grp;
+ }
+
+ // Create the Roles group if it was not found
+ if (roleGrp == null)
+ {
+ roleGrp = new SimpleGroup("Roles");
+ theSubject.getPrincipals().add(roleGrp);
+ }
+
+ iter = roles.iterator();
+ while (iter.hasNext())
+ {
+ Principal role = (Principal) iter.next();
+ roleGrp.addMember(role);
+ }
+ return roleGrp;
+ }
+
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/ClientLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/ClientLoginModule.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/ClientLoginModule.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,284 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.io.IOException;
-import java.security.Principal;
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.spi.LoginModule;
-
-import org.jboss.logging.Logger;
-
-/** A simple implementation of LoginModule for use by JBoss clients for
- the establishment of the caller identity and credentials. This simply sets
- the SecurityAssociation principal to the value of the NameCallback
- filled in by the CallbackHandler, and the SecurityAssociation credential
- to the value of the PasswordCallback filled in by the CallbackHandler.
-
- It has the following options:
- <ul>
- <li>multi-threaded=[true|false]
- When the multi-threaded option is set to true, the SecurityAssociation.setServer()
- so that each login thread has its own principal and credential storage.
- <li>restore-login-identity=[true|false]
- When restore-login-identity is true, the SecurityAssociation principal
- and credential seen on entry to the login() method are saved and restored
- on either abort or logout. When false (the default), the abort and logout
- simply clears the SecurityAssociation. A restore-login-identity of true is
- needed if one need to change identities and then restore the original
- caller identity.
- <li>password-stacking=tryFirstPass|useFirstPass
- When password-stacking option is set, this module first looks for a shared
- username and password using "javax.security.auth.login.name" and
- "javax.security.auth.login.password" respectively. This allows a module configured
- prior to this one to establish a valid username and password that should be passed
- to JBoss.
- </ul>
-
- @author <a href="mailto:on at ibis.odessa.ua">Oleg Nitz</a>
- @author Scott.Stark at jboss.org
- @author Anil.Saldhana at redhat.com
- */
-public class ClientLoginModule implements LoginModule
-{
- private static Logger log = Logger.getLogger(ClientLoginModule.class);
- private Subject subject;
- private CallbackHandler callbackHandler;
- /** The principal set during login() */
- private Principal loginPrincipal;
- /** The credential set during login() */
- private Object loginCredential;
- /** Shared state between login modules */
- private Map<String,?> sharedState;
- /** Flag indicating if the shared password should be used */
- private boolean useFirstPass;
- /** Flag indicating if the SecurityAssociation existing at login should
- be restored on logout.
- */
- private boolean restoreLoginIdentity;
- private boolean trace;
-
- /** To restore prelogin identity **/
- private SecurityContext cachedSecurityContext;
-
- /** Initialize this LoginModule. This checks for the options:
- multi-threaded
- restore-login-identity
- password-stacking
- */
- public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map<String,?> sharedState, Map<String,?> options)
- {
- this.trace = log.isTraceEnabled();
- this.subject = subject;
- this.callbackHandler = callbackHandler;
- this.sharedState = sharedState;
-
- //log securityDomain, if set.
- if(trace)
- log.trace("Security domain: " +
- (String)options.get(SecurityConstants.SECURITY_DOMAIN_OPTION));
-
- // Check for multi-threaded option
- String flag = (String) options.get("multi-threaded");
- if (Boolean.valueOf(flag).booleanValue() == true)
- {
- /* Turn on the server mode which uses thread local storage for
- the principal information.
- */
- if(trace)
- log.trace("Enabling multi-threaded mode");
- SecurityAssociationActions.setServer();
- }
-
- flag = (String) options.get("restore-login-identity");
- restoreLoginIdentity = Boolean.valueOf(flag).booleanValue();
- if(trace)
- log.trace("Enabling restore-login-identity mode");
-
- /* Check for password sharing options. Any non-null value for
- password_stacking sets useFirstPass as this module has no way to
- validate any shared password.
- */
- String passwordStacking = (String) options.get("password-stacking");
- useFirstPass = passwordStacking != null;
- if(trace && useFirstPass)
- log.trace("Enabling useFirstPass mode");
- }
-
- /**
- * Method to authenticate a Subject (phase 1).
- */
- public boolean login() throws LoginException
- {
- if( trace )
- log.trace("Begin login");
- // If useFirstPass is true, look for the shared password
- if (useFirstPass == true)
- {
- try
- {
- Object name = sharedState.get("javax.security.auth.login.name");
- if ((name instanceof Principal) == false)
- {
- String username = name != null ? name.toString() : "";
- loginPrincipal = new SimplePrincipal(username);
- } else
- {
- loginPrincipal = (Principal) name;
- }
- loginCredential = sharedState.get("javax.security.auth.login.password");
- return true;
- }
- catch (Exception e)
- { // Dump the exception and continue
- log.debug("Failed to obtain shared state", e);
- }
- }
-
- /* There is no password sharing or we are the first login module. Get
- the username and password from the callback hander.
- */
- if (callbackHandler == null)
- throw new LoginException("Error: no CallbackHandler available " +
- "to garner authentication information from the user");
-
- PasswordCallback pc = new PasswordCallback("Password: ", false);
- NameCallback nc = new NameCallback("User name: ", "guest");
- Callback[] callbacks = {nc, pc};
- try
- {
- String username;
- char[] password = null;
- char[] tmpPassword;
-
- callbackHandler.handle(callbacks);
- username = nc.getName();
- loginPrincipal = new SimplePrincipal(username);
- tmpPassword = pc.getPassword();
- if (tmpPassword != null)
- {
- password = new char[tmpPassword.length];
- System.arraycopy(tmpPassword, 0, password, 0, tmpPassword.length);
- pc.clearPassword();
- }
- loginCredential = password;
- if( trace )
- {
- String credType = "null";
- if( loginCredential != null )
- credType = loginCredential.getClass().getName();
- log.trace("Obtained login: "+loginPrincipal
- +", credential.class: " + credType);
- }
- }
- catch (IOException ioe)
- {
- LoginException ex = new LoginException(ioe.toString());
- ex.initCause(ioe);
- throw ex;
- }
- catch (UnsupportedCallbackException uce)
- {
- LoginException ex = new LoginException("Error: " + uce.getCallback().toString() +
- ", not able to use this callback for username/password");
- ex.initCause(uce);
- throw ex;
- }
- if( trace )
- log.trace("End login");
- return true;
- }
-
- /**
- * Method to commit the authentication process (phase 2).
- */
- public boolean commit() throws LoginException
- {
- if( trace )
- log.trace("commit, subject="+subject);
- //Cache the existing security context
- this.cachedSecurityContext = SecurityAssociationActions.getSecurityContext();
-
- SecurityAssociationActions.pushSecurityContext(loginPrincipal,
- loginCredential, subject, "CLIENT_LOGIN_MODULE");
- // Set the login principal and credential and subject
- //SecurityAssociationActions.setPrincipalInfo(loginPrincipal, loginCredential, subject);
-
- // Add the login principal to the subject if is not there
- Set<Principal> principals = subject.getPrincipals();
- if (principals.contains(loginPrincipal) == false)
- principals.add(loginPrincipal);
- return true;
- }
-
- /**
- * Method to abort the authentication process (phase 2).
- */
- public boolean abort() throws LoginException
- {
- if( trace )
- log.trace("abort");
- if( restoreLoginIdentity == true )
- {
- //SecurityAssociationActions.popPrincipalInfo();
- SecurityAssociationActions.setSecurityContext(this.cachedSecurityContext);
- }
- else
- {
- // Clear the entire security association stack
- //SecurityAssociationActions.clear();
- SecurityAssociationActions.setSecurityContext(null);
- }
-
- return true;
- }
-
- public boolean logout() throws LoginException
- {
- if( trace )
- log.trace("logout");
- if( restoreLoginIdentity == true )
- {
- //SecurityAssociationActions.popPrincipalInfo();
- SecurityAssociationActions.setSecurityContext(this.cachedSecurityContext);
- }
- else
- {
- // Clear the entire security association stack
- //SecurityAssociationActions.clear();
- SecurityAssociationActions.setSecurityContext(null);
- }
- Set<Principal> principals = subject.getPrincipals();
- principals.remove(loginPrincipal);
- return true;
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/ClientLoginModule.java (from rev 72642, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/ClientLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/ClientLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/ClientLoginModule.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,284 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.jboss.logging.Logger;
+
+/** A simple implementation of LoginModule for use by JBoss clients for
+ the establishment of the caller identity and credentials. This simply sets
+ the SecurityAssociation principal to the value of the NameCallback
+ filled in by the CallbackHandler, and the SecurityAssociation credential
+ to the value of the PasswordCallback filled in by the CallbackHandler.
+
+ It has the following options:
+ <ul>
+ <li>multi-threaded=[true|false]
+ When the multi-threaded option is set to true, the SecurityAssociation.setServer()
+ so that each login thread has its own principal and credential storage.
+ <li>restore-login-identity=[true|false]
+ When restore-login-identity is true, the SecurityAssociation principal
+ and credential seen on entry to the login() method are saved and restored
+ on either abort or logout. When false (the default), the abort and logout
+ simply clears the SecurityAssociation. A restore-login-identity of true is
+ needed if one need to change identities and then restore the original
+ caller identity.
+ <li>password-stacking=tryFirstPass|useFirstPass
+ When password-stacking option is set, this module first looks for a shared
+ username and password using "javax.security.auth.login.name" and
+ "javax.security.auth.login.password" respectively. This allows a module configured
+ prior to this one to establish a valid username and password that should be passed
+ to JBoss.
+ </ul>
+
+ @author <a href="mailto:on at ibis.odessa.ua">Oleg Nitz</a>
+ @author Scott.Stark at jboss.org
+ @author Anil.Saldhana at redhat.com
+ */
+public class ClientLoginModule implements LoginModule
+{
+ private static Logger log = Logger.getLogger(ClientLoginModule.class);
+ private Subject subject;
+ private CallbackHandler callbackHandler;
+ /** The principal set during login() */
+ private Principal loginPrincipal;
+ /** The credential set during login() */
+ private Object loginCredential;
+ /** Shared state between login modules */
+ private Map<String,?> sharedState;
+ /** Flag indicating if the shared password should be used */
+ private boolean useFirstPass;
+ /** Flag indicating if the SecurityAssociation existing at login should
+ be restored on logout.
+ */
+ private boolean restoreLoginIdentity;
+ private boolean trace;
+
+ /** To restore prelogin identity **/
+ private SecurityContext cachedSecurityContext;
+
+ private boolean serverMode = false;
+
+ /** Initialize this LoginModule. This checks for the options:
+ multi-threaded
+ restore-login-identity
+ password-stacking
+ */
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map<String,?> sharedState, Map<String,?> options)
+ {
+ this.trace = log.isTraceEnabled();
+ this.subject = subject;
+ this.callbackHandler = callbackHandler;
+ this.sharedState = sharedState;
+
+ //log securityDomain, if set.
+ if(trace)
+ log.trace("Security domain: " +
+ (String)options.get(SecurityConstants.SECURITY_DOMAIN_OPTION));
+
+ // Check for multi-threaded option
+ String flag = (String) options.get("multi-threaded");
+ if (Boolean.valueOf(flag).booleanValue() == true)
+ {
+ /* Turn on the server mode which uses thread local storage for
+ the principal information.
+ */
+ if(trace)
+ log.trace("Enabling multi-threaded mode");
+ SecurityAssociationActions.setServer();
+ this.serverMode = true;
+ }
+
+ flag = (String) options.get("restore-login-identity");
+ restoreLoginIdentity = Boolean.valueOf(flag).booleanValue();
+ if(trace)
+ log.trace("Enabling restore-login-identity mode");
+
+ /* Check for password sharing options. Any non-null value for
+ password_stacking sets useFirstPass as this module has no way to
+ validate any shared password.
+ */
+ String passwordStacking = (String) options.get("password-stacking");
+ useFirstPass = passwordStacking != null;
+ if(trace && useFirstPass)
+ log.trace("Enabling useFirstPass mode");
+ }
+
+ /**
+ * Method to authenticate a Subject (phase 1).
+ */
+ public boolean login() throws LoginException
+ {
+ if( trace )
+ log.trace("Begin login");
+ // If useFirstPass is true, look for the shared password
+ if (useFirstPass == true)
+ {
+ try
+ {
+ Object name = sharedState.get("javax.security.auth.login.name");
+ if ((name instanceof Principal) == false)
+ {
+ String username = name != null ? name.toString() : "";
+ loginPrincipal = new SimplePrincipal(username);
+ } else
+ {
+ loginPrincipal = (Principal) name;
+ }
+ loginCredential = sharedState.get("javax.security.auth.login.password");
+ return true;
+ }
+ catch (Exception e)
+ { // Dump the exception and continue
+ log.debug("Failed to obtain shared state", e);
+ }
+ }
+
+ /* There is no password sharing or we are the first login module. Get
+ the username and password from the callback hander.
+ */
+ if (callbackHandler == null)
+ throw new LoginException("Error: no CallbackHandler available " +
+ "to garner authentication information from the user");
+
+ PasswordCallback pc = new PasswordCallback("Password: ", false);
+ NameCallback nc = new NameCallback("User name: ", "guest");
+ Callback[] callbacks = {nc, pc};
+ try
+ {
+ String username;
+ char[] password = null;
+ char[] tmpPassword;
+
+ callbackHandler.handle(callbacks);
+ username = nc.getName();
+ loginPrincipal = new SimplePrincipal(username);
+ tmpPassword = pc.getPassword();
+ if (tmpPassword != null)
+ {
+ password = new char[tmpPassword.length];
+ System.arraycopy(tmpPassword, 0, password, 0, tmpPassword.length);
+ pc.clearPassword();
+ }
+ loginCredential = password;
+ if( trace )
+ {
+ String credType = "null";
+ if( loginCredential != null )
+ credType = loginCredential.getClass().getName();
+ log.trace("Obtained login: "+loginPrincipal
+ +", credential.class: " + credType);
+ }
+ }
+ catch (IOException ioe)
+ {
+ LoginException ex = new LoginException(ioe.toString());
+ ex.initCause(ioe);
+ throw ex;
+ }
+ catch (UnsupportedCallbackException uce)
+ {
+ LoginException ex = new LoginException("Error: " + uce.getCallback().toString() +
+ ", not able to use this callback for username/password");
+ ex.initCause(uce);
+ throw ex;
+ }
+ if( trace )
+ log.trace("End login");
+ return true;
+ }
+
+ /**
+ * Method to commit the authentication process (phase 2).
+ */
+ public boolean commit() throws LoginException
+ {
+ if( trace )
+ log.trace("commit, subject="+subject);
+ //Cache the existing security context
+ this.cachedSecurityContext = SecurityAssociationActions.getSecurityContext();
+
+ SecurityAssociationActions.setPrincipalInfo(loginPrincipal, loginCredential, subject);
+
+ // Add the login principal to the subject if is not there
+ Set<Principal> principals = subject.getPrincipals();
+ if (principals.contains(loginPrincipal) == false)
+ principals.add(loginPrincipal);
+ return true;
+ }
+
+ /**
+ * Method to abort the authentication process (phase 2).
+ */
+ public boolean abort() throws LoginException
+ {
+ if( trace )
+ log.trace("abort");
+ if( restoreLoginIdentity == true )
+ {
+ SecurityAssociationActions.popPrincipalInfo();
+ SecurityAssociationActions.setSecurityContext(this.cachedSecurityContext);
+ }
+ else
+ {
+ // Clear the entire security association stack
+ SecurityAssociationActions.clear();
+ SecurityAssociationActions.setSecurityContext(null);
+ }
+
+ return true;
+ }
+
+ public boolean logout() throws LoginException
+ {
+ if( trace )
+ log.trace("logout");
+ if( restoreLoginIdentity == true )
+ {
+ SecurityAssociationActions.popPrincipalInfo();
+ SecurityAssociationActions.setSecurityContext(this.cachedSecurityContext);
+ }
+ else
+ {
+ // Clear the entire security association stack
+ SecurityAssociationActions.clear();
+ SecurityAssociationActions.clearSecurityContext(null);
+ }
+ Set<Principal> principals = subject.getPrincipals();
+ principals.remove(loginPrincipal);
+ return true;
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityAssociation.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociation.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityAssociation.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,1079 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashMap;
-
-import javax.security.auth.Subject;
-
-import org.jboss.logging.Logger;
-
-/**
- * The SecurityAssociation class maintains the security principal and
- * credentials. This can be done on either a singleton basis or a thread local
- * basis depending on the server property. When the server property has been set
- * to true, the security information is maintained in thread local storage. The
- * type of thread local storage depends on the org.jboss.security.SecurityAssociation.ThreadLocal
- * property. If this property is true, then the thread local storage object is
- * of type java.lang.ThreadLocal which results in the current thread's security
- * information NOT being propagated to child threads.
- *
- * When the property is false or does not exist, the thread local storage object
- * is of type java.lang.InheritableThreadLocal, and any threads spawned by the
- * current thread will inherit the security information of the current thread.
- * Subseqent changes to the current thread's security information are NOT
- * propagated to any previously spawned child threads.
- *
- * When the server property is false, security information is maintained in
- * class variables which makes the information available to all threads within
- * the current VM.
- *
- * Note that this is not a public API class. Its an implementation detail that
- * is subject to change without notice.
- *
- * @author Daniel O'Connor (docodan at nycap.rr.com)
- * @author Scott.Stark at jboss.org
- * @author Anil.Saldhana at redhat.com
- * @version $Revision$
- */
-public final class SecurityAssociation
-{
- private static Logger log = Logger.getLogger(SecurityAssociation.class);
- /**
- * A flag indicating if trace level logging should be performed
- */
- private static boolean trace;
- /**
- * A flag indicating if security information is global or thread local
- */
- private static boolean server;
- /**
- * The SecurityAssociation principal used when the server flag is false
- */
- private static Principal principal;
- /**
- * The SecurityAssociation credential used when the server flag is false
- */
- private static Object credential;
-
- /**
- * The SecurityAssociation principal used when the server flag is true
- */
- private static ThreadLocal<Principal> threadPrincipal;
- /**
- * The SecurityAssociation credential used when the server flag is true
- */
- private static ThreadLocal<Object> threadCredential;
- /**
- * The SecurityAssociation HashMap<String, Object>
- */
- private static ThreadLocal<HashMap<String,Object>> threadContextMap;
-
- /**
- * Thread local stacks of run-as principal roles used to implement J2EE
- * run-as identity propagation
- */
- private static RunAsThreadLocalStack threadRunAsStacks;
- /**
- * Thread local stacks of authenticated subject used to control the current
- * caller security context
- */
- private static SubjectThreadLocalStack threadSubjectStacks;
-
- /**
- * The permission required to access getPrincpal, getCredential
- */
- private static final RuntimePermission getPrincipalInfoPermission =
- new RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo");
- /**
- * The permission required to access getSubject
- */
- private static final RuntimePermission getSubjectPermission =
- new RuntimePermission("org.jboss.security.SecurityAssociation.getSubject");
- /**
- * The permission required to access setPrincpal, setCredential, setSubject
- * pushSubjectContext, popSubjectContext
- */
- private static final RuntimePermission setPrincipalInfoPermission =
- new RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo");
- /**
- * The permission required to access setServer
- */
- private static final RuntimePermission setServerPermission =
- new RuntimePermission("org.jboss.security.SecurityAssociation.setServer");
- /**
- * The permission required to access pushRunAsIdentity/popRunAsIdentity
- */
- private static final RuntimePermission setRunAsIdentity =
- new RuntimePermission("org.jboss.security.SecurityAssociation.setRunAsRole");
- /**
- * The permission required to get the current security context info
- */
- private static final RuntimePermission getContextInfo =
- new RuntimePermission("org.jboss.security.SecurityAssociation.accessContextInfo", "get");
- /**
- * The permission required to set the current security context info
- */
- private static final RuntimePermission setContextInfo =
- new RuntimePermission("org.jboss.security.SecurityAssociation.accessContextInfo", "set");
-
- static
- {
- String flag = SecurityActions.getProperty("org.jboss.security.SecurityAssociation.ThreadLocal", "false");
- boolean useThreadLocal = Boolean.valueOf(flag).booleanValue();
- log.debug("Using ThreadLocal: "+useThreadLocal);
-
- trace = log.isTraceEnabled();
- if (useThreadLocal)
- {
- threadPrincipal = new ThreadLocal<Principal>();
- threadCredential = new ThreadLocal<Object>();
- threadContextMap = new ThreadLocal<HashMap<String,Object>>()
- {
- protected HashMap<String,Object> initialValue()
- {
- return new HashMap<String,Object>();
- }
- };
- }
- else
- {
- threadPrincipal = new InheritableThreadLocal<Principal>();
- threadCredential = new InheritableThreadLocal<Object>();
- threadContextMap = new HashMapInheritableLocal<HashMap<String,Object>>();
- }
- threadRunAsStacks = new RunAsThreadLocalStack(useThreadLocal);
- threadSubjectStacks = new SubjectThreadLocalStack(useThreadLocal);
- }
-
- /**
- * Get the current authentication principal information. If a security
- * manager is present, then this method calls the security manager's
- * <code>checkPermission</code> method with a
- * <code>RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo")
- * </code> permission to ensure it's ok to access principal information. If
- * not, a <code>SecurityException</code> will be thrown.
- * @return Principal, the current principal identity.
- */
- public static Principal getPrincipal()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(getPrincipalInfoPermission);
-
- Principal thePrincipal = principal;
-
- if(!server)
- return principal;
-
- if( trace )
- log.trace("getPrincipal, principal="+thePrincipal);
-
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- if(sc != null)
- {
- if( trace )
- log.warn("You are using deprecated api to getPrincipal. Use security context based approach");
- thePrincipal = sc.getUtil().getUserPrincipal();
- }
- return thePrincipal;
- }
-
- /**
- * Get the caller's principal. If a security manager is present,
- * then this method calls the security manager's <code>checkPermission</code>
- * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo")
- * </code> permission to ensure it's ok to access principal information. If
- * not, a <code>SecurityException</code> will be thrown.
- *
- * @return Principal, the current principal identity.
- */
- public static Principal getCallerPrincipal()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(getPrincipalInfoPermission);
-
- /*Principal thePrincipal = peekRunAsIdentity(1);
- if( thePrincipal == null )
- {
- if (server)
- thePrincipal = (Principal) threadPrincipal.get();
- else
- thePrincipal = principal;
- }*/
-
- //Just pluck it from the current security context
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- Principal thePrincipal = null;
- if(sc != null)
- {
- //Check for runas
- RunAs ras = sc.getIncomingRunAs();
- if(ras != null)
- thePrincipal = new SimplePrincipal(ras.getName());
- else
- thePrincipal = sc.getUtil().getUserPrincipal();
- }
- if( trace )
- log.trace("getCallerPrincipal, principal="+thePrincipal);
- return thePrincipal;
- }
-
- /**
- * Get the current authentication credential information. This can be of any type
- * including: a String password, a char[] password, an X509 cert, etc. If a
- * security manager is present, then this method calls the security manager's
- * <code>checkPermission</code> method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo")
- * </code> permission to ensure it's ok to access principal information. If
- * not, a <code>SecurityException</code> will be thrown.
- * @return Object, the credential that proves the principal identity.
- */
- public static Object getCredential()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(getPrincipalInfoPermission);
-
- if(!server)
- return credential;
-
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- if(sc != null)
- {
- if(trace)
- log.warn("You are using deprecated api to getCredential. Use security context based approach");
- credential = sc.getUtil().getCredential();
- }
- return credential;
- }
-
- /**
- * Get the current Subject information. If a security manager is present,
- * then this method calls the security manager's checkPermission method with
- * a RuntimePermission("org.jboss.security.SecurityAssociation.getSubject")
- * permission to ensure it's ok to access principal information. If not, a
- * SecurityException will be thrown. Note that this method does not consider
- * whether or not a run-as identity exists. For access to this information
- * see the JACC PolicyContextHandler registered under the key
- * "javax.security.auth.Subject.container"
- * @return Subject, the current Subject identity.
- * @see javax.security.jacc.PolicyContext#getContext(String)
- */
- public static Subject getSubject()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(getSubjectPermission);
-
- SubjectContext sc = threadSubjectStacks.peek();
- if( trace )
- log.trace("getSubject, sc="+sc);
- Subject subject = null;
- /*if( sc != null )
- subject = sc.getSubject();
- return subject;*/
-
- SecurityContext secContext = SecurityContextAssociation.getSecurityContext();
- if(secContext != null)
- {
- if(trace)
- log.warn("You are using deprecated api to getSubject. Use security context based approach");
- subject = secContext.getUtil().getSubject();
- }
- return subject;
- }
-
- /**
- * Set the current principal information. If a security manager is present,
- * then this method calls the security manager's <code>checkPermission</code>
- * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
- * </code> permission to ensure it's ok to access principal information. If
- * not, a <code>SecurityException</code> will be thrown.
- * @param principal - the current principal identity.
- */
- public static void setPrincipal(Principal principal)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setPrincipalInfoPermission);
-
- if (trace)
- log.trace("setPrincipal, p=" + principal + ", server=" + server);
-
- if(!server)
- {
- SecurityAssociation.principal = principal;
- return;
- }
- SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
- //Clients code that may have set directly (Legacy)
- if(securityContext == null)
- {
- try
- {
- securityContext = SecurityContextFactory.createSecurityContext("CLIENT_SIDE");
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- SecurityContextAssociation.setSecurityContext(securityContext);
- }
- if(trace)
- log.warn("Using deprecated API. Move to a security context based approach");
- Object cred = securityContext.getUtil().getCredential();
- Subject subj = securityContext.getUtil().getSubject();
- securityContext.getUtil().createSubjectInfo(principal,cred, subj);
- }
-
- /**
- * Set the current principal credential information. This can be of any type
- * including: a String password, a char[] password, an X509 cert, etc.
- *
- * If a security manager is present, then this method calls the security
- * manager's <code>checkPermission</code> method with a <code>
- * RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
- * </code> permission to ensure it's ok to access principal information. If
- * not, a <code>SecurityException</code> will be thrown.
- * @param credential - the credential that proves the principal identity.
- */
- public static void setCredential(Object credential)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setPrincipalInfoPermission);
-
- if(!server)
- {
- SecurityAssociation.credential = credential;
- return;
- }
-
- SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
- //Clients code that may have set directly (Legacy)
- if(securityContext == null)
- {
- try
- {
- securityContext = SecurityContextFactory.createSecurityContext("CLIENT_SIDE");
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- SecurityContextAssociation.setSecurityContext(securityContext);
- }
-
- if(trace)
- log.warn("Using deprecated API. Move to a security context based approach");
- Principal principal = securityContext.getUtil().getUserPrincipal();
- Subject subj = securityContext.getUtil().getSubject();
- securityContext.getUtil().createSubjectInfo(principal,credential, subj);
- }
-
- /**
- * Set the current Subject information. If a security manager is present,
- * then this method calls the security manager's <code>checkPermission</code>
- * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
- * </code> permission to ensure it's ok to access principal information. If
- * not, a <code>SecurityException</code> will be thrown.
- * @param subject - the current identity.
- */
- public static void setSubject(Subject subject)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setPrincipalInfoPermission);
-
- if (trace)
- log.trace("setSubject, s=" + subject + ", server=" + server);
- // Integrate with the new SubjectContext
- SubjectContext sc = threadSubjectStacks.peek();
- if( sc == null )
- {
- // There is no active security context
- sc = new SubjectContext();
- threadSubjectStacks.push(sc);
- }
- else if( (sc.getFlags() & SubjectContext.SUBJECT_WAS_SET) != 0 )
- {
- // The current security context has its subject set
- sc = new SubjectContext();
- threadSubjectStacks.push(sc);
- }
- sc.setSubject(subject);
- if (trace)
- log.trace("setSubject, sc="+sc);
-
- SecurityContext sctx = SecurityContextAssociation.getSecurityContext();
- if(sctx != null)
- {
- SubjectInfo si = sctx.getSubjectInfo();
- if(si != null)
- {
- si.setAuthenticatedSubject(subject);
- }
- else
- sctx.getUtil().createSubjectInfo(null, null, subject);
- }
- }
-
- /**
- * Get the current thread context info. If a security manager is present,
- * then this method calls the security manager's <code>checkPermission</code>
- * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.accessContextInfo",
- * "get") </code> permission to ensure it's ok to access context information.
- * If not, a <code>SecurityException</code> will be thrown.
- * @param key - the context key
- * @return the mapping for the key in the current thread context
- */
- public static Object getContextInfo(String key)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(getContextInfo);
-
- if(key == null)
- throw new IllegalArgumentException("key is null");
- HashMap<String,Object> contextInfo = (HashMap<String,Object>) threadContextMap.get();
- return contextInfo != null ? contextInfo.get(key) : null;
- }
-
- /**
- * Set the current thread context info. If a security manager is present,
- * then this method calls the security manager's <code>checkPermission</code>
- * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.accessContextInfo",
- * "set") </code> permission to ensure it's ok to access context information.
- * If not, a <code>SecurityException</code> will be thrown.
- * @param key - the context key
- * @param value - the context value to associate under key
- * @return the previous mapping for the key if one exists
- */
- public static Object setContextInfo(String key, Object value)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setContextInfo);
-
- HashMap<String,Object> contextInfo = (HashMap<String,Object>) threadContextMap.get();
- return contextInfo.put(key, value);
- }
-
- /**
- * Push the current authenticated context. This sets the authenticated subject
- * along with the principal and proof of identity that was used to validate
- * the subject. This context is used for authorization checks. Typically
- * just the subject as seen by getSubject() is input into the authorization.
- * When run under a security manager this requires the
- * RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
- * permission.
- * @param subject - the authenticated subject
- * @param principal - the principal that was input into the authentication
- * @param credential - the credential that was input into the authentication
- * @deprecated
- */
- public static void pushSubjectContext(Subject subject,
- Principal principal, Object credential)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setPrincipalInfoPermission);
-
- // Set the legacy single-value access points
- if (server)
- {
- threadPrincipal.set(principal);
- threadCredential.set(credential);
- }
- else
- {
- SecurityAssociation.principal = principal;
- SecurityAssociation.credential = credential;
- }
- // Push the subject context
- SubjectContext sc = new SubjectContext(subject, principal, credential);
- threadSubjectStacks.push(sc);
- if (trace)
- log.trace("pushSubjectContext, subject=" + subject + ", sc="+sc);
- //Use the new method
- SecurityContext sctx = SecurityContextAssociation.getSecurityContext();
- if(sctx == null)
- {
- if(trace)
- log.trace("WARN::Deprecated usage of SecurityAssociation. Use SecurityContext");
- try
- {
- sctx = SecurityContextFactory.createSecurityContext("FROM_SECURITY_ASSOCIATION");
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- }
- sctx.getUtil().createSubjectInfo(principal, credential,subject);
- SecurityContextAssociation.setSecurityContext(sctx);
- }
- /**
- * Push a duplicate of the current SubjectContext if one exists.
- * When run under a security manager this requires the
- * RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
- * permission.
- */
- public static void dupSubjectContext()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setPrincipalInfoPermission);
-
- SubjectContext sc = threadSubjectStacks.dup();
- if (trace)
- log.trace("dupSubjectContext, sc="+sc);
- }
-
- /**
- * Pop the current SubjectContext from the previous pushSubjectContext call
- * and return the pushed SubjectContext ig there was one.
- * When run under a security manager this requires the
- * RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
- * permission.
- * @return the SubjectContext pushed previously by a pushSubjectContext call
- * @deprecated
- */
- public static SubjectContext popSubjectContext()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setPrincipalInfoPermission);
-
- SubjectContext sc = threadSubjectStacks.pop();
- if (trace)
- {
- log.trace("popSubjectContext, sc="+sc);
- }
-
- Principal principal = null;
- Object credential = null;
-
- SubjectContext top = threadSubjectStacks.peek();
-
- if (top != null)
- {
- principal = top.getPrincipal();
- credential = top.getCredential();
- }
-
- if (server)
- {
- threadPrincipal.set(principal);
- threadCredential.set(credential);
- }
- else
- {
- SecurityAssociation.principal = principal;
- SecurityAssociation.credential = credential;
- }
-
- if(trace)
- log.trace("WARN::Deprecated usage of SecurityAssociation. Use SecurityContext");
- SecurityContext sctx = SecurityContextAssociation.getSecurityContext();
-
- if(sc == null)
- {
- if(sctx != null)
- {
- sc = new SubjectContext(sctx.getUtil().getSubject(),
- sctx.getUtil().getUserPrincipal(),
- sctx.getUtil().getCredential());
- }
- }
- //Now pop the subject context on the security context
- if(sctx != null)
- {
- sctx.getUtil().createSubjectInfo(null, null, null);
- }
- return sc;
- }
-
- /**
- * Look at the current thread of control's authenticated identity on the top
- * of the stack.
- * When run under a security manager this requires the
- * RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo")
- * permission.
- * @return the SubjectContext pushed previously by a pushSubjectContext call
- */
- public static SubjectContext peekSubjectContext()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(getPrincipalInfoPermission);
-
- //Get the subject context from the security context
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- SubjectContext subjectCtx = null;
- if( sc != null)
- {
- SecurityContextUtil util = sc.getUtil();
- subjectCtx = new SubjectContext(util.getSubject(), util.getUserPrincipal(), util.getCredential());
- }
- return subjectCtx;
- //return threadSubjectStacks.peek();
- }
-
- /**
- * Clear all principal information. If a security manager is present, then
- * this method calls the security manager's <code>checkPermission</code>
- * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
- * </code> permission to ensure it's ok to access principal information. If
- * not, a <code>SecurityException</code> will be thrown.
- */
- public static void clear()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setPrincipalInfoPermission);
-
- if (trace)
- log.trace("clear, server=" + server);
- if (server == true)
- {
- threadPrincipal.set(null);
- threadCredential.set(null);
- }
- else
- {
- SecurityAssociation.principal = null;
- SecurityAssociation.credential = null;
- }
- // Remove all subject contexts
- threadSubjectStacks.clear();
-
- //Clear the security context
- SecurityContextAssociation.clearSecurityContext();
- }
-
- /**
- * Push the current thread of control's run-as identity.
- */
- public static void pushRunAsIdentity(RunAsIdentity runAs)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setRunAsIdentity);
- if (trace)
- log.trace("pushRunAsIdentity, runAs=" + runAs);
-
- threadRunAsStacks.push(runAs);
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- if( sc != null)
- {
- sc.setOutgoingRunAs(runAs);
- }
- }
-
- /**
- * Pop the current thread of control's run-as identity.
- */
- public static RunAsIdentity popRunAsIdentity()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setRunAsIdentity);
- /*RunAsIdentity runAs = threadRunAsStacks.pop();
- if (trace)
- log.trace("popRunAsIdentity, runAs=" + runAs);
- return runAs;*/
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- RunAsIdentity ra = null;
- if( sc != null)
- {
- ra = (RunAsIdentity) sc.getOutgoingRunAs();
- sc.setOutgoingRunAs(null);
- }
- return ra;
- }
-
- /**
- * Look at the current thread of control's run-as identity on the top of the
- * stack.
- */
- public static RunAsIdentity peekRunAsIdentity()
- {
- //return peekRunAsIdentity(0);
- RunAsIdentity ra = null;
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- if( sc != null)
- {
- ra = (RunAsIdentity) sc.getOutgoingRunAs();
- }
- return ra;
- }
-
- /**
- * Look at the current thread of control's run-as identity at the indicated
- * depth. Typically depth is either 0 for the identity the current caller
- * run-as that will be assumed, or 1 for the active run-as the previous
- * caller has assumed.
- * @return RunAsIdentity depth frames up.
- */
- public static RunAsIdentity peekRunAsIdentity(int depth)
- {
- //RunAsIdentity runAs = threadRunAsStacks.peek(depth);
- //return runAs;
- if(depth > 1)
- throw new IllegalArgumentException("Security Context approach needs to be used. Depth upto 1");
- if(depth == 0)
- return peekRunAsIdentity();
- else
- {
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- RunAsIdentity ra = null;
- if( sc != null)
- {
- RunAs ras = sc.getIncomingRunAs();
- if(ras instanceof RunAsIdentity)
- ra = (RunAsIdentity) ras;
- }
- return ra;
- }
- }
-
- /**
- * Indicate whether we are server side
- * @return flag set by a {@link #setServer()} call
- */
- public static boolean isServer()
- {
- return server;
- }
-
- /**
- * Set the server mode of operation. When the server property has been set to
- * true, the security information is maintained in thread local storage. This
- * should be called to enable property security semantics in any
- * multi-threaded environment where more than one thread requires that
- * security information be restricted to the thread's flow of control.
- *
- * If a security manager is present, then this method calls the security
- * manager's <code>checkPermission</code> method with a <code>
- * RuntimePermission("org.jboss.security.SecurityAssociation.setServer")
- * </code> permission to ensure it's ok to access principal information. If
- * not, a <code>SecurityException</code> will be thrown.
- */
- public static void setServer()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setServerPermission);
-
- server = true;
- }
-
- /**
- * A subclass of ThreadLocal that implements a value stack using an ArrayList
- * and implements push, pop and peek stack operations on the thread local
- * ArrayList.
- */
- private static class RunAsThreadLocalStack
- {
- @SuppressWarnings("unchecked")
- ThreadLocal local;
-
- RunAsThreadLocalStack(boolean threadLocal)
- {
- if( threadLocal == true )
- local = new ArrayListLocal();
- else
- local = new ArrayListInheritableLocal();
- }
-
- int size()
- {
- ArrayList stack = (ArrayList) local.get();
- return stack.size();
- }
-
- void push(RunAsIdentity runAs)
- {
- ArrayList stack = (ArrayList) local.get();
- stack.add(runAs);
- }
-
- RunAsIdentity pop()
- {
- ArrayList stack = (ArrayList) local.get();
- RunAsIdentity runAs = null;
- int lastIndex = stack.size() - 1;
- if (lastIndex >= 0)
- runAs = (RunAsIdentity) stack.remove(lastIndex);
- return runAs;
- }
-
- /**
- * Look for the first non-null run-as identity on the stack starting
- * with the value at depth.
- * @return The run-as identity if one exists, null otherwise.
- */
- RunAsIdentity peek(int depth)
- {
- ArrayList stack = (ArrayList) local.get();
- RunAsIdentity runAs = null;
- final int stackSize = stack.size();
- do
- {
- int index = stackSize - 1 - depth;
- if( index >= 0 )
- runAs = (RunAsIdentity) stack.get(index);
- depth ++;
- }
- while (runAs == null && depth <= stackSize - 1);
- return runAs;
- }
- }
-
- /**
- * The encapsulation of the authenticated subject
- */
- public static class SubjectContext
- {
- public static final int SUBJECT_WAS_SET = 1;
- public static final int PRINCIPAL_WAS_SET = 2;
- public static final int CREDENTIAL_WAS_SET = 4;
-
- private Subject subject;
- private Principal principal;
- private Object credential;
- private int flags;
-
- public SubjectContext()
- {
- this.flags = 0;
- }
- public SubjectContext(Subject s, Principal p, Object cred)
- {
- this.subject = s;
- this.principal = p;
- this.credential = cred;
- this.flags = SUBJECT_WAS_SET | PRINCIPAL_WAS_SET | CREDENTIAL_WAS_SET;
- }
-
- public Subject getSubject()
- {
- return subject;
- }
- public void setSubject(Subject subject)
- {
- this.subject = subject;
- this.flags |= SUBJECT_WAS_SET;
- }
-
- public Principal getPrincipal()
- {
- return principal;
- }
- public void setPrincipal(Principal principal)
- {
- this.principal = principal;
- this.flags |= PRINCIPAL_WAS_SET;
- }
-
- public Object getCredential()
- {
- return credential;
- }
- public void setCredential(Object credential)
- {
- this.credential = credential;
- this.flags |= CREDENTIAL_WAS_SET;
- }
-
- public int getFlags()
- {
- return this.flags;
- }
-
- public String toString()
- {
- StringBuffer tmp = new StringBuffer(super.toString());
- tmp.append("{principal=");
- tmp.append(principal);
- tmp.append(",subject=");
- if( subject != null )
- tmp.append(System.identityHashCode(subject));
- else
- tmp.append("null");
- tmp.append("}");
- return tmp.toString();
- }
- }
-
- private static class SubjectThreadLocalStack
- {
- ThreadLocal local;
-
- SubjectThreadLocalStack(boolean threadLocal)
- {
- if( threadLocal == true )
- local = new ArrayListLocal();
- else
- local = new ArrayListInheritableLocal();
- }
-
- int size()
- {
- ArrayList stack = (ArrayList) local.get();
- return stack.size();
- }
-
- void push(SubjectContext context)
- {
- ArrayList stack = (ArrayList) local.get();
- stack.add(context);
- }
-
- SubjectContext dup()
- {
- ArrayList stack = (ArrayList) local.get();
- SubjectContext context = null;
- int lastIndex = stack.size() - 1;
- if (lastIndex >= 0)
- {
- context = (SubjectContext) stack.get(lastIndex);
- stack.add(context);
- }
- return context;
- }
-
- SubjectContext pop()
- {
- ArrayList stack = (ArrayList) local.get();
- SubjectContext context = null;
- int lastIndex = stack.size() - 1;
- if (lastIndex >= 0)
- context = (SubjectContext) stack.remove(lastIndex);
- return context;
- }
-
- /**
- * Look for the first non-null run-as identity on the stack starting
- * with the value at depth.
- * @return The run-as identity if one exists, null otherwise.
- */
- SubjectContext peek()
- {
- ArrayList stack = (ArrayList) local.get();
- SubjectContext context = null;
- int lastIndex = stack.size() - 1;
- if (lastIndex >= 0)
- context = (SubjectContext) stack.get(lastIndex);
- return context;
- }
- /**
- * Remove all SubjectContext from the current thread stack
- */
- void clear()
- {
- ArrayList stack = (ArrayList) local.get();
- stack.clear();
- }
- }
-
- private static class ArrayListLocal extends ThreadLocal
- {
- protected Object initialValue()
- {
- return new ArrayList();
- }
-
- }
-
- private static class ArrayListInheritableLocal extends InheritableThreadLocal
- {
- /**
- * Override to make a copy of the parent as not doing so results in multiple
- * threads sharing the unsynchronized list of the parent thread.
- * @param parentValue - the parent ArrayList
- * @return a copy of the parent thread list
- */
- protected Object childValue(Object parentValue)
- {
- ArrayList list = (ArrayList) parentValue;
- /* It seems there are scenarios where the size can change during the copy so there is
- a fallback to an empty list here.
- */
- ArrayList copy = null;
- try
- {
- copy = new ArrayList(list);
- }
- catch(Throwable t)
- {
- log.debug("Failed to copy parent list, using new list");
- copy = new ArrayList();
- }
- return copy;
- }
-
- protected Object initialValue()
- {
- return new ArrayList();
- }
-
- }
- private static class HashMapInheritableLocal<T>
- extends InheritableThreadLocal<HashMap<String,Object>>
- {
- /**
- * Override to make a copy of the parent as not doing so results in multiple
- * threads sharing the unsynchronized map of the parent thread.
- * @param parentValue - the parent HashMap
- * @return a copy of the parent thread map
- */
- protected HashMap<String,Object> childValue(Object parentValue)
- {
- HashMap<String,Object> map = (HashMap<String,Object>) parentValue;
- /* It seems there are scenarios where the size can change during the copy so there is
- a fallback to an empty map here.
- */
- HashMap<String,Object> copy = null;
- try
- {
- copy = new HashMap<String,Object>(map);
- }
- catch(Throwable t)
- {
- log.debug("Failed to copy parent map, using new map");
- copy = new HashMap<String,Object>();
- }
- return copy;
- }
-
- protected HashMap<String,Object> initialValue()
- {
- return new HashMap<String,Object>();
- }
-
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityAssociation.java (from rev 72472, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociation.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityAssociation.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityAssociation.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,1086 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashMap;
+
+import javax.security.auth.Subject;
+
+import org.jboss.logging.Logger;
+
+/**
+ * The SecurityAssociation class maintains the security principal and
+ * credentials. This can be done on either a singleton basis or a thread local
+ * basis depending on the server property. When the server property has been set
+ * to true, the security information is maintained in thread local storage. The
+ * type of thread local storage depends on the org.jboss.security.SecurityAssociation.ThreadLocal
+ * property. If this property is true, then the thread local storage object is
+ * of type java.lang.ThreadLocal which results in the current thread's security
+ * information NOT being propagated to child threads.
+ *
+ * When the property is false or does not exist, the thread local storage object
+ * is of type java.lang.InheritableThreadLocal, and any threads spawned by the
+ * current thread will inherit the security information of the current thread.
+ * Subseqent changes to the current thread's security information are NOT
+ * propagated to any previously spawned child threads.
+ *
+ * When the server property is false, security information is maintained in
+ * class variables which makes the information available to all threads within
+ * the current VM.
+ *
+ * Note that this is not a public API class. Its an implementation detail that
+ * is subject to change without notice.
+ *
+ * @author Daniel O'Connor (docodan at nycap.rr.com)
+ * @author Scott.Stark at jboss.org
+ * @author Anil.Saldhana at redhat.com
+ * @version $Revision$
+ */
+public final class SecurityAssociation
+{
+ private static Logger log = Logger.getLogger(SecurityAssociation.class);
+ /**
+ * A flag indicating if trace level logging should be performed
+ */
+ private static boolean trace;
+ /**
+ * A flag indicating if security information is global or thread local
+ */
+ private static boolean server;
+ /**
+ * The SecurityAssociation principal used when the server flag is false
+ */
+ private static Principal principal;
+ /**
+ * The SecurityAssociation credential used when the server flag is false
+ */
+ private static Object credential;
+
+ /**
+ * The SecurityAssociation principal used when the server flag is true
+ */
+ private static ThreadLocal<Principal> threadPrincipal;
+ /**
+ * The SecurityAssociation credential used when the server flag is true
+ */
+ private static ThreadLocal<Object> threadCredential;
+ /**
+ * The SecurityAssociation HashMap<String, Object>
+ */
+ private static ThreadLocal<HashMap<String,Object>> threadContextMap;
+
+ /**
+ * Thread local stacks of run-as principal roles used to implement J2EE
+ * run-as identity propagation
+ */
+ private static RunAsThreadLocalStack threadRunAsStacks;
+ /**
+ * Thread local stacks of authenticated subject used to control the current
+ * caller security context
+ */
+ private static SubjectThreadLocalStack threadSubjectStacks;
+
+ /**
+ * The permission required to access getPrincpal, getCredential
+ */
+ private static final RuntimePermission getPrincipalInfoPermission =
+ new RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo");
+ /**
+ * The permission required to access getSubject
+ */
+ private static final RuntimePermission getSubjectPermission =
+ new RuntimePermission("org.jboss.security.SecurityAssociation.getSubject");
+ /**
+ * The permission required to access setPrincpal, setCredential, setSubject
+ * pushSubjectContext, popSubjectContext
+ */
+ private static final RuntimePermission setPrincipalInfoPermission =
+ new RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo");
+ /**
+ * The permission required to access setServer
+ */
+ private static final RuntimePermission setServerPermission =
+ new RuntimePermission("org.jboss.security.SecurityAssociation.setServer");
+ /**
+ * The permission required to access pushRunAsIdentity/popRunAsIdentity
+ */
+ private static final RuntimePermission setRunAsIdentity =
+ new RuntimePermission("org.jboss.security.SecurityAssociation.setRunAsRole");
+ /**
+ * The permission required to get the current security context info
+ */
+ private static final RuntimePermission getContextInfo =
+ new RuntimePermission("org.jboss.security.SecurityAssociation.accessContextInfo", "get");
+ /**
+ * The permission required to set the current security context info
+ */
+ private static final RuntimePermission setContextInfo =
+ new RuntimePermission("org.jboss.security.SecurityAssociation.accessContextInfo", "set");
+
+ static
+ {
+ String flag = SecurityActions.getProperty("org.jboss.security.SecurityAssociation.ThreadLocal", "false");
+ boolean useThreadLocal = Boolean.valueOf(flag).booleanValue();
+ log.debug("Using ThreadLocal: "+useThreadLocal);
+
+ trace = log.isTraceEnabled();
+ if (useThreadLocal)
+ {
+ threadPrincipal = new ThreadLocal<Principal>();
+ threadCredential = new ThreadLocal<Object>();
+ threadContextMap = new ThreadLocal<HashMap<String,Object>>()
+ {
+ protected HashMap<String,Object> initialValue()
+ {
+ return new HashMap<String,Object>();
+ }
+ };
+ }
+ else
+ {
+ threadPrincipal = new InheritableThreadLocal<Principal>();
+ threadCredential = new InheritableThreadLocal<Object>();
+ threadContextMap = new HashMapInheritableLocal<HashMap<String,Object>>();
+ }
+ threadRunAsStacks = new RunAsThreadLocalStack(useThreadLocal);
+ threadSubjectStacks = new SubjectThreadLocalStack(useThreadLocal);
+ }
+
+ /**
+ * Get the current authentication principal information. If a security
+ * manager is present, then this method calls the security manager's
+ * <code>checkPermission</code> method with a
+ * <code>RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo")
+ * </code> permission to ensure it's ok to access principal information. If
+ * not, a <code>SecurityException</code> will be thrown.
+ * @return Principal, the current principal identity.
+ */
+ public static Principal getPrincipal()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(getPrincipalInfoPermission);
+
+ Principal thePrincipal = principal;
+
+ if(!server)
+ return principal;
+
+ if( trace )
+ log.trace("getPrincipal, principal="+thePrincipal);
+
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if(sc != null)
+ {
+ if( trace )
+ log.warn("You are using deprecated api to getPrincipal. Use security context based approach");
+ thePrincipal = sc.getUtil().getUserPrincipal();
+ }
+ return thePrincipal;
+ }
+
+ /**
+ * Get the caller's principal. If a security manager is present,
+ * then this method calls the security manager's <code>checkPermission</code>
+ * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo")
+ * </code> permission to ensure it's ok to access principal information. If
+ * not, a <code>SecurityException</code> will be thrown.
+ *
+ * @return Principal, the current principal identity.
+ */
+ public static Principal getCallerPrincipal()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(getPrincipalInfoPermission);
+
+ /*Principal thePrincipal = peekRunAsIdentity(1);
+ if( thePrincipal == null )
+ {
+ if (server)
+ thePrincipal = (Principal) threadPrincipal.get();
+ else
+ thePrincipal = principal;
+ }*/
+
+ if(!server)
+ return principal;
+
+ //Just pluck it from the current security context
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ Principal thePrincipal = null;
+ if(sc != null)
+ {
+ //Check for runas
+ RunAs ras = sc.getIncomingRunAs();
+ if(ras != null)
+ thePrincipal = new SimplePrincipal(ras.getName());
+ else
+ thePrincipal = sc.getUtil().getUserPrincipal();
+ }
+ if( trace )
+ log.trace("getCallerPrincipal, principal="+thePrincipal);
+ return thePrincipal;
+ }
+
+ /**
+ * Get the current authentication credential information. This can be of any type
+ * including: a String password, a char[] password, an X509 cert, etc. If a
+ * security manager is present, then this method calls the security manager's
+ * <code>checkPermission</code> method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo")
+ * </code> permission to ensure it's ok to access principal information. If
+ * not, a <code>SecurityException</code> will be thrown.
+ * @return Object, the credential that proves the principal identity.
+ */
+ public static Object getCredential()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(getPrincipalInfoPermission);
+
+ if(!server)
+ return credential;
+
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if(sc != null)
+ {
+ if(trace)
+ log.warn("You are using deprecated api to getCredential. Use security context based approach");
+ credential = sc.getUtil().getCredential();
+ }
+ return credential;
+ }
+
+ /**
+ * Get the current Subject information. If a security manager is present,
+ * then this method calls the security manager's checkPermission method with
+ * a RuntimePermission("org.jboss.security.SecurityAssociation.getSubject")
+ * permission to ensure it's ok to access principal information. If not, a
+ * SecurityException will be thrown. Note that this method does not consider
+ * whether or not a run-as identity exists. For access to this information
+ * see the JACC PolicyContextHandler registered under the key
+ * "javax.security.auth.Subject.container"
+ * @return Subject, the current Subject identity.
+ * @see javax.security.jacc.PolicyContext#getContext(String)
+ */
+ public static Subject getSubject()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(getSubjectPermission);
+
+ SubjectContext sc = threadSubjectStacks.peek();
+ if( trace )
+ log.trace("getSubject, sc="+sc);
+ Subject subject = null;
+ /*if( sc != null )
+ subject = sc.getSubject();
+ return subject;*/
+
+ SecurityContext secContext = SecurityAssociationActions.getSecurityContext();
+ if(secContext != null)
+ {
+ if(trace)
+ log.warn("You are using deprecated api to getSubject. Use security context based approach");
+ subject = secContext.getUtil().getSubject();
+ }
+ return subject;
+ }
+
+ /**
+ * Set the current principal information. If a security manager is present,
+ * then this method calls the security manager's <code>checkPermission</code>
+ * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
+ * </code> permission to ensure it's ok to access principal information. If
+ * not, a <code>SecurityException</code> will be thrown.
+ * @param principal - the current principal identity.
+ */
+ public static void setPrincipal(Principal principal)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setPrincipalInfoPermission);
+
+ if (trace)
+ log.trace("setPrincipal, p=" + principal + ", server=" + server);
+
+ if(!server)
+ {
+ SecurityAssociation.principal = principal;
+ return;
+ }
+ SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
+ //Clients code that may have set directly (Legacy)
+ if(securityContext == null)
+ {
+ try
+ {
+ securityContext = SecurityContextFactory.createSecurityContext("CLIENT_SIDE");
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ SecurityContextAssociation.setSecurityContext(securityContext);
+ }
+ if(trace)
+ log.warn("Using deprecated API. Move to a security context based approach");
+ Object cred = securityContext.getUtil().getCredential();
+ Subject subj = securityContext.getUtil().getSubject();
+ securityContext.getUtil().createSubjectInfo(principal,cred, subj);
+ }
+
+ /**
+ * Set the current principal credential information. This can be of any type
+ * including: a String password, a char[] password, an X509 cert, etc.
+ *
+ * If a security manager is present, then this method calls the security
+ * manager's <code>checkPermission</code> method with a <code>
+ * RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
+ * </code> permission to ensure it's ok to access principal information. If
+ * not, a <code>SecurityException</code> will be thrown.
+ * @param credential - the credential that proves the principal identity.
+ */
+ public static void setCredential(Object credential)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setPrincipalInfoPermission);
+
+ if(!server)
+ {
+ SecurityAssociation.credential = credential;
+ return;
+ }
+
+ SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
+ //Clients code that may have set directly (Legacy)
+ if(securityContext == null)
+ {
+ try
+ {
+ securityContext = SecurityContextFactory.createSecurityContext("CLIENT_SIDE");
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ SecurityContextAssociation.setSecurityContext(securityContext);
+ }
+
+ if(trace)
+ log.warn("Using deprecated API. Move to a security context based approach");
+ Principal principal = securityContext.getUtil().getUserPrincipal();
+ Subject subj = securityContext.getUtil().getSubject();
+ securityContext.getUtil().createSubjectInfo(principal,credential, subj);
+ }
+
+ /**
+ * Set the current Subject information. If a security manager is present,
+ * then this method calls the security manager's <code>checkPermission</code>
+ * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
+ * </code> permission to ensure it's ok to access principal information. If
+ * not, a <code>SecurityException</code> will be thrown.
+ * @param subject - the current identity.
+ */
+ public static void setSubject(Subject subject)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setPrincipalInfoPermission);
+
+ if (trace)
+ log.trace("setSubject, s=" + subject + ", server=" + server);
+ // Integrate with the new SubjectContext
+ SubjectContext sc = threadSubjectStacks.peek();
+ if( sc == null )
+ {
+ // There is no active security context
+ sc = new SubjectContext();
+ threadSubjectStacks.push(sc);
+ }
+ else if( (sc.getFlags() & SubjectContext.SUBJECT_WAS_SET) != 0 )
+ {
+ // The current security context has its subject set
+ sc = new SubjectContext();
+ threadSubjectStacks.push(sc);
+ }
+ sc.setSubject(subject);
+ if (trace)
+ log.trace("setSubject, sc="+sc);
+
+ SecurityContext sctx = SecurityContextAssociation.getSecurityContext();
+ if(sctx != null)
+ {
+ SubjectInfo si = sctx.getSubjectInfo();
+ if(si != null)
+ {
+ si.setAuthenticatedSubject(subject);
+ }
+ else
+ sctx.getUtil().createSubjectInfo(null, null, subject);
+ }
+ }
+
+ /**
+ * Get the current thread context info. If a security manager is present,
+ * then this method calls the security manager's <code>checkPermission</code>
+ * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.accessContextInfo",
+ * "get") </code> permission to ensure it's ok to access context information.
+ * If not, a <code>SecurityException</code> will be thrown.
+ * @param key - the context key
+ * @return the mapping for the key in the current thread context
+ */
+ public static Object getContextInfo(String key)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(getContextInfo);
+
+ if(key == null)
+ throw new IllegalArgumentException("key is null");
+ HashMap<String,Object> contextInfo = (HashMap<String,Object>) threadContextMap.get();
+ return contextInfo != null ? contextInfo.get(key) : null;
+ }
+
+ /**
+ * Set the current thread context info. If a security manager is present,
+ * then this method calls the security manager's <code>checkPermission</code>
+ * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.accessContextInfo",
+ * "set") </code> permission to ensure it's ok to access context information.
+ * If not, a <code>SecurityException</code> will be thrown.
+ * @param key - the context key
+ * @param value - the context value to associate under key
+ * @return the previous mapping for the key if one exists
+ */
+ public static Object setContextInfo(String key, Object value)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setContextInfo);
+
+ HashMap<String,Object> contextInfo = (HashMap<String,Object>) threadContextMap.get();
+ return contextInfo.put(key, value);
+ }
+
+ /**
+ * Push the current authenticated context. This sets the authenticated subject
+ * along with the principal and proof of identity that was used to validate
+ * the subject. This context is used for authorization checks. Typically
+ * just the subject as seen by getSubject() is input into the authorization.
+ * When run under a security manager this requires the
+ * RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
+ * permission.
+ * @param subject - the authenticated subject
+ * @param principal - the principal that was input into the authentication
+ * @param credential - the credential that was input into the authentication
+ * @deprecated
+ */
+ public static void pushSubjectContext(Subject subject,
+ Principal principal, Object credential)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setPrincipalInfoPermission);
+
+ // Set the legacy single-value access points
+ if (server)
+ {
+ threadPrincipal.set(principal);
+ threadCredential.set(credential);
+ }
+ else
+ {
+ SecurityAssociation.principal = principal;
+ SecurityAssociation.credential = credential;
+ }
+ // Push the subject context
+ SubjectContext sc = new SubjectContext(subject, principal, credential);
+ threadSubjectStacks.push(sc);
+
+ if(server)
+ {
+ if (trace)
+ log.trace("pushSubjectContext, subject=" + subject + ", sc="+sc);
+ //Use the new method
+ SecurityContext sctx = SecurityContextAssociation.getSecurityContext();
+ if(sctx == null)
+ {
+ if(trace)
+ log.trace("WARN::Deprecated usage of SecurityAssociation. Use SecurityContext");
+ try
+ {
+ sctx = SecurityAssociationActions.createSecurityContext("FROM_SECURITY_ASSOCIATION");
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+ sctx.getUtil().createSubjectInfo(principal, credential,subject);
+ SecurityAssociationActions.setSecurityContext(sctx);
+ }
+ }
+ /**
+ * Push a duplicate of the current SubjectContext if one exists.
+ * When run under a security manager this requires the
+ * RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
+ * permission.
+ */
+ public static void dupSubjectContext()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setPrincipalInfoPermission);
+
+ SubjectContext sc = threadSubjectStacks.dup();
+ if (trace)
+ log.trace("dupSubjectContext, sc="+sc);
+ }
+
+ /**
+ * Pop the current SubjectContext from the previous pushSubjectContext call
+ * and return the pushed SubjectContext ig there was one.
+ * When run under a security manager this requires the
+ * RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
+ * permission.
+ * @return the SubjectContext pushed previously by a pushSubjectContext call
+ * @deprecated
+ */
+ public static SubjectContext popSubjectContext()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setPrincipalInfoPermission);
+
+ SubjectContext sc = threadSubjectStacks.pop();
+ if (trace)
+ {
+ log.trace("popSubjectContext, sc="+sc);
+ }
+
+ Principal principal = null;
+ Object credential = null;
+
+ SubjectContext top = threadSubjectStacks.peek();
+
+ if (top != null)
+ {
+ principal = top.getPrincipal();
+ credential = top.getCredential();
+ }
+
+ if (server)
+ {
+ threadPrincipal.set(principal);
+ threadCredential.set(credential);
+ }
+ else
+ {
+ SecurityAssociation.principal = principal;
+ SecurityAssociation.credential = credential;
+ }
+
+ if(trace)
+ log.trace("WARN::Deprecated usage of SecurityAssociation. Use SecurityContext");
+ SecurityContext sctx = SecurityContextAssociation.getSecurityContext();
+
+ if(sc == null)
+ {
+ if(sctx != null)
+ {
+ sc = new SubjectContext(sctx.getUtil().getSubject(),
+ sctx.getUtil().getUserPrincipal(),
+ sctx.getUtil().getCredential());
+ }
+ }
+ //Now pop the subject context on the security context
+ if(sctx != null)
+ {
+ sctx.getUtil().createSubjectInfo(null, null, null);
+ }
+ return sc;
+ }
+
+ /**
+ * Look at the current thread of control's authenticated identity on the top
+ * of the stack.
+ * When run under a security manager this requires the
+ * RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo")
+ * permission.
+ * @return the SubjectContext pushed previously by a pushSubjectContext call
+ */
+ public static SubjectContext peekSubjectContext()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(getPrincipalInfoPermission);
+
+ //Get the subject context from the security context
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ SubjectContext subjectCtx = null;
+ if( sc != null)
+ {
+ SecurityContextUtil util = sc.getUtil();
+ subjectCtx = new SubjectContext(util.getSubject(), util.getUserPrincipal(), util.getCredential());
+ }
+ return subjectCtx;
+ //return threadSubjectStacks.peek();
+ }
+
+ /**
+ * Clear all principal information. If a security manager is present, then
+ * this method calls the security manager's <code>checkPermission</code>
+ * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
+ * </code> permission to ensure it's ok to access principal information. If
+ * not, a <code>SecurityException</code> will be thrown.
+ */
+ public static void clear()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setPrincipalInfoPermission);
+
+ if (trace)
+ log.trace("clear, server=" + server);
+ if (server == true)
+ {
+ threadPrincipal.set(null);
+ threadCredential.set(null);
+ }
+ else
+ {
+ SecurityAssociation.principal = null;
+ SecurityAssociation.credential = null;
+ }
+ // Remove all subject contexts
+ threadSubjectStacks.clear();
+
+ //Clear the security context
+ SecurityContextAssociation.clearSecurityContext();
+ }
+
+ /**
+ * Push the current thread of control's run-as identity.
+ */
+ public static void pushRunAsIdentity(RunAsIdentity runAs)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setRunAsIdentity);
+ if (trace)
+ log.trace("pushRunAsIdentity, runAs=" + runAs);
+
+ threadRunAsStacks.push(runAs);
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if( sc != null)
+ {
+ sc.setOutgoingRunAs(runAs);
+ }
+ }
+
+ /**
+ * Pop the current thread of control's run-as identity.
+ */
+ public static RunAsIdentity popRunAsIdentity()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setRunAsIdentity);
+ /*RunAsIdentity runAs = threadRunAsStacks.pop();
+ if (trace)
+ log.trace("popRunAsIdentity, runAs=" + runAs);
+ return runAs;*/
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ RunAsIdentity ra = null;
+ if( sc != null)
+ {
+ ra = (RunAsIdentity) sc.getOutgoingRunAs();
+ sc.setOutgoingRunAs(null);
+ }
+ return ra;
+ }
+
+ /**
+ * Look at the current thread of control's run-as identity on the top of the
+ * stack.
+ */
+ public static RunAsIdentity peekRunAsIdentity()
+ {
+ //return peekRunAsIdentity(0);
+ RunAsIdentity ra = null;
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if( sc != null)
+ {
+ ra = (RunAsIdentity) sc.getOutgoingRunAs();
+ }
+ return ra;
+ }
+
+ /**
+ * Look at the current thread of control's run-as identity at the indicated
+ * depth. Typically depth is either 0 for the identity the current caller
+ * run-as that will be assumed, or 1 for the active run-as the previous
+ * caller has assumed.
+ * @return RunAsIdentity depth frames up.
+ */
+ public static RunAsIdentity peekRunAsIdentity(int depth)
+ {
+ //RunAsIdentity runAs = threadRunAsStacks.peek(depth);
+ //return runAs;
+ if(depth > 1)
+ throw new IllegalArgumentException("Security Context approach needs to be used. Depth upto 1");
+ if(depth == 0)
+ return peekRunAsIdentity();
+ else
+ {
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ RunAsIdentity ra = null;
+ if( sc != null)
+ {
+ RunAs ras = sc.getIncomingRunAs();
+ if(ras instanceof RunAsIdentity)
+ ra = (RunAsIdentity) ras;
+ }
+ return ra;
+ }
+ }
+
+ /**
+ * Indicate whether we are server side
+ * @return flag set by a {@link #setServer()} call
+ */
+ public static boolean isServer()
+ {
+ return server;
+ }
+
+ /**
+ * Set the server mode of operation. When the server property has been set to
+ * true, the security information is maintained in thread local storage. This
+ * should be called to enable property security semantics in any
+ * multi-threaded environment where more than one thread requires that
+ * security information be restricted to the thread's flow of control.
+ *
+ * If a security manager is present, then this method calls the security
+ * manager's <code>checkPermission</code> method with a <code>
+ * RuntimePermission("org.jboss.security.SecurityAssociation.setServer")
+ * </code> permission to ensure it's ok to access principal information. If
+ * not, a <code>SecurityException</code> will be thrown.
+ */
+ public static void setServer()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setServerPermission);
+
+ server = true;
+ }
+
+ /**
+ * A subclass of ThreadLocal that implements a value stack using an ArrayList
+ * and implements push, pop and peek stack operations on the thread local
+ * ArrayList.
+ */
+ private static class RunAsThreadLocalStack
+ {
+ @SuppressWarnings("unchecked")
+ ThreadLocal local;
+
+ RunAsThreadLocalStack(boolean threadLocal)
+ {
+ if( threadLocal == true )
+ local = new ArrayListLocal();
+ else
+ local = new ArrayListInheritableLocal();
+ }
+
+ int size()
+ {
+ ArrayList stack = (ArrayList) local.get();
+ return stack.size();
+ }
+
+ void push(RunAsIdentity runAs)
+ {
+ ArrayList stack = (ArrayList) local.get();
+ stack.add(runAs);
+ }
+
+ RunAsIdentity pop()
+ {
+ ArrayList stack = (ArrayList) local.get();
+ RunAsIdentity runAs = null;
+ int lastIndex = stack.size() - 1;
+ if (lastIndex >= 0)
+ runAs = (RunAsIdentity) stack.remove(lastIndex);
+ return runAs;
+ }
+
+ /**
+ * Look for the first non-null run-as identity on the stack starting
+ * with the value at depth.
+ * @return The run-as identity if one exists, null otherwise.
+ */
+ RunAsIdentity peek(int depth)
+ {
+ ArrayList stack = (ArrayList) local.get();
+ RunAsIdentity runAs = null;
+ final int stackSize = stack.size();
+ do
+ {
+ int index = stackSize - 1 - depth;
+ if( index >= 0 )
+ runAs = (RunAsIdentity) stack.get(index);
+ depth ++;
+ }
+ while (runAs == null && depth <= stackSize - 1);
+ return runAs;
+ }
+ }
+
+ /**
+ * The encapsulation of the authenticated subject
+ */
+ public static class SubjectContext
+ {
+ public static final int SUBJECT_WAS_SET = 1;
+ public static final int PRINCIPAL_WAS_SET = 2;
+ public static final int CREDENTIAL_WAS_SET = 4;
+
+ private Subject subject;
+ private Principal principal;
+ private Object credential;
+ private int flags;
+
+ public SubjectContext()
+ {
+ this.flags = 0;
+ }
+ public SubjectContext(Subject s, Principal p, Object cred)
+ {
+ this.subject = s;
+ this.principal = p;
+ this.credential = cred;
+ this.flags = SUBJECT_WAS_SET | PRINCIPAL_WAS_SET | CREDENTIAL_WAS_SET;
+ }
+
+ public Subject getSubject()
+ {
+ return subject;
+ }
+ public void setSubject(Subject subject)
+ {
+ this.subject = subject;
+ this.flags |= SUBJECT_WAS_SET;
+ }
+
+ public Principal getPrincipal()
+ {
+ return principal;
+ }
+ public void setPrincipal(Principal principal)
+ {
+ this.principal = principal;
+ this.flags |= PRINCIPAL_WAS_SET;
+ }
+
+ public Object getCredential()
+ {
+ return credential;
+ }
+ public void setCredential(Object credential)
+ {
+ this.credential = credential;
+ this.flags |= CREDENTIAL_WAS_SET;
+ }
+
+ public int getFlags()
+ {
+ return this.flags;
+ }
+
+ public String toString()
+ {
+ StringBuffer tmp = new StringBuffer(super.toString());
+ tmp.append("{principal=");
+ tmp.append(principal);
+ tmp.append(",subject=");
+ if( subject != null )
+ tmp.append(System.identityHashCode(subject));
+ else
+ tmp.append("null");
+ tmp.append("}");
+ return tmp.toString();
+ }
+ }
+
+ private static class SubjectThreadLocalStack
+ {
+ ThreadLocal local;
+
+ SubjectThreadLocalStack(boolean threadLocal)
+ {
+ if( threadLocal == true )
+ local = new ArrayListLocal();
+ else
+ local = new ArrayListInheritableLocal();
+ }
+
+ int size()
+ {
+ ArrayList stack = (ArrayList) local.get();
+ return stack.size();
+ }
+
+ void push(SubjectContext context)
+ {
+ ArrayList stack = (ArrayList) local.get();
+ stack.add(context);
+ }
+
+ SubjectContext dup()
+ {
+ ArrayList stack = (ArrayList) local.get();
+ SubjectContext context = null;
+ int lastIndex = stack.size() - 1;
+ if (lastIndex >= 0)
+ {
+ context = (SubjectContext) stack.get(lastIndex);
+ stack.add(context);
+ }
+ return context;
+ }
+
+ SubjectContext pop()
+ {
+ ArrayList stack = (ArrayList) local.get();
+ SubjectContext context = null;
+ int lastIndex = stack.size() - 1;
+ if (lastIndex >= 0)
+ context = (SubjectContext) stack.remove(lastIndex);
+ return context;
+ }
+
+ /**
+ * Look for the first non-null run-as identity on the stack starting
+ * with the value at depth.
+ * @return The run-as identity if one exists, null otherwise.
+ */
+ SubjectContext peek()
+ {
+ ArrayList stack = (ArrayList) local.get();
+ SubjectContext context = null;
+ int lastIndex = stack.size() - 1;
+ if (lastIndex >= 0)
+ context = (SubjectContext) stack.get(lastIndex);
+ return context;
+ }
+ /**
+ * Remove all SubjectContext from the current thread stack
+ */
+ void clear()
+ {
+ ArrayList stack = (ArrayList) local.get();
+ stack.clear();
+ }
+ }
+
+ private static class ArrayListLocal extends ThreadLocal
+ {
+ protected Object initialValue()
+ {
+ return new ArrayList();
+ }
+
+ }
+
+ private static class ArrayListInheritableLocal extends InheritableThreadLocal
+ {
+ /**
+ * Override to make a copy of the parent as not doing so results in multiple
+ * threads sharing the unsynchronized list of the parent thread.
+ * @param parentValue - the parent ArrayList
+ * @return a copy of the parent thread list
+ */
+ protected Object childValue(Object parentValue)
+ {
+ ArrayList list = (ArrayList) parentValue;
+ /* It seems there are scenarios where the size can change during the copy so there is
+ a fallback to an empty list here.
+ */
+ ArrayList copy = null;
+ try
+ {
+ copy = new ArrayList(list);
+ }
+ catch(Throwable t)
+ {
+ log.debug("Failed to copy parent list, using new list");
+ copy = new ArrayList();
+ }
+ return copy;
+ }
+
+ protected Object initialValue()
+ {
+ return new ArrayList();
+ }
+
+ }
+ private static class HashMapInheritableLocal<T>
+ extends InheritableThreadLocal<HashMap<String,Object>>
+ {
+ /**
+ * Override to make a copy of the parent as not doing so results in multiple
+ * threads sharing the unsynchronized map of the parent thread.
+ * @param parentValue - the parent HashMap
+ * @return a copy of the parent thread map
+ */
+ protected HashMap<String,Object> childValue(Object parentValue)
+ {
+ HashMap<String,Object> map = (HashMap<String,Object>) parentValue;
+ /* It seems there are scenarios where the size can change during the copy so there is
+ a fallback to an empty map here.
+ */
+ HashMap<String,Object> copy = null;
+ try
+ {
+ copy = new HashMap<String,Object>(map);
+ }
+ catch(Throwable t)
+ {
+ log.debug("Failed to copy parent map, using new map");
+ copy = new HashMap<String,Object>();
+ }
+ return copy;
+ }
+
+ protected HashMap<String,Object> initialValue()
+ {
+ return new HashMap<String,Object>();
+ }
+
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,210 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.security.AccessController;
-import java.security.Principal;
-import java.security.PrivilegedAction;
-
-import javax.security.auth.Subject;
-
-import org.jboss.security.SecurityContextAssociation;
-
-/** A PrivilegedAction implementation for setting the SecurityAssociation
- * principal and credential
- *
- * @author Scott.Stark at jboss.org
- * @version $Revison:$
- */
-class SecurityAssociationActions
-{
- private static class SetPrincipalInfoAction implements PrivilegedAction
- {
- Principal principal;
- Object credential;
- Subject subject;
- SetPrincipalInfoAction(Principal principal, Object credential, Subject subject)
- {
- this.principal = principal;
- this.credential = credential;
- this.subject = subject;
- }
- public Object run()
- {
- //SecurityAssociation.pushSubjectContext(subject, principal, credential);
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- if(sc == null)
- {
- try
- {
- sc = SecurityContextFactory.createSecurityContext(principal,
- credential, subject, "CLIENT_PROXY");
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- }
- SecurityContextAssociation.setSecurityContext(sc);
- credential = null;
- principal = null;
- subject = null;
- return null;
- }
- }
- private static class PopPrincipalInfoAction implements PrivilegedAction
- {
- public Object run()
- {
- //SecurityAssociation.popSubjectContext();
- SecurityContextAssociation.clearSecurityContext();
- return null;
- }
- }
- private static class SetServerAction implements PrivilegedAction
- {
- static PrivilegedAction ACTION = new SetServerAction();
- public Object run()
- {
- SecurityAssociation.setServer();
- return null;
- }
- }
- private static class ClearAction implements PrivilegedAction
- {
- static PrivilegedAction ACTION = new ClearAction();
- public Object run()
- {
- SecurityAssociation.clear();
- SecurityContextAssociation.clearSecurityContext();
- return null;
- }
- }
- private static class GetSubjectAction implements PrivilegedAction
- {
- static PrivilegedAction ACTION = new GetSubjectAction();
- public Object run()
- {
- Subject subject = SecurityAssociation.getSubject();
- return subject;
- }
- }
- private static class GetPrincipalAction implements PrivilegedAction
- {
- static PrivilegedAction ACTION = new GetPrincipalAction();
- public Object run()
- {
- Principal principal = SecurityAssociation.getPrincipal();
- return principal;
- }
- }
- private static class GetCredentialAction implements PrivilegedAction
- {
- static PrivilegedAction ACTION = new GetCredentialAction();
- public Object run()
- {
- Object credential = SecurityAssociation.getCredential();
- return credential;
- }
- }
-
- static void setSecurityContext(final SecurityContext sc)
- {
- AccessController.doPrivileged(new PrivilegedAction()
- {
- public Object run()
- {
- SecurityContextAssociation.setSecurityContext(sc);
- return null;
- }
- });
- }
-
- static SecurityContext getSecurityContext()
- {
- return (SecurityContext)AccessController.doPrivileged(new PrivilegedAction()
- {
- public Object run()
- {
- return SecurityContextAssociation.getSecurityContext();
- }
- });
- }
-
- static void pushSecurityContext(final Principal p, final Object cred,
- final Subject subject, final String securityDomain)
- {
- AccessController.doPrivileged(new PrivilegedAction()
- {
- public Object run()
- {
- SecurityContext sc;
- try
- {
- sc = SecurityContextFactory.createSecurityContext(p, cred,
- subject, securityDomain);
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- SecurityContextAssociation.setSecurityContext(sc);
- return null;
- }
- });
- }
-
- static void setPrincipalInfo(Principal principal, Object credential, Subject subject)
- {
- SetPrincipalInfoAction action = new SetPrincipalInfoAction(principal, credential, subject);
- AccessController.doPrivileged(action);
- }
- static void popPrincipalInfo()
- {
- PopPrincipalInfoAction action = new PopPrincipalInfoAction();
- AccessController.doPrivileged(action);
- }
- static void setServer()
- {
- AccessController.doPrivileged(SetServerAction.ACTION);
- }
- static void clear()
- {
- AccessController.doPrivileged(ClearAction.ACTION);
- }
- static Subject getSubject()
- {
- Subject subject = (Subject) AccessController.doPrivileged(GetSubjectAction.ACTION);
- return subject;
- }
- static Principal getPrincipal()
- {
- Principal principal = (Principal) AccessController.doPrivileged(GetPrincipalAction.ACTION);
- return principal;
- }
- static Object getCredential()
- {
- Object credential = AccessController.doPrivileged(GetCredentialAction.ACTION);
- return credential;
- }
-
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java (from rev 72642, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,258 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import javax.security.auth.Subject;
+
+/** A PrivilegedAction implementation for setting the SecurityAssociation
+ * principal and credential
+ *
+ * @author Scott.Stark at jboss.org
+ * @version $Revison:$
+ */
+class SecurityAssociationActions
+{
+ private static class SetPrincipalInfoAction implements PrivilegedAction<Object>
+ {
+ Principal principal;
+ Object credential;
+ Subject subject;
+ SetPrincipalInfoAction(Principal principal, Object credential, Subject subject)
+ {
+ this.principal = principal;
+ this.credential = credential;
+ this.subject = subject;
+ }
+ public Object run()
+ {
+ //Client Side usage
+ if(!getServer())
+ {
+ SecurityAssociation.pushSubjectContext(subject, principal, credential);
+ }
+
+ //Always create a new security context
+ SecurityContext sc = null;
+ try
+ {
+ sc = SecurityContextFactory.createSecurityContext(principal,
+ credential, subject, "CLIENT_LOGIN_MODULE");
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ setSecurityContext(sc);
+
+ credential = null;
+ principal = null;
+ subject = null;
+ return null;
+ }
+ }
+ private static class PopPrincipalInfoAction implements PrivilegedAction<Object>
+ {
+ public Object run()
+ {
+ if(!getServer())
+ SecurityAssociation.popSubjectContext();
+ return null;
+ }
+ }
+ private static class SetServerAction implements PrivilegedAction<Object>
+ {
+ static PrivilegedAction<Object> ACTION = new SetServerAction();
+ public Object run()
+ {
+ SecurityAssociation.setServer();
+ return null;
+ }
+ }
+ private static class ClearAction implements PrivilegedAction<Object>
+ {
+ static PrivilegedAction<Object> ACTION = new ClearAction();
+ public Object run()
+ {
+ if(!getServer())
+ SecurityAssociation.clear();
+ return null;
+ }
+ }
+ private static class GetSubjectAction implements PrivilegedAction<Subject>
+ {
+ static PrivilegedAction<Subject> ACTION = new GetSubjectAction();
+ public Subject run()
+ {
+ Subject subject = SecurityAssociation.getSubject();
+ return subject;
+ }
+ }
+ private static class GetPrincipalAction implements PrivilegedAction<Principal>
+ {
+ static PrivilegedAction<Principal> ACTION = new GetPrincipalAction();
+ public Principal run()
+ {
+ Principal principal = SecurityAssociation.getPrincipal();
+ return principal;
+ }
+ }
+ private static class GetCredentialAction implements PrivilegedAction<Object>
+ {
+ static PrivilegedAction<Object> ACTION = new GetCredentialAction();
+ public Object run()
+ {
+ Object credential = SecurityAssociation.getCredential();
+ return credential;
+ }
+ }
+
+ static void clearSecurityContext(final SecurityContext sc)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ //The SecurityContext may have been cached somewhere
+ if(sc != null)
+ sc = null;
+ setSecurityContext(sc);
+ return null;
+ }
+ });
+ }
+
+ static void setSecurityContext(final SecurityContext sc)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ SecurityContextAssociation.setSecurityContext(sc);
+ return null;
+ }
+ });
+ }
+
+ static SecurityContext getSecurityContext()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
+ {
+ public SecurityContext run()
+ {
+ return SecurityContextAssociation.getSecurityContext();
+ }
+ });
+ }
+
+ static void pushSecurityContext(final Principal p, final Object cred,
+ final Subject subject, final String securityDomain)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ SecurityContext sc;
+ try
+ {
+ sc = SecurityContextFactory.createSecurityContext(p, cred,
+ subject, securityDomain);
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ setSecurityContext(sc);
+ //For Client Side legacy usage
+ if(getServer() == Boolean.FALSE)
+ {
+ SecurityAssociation.pushSubjectContext(subject, p, cred);
+ }
+ return null;
+ }
+ });
+ }
+
+ static void setPrincipalInfo(Principal principal, Object credential, Subject subject)
+ {
+ SetPrincipalInfoAction action = new SetPrincipalInfoAction(principal, credential, subject);
+ AccessController.doPrivileged(action);
+ }
+ static void popPrincipalInfo()
+ {
+ PopPrincipalInfoAction action = new PopPrincipalInfoAction();
+ AccessController.doPrivileged(action);
+ }
+
+ static Boolean getServer()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Boolean>()
+ {
+ public Boolean run()
+ {
+ return SecurityAssociation.isServer();
+ }
+ });
+ }
+
+ static void setServer()
+ {
+ AccessController.doPrivileged(SetServerAction.ACTION);
+ }
+ static void clear()
+ {
+ AccessController.doPrivileged(ClearAction.ACTION);
+ }
+ static Subject getSubject()
+ {
+ Subject subject = (Subject) AccessController.doPrivileged(GetSubjectAction.ACTION);
+ return subject;
+ }
+ static Principal getPrincipal()
+ {
+ Principal principal = (Principal) AccessController.doPrivileged(GetPrincipalAction.ACTION);
+ return principal;
+ }
+ static Object getCredential()
+ {
+ Object credential = AccessController.doPrivileged(GetCredentialAction.ACTION);
+ return credential;
+ }
+
+ static SecurityContext createSecurityContext(final String securityDomain)
+ throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<SecurityContext>()
+ {
+ public SecurityContext run() throws Exception
+ {
+ return SecurityContextFactory.createSecurityContext(securityDomain);
+ }
+ });
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityRoleRef.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityRoleRef.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityRoleRef.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,112 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security;
-
-//$Id$
-
-/**
- * Represents a Security Role Ref element in the deployment descriptor
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jul 21, 2006
- * @version $Revision$
- */
-public class SecurityRoleRef
-{
- private String name;
- private String link;
- private String description;
-
- public SecurityRoleRef()
- {
- }
-
- public SecurityRoleRef(String name, String link)
- {
- this.name = name;
- this.link = link;
- }
-
- public SecurityRoleRef(String name, String link, String description)
- {
- this.name = name;
- this.link = link;
- this.description = description;
- }
-
- /**
- * Get the description.
- *
- * @return the description.
- */
- public String getDescription()
- {
- return description;
- }
-
- /**
- * Set the description.
- */
- public void setDescription(String desc)
- {
- this.description = desc;
- }
-
- /**
- * Get the link.
- * @return link
- */
- public String getLink()
- {
- return this.link;
- }
-
-
- /**
- * Set the link.
- */
- public void setLink(String l)
- {
- this.link = l;
- }
-
-
- /**
- * Get the name.
- *
- * @return the name.
- */
- public String getName()
- {
- return this.name;
- }
-
-
- /**
- * Set the name.
- *
- * @return the name.
- */
- public void setName(String n)
- {
- this.name = n;
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityRoleRef.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityRoleRef.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityRoleRef.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/SecurityRoleRef.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,34 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security;
+
+//$Id$
+
+/**
+ * Represents a Security Role Ref element in the deployment descriptor
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jul 21, 2006
+ * @version $Revision$
+ */
+public class SecurityRoleRef extends org.jboss.security.javaee.SecurityRoleRef
+{
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/audit/config/AuditConfigEntryHolder.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/audit/config/AuditConfigEntryHolder.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/audit/config/AuditConfigEntryHolder.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,78 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.audit.config;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.xml.namespace.QName;
-
-import org.jboss.security.config.ModuleOption;
-import org.jboss.xb.binding.GenericValueContainer;
-
-//$Id$
-
-/**
- * A container for creating AuditConfigEntry during jbxb parse
- * @author Anil.Saldhana at redhat.com
- * @since Aug 14, 2007
- * @version $Revision$
- */
-public class AuditConfigEntryHolder implements GenericValueContainer
-{
- private Map<String,Object> moduleOptions = new HashMap<String,Object>();
- String moduleName = null;
-
- public void addChild(QName name, Object value)
- {
- if("code".equals(name.getLocalPart()))
- {
- moduleName = (String)value;
- }
- if(value instanceof ModuleOption)
- {
- ModuleOption mo = (ModuleOption)value;
- moduleOptions.put(mo.getName(),mo.getValue());
- }
- }
-
- public void addOption(ModuleOption option)
- {
- moduleOptions.put(option.getName(), option.getValue());
- }
-
- public AuditProviderEntry getEntry()
- {
- return (AuditProviderEntry)instantiate();
- }
-
- public Object instantiate()
- {
- AuditProviderEntry entry = new AuditProviderEntry( moduleName,moduleOptions );
- return entry;
- }
-
- public Class<?> getTargetClass()
- {
- return AuditProviderEntry.class;
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/audit/config/AuditConfigEntryHolder.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/audit/config/AuditConfigEntryHolder.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/audit/config/AuditConfigEntryHolder.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/audit/config/AuditConfigEntryHolder.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,78 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.audit.config;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+
+import org.jboss.security.config.ModuleOption;
+import org.jboss.xb.binding.GenericValueContainer;
+
+//$Id$
+
+/**
+ * A container for creating AuditConfigEntry during jbxb parse
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 14, 2007
+ * @version $Revision$
+ */
+public class AuditConfigEntryHolder implements GenericValueContainer
+{
+ private Map<String,Object> moduleOptions = new HashMap<String,Object>();
+ String moduleName = null;
+
+ public void addChild(QName name, Object value)
+ {
+ if("code".equals(name.getLocalPart()))
+ {
+ moduleName = (String)value;
+ }
+ if(value instanceof ModuleOption)
+ {
+ ModuleOption mo = (ModuleOption)value;
+ moduleOptions.put(mo.getName(),mo.getValue());
+ }
+ }
+
+ public void addOption(ModuleOption option)
+ {
+ moduleOptions.put(option.getName(), option.getValue());
+ }
+
+ public AuditProviderEntry getEntry()
+ {
+ return (AuditProviderEntry)instantiate();
+ }
+
+ public Object instantiate()
+ {
+ AuditProviderEntry entry = new AuditProviderEntry( moduleName,moduleOptions );
+ return entry;
+ }
+
+ public Class<?> getTargetClass()
+ {
+ return AuditProviderEntry.class;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,94 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authorization.config;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.xml.namespace.QName;
-
-import org.jboss.security.config.ModuleOption;
-import org.jboss.security.config.ControlFlag;
-import org.jboss.xb.binding.GenericValueContainer;
-
-//$Id$
-
-/**
- * A container for creating AuthorizationConfigurationEntry during jbxb parse.
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jun 9, 2006
- * @version $Revision$
- */
-public class AuthorizationConfigEntryHolder implements GenericValueContainer
-{
- private Map moduleOptions = new HashMap();
- String moduleName = null;
- ControlFlag controlFlag = ControlFlag.REQUIRED;
-
- public void addChild(QName name, Object value)
- {
- if("code".equals(name.getLocalPart()))
- {
- moduleName = (String)value;
- }
- if("flag".equals(name.getLocalPart()))
- {
- String tempVal = (String)value;
- if("optional".equals(tempVal))
- controlFlag = ControlFlag.OPTIONAL;
- else
- if("requisite".equals(tempVal))
- controlFlag = ControlFlag.REQUISITE;
- else
- if("sufficient".equals(tempVal))
- controlFlag = ControlFlag.SUFFICIENT;
- }
- if(value instanceof ModuleOption)
- {
- ModuleOption mo = (ModuleOption)value;
- moduleOptions.put(mo.getName(),mo.getValue());
- }
- }
-
- public void addOption(ModuleOption option)
- {
- moduleOptions.put(option.getName(), option.getValue());
- }
-
- public AuthorizationModuleEntry getEntry()
- {
- return (AuthorizationModuleEntry)instantiate();
- }
-
- public Object instantiate()
- {
- AuthorizationModuleEntry entry = new AuthorizationModuleEntry( moduleName,moduleOptions );
- entry.setControlFlag(controlFlag);
- return entry;
- }
-
- public Class getTargetClass()
- {
- return AuthorizationModuleEntry.class;
- }
-
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,94 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization.config;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+
+import org.jboss.security.config.ControlFlag;
+import org.jboss.security.config.ModuleOption;
+import org.jboss.xb.binding.GenericValueContainer;
+
+//$Id$
+
+/**
+ * A container for creating AuthorizationConfigurationEntry during jbxb parse.
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jun 9, 2006
+ * @version $Revision$
+ */
+public class AuthorizationConfigEntryHolder implements GenericValueContainer
+{
+ private Map moduleOptions = new HashMap();
+ String moduleName = null;
+ ControlFlag controlFlag = ControlFlag.REQUIRED;
+
+ public void addChild(QName name, Object value)
+ {
+ if("code".equals(name.getLocalPart()))
+ {
+ moduleName = (String)value;
+ }
+ if("flag".equals(name.getLocalPart()))
+ {
+ String tempVal = (String)value;
+ if("optional".equals(tempVal))
+ controlFlag = ControlFlag.OPTIONAL;
+ else
+ if("requisite".equals(tempVal))
+ controlFlag = ControlFlag.REQUISITE;
+ else
+ if("sufficient".equals(tempVal))
+ controlFlag = ControlFlag.SUFFICIENT;
+ }
+ if(value instanceof ModuleOption)
+ {
+ ModuleOption mo = (ModuleOption)value;
+ moduleOptions.put(mo.getName(),mo.getValue());
+ }
+ }
+
+ public void addOption(ModuleOption option)
+ {
+ moduleOptions.put(option.getName(), option.getValue());
+ }
+
+ public AuthorizationModuleEntry getEntry()
+ {
+ return (AuthorizationModuleEntry)instantiate();
+ }
+
+ public Object instantiate()
+ {
+ AuthorizationModuleEntry entry = new AuthorizationModuleEntry( moduleName,moduleOptions );
+ entry.setControlFlag(controlFlag);
+ return entry;
+ }
+
+ public Class getTargetClass()
+ {
+ return AuthorizationModuleEntry.class;
+ }
+
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationModuleEntry.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationModuleEntry.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationModuleEntry.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,106 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authorization.config;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import org.jboss.security.config.ModuleOption;
-import org.jboss.security.config.ControlFlag;
-
-//$Id$
-
-/**
- * Represents configuration for a single Policy Decision Module
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jun 9, 2006
- * @version $Revision$
- */
-public class AuthorizationModuleEntry
-{
- private String policyModuleName;
- private ControlFlag controlFlag;
- private Map<String,Object> options = new HashMap<String,Object>();
-
- /**
- * Create a new AuthorizationModuleEntry.
- *
- * @param name Policy Module Name
- */
- public AuthorizationModuleEntry(String name)
- {
- this.policyModuleName = name;
- }
-
- /**
- * Create a new AuthorizationModuleEntry.
- *
- * @param name Policy Module Name
- * @param options Options
- */
- public AuthorizationModuleEntry(String name, Map<String,Object> options)
- {
- this.policyModuleName = name;
- this.options = options;
- }
-
- public void add(ModuleOption option)
- {
- options.put(option.getName(), option.getValue());
- }
-
- /**
- * Get the Policy Module Name
- * @return
- */
- public String getPolicyModuleName()
- {
- return policyModuleName;
- }
-
- /**
- * Get the options
- * @return
- */
- public Map<String,Object> getOptions()
- {
- return options;
- }
-
- /**
- * Get the Control Flag (Required,Requisite,Sufficient or Optional)
- * @return
- */
- public ControlFlag getControlFlag()
- {
- return controlFlag;
- }
-
- /**
- * Set the Control Flag (Required,Requisite,Sufficient or Optional)
- * @return
- */
- public void setControlFlag(ControlFlag controlFlag)
- {
- this.controlFlag = controlFlag;
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationModuleEntry.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationModuleEntry.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationModuleEntry.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationModuleEntry.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,106 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization.config;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jboss.security.config.ControlFlag;
+import org.jboss.security.config.ModuleOption;
+
+//$Id$
+
+/**
+ * Represents configuration for a single Policy Decision Module
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jun 9, 2006
+ * @version $Revision$
+ */
+public class AuthorizationModuleEntry
+{
+ private String policyModuleName;
+ private ControlFlag controlFlag;
+ private Map<String,Object> options = new HashMap<String,Object>();
+
+ /**
+ * Create a new AuthorizationModuleEntry.
+ *
+ * @param name Policy Module Name
+ */
+ public AuthorizationModuleEntry(String name)
+ {
+ this.policyModuleName = name;
+ }
+
+ /**
+ * Create a new AuthorizationModuleEntry.
+ *
+ * @param name Policy Module Name
+ * @param options Options
+ */
+ public AuthorizationModuleEntry(String name, Map<String,Object> options)
+ {
+ this.policyModuleName = name;
+ this.options = options;
+ }
+
+ public void add(ModuleOption option)
+ {
+ options.put(option.getName(), option.getValue());
+ }
+
+ /**
+ * Get the Policy Module Name
+ * @return
+ */
+ public String getPolicyModuleName()
+ {
+ return policyModuleName;
+ }
+
+ /**
+ * Get the options
+ * @return
+ */
+ public Map<String,Object> getOptions()
+ {
+ return options;
+ }
+
+ /**
+ * Get the Control Flag (Required,Requisite,Sufficient or Optional)
+ * @return
+ */
+ public ControlFlag getControlFlag()
+ {
+ return controlFlag;
+ }
+
+ /**
+ * Set the Control Flag (Required,Requisite,Sufficient or Optional)
+ * @return
+ */
+ public void setControlFlag(ControlFlag controlFlag)
+ {
+ this.controlFlag = controlFlag;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,376 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authorization.config;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.audit.config.AuditProviderEntry;
-import org.jboss.security.auth.login.LoginConfigObjectModelFactory;
-import org.jboss.security.config.ModuleOption;
-import org.jboss.security.config.ApplicationPolicy;
-import org.jboss.security.config.AuditInfo;
-import org.jboss.security.config.AuthorizationInfo;
-import org.jboss.security.config.ControlFlag;
-import org.jboss.security.config.IdentityTrustInfo;
-import org.jboss.security.config.MappingInfo;
-import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry;
-import org.jboss.security.mapping.config.MappingModuleEntry;
-import org.jboss.util.StringPropertyReplacer;
-import org.jboss.xb.binding.UnmarshallingContext;
-import org.xml.sax.Attributes;
-
-//$Id$
-
-/**
- * JBossXB Object Factory capable of parsing the security configuration
- * file that can include both authentication,authorization and mapping
- * module configuration
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jun 9, 2006
- * @version $Revision$
- */
-public class SecurityConfigObjectModelFactory extends LoginConfigObjectModelFactory
-{
- private static Logger log = Logger.getLogger(SecurityConfigObjectModelFactory.class);
- private boolean trace = log.isTraceEnabled();
-
- public Object newChild(ApplicationPolicy aPolicy,UnmarshallingContext navigator,
- String namespaceUri, String localName, Attributes attrs)
- {
- Object child = super.newChild(aPolicy, navigator,
- namespaceUri,localName,attrs);
- if(child == null && "authorization".equals(localName))
- {
- child = new AuthorizationInfo(aPolicy.getName());
- }
- else
- if(child == null && "rolemapping".equals(localName))
- {
- MappingInfo mi = new MappingInfo();
- mi.setName(aPolicy.getName());
- child = mi;
- }
- else
- if(child == null && "audit".equals(localName))
- {
- AuditInfo ai = new AuditInfo(aPolicy.getName());
- child = ai;
- }
- else
- if(child == null && "identity-trust".equals(localName))
- {
- IdentityTrustInfo ai = new IdentityTrustInfo(aPolicy.getName());
- child = ai;
- }
- return child;
- }
-
- public Object newChild(AuthorizationInfo info, UnmarshallingContext navigator,
- String namespaceUri, String localName, Attributes attrs)
- {
- Object child = null;
- if( trace )
- log.trace("newChild.AuthorizationInfo, localName: "+localName);
- if("policy-module".equals(localName))
- {
- String code = attrs.getValue("code");
- code = StringPropertyReplacer.replaceProperties(code.trim());
- String flag = attrs.getValue("flag");
- if(flag != null)
- flag = StringPropertyReplacer.replaceProperties(flag.trim());
- if(flag == null)
- flag = "REQUIRED";
- else
- flag = flag.toUpperCase();
- AuthorizationModuleEntry entry = new AuthorizationModuleEntry(code);
- if("REQUIRED".equals(flag))
- entry.setControlFlag(ControlFlag.REQUIRED);
- else
- if("REQUISITE".equals(flag))
- entry.setControlFlag(ControlFlag.REQUISITE);
- else
- if("SUFFICIENT".equals(flag))
- entry.setControlFlag(ControlFlag.SUFFICIENT);
- else
- entry.setControlFlag(ControlFlag.OPTIONAL);
- child = entry;
- if( trace )
- log.trace("newChild.AuthorizationInfo, policy-module code: "+code);
- }
-
- return child;
- }
-
- public Object newChild(AuthorizationModuleEntry entry, UnmarshallingContext navigator,
- String namespaceUri, String localName, Attributes attrs)
- {
- Object child = null;
- if( trace )
- log.trace("newChild.AppConfigurationEntryHolder, localName: "+localName);
- if("module-option".equals(localName))
- {
- String name = attrs.getValue("name");
- child = new ModuleOption(name);
- if( trace )
- log.trace("newChild.AuthModuleEntry, module-option name: "+name);
- }
-
- return child;
- }
-
- public void addChild(ApplicationPolicy aPolicy, AuthorizationInfo authInfo,
- UnmarshallingContext navigator, String namespaceURI, String localName)
- {
- aPolicy.setAuthorizationInfo(authInfo);
- if(trace)
- log.trace("addChild.ApplicationPolicy, name: " + aPolicy.getName());
- }
-
- public void addChild(AuthorizationInfo authInfo, AuthorizationConfigEntryHolder entryInfo,
- UnmarshallingContext navigator, String namespaceURI, String localName)
- {
- AuthorizationModuleEntry entry = entryInfo.getEntry();
- authInfo.add(entry);
- if( trace )
- log.trace("addChild.AuthorizationInfo, name: "+entry.getPolicyModuleName());
- }
-
- public void addChild(AuthorizationConfigEntryHolder entryInfo, ModuleOption option,
- UnmarshallingContext navigator, String namespaceURI, String localName)
- {
- entryInfo.addOption(option);
- if( trace )
- log.trace("addChild.AuthorizationConfigEntryHolder, name: "+option.getName());
- }
-
- public void addChild(AuthorizationInfo authInfo, AuthorizationModuleEntry entry ,
- UnmarshallingContext navigator, String namespaceURI, String localName)
- {
- authInfo.add(entry);
- }
-
- public void addChild(AuthorizationModuleEntry entry , ModuleOption option,
- UnmarshallingContext navigator, String namespaceURI, String localName)
- {
- entry.add(option);
- if( trace )
- log.trace("addChild.AuthorizationModuleEntry, name: "+option.getName());
- }
-
- //RoleMapping
- public Object newChild(MappingInfo info, UnmarshallingContext navigator,
- String namespaceUri, String localName, Attributes attrs)
- {
- Object child = null;
- if( trace )
- log.trace("newChild.RoleMappingInfo, localName: "+localName);
- if("mapping-module".equals(localName))
- {
- String code = attrs.getValue("code");
- code = StringPropertyReplacer.replaceProperties(code.trim());
- MappingModuleEntry entry = new MappingModuleEntry(code);
- child = entry;
- if( trace )
- log.trace("newChild.RoleMappingInfo, mapping-module code: "+code);
- }
-
- return child;
- }
-
- public Object newChild(MappingModuleEntry entry,
- UnmarshallingContext navigator,
- String namespaceUri, String localName, Attributes attrs)
- {
- Object child = null;
- if( trace )
- log.trace("newChild.MappingModuleEntry, localName: "+localName);
- if("module-option".equals(localName))
- {
- String name = attrs.getValue("name");
- child = new ModuleOption(name);
- if( trace )
- log.trace("newChild.MappingModuleEntry, module-option name: "+name);
- }
-
- return child;
- }
-
- public void addChild(ApplicationPolicy aPolicy, MappingInfo authInfo,
- UnmarshallingContext navigator, String namespaceURI, String localName)
- {
- aPolicy.setRoleMappingInfo(authInfo);
- if(trace)
- log.trace("addChild.ApplicationPolicy, name: " + aPolicy.getName());
- }
-
- public void addChild(MappingModuleEntry entry , ModuleOption option,
- UnmarshallingContext navigator, String namespaceURI, String localName)
- {
- entry.add(option);
- if( trace )
- log.trace("addChild.MappingModuleEntry, name: "+option.getName());
- }
-
- public void addChild(MappingInfo authInfo, MappingModuleEntry entry ,
- UnmarshallingContext navigator, String namespaceURI, String localName)
- {
- authInfo.add(entry);
- }
-
- //Audit Info
- public Object newChild(AuditInfo info, UnmarshallingContext navigator,
- String namespaceUri, String localName, Attributes attrs)
- {
- Object child = null;
- if( trace )
- log.trace("newChild.AuditInfo, localName: "+localName);
- if("provider-module".equals(localName))
- {
- String code = attrs.getValue("code");
- code = StringPropertyReplacer.replaceProperties(code.trim());
- AuditProviderEntry entry = new AuditProviderEntry(code);
- child = entry;
- if( trace )
- log.trace("newChild.AuditInfo, provider-module code: "+code);
- }
-
- return child;
- }
-
- public Object newChild(AuditProviderEntry entry,
- UnmarshallingContext navigator,
- String namespaceUri, String localName, Attributes attrs)
- {
- Object child = null;
- if( trace )
- log.trace("newChild.AuditProviderEntry, localName: "+localName);
- if("module-option".equals(localName))
- {
- String name = attrs.getValue("name");
- child = new ModuleOption(name);
- if( trace )
- log.trace("newChild.AuditProviderEntry, module-option name: "+name);
- }
-
- return child;
- }
-
- public void addChild(ApplicationPolicy aPolicy, AuditInfo auditInfo,
- UnmarshallingContext navigator, String namespaceURI, String localName)
- {
- aPolicy.setAuditInfo(auditInfo) ;
- if(trace)
- log.trace("addChild.ApplicationPolicy, name: " + aPolicy.getName());
- }
-
- public void addChild(AuditProviderEntry entry , ModuleOption option,
- UnmarshallingContext navigator, String namespaceURI, String localName)
- {
- entry.add(option);
- if( trace )
- log.trace("addChild.MappingModuleEntry, name: "+option.getName());
- }
-
- public void addChild(AuditInfo auditInfo, AuditProviderEntry entry ,
- UnmarshallingContext navigator, String namespaceURI, String localName)
- {
- auditInfo.add(entry);
- }
-
- //Identity Trust
- public Object newChild(IdentityTrustInfo info, UnmarshallingContext navigator,
- String namespaceUri, String localName, Attributes attrs)
- {
- Object child = null;
- if( trace )
- log.trace("newChild.IdentityTrustInfo, localName: "+localName);
- if("trust-module".equals(localName))
- {
- String code = attrs.getValue("code");
- code = StringPropertyReplacer.replaceProperties(code.trim());
-
- String flag = attrs.getValue("flag");
- if(flag != null)
- flag = StringPropertyReplacer.replaceProperties(flag.trim());
- if(flag == null)
- flag = "REQUIRED";
- else
- flag = flag.toUpperCase();
- IdentityTrustModuleEntry entry = new IdentityTrustModuleEntry(code);
- if("REQUIRED".equals(flag))
- entry.setControlFlag(ControlFlag.REQUIRED);
- else
- if("REQUISITE".equals(flag))
- entry.setControlFlag(ControlFlag.REQUISITE);
- else
- if("SUFFICIENT".equals(flag))
- entry.setControlFlag(ControlFlag.SUFFICIENT);
- else
- entry.setControlFlag(ControlFlag.OPTIONAL);
-
- child = entry;
- if( trace )
- log.trace("newChild.IdentityTrustInfo, trust-module code: "+code);
- }
-
- return child;
- }
-
- public Object newChild(IdentityTrustModuleEntry entry,
- UnmarshallingContext navigator,
- String namespaceUri, String localName, Attributes attrs)
- {
- Object child = null;
- if( trace )
- log.trace("newChild.trustProviderEntry, localName: "+localName);
- if("module-option".equals(localName))
- {
- String name = attrs.getValue("name");
- child = new ModuleOption(name);
- if( trace )
- log.trace("newChild.trustProviderEntry, module-option name: "+name);
- }
-
- return child;
- }
-
- public void addChild(ApplicationPolicy aPolicy, IdentityTrustInfo auditInfo,
- UnmarshallingContext navigator, String namespaceURI, String localName)
- {
- aPolicy.setIdentityTrustInfo(auditInfo) ;
- if(trace)
- log.trace("addChild.ApplicationPolicy, name: " + aPolicy.getName());
- }
-
- public void addChild(IdentityTrustModuleEntry entry , ModuleOption option,
- UnmarshallingContext navigator, String namespaceURI, String localName)
- {
- entry.add(option);
- if( trace )
- log.trace("addChild.MappingModuleEntry, name: "+option.getName());
- }
-
- public void addChild(IdentityTrustInfo auditInfo, IdentityTrustModuleEntry entry ,
- UnmarshallingContext navigator, String namespaceURI, String localName)
- {
- auditInfo.add(entry);
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,376 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization.config;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.audit.config.AuditProviderEntry;
+import org.jboss.security.auth.login.LoginConfigObjectModelFactory;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.AuditInfo;
+import org.jboss.security.config.AuthorizationInfo;
+import org.jboss.security.config.ControlFlag;
+import org.jboss.security.config.IdentityTrustInfo;
+import org.jboss.security.config.MappingInfo;
+import org.jboss.security.config.ModuleOption;
+import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry;
+import org.jboss.security.mapping.config.MappingModuleEntry;
+import org.jboss.util.StringPropertyReplacer;
+import org.jboss.xb.binding.UnmarshallingContext;
+import org.xml.sax.Attributes;
+
+//$Id$
+
+/**
+ * JBossXB Object Factory capable of parsing the security configuration
+ * file that can include both authentication,authorization and mapping
+ * module configuration
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jun 9, 2006
+ * @version $Revision$
+ */
+public class SecurityConfigObjectModelFactory extends LoginConfigObjectModelFactory
+{
+ private static Logger log = Logger.getLogger(SecurityConfigObjectModelFactory.class);
+ private boolean trace = log.isTraceEnabled();
+
+ public Object newChild(ApplicationPolicy aPolicy,UnmarshallingContext navigator,
+ String namespaceUri, String localName, Attributes attrs)
+ {
+ Object child = super.newChild(aPolicy, navigator,
+ namespaceUri,localName,attrs);
+ if(child == null && "authorization".equals(localName))
+ {
+ child = new AuthorizationInfo(aPolicy.getName());
+ }
+ else
+ if(child == null && "rolemapping".equals(localName))
+ {
+ MappingInfo mi = new MappingInfo();
+ mi.setName(aPolicy.getName());
+ child = mi;
+ }
+ else
+ if(child == null && "audit".equals(localName))
+ {
+ AuditInfo ai = new AuditInfo(aPolicy.getName());
+ child = ai;
+ }
+ else
+ if(child == null && "identity-trust".equals(localName))
+ {
+ IdentityTrustInfo ai = new IdentityTrustInfo(aPolicy.getName());
+ child = ai;
+ }
+ return child;
+ }
+
+ public Object newChild(AuthorizationInfo info, UnmarshallingContext navigator,
+ String namespaceUri, String localName, Attributes attrs)
+ {
+ Object child = null;
+ if( trace )
+ log.trace("newChild.AuthorizationInfo, localName: "+localName);
+ if("policy-module".equals(localName))
+ {
+ String code = attrs.getValue("code");
+ code = StringPropertyReplacer.replaceProperties(code.trim());
+ String flag = attrs.getValue("flag");
+ if(flag != null)
+ flag = StringPropertyReplacer.replaceProperties(flag.trim());
+ if(flag == null)
+ flag = "REQUIRED";
+ else
+ flag = flag.toUpperCase();
+ AuthorizationModuleEntry entry = new AuthorizationModuleEntry(code);
+ if("REQUIRED".equals(flag))
+ entry.setControlFlag(ControlFlag.REQUIRED);
+ else
+ if("REQUISITE".equals(flag))
+ entry.setControlFlag(ControlFlag.REQUISITE);
+ else
+ if("SUFFICIENT".equals(flag))
+ entry.setControlFlag(ControlFlag.SUFFICIENT);
+ else
+ entry.setControlFlag(ControlFlag.OPTIONAL);
+ child = entry;
+ if( trace )
+ log.trace("newChild.AuthorizationInfo, policy-module code: "+code);
+ }
+
+ return child;
+ }
+
+ public Object newChild(AuthorizationModuleEntry entry, UnmarshallingContext navigator,
+ String namespaceUri, String localName, Attributes attrs)
+ {
+ Object child = null;
+ if( trace )
+ log.trace("newChild.AppConfigurationEntryHolder, localName: "+localName);
+ if("module-option".equals(localName))
+ {
+ String name = attrs.getValue("name");
+ child = new ModuleOption(name);
+ if( trace )
+ log.trace("newChild.AuthModuleEntry, module-option name: "+name);
+ }
+
+ return child;
+ }
+
+ public void addChild(ApplicationPolicy aPolicy, AuthorizationInfo authInfo,
+ UnmarshallingContext navigator, String namespaceURI, String localName)
+ {
+ aPolicy.setAuthorizationInfo(authInfo);
+ if(trace)
+ log.trace("addChild.ApplicationPolicy, name: " + aPolicy.getName());
+ }
+
+ public void addChild(AuthorizationInfo authInfo, AuthorizationConfigEntryHolder entryInfo,
+ UnmarshallingContext navigator, String namespaceURI, String localName)
+ {
+ AuthorizationModuleEntry entry = entryInfo.getEntry();
+ authInfo.add(entry);
+ if( trace )
+ log.trace("addChild.AuthorizationInfo, name: "+entry.getPolicyModuleName());
+ }
+
+ public void addChild(AuthorizationConfigEntryHolder entryInfo, ModuleOption option,
+ UnmarshallingContext navigator, String namespaceURI, String localName)
+ {
+ entryInfo.addOption(option);
+ if( trace )
+ log.trace("addChild.AuthorizationConfigEntryHolder, name: "+option.getName());
+ }
+
+ public void addChild(AuthorizationInfo authInfo, AuthorizationModuleEntry entry ,
+ UnmarshallingContext navigator, String namespaceURI, String localName)
+ {
+ authInfo.add(entry);
+ }
+
+ public void addChild(AuthorizationModuleEntry entry , ModuleOption option,
+ UnmarshallingContext navigator, String namespaceURI, String localName)
+ {
+ entry.add(option);
+ if( trace )
+ log.trace("addChild.AuthorizationModuleEntry, name: "+option.getName());
+ }
+
+ //RoleMapping
+ public Object newChild(MappingInfo info, UnmarshallingContext navigator,
+ String namespaceUri, String localName, Attributes attrs)
+ {
+ Object child = null;
+ if( trace )
+ log.trace("newChild.RoleMappingInfo, localName: "+localName);
+ if("mapping-module".equals(localName))
+ {
+ String code = attrs.getValue("code");
+ code = StringPropertyReplacer.replaceProperties(code.trim());
+ MappingModuleEntry entry = new MappingModuleEntry(code);
+ child = entry;
+ if( trace )
+ log.trace("newChild.RoleMappingInfo, mapping-module code: "+code);
+ }
+
+ return child;
+ }
+
+ public Object newChild(MappingModuleEntry entry,
+ UnmarshallingContext navigator,
+ String namespaceUri, String localName, Attributes attrs)
+ {
+ Object child = null;
+ if( trace )
+ log.trace("newChild.MappingModuleEntry, localName: "+localName);
+ if("module-option".equals(localName))
+ {
+ String name = attrs.getValue("name");
+ child = new ModuleOption(name);
+ if( trace )
+ log.trace("newChild.MappingModuleEntry, module-option name: "+name);
+ }
+
+ return child;
+ }
+
+ public void addChild(ApplicationPolicy aPolicy, MappingInfo authInfo,
+ UnmarshallingContext navigator, String namespaceURI, String localName)
+ {
+ aPolicy.setRoleMappingInfo(authInfo);
+ if(trace)
+ log.trace("addChild.ApplicationPolicy, name: " + aPolicy.getName());
+ }
+
+ public void addChild(MappingModuleEntry entry , ModuleOption option,
+ UnmarshallingContext navigator, String namespaceURI, String localName)
+ {
+ entry.add(option);
+ if( trace )
+ log.trace("addChild.MappingModuleEntry, name: "+option.getName());
+ }
+
+ public void addChild(MappingInfo authInfo, MappingModuleEntry entry ,
+ UnmarshallingContext navigator, String namespaceURI, String localName)
+ {
+ authInfo.add(entry);
+ }
+
+ //Audit Info
+ public Object newChild(AuditInfo info, UnmarshallingContext navigator,
+ String namespaceUri, String localName, Attributes attrs)
+ {
+ Object child = null;
+ if( trace )
+ log.trace("newChild.AuditInfo, localName: "+localName);
+ if("provider-module".equals(localName))
+ {
+ String code = attrs.getValue("code");
+ code = StringPropertyReplacer.replaceProperties(code.trim());
+ AuditProviderEntry entry = new AuditProviderEntry(code);
+ child = entry;
+ if( trace )
+ log.trace("newChild.AuditInfo, provider-module code: "+code);
+ }
+
+ return child;
+ }
+
+ public Object newChild(AuditProviderEntry entry,
+ UnmarshallingContext navigator,
+ String namespaceUri, String localName, Attributes attrs)
+ {
+ Object child = null;
+ if( trace )
+ log.trace("newChild.AuditProviderEntry, localName: "+localName);
+ if("module-option".equals(localName))
+ {
+ String name = attrs.getValue("name");
+ child = new ModuleOption(name);
+ if( trace )
+ log.trace("newChild.AuditProviderEntry, module-option name: "+name);
+ }
+
+ return child;
+ }
+
+ public void addChild(ApplicationPolicy aPolicy, AuditInfo auditInfo,
+ UnmarshallingContext navigator, String namespaceURI, String localName)
+ {
+ aPolicy.setAuditInfo(auditInfo) ;
+ if(trace)
+ log.trace("addChild.ApplicationPolicy, name: " + aPolicy.getName());
+ }
+
+ public void addChild(AuditProviderEntry entry , ModuleOption option,
+ UnmarshallingContext navigator, String namespaceURI, String localName)
+ {
+ entry.add(option);
+ if( trace )
+ log.trace("addChild.MappingModuleEntry, name: "+option.getName());
+ }
+
+ public void addChild(AuditInfo auditInfo, AuditProviderEntry entry ,
+ UnmarshallingContext navigator, String namespaceURI, String localName)
+ {
+ auditInfo.add(entry);
+ }
+
+ //Identity Trust
+ public Object newChild(IdentityTrustInfo info, UnmarshallingContext navigator,
+ String namespaceUri, String localName, Attributes attrs)
+ {
+ Object child = null;
+ if( trace )
+ log.trace("newChild.IdentityTrustInfo, localName: "+localName);
+ if("trust-module".equals(localName))
+ {
+ String code = attrs.getValue("code");
+ code = StringPropertyReplacer.replaceProperties(code.trim());
+
+ String flag = attrs.getValue("flag");
+ if(flag != null)
+ flag = StringPropertyReplacer.replaceProperties(flag.trim());
+ if(flag == null)
+ flag = "REQUIRED";
+ else
+ flag = flag.toUpperCase();
+ IdentityTrustModuleEntry entry = new IdentityTrustModuleEntry(code);
+ if("REQUIRED".equals(flag))
+ entry.setControlFlag(ControlFlag.REQUIRED);
+ else
+ if("REQUISITE".equals(flag))
+ entry.setControlFlag(ControlFlag.REQUISITE);
+ else
+ if("SUFFICIENT".equals(flag))
+ entry.setControlFlag(ControlFlag.SUFFICIENT);
+ else
+ entry.setControlFlag(ControlFlag.OPTIONAL);
+
+ child = entry;
+ if( trace )
+ log.trace("newChild.IdentityTrustInfo, trust-module code: "+code);
+ }
+
+ return child;
+ }
+
+ public Object newChild(IdentityTrustModuleEntry entry,
+ UnmarshallingContext navigator,
+ String namespaceUri, String localName, Attributes attrs)
+ {
+ Object child = null;
+ if( trace )
+ log.trace("newChild.trustProviderEntry, localName: "+localName);
+ if("module-option".equals(localName))
+ {
+ String name = attrs.getValue("name");
+ child = new ModuleOption(name);
+ if( trace )
+ log.trace("newChild.trustProviderEntry, module-option name: "+name);
+ }
+
+ return child;
+ }
+
+ public void addChild(ApplicationPolicy aPolicy, IdentityTrustInfo auditInfo,
+ UnmarshallingContext navigator, String namespaceURI, String localName)
+ {
+ aPolicy.setIdentityTrustInfo(auditInfo) ;
+ if(trace)
+ log.trace("addChild.ApplicationPolicy, name: " + aPolicy.getName());
+ }
+
+ public void addChild(IdentityTrustModuleEntry entry , ModuleOption option,
+ UnmarshallingContext navigator, String namespaceURI, String localName)
+ {
+ entry.add(option);
+ if( trace )
+ log.trace("addChild.MappingModuleEntry, name: "+option.getName());
+ }
+
+ public void addChild(IdentityTrustInfo auditInfo, IdentityTrustModuleEntry entry ,
+ UnmarshallingContext navigator, String namespaceURI, String localName)
+ {
+ auditInfo.add(entry);
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractAuthorizationModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractAuthorizationModule.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractAuthorizationModule.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,187 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authorization.modules;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.StringTokenizer;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.AuthorizationException;
-import org.jboss.security.authorization.AuthorizationModule;
-import org.jboss.security.authorization.Resource;
-import org.jboss.security.authorization.ResourceType;
-import org.jboss.security.identity.Role;
-import org.jboss.security.identity.RoleGroup;
-
-//$Id$
-
-/**
- * Abstraction of Authorization Module
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jun 14, 2006
- * @version $Revision$
- */
-public abstract class AbstractAuthorizationModule implements AuthorizationModule
-{
- protected Subject subject = null;
- protected CallbackHandler handler = null;
- protected Map<String,Object> sharedState = null;
- protected Map<String,Object> options = null;
-
- protected RoleGroup role = null;
-
- protected Logger log = null;
-
- /** Map of delegates for the various layers */
- protected Map<ResourceType,String> delegateMap = new HashMap<ResourceType,String>();
-
- /**
- * @see AuthorizationModule#authorize(Resource)
- */
- public abstract int authorize(Resource resource);
-
- /**
- * @see AuthorizationModule#abort()
- */
- public boolean abort() throws AuthorizationException
- {
- return true;
- }
-
- /**
- * @see AuthorizationModule#commit()
- */
- public boolean commit() throws AuthorizationException
- {
- return true;
- }
-
- /**
- * @see AuthorizationModule#destroy()
- */
- public boolean destroy()
- {
- subject = null;
- handler = null;
- sharedState = null;
- options = null;
- return true;
- }
-
- /**
- * @see AuthorizationModule#initialize(Subject, CallbackHandler, Map, Map, Role)
- */
- public void initialize(Subject subject, CallbackHandler handler, Map<String,Object> sharedState,
- Map<String,Object> options, RoleGroup subjectRole)
- {
- this.subject = subject;
- this.handler = handler;
- this.sharedState = sharedState;
- this.options = options;
- //Check if there is a delegate map via options
- if(options != null)
- {
- String commaSeparatedDelegates = (String)options.get("delegateMap");
- if(commaSeparatedDelegates != null && commaSeparatedDelegates.length() > 0)
- populateDelegateMap(commaSeparatedDelegates);
- }
- this.role = subjectRole;
- }
-
- /**
- * Override to print more details
- */
- public String toString()
- {
- StringBuffer buf = new StringBuffer("Name="+getClass().getName());
- buf.append(":subject="+subject);
- buf.append(":role="+this.role);
- return buf.toString();
- }
-
- //PROTECTED METHODS
- /**
- * Subclasses can use this method to leave the authorization
- * decision to the delegate configured
- */
- protected int invokeDelegate(Resource resource)
- {
- int authorizationDecision = AuthorizationContext.DENY;
-
- ResourceType layer = resource.getLayer();
- String delegateStr = (String)delegateMap.get(layer);
- if(delegateStr == null)
- throw new IllegalStateException("Delegate is missing for layer="+layer);
- AuthorizationModuleDelegate delegate = null;
- try
- {
- delegate = getDelegate(delegateStr);
- authorizationDecision = delegate.authorize(resource,this.subject, this.role);
- }
- catch(Exception e)
- {
- log.debug("Error with delegate:",e);
- IllegalStateException ise = new IllegalStateException(e.getLocalizedMessage());
- ise.initCause(e);
- throw ise;
- }
- return authorizationDecision;
- }
-
- /**
- * Load the delegate
- * @param delegateStr FQN of the delegate
- * @return Delegate Instance
- * @throws Exception
- */
- protected AuthorizationModuleDelegate getDelegate(String delegateStr)
- throws Exception
- {
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- Class<?> clazz = tcl.loadClass(delegateStr);
- return (AuthorizationModuleDelegate)clazz.newInstance();
- }
-
- /**
- * Options may have a comma separated delegate map
- * @param commaSeparatedDelegates
- */
- protected void populateDelegateMap(String commaSeparatedDelegates)
- {
- StringTokenizer st = new StringTokenizer(commaSeparatedDelegates,",");
- while(st.hasMoreTokens())
- {
- String keyPair = st.nextToken();
- StringTokenizer keyst = new StringTokenizer(keyPair,"=");
- if(keyst.countTokens() != 2)
- throw new IllegalStateException("DelegateMap entry invalid:"+keyPair);
- String key = keyst.nextToken();
- String value = keyst.nextToken();
- this.delegateMap.put(ResourceType.valueOf(key),value);
- }
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractAuthorizationModule.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractAuthorizationModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractAuthorizationModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractAuthorizationModule.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,187 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization.modules;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.StringTokenizer;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.AuthorizationException;
+import org.jboss.security.authorization.AuthorizationModule;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceType;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
+
+//$Id$
+
+/**
+ * Abstraction of Authorization Module
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jun 14, 2006
+ * @version $Revision$
+ */
+public abstract class AbstractAuthorizationModule implements AuthorizationModule
+{
+ protected Subject subject = null;
+ protected CallbackHandler handler = null;
+ protected Map<String,Object> sharedState = null;
+ protected Map<String,Object> options = null;
+
+ protected RoleGroup role = null;
+
+ protected Logger log = null;
+
+ /** Map of delegates for the various layers */
+ protected Map<ResourceType,String> delegateMap = new HashMap<ResourceType,String>();
+
+ /**
+ * @see AuthorizationModule#authorize(Resource)
+ */
+ public abstract int authorize(Resource resource);
+
+ /**
+ * @see AuthorizationModule#abort()
+ */
+ public boolean abort() throws AuthorizationException
+ {
+ return true;
+ }
+
+ /**
+ * @see AuthorizationModule#commit()
+ */
+ public boolean commit() throws AuthorizationException
+ {
+ return true;
+ }
+
+ /**
+ * @see AuthorizationModule#destroy()
+ */
+ public boolean destroy()
+ {
+ subject = null;
+ handler = null;
+ sharedState = null;
+ options = null;
+ return true;
+ }
+
+ /**
+ * @see AuthorizationModule#initialize(Subject, CallbackHandler, Map, Map, Role)
+ */
+ public void initialize(Subject subject, CallbackHandler handler, Map<String,Object> sharedState,
+ Map<String,Object> options, RoleGroup subjectRole)
+ {
+ this.subject = subject;
+ this.handler = handler;
+ this.sharedState = sharedState;
+ this.options = options;
+ //Check if there is a delegate map via options
+ if(options != null)
+ {
+ String commaSeparatedDelegates = (String)options.get("delegateMap");
+ if(commaSeparatedDelegates != null && commaSeparatedDelegates.length() > 0)
+ populateDelegateMap(commaSeparatedDelegates);
+ }
+ this.role = subjectRole;
+ }
+
+ /**
+ * Override to print more details
+ */
+ public String toString()
+ {
+ StringBuffer buf = new StringBuffer("Name="+getClass().getName());
+ buf.append(":subject="+subject);
+ buf.append(":role="+this.role);
+ return buf.toString();
+ }
+
+ //PROTECTED METHODS
+ /**
+ * Subclasses can use this method to leave the authorization
+ * decision to the delegate configured
+ */
+ protected int invokeDelegate(Resource resource)
+ {
+ int authorizationDecision = AuthorizationContext.DENY;
+
+ ResourceType layer = resource.getLayer();
+ String delegateStr = (String)delegateMap.get(layer);
+ if(delegateStr == null)
+ throw new IllegalStateException("Delegate is missing for layer="+layer);
+ AuthorizationModuleDelegate delegate = null;
+ try
+ {
+ delegate = getDelegate(delegateStr);
+ authorizationDecision = delegate.authorize(resource,this.subject, this.role);
+ }
+ catch(Exception e)
+ {
+ log.debug("Error with delegate:",e);
+ IllegalStateException ise = new IllegalStateException(e.getLocalizedMessage());
+ ise.initCause(e);
+ throw ise;
+ }
+ return authorizationDecision;
+ }
+
+ /**
+ * Load the delegate
+ * @param delegateStr FQN of the delegate
+ * @return Delegate Instance
+ * @throws Exception
+ */
+ protected AuthorizationModuleDelegate getDelegate(String delegateStr)
+ throws Exception
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ Class<?> clazz = tcl.loadClass(delegateStr);
+ return (AuthorizationModuleDelegate)clazz.newInstance();
+ }
+
+ /**
+ * Options may have a comma separated delegate map
+ * @param commaSeparatedDelegates
+ */
+ protected void populateDelegateMap(String commaSeparatedDelegates)
+ {
+ StringTokenizer st = new StringTokenizer(commaSeparatedDelegates,",");
+ while(st.hasMoreTokens())
+ {
+ String keyPair = st.nextToken();
+ StringTokenizer keyst = new StringTokenizer(keyPair,"=");
+ if(keyst.countTokens() != 2)
+ throw new IllegalStateException("DelegateMap entry invalid:"+keyPair);
+ String key = keyst.nextToken();
+ String value = keyst.nextToken();
+ this.delegateMap.put(ResourceType.valueOf(key),value);
+ }
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/XACMLAuthorizationModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/XACMLAuthorizationModule.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/XACMLAuthorizationModule.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,55 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authorization.modules;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.authorization.AuthorizationModule;
-import org.jboss.security.authorization.Resource;
-import org.jboss.security.authorization.ResourceType;
-
-//$Id$
-
-/**
- * Authorization Module that utilizes XACML
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jun 11, 2006
- * @version $Revision$
- */
-public class XACMLAuthorizationModule extends AbstractAuthorizationModule
-{
- public XACMLAuthorizationModule()
- {
- log = Logger.getLogger(getClass());
- delegateMap.put(ResourceType.WEB,
- "org.jboss.security.authorization.modules.web.WebXACMLPolicyModuleDelegate");
- delegateMap.put(ResourceType.EJB,
- "org.jboss.security.authorization.modules.ejb.EJBXACMLPolicyModuleDelegate");
- }
-
- /**
- * @see AuthorizationModule#authorize(Resource)
- */
- public int authorize(Resource resource)
- {
- return this.invokeDelegate(resource);
- }
- }
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/XACMLAuthorizationModule.java (from rev 72325, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/XACMLAuthorizationModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/XACMLAuthorizationModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/XACMLAuthorizationModule.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,55 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization.modules;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.authorization.AuthorizationModule;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceType;
+import org.jboss.security.authorization.modules.ejb.EJBXACMLPolicyModuleDelegate;
+import org.jboss.security.authorization.modules.web.WebXACMLPolicyModuleDelegate;
+
+//$Id$
+
+/**
+ * Authorization Module that utilizes XACML
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jun 11, 2006
+ * @version $Revision$
+ */
+public class XACMLAuthorizationModule extends AbstractAuthorizationModule
+{
+ public XACMLAuthorizationModule()
+ {
+ log = Logger.getLogger(getClass());
+ delegateMap.put(ResourceType.WEB, WebXACMLPolicyModuleDelegate.class.getName());
+ delegateMap.put(ResourceType.EJB, EJBXACMLPolicyModuleDelegate.class.getName());
+ }
+
+ /**
+ * @see AuthorizationModule#authorize(Resource)
+ */
+ public int authorize(Resource resource)
+ {
+ return this.invokeDelegate(resource);
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,294 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authorization.modules.ejb;
-
-import java.lang.reflect.Method;
-import java.security.Principal;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.AnybodyPrincipal;
-import org.jboss.security.RunAs;
-import org.jboss.security.RunAsIdentity;
-import org.jboss.security.SecurityRoleRef;
-import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.PolicyRegistration;
-import org.jboss.security.authorization.Resource;
-import org.jboss.security.authorization.ResourceKeys;
-import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
-import org.jboss.security.authorization.resources.EJBResource;
-import org.jboss.security.identity.Role;
-import org.jboss.security.identity.RoleGroup;
-import org.jboss.security.identity.plugins.SimpleRole;
-import org.jboss.security.identity.plugins.SimpleRoleGroup;
-
-
-//$Id$
-
-/**
- * Authorization Module delegate that deals with the authorization decisions
- * for the EJB Layer (Default Behavior)
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jul 6, 2006
- * @version $Revision$
- */
-public class EJBPolicyModuleDelegate extends AuthorizationModuleDelegate
-{
- private String ejbName = null;
- private Method ejbMethod = null;
- private Principal ejbPrincipal = null;
- //private Set<Principal> methodRoles = null;
- private RoleGroup methodRoles = null;
- private String methodInterface = null;
- private RunAs callerRunAs = null;
- private String roleName = null;
- private Boolean roleRefCheck = Boolean.FALSE;
- private Set<SecurityRoleRef> securityRoleReferences = null;
-
- private final Role ANYBODY_ROLE = new SimpleRole(AnybodyPrincipal.ANYBODY);
-
- public EJBPolicyModuleDelegate()
- {
- log = Logger.getLogger(getClass());
- trace = log.isTraceEnabled();
- }
-
- /**
- * @see AuthorizationModuleDelegate#authorize(Resource)
- */
- public int authorize(Resource resource, Subject callerSubject, RoleGroup role)
- {
- if(resource instanceof EJBResource == false)
- throw new IllegalArgumentException("resource is not an EJBResource");
-
- EJBResource ejbResource = (EJBResource) resource;
-
- //Get the context map
- Map<String,Object> map = resource.getMap();
- if(map == null)
- throw new IllegalStateException("Map from the Resource is null");
-
- /*AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
- if(am == null)
- throw new IllegalStateException("Authorization Manager is null");
- if(am instanceof PolicyRegistration)
- this.policyRegistration = (PolicyRegistration) am; */
-
- this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
-
- this.roleName = (String)map.get(ResourceKeys.ROLENAME);
- this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK);
-
- this.callerRunAs = ejbResource.getCallerRunAsIdentity();
- this.ejbMethod = ejbResource.getEjbMethod();
- this.ejbName = ejbResource.getEjbName();
- this.ejbPrincipal = ejbResource.getPrincipal();
- this.methodInterface = ejbResource.getEjbMethodInterface();
- this.methodRoles = ejbResource.getEjbMethodRoles();
- this.securityRoleReferences = ejbResource.getSecurityRoleReferences();
-
- if(this.roleRefCheck == Boolean.TRUE)
- return checkRoleRef(role);
- else
- return process(role);
- }
-
- //Private Methods
- /**
- * Process the request
- * @param request
- * @param sc
- * @return
- */
- private int process(RoleGroup principalRole)
- {
- boolean allowed = true;
-
- //Get the method permissions
- if (methodRoles == null)
- {
- if(this.ejbMethod == null)
- throw new IllegalStateException("ejbMethod is null");
- String method = this.ejbMethod.getName();
- String msg = "No method permissions assigned to method=" + method
- + ", interface=" + methodInterface;
- if(trace)
- log.trace("Exception:"+msg);
-
- return AuthorizationContext.DENY;
- }
- else if (trace)
- {
- log.trace("method=" + this.ejbMethod + ", interface=" + this.methodInterface
- + ", requiredRoles=" + methodRoles);
- }
-
- // Check if the caller is allowed to access the method
- if(methodRoles.containsAll(ANYBODY_ROLE) == false)
- //if (methodRoles.contains(AnybodyPrincipal.ANYBODY_PRINCIPAL) == false)
- {
- // The caller is using a the caller identity
- if (callerRunAs == null)
- {
- //AuthorizationManager am = (AuthorizationManager)policyRegistration;
-
- // Now actually check if the current caller has one of the required method roles
- if(principalRole == null)
- throw new IllegalStateException("Principal Role is null");
- if(methodRoles.containsAtleastOneRole(principalRole) == false)
- {
- if(this.ejbMethod == null)
- throw new IllegalStateException("ejbMethod is null");
-
- //Set<Principal> userRoles = am.getUserRoles(ejbPrincipal);
- String method = this.ejbMethod.getName();
- String msg = "Insufficient method permissions, principal=" + ejbPrincipal
- + ", ejbName=" + this.ejbName
- + ", method=" + method + ", interface=" + this.methodInterface
- + ", requiredRoles=" + methodRoles + ", principalRoles=" + principalRole;
- if(trace)
- log.trace("Exception:"+msg);
- allowed = false;
- }
-
- /*// Now actually check if the current caller has one of the required method roles
- if (am.doesUserHaveRole(ejbPrincipal, methodRoles) == false)
- {
- if(this.ejbMethod == null)
- throw new IllegalStateException("ejbMethod is null");
-
- Set<Principal> userRoles = am.getUserRoles(ejbPrincipal);
- String method = this.ejbMethod.getName();
- String msg = "Insufficient method permissions, principal=" + ejbPrincipal
- + ", ejbName=" + this.ejbName
- + ", method=" + method + ", interface=" + this.methodInterface
- + ", requiredRoles=" + methodRoles + ", principalRoles=" + userRoles;
- if(trace)
- log.trace("Exception:"+msg);
- allowed = false;
- }*/
- }
-
- // The caller is using a run-as identity
- else
- {
- if(callerRunAs instanceof RunAsIdentity)
- {
- RunAsIdentity callerRunAsIdentity = (RunAsIdentity) callerRunAs;
- RoleGroup srg = new SimpleRoleGroup(callerRunAsIdentity.getRunAsRoles());
-
- // Check that the run-as role is in the set of method roles
- if(srg.containsAtleastOneRole(methodRoles) == false)
- {
- String method = this.ejbMethod.getName();
- String msg = "Insufficient method permissions, principal=" + ejbPrincipal
- + ", ejbName=" + this.ejbName
- + ", method=" + method + ", interface=" + this.methodInterface
- + ", requiredRoles=" + methodRoles + ", runAsRoles="
- + callerRunAsIdentity.getRunAsRoles();
- if(trace)
- log.trace("Exception:"+msg);
- allowed = false;
- }
-
- /*// Check that the run-as role is in the set of method roles
- if (callerRunAsIdentity.doesUserHaveRole(methodRoles) == false)
- {
- String method = this.ejbMethod.getName();
- String msg = "Insufficient method permissions, principal=" + ejbPrincipal
- + ", ejbName=" + this.ejbName
- + ", method=" + method + ", interface=" + this.methodInterface
- + ", requiredRoles=" + methodRoles + ", runAsRoles="
- + callerRunAsIdentity.getRunAsRoles();
- if(trace)
- log.trace("Exception:"+msg);
- allowed = false;
- }*/
- }
-
- }
- }
- return allowed ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
- }
-
- private int checkRoleRef(RoleGroup principalRole)
- {
- //AuthorizationManager am = (AuthorizationManager)policyRegistration;
- //Check the caller of this beans run-as identity
- if (ejbPrincipal == null && callerRunAs == null)
- {
- if(trace)
- log.trace("ejbPrincipal = null,callerRunAsIdentity = null => DENY" );
- return AuthorizationContext.DENY;
- }
-
- // Map the role name used by Bean Provider to the security role
- // link in the deployment descriptor. The EJB 1.1 spec requires
- // the security role refs in the descriptor but for backward
- // compability we're not enforcing this requirement.
- //
- // TODO (2.3): add a conditional check using jboss.xml <enforce-ejb-restrictions> element
- // which will throw an exception in case no matching
- // security ref is found.
- boolean matchFound = false;
- Iterator<SecurityRoleRef> it = this.securityRoleReferences.iterator();
- while ( it.hasNext())
- {
- SecurityRoleRef meta = it.next();
- if (meta.getName().equals(roleName))
- {
- roleName = meta.getLink();
- matchFound = true;
- break;
- }
- }
-
- if (!matchFound)
- log.trace("no match found for security role " + roleName +
- " in the deployment descriptor for ejb " + this.ejbName);
-
- /*HashSet<Principal> set = new HashSet<Principal>();
- set.add(new SimplePrincipal(roleName));*/
-
- Role deploymentrole = new SimpleRole(roleName);
-
- boolean allowed = false;
- if (callerRunAs == null)
- allowed = principalRole.containsRole(deploymentrole);
- //allowed = am.doesUserHaveRole(ejbPrincipal, set);
- else
- {
- if(callerRunAs instanceof RunAsIdentity)
- {
- RunAsIdentity callerRunAsIdentity = (RunAsIdentity) callerRunAs;
- SimpleRoleGroup srg = new SimpleRoleGroup(callerRunAsIdentity.getRunAsRoles());
- allowed = srg.containsRole(deploymentrole);
- //allowed = callerRunAsIdentity.doesUserHaveRole(set);
- }
- }
- return allowed ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,294 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization.modules.ejb;
+
+import java.lang.reflect.Method;
+import java.security.Principal;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.AnybodyPrincipal;
+import org.jboss.security.RunAs;
+import org.jboss.security.RunAsIdentity;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.PolicyRegistration;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceKeys;
+import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
+import org.jboss.security.authorization.resources.EJBResource;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
+import org.jboss.security.javaee.SecurityRoleRef;
+
+
+//$Id$
+
+/**
+ * Authorization Module delegate that deals with the authorization decisions
+ * for the EJB Layer (Default Behavior)
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jul 6, 2006
+ * @version $Revision$
+ */
+public class EJBPolicyModuleDelegate extends AuthorizationModuleDelegate
+{
+ private String ejbName = null;
+ private Method ejbMethod = null;
+ private Principal ejbPrincipal = null;
+ //private Set<Principal> methodRoles = null;
+ private RoleGroup methodRoles = null;
+ private String methodInterface = null;
+ private RunAs callerRunAs = null;
+ private String roleName = null;
+ private Boolean roleRefCheck = Boolean.FALSE;
+ private Set<SecurityRoleRef> securityRoleReferences = null;
+
+ private final Role ANYBODY_ROLE = new SimpleRole(AnybodyPrincipal.ANYBODY);
+
+ public EJBPolicyModuleDelegate()
+ {
+ log = Logger.getLogger(getClass());
+ trace = log.isTraceEnabled();
+ }
+
+ /**
+ * @see AuthorizationModuleDelegate#authorize(Resource)
+ */
+ public int authorize(Resource resource, Subject callerSubject, RoleGroup role)
+ {
+ if(resource instanceof EJBResource == false)
+ throw new IllegalArgumentException("resource is not an EJBResource");
+
+ EJBResource ejbResource = (EJBResource) resource;
+
+ //Get the context map
+ Map<String,Object> map = resource.getMap();
+ if(map == null)
+ throw new IllegalStateException("Map from the Resource is null");
+
+ /*AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
+ if(am == null)
+ throw new IllegalStateException("Authorization Manager is null");
+ if(am instanceof PolicyRegistration)
+ this.policyRegistration = (PolicyRegistration) am; */
+
+ this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
+
+ this.roleName = (String)map.get(ResourceKeys.ROLENAME);
+ this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK);
+
+ this.callerRunAs = ejbResource.getCallerRunAsIdentity();
+ this.ejbMethod = ejbResource.getEjbMethod();
+ this.ejbName = ejbResource.getEjbName();
+ this.ejbPrincipal = ejbResource.getPrincipal();
+ this.methodInterface = ejbResource.getEjbMethodInterface();
+ this.methodRoles = ejbResource.getEjbMethodRoles();
+ this.securityRoleReferences = ejbResource.getSecurityRoleReferences();
+
+ if(this.roleRefCheck == Boolean.TRUE)
+ return checkRoleRef(role);
+ else
+ return process(role);
+ }
+
+ //Private Methods
+ /**
+ * Process the request
+ * @param request
+ * @param sc
+ * @return
+ */
+ private int process(RoleGroup principalRole)
+ {
+ boolean allowed = true;
+
+ //Get the method permissions
+ if (methodRoles == null)
+ {
+ if(this.ejbMethod == null)
+ throw new IllegalStateException("ejbMethod is null");
+ String method = this.ejbMethod.getName();
+ String msg = "No method permissions assigned to method=" + method
+ + ", interface=" + methodInterface;
+ if(trace)
+ log.trace("Exception:"+msg);
+
+ return AuthorizationContext.DENY;
+ }
+ else if (trace)
+ {
+ log.trace("method=" + this.ejbMethod + ", interface=" + this.methodInterface
+ + ", requiredRoles=" + methodRoles);
+ }
+
+ // Check if the caller is allowed to access the method
+ if(methodRoles.containsAll(ANYBODY_ROLE) == false)
+ //if (methodRoles.contains(AnybodyPrincipal.ANYBODY_PRINCIPAL) == false)
+ {
+ // The caller is using a the caller identity
+ if (callerRunAs == null)
+ {
+ //AuthorizationManager am = (AuthorizationManager)policyRegistration;
+
+ // Now actually check if the current caller has one of the required method roles
+ if(principalRole == null)
+ throw new IllegalStateException("Principal Role is null");
+ if(methodRoles.containsAtleastOneRole(principalRole) == false)
+ {
+ if(this.ejbMethod == null)
+ throw new IllegalStateException("ejbMethod is null");
+
+ //Set<Principal> userRoles = am.getUserRoles(ejbPrincipal);
+ String method = this.ejbMethod.getName();
+ String msg = "Insufficient method permissions, principal=" + ejbPrincipal
+ + ", ejbName=" + this.ejbName
+ + ", method=" + method + ", interface=" + this.methodInterface
+ + ", requiredRoles=" + methodRoles + ", principalRoles=" + principalRole;
+ if(trace)
+ log.trace("Exception:"+msg);
+ allowed = false;
+ }
+
+ /*// Now actually check if the current caller has one of the required method roles
+ if (am.doesUserHaveRole(ejbPrincipal, methodRoles) == false)
+ {
+ if(this.ejbMethod == null)
+ throw new IllegalStateException("ejbMethod is null");
+
+ Set<Principal> userRoles = am.getUserRoles(ejbPrincipal);
+ String method = this.ejbMethod.getName();
+ String msg = "Insufficient method permissions, principal=" + ejbPrincipal
+ + ", ejbName=" + this.ejbName
+ + ", method=" + method + ", interface=" + this.methodInterface
+ + ", requiredRoles=" + methodRoles + ", principalRoles=" + userRoles;
+ if(trace)
+ log.trace("Exception:"+msg);
+ allowed = false;
+ }*/
+ }
+
+ // The caller is using a run-as identity
+ else
+ {
+ if(callerRunAs instanceof RunAsIdentity)
+ {
+ RunAsIdentity callerRunAsIdentity = (RunAsIdentity) callerRunAs;
+ RoleGroup srg = new SimpleRoleGroup(callerRunAsIdentity.getRunAsRoles());
+
+ // Check that the run-as role is in the set of method roles
+ if(srg.containsAtleastOneRole(methodRoles) == false)
+ {
+ String method = this.ejbMethod.getName();
+ String msg = "Insufficient method permissions, principal=" + ejbPrincipal
+ + ", ejbName=" + this.ejbName
+ + ", method=" + method + ", interface=" + this.methodInterface
+ + ", requiredRoles=" + methodRoles + ", runAsRoles="
+ + callerRunAsIdentity.getRunAsRoles();
+ if(trace)
+ log.trace("Exception:"+msg);
+ allowed = false;
+ }
+
+ /*// Check that the run-as role is in the set of method roles
+ if (callerRunAsIdentity.doesUserHaveRole(methodRoles) == false)
+ {
+ String method = this.ejbMethod.getName();
+ String msg = "Insufficient method permissions, principal=" + ejbPrincipal
+ + ", ejbName=" + this.ejbName
+ + ", method=" + method + ", interface=" + this.methodInterface
+ + ", requiredRoles=" + methodRoles + ", runAsRoles="
+ + callerRunAsIdentity.getRunAsRoles();
+ if(trace)
+ log.trace("Exception:"+msg);
+ allowed = false;
+ }*/
+ }
+
+ }
+ }
+ return allowed ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
+ }
+
+ private int checkRoleRef(RoleGroup principalRole)
+ {
+ //AuthorizationManager am = (AuthorizationManager)policyRegistration;
+ //Check the caller of this beans run-as identity
+ if (ejbPrincipal == null && callerRunAs == null)
+ {
+ if(trace)
+ log.trace("ejbPrincipal = null,callerRunAsIdentity = null => DENY" );
+ return AuthorizationContext.DENY;
+ }
+
+ // Map the role name used by Bean Provider to the security role
+ // link in the deployment descriptor. The EJB 1.1 spec requires
+ // the security role refs in the descriptor but for backward
+ // compability we're not enforcing this requirement.
+ //
+ // TODO (2.3): add a conditional check using jboss.xml <enforce-ejb-restrictions> element
+ // which will throw an exception in case no matching
+ // security ref is found.
+ boolean matchFound = false;
+ Iterator<SecurityRoleRef> it = this.securityRoleReferences.iterator();
+ while ( it.hasNext())
+ {
+ SecurityRoleRef meta = it.next();
+ if (meta.getName().equals(roleName))
+ {
+ roleName = meta.getLink();
+ matchFound = true;
+ break;
+ }
+ }
+
+ if (!matchFound)
+ log.trace("no match found for security role " + roleName +
+ " in the deployment descriptor for ejb " + this.ejbName);
+
+ /*HashSet<Principal> set = new HashSet<Principal>();
+ set.add(new SimplePrincipal(roleName));*/
+
+ Role deploymentrole = new SimpleRole(roleName);
+
+ boolean allowed = false;
+ if (callerRunAs == null)
+ allowed = principalRole.containsRole(deploymentrole);
+ //allowed = am.doesUserHaveRole(ejbPrincipal, set);
+ else
+ {
+ if(callerRunAs instanceof RunAsIdentity)
+ {
+ RunAsIdentity callerRunAsIdentity = (RunAsIdentity) callerRunAs;
+ SimpleRoleGroup srg = new SimpleRoleGroup(callerRunAsIdentity.getRunAsRoles());
+ allowed = srg.containsRole(deploymentrole);
+ //allowed = callerRunAsIdentity.doesUserHaveRole(set);
+ }
+ }
+ return allowed ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,144 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authorization.modules.ejb;
-
-import java.lang.reflect.Method;
-import java.security.Principal;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.PolicyRegistration;
-import org.jboss.security.authorization.Resource;
-import org.jboss.security.authorization.ResourceKeys;
-import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
-import org.jboss.security.authorization.resources.EJBResource;
-import org.jboss.security.authorization.sunxacml.JBossXACMLUtil;
-import org.jboss.security.identity.RoleGroup;
-
-import com.sun.xacml.Policy;
-import com.sun.xacml.ctx.RequestCtx;
-
-//$Id$
-
-/**
- * Authorization Module Delegate that deals with the authorization decisions
- * for the EJB Layer
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jul 6, 2006
- * @version $Revision$
- */
-public class EJBXACMLPolicyModuleDelegate extends AuthorizationModuleDelegate
-{
- private String ejbName = null;
- private Method ejbMethod = null;
- private Principal principal = null;
- private String policyContextID = null;
-
- public EJBXACMLPolicyModuleDelegate()
- {
- log = Logger.getLogger(getClass());
- trace = log.isTraceEnabled();
- }
-
- /**
- * @see AuthorizationModuleDelegate#authorize(Resource)
- */
- public int authorize(Resource resource, Subject callerSubject, RoleGroup role)
- {
- if(resource instanceof EJBResource == false)
- throw new IllegalArgumentException("resource is not an EJBResource");
-
- EJBResource ejbResource = (EJBResource) resource;
-
- //Get the context map
- Map<String,Object> map = resource.getMap();
- if(map == null)
- throw new IllegalStateException("Map from the Resource is null");
-
- this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
- if(this.policyRegistration == null)
- throw new IllegalStateException("Policy Registration passed is null");
-
- this.ejbName = ejbResource.getEjbName();
- this.ejbMethod = ejbResource.getEjbMethod();
- this.principal = ejbResource.getPrincipal();
- this.policyContextID = ejbResource.getPolicyContextID();
- if(policyContextID == null)
- throw new IllegalStateException("Context ID is null");
-
- Boolean roleRefCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK));
- if(roleRefCheck)
- throw new IllegalStateException("SECURITY-50:Role Ref checks not implemented");
-
- return process(role);
- }
-
- //Private Methods
- /**
- * Process the web request
- * @param request
- * @param sc
- * @return
- */
- private int process(RoleGroup callerRoles)
- {
- int result = AuthorizationContext.DENY;
- EJBXACMLUtil util = new EJBXACMLUtil();
- try
- {
- RequestCtx requestCtx = util.createXACMLRequest(this.ejbName,
- this.ejbMethod.getName(),this.principal, callerRoles);
-
- Policy policy = (Policy)policyRegistration.getPolicy(policyContextID,
- PolicyRegistration.XACML, null);
- if(policy == null)
- {
- if(trace)
- log.trace("Policy obtained is null for contextID:"+policyContextID);
- throw new IllegalStateException("Missing xacml policy for contextid:"+policyContextID);
- }
- result = JBossXACMLUtil.checkXACMLAuthorization(requestCtx,policy);
- }
- catch(Exception e)
- {
- if(trace)
- log.trace("Exception in processing:",e);
- result = AuthorizationContext.DENY;
- }
- return result;
- }
-
- /**
- * Ensure that the bool is a valid value
- * @param bool
- * @return bool or Boolean.FALSE (when bool is null)
- */
- private Boolean checkBooleanValue(Boolean bool)
- {
- if(bool == null)
- return Boolean.FALSE;
- return bool;
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java (from rev 72326, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,144 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization.modules.ejb;
+
+import java.lang.reflect.Method;
+import java.security.Principal;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.PolicyRegistration;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceKeys;
+import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
+import org.jboss.security.authorization.resources.EJBResource;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.ResponseContext;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+
+
+//$Id$
+
+/**
+ * Authorization Module Delegate that deals with the authorization decisions
+ * for the EJB Layer
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jul 6, 2006
+ * @version $Revision$
+ */
+public class EJBXACMLPolicyModuleDelegate extends AuthorizationModuleDelegate
+{
+ private String ejbName = null;
+ private Method ejbMethod = null;
+ private Principal principal = null;
+ private String policyContextID = null;
+
+ public EJBXACMLPolicyModuleDelegate()
+ {
+ log = Logger.getLogger(getClass());
+ trace = log.isTraceEnabled();
+ }
+
+ /**
+ * @see AuthorizationModuleDelegate#authorize(Resource)
+ */
+ public int authorize(Resource resource, Subject callerSubject, RoleGroup role)
+ {
+ if(resource instanceof EJBResource == false)
+ throw new IllegalArgumentException("resource is not an EJBResource");
+
+ EJBResource ejbResource = (EJBResource) resource;
+
+ //Get the context map
+ Map<String,Object> map = resource.getMap();
+ if(map == null)
+ throw new IllegalStateException("Map from the Resource is null");
+
+ this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
+ if(this.policyRegistration == null)
+ throw new IllegalStateException("Policy Registration passed is null");
+
+ this.ejbName = ejbResource.getEjbName();
+ this.ejbMethod = ejbResource.getEjbMethod();
+ this.principal = ejbResource.getPrincipal();
+ this.policyContextID = ejbResource.getPolicyContextID();
+ if(policyContextID == null)
+ throw new IllegalStateException("Context ID is null");
+
+ Boolean roleRefCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK));
+ if(roleRefCheck)
+ throw new IllegalStateException("SECURITY-50:Role Ref checks not implemented");
+
+ return process(role);
+ }
+
+ //Private Methods
+ /**
+ * Process the web request
+ * @param request
+ * @param sc
+ * @return
+ */
+ @SuppressWarnings("unchecked")
+ private int process(RoleGroup callerRoles)
+ {
+ int result = AuthorizationContext.DENY;
+ EJBXACMLUtil util = new EJBXACMLUtil();
+ try
+ {
+ RequestContext requestCtx = util.createXACMLRequest(this.ejbName,
+ this.ejbMethod.getName(),this.principal, callerRoles);
+
+ PolicyDecisionPoint pdp = util.getPDP(policyRegistration, this.policyContextID);
+ if(pdp == null)
+ throw new IllegalStateException("PDP is null");
+
+ ResponseContext response = pdp.evaluate(requestCtx);
+ result = response.getDecision() == XACMLConstants.DECISION_PERMIT ?
+ AuthorizationContext.PERMIT : AuthorizationContext.DENY;
+ }
+ catch(Exception e)
+ {
+ if(trace)
+ log.trace("Exception in processing:",e);
+ result = AuthorizationContext.DENY;
+ }
+ return result;
+ }
+
+ /**
+ * Ensure that the bool is a valid value
+ * @param bool
+ * @return bool or Boolean.FALSE (when bool is null)
+ */
+ private Boolean checkBooleanValue(Boolean bool)
+ {
+ if(bool == null)
+ return Boolean.FALSE;
+ return bool;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,220 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authorization.modules.ejb;
-
-import java.io.ByteArrayOutputStream;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.authorization.XACMLConstants;
-import org.jboss.security.identity.Role;
-import org.jboss.security.identity.RoleGroup;
-import org.jboss.security.identity.RoleType;
-
-import com.sun.xacml.Indenter;
-import com.sun.xacml.attr.StringAttribute;
-import com.sun.xacml.attr.TimeAttribute;
-import com.sun.xacml.ctx.Attribute;
-import com.sun.xacml.ctx.RequestCtx;
-import com.sun.xacml.ctx.Subject;
-
-//$Id$
-
-/**
- * Utility class for the XACML Integration for the EJB Layer
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jul 6, 2006
- * @version $Revision$
- */
-public class EJBXACMLUtil
-{
- private static Logger log = Logger.getLogger(EJBXACMLUtil.class);
- private boolean trace = log.isTraceEnabled();
-
- public EJBXACMLUtil()
- {
- }
-
- public RequestCtx createXACMLRequest(String ejbName, String methodName,
- Principal principal, Set<Principal> roles) throws Exception
- {
- if(principal == null)
- throw new IllegalArgumentException("principal is null");
-
- String action = methodName;
-
- RequestCtx requestCtx = null;
- String username = principal.getName();
-
- //Create the subject set
- URI subjectAttrUri = new URI(XACMLConstants.SUBJECT_IDENTIFIER);
- Attribute subjectAttr = new Attribute(subjectAttrUri,null,null,
- new StringAttribute(username));
- Set<Attribute> subjectAttrSet = new HashSet<Attribute>();
- subjectAttrSet.add(subjectAttr);
- subjectAttrSet.addAll(getXACMLRoleSet(roles));
-
- Set<Subject> subjectSet = new HashSet<Subject>();
- subjectSet.add(new Subject(subjectAttrSet));
-
- //Create the resource set
- URI resourceUri = new URI(XACMLConstants.RESOURCE_IDENTIFIER);
- Attribute resourceAttr = new Attribute(resourceUri,null,null,
- new StringAttribute(ejbName));
- Set<Attribute> resourceSet = new HashSet<Attribute>();
- resourceSet.add(resourceAttr);
-
- //Create the action set
- Set<Attribute> actionSet = new HashSet<Attribute>();
- actionSet.add(new Attribute(new URI(XACMLConstants.ACTION_IDENTIFIER),
- null,null, new StringAttribute(action)));
-
-
- //TODO: Get hold of the invocation arguments and populate in the xacml request
-
- //Create the Environment set
- Set<Attribute> environSet = new HashSet<Attribute>();
- //Current time
- URI currentTimeUri = new URI(XACMLConstants.CURRENT_TIME_IDENTIFIER);
- Attribute currentTimeAttr = new Attribute(currentTimeUri,null,null,
- new TimeAttribute());
- environSet.add(currentTimeAttr);
-
- //Create the request context
- requestCtx = new RequestCtx(subjectSet,resourceSet,actionSet,environSet);
-
- if(trace)
- {
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- requestCtx.encode(baos, new Indenter());
- log.trace("XACML Request:"+baos.toString());
- baos.close();
- }
- return requestCtx;
- }
-
- public RequestCtx createXACMLRequest(String ejbName, String methodName,
- Principal principal, RoleGroup roles) throws Exception
- {
- if(principal == null)
- throw new IllegalArgumentException("principal is null");
- if(roles == null)
- throw new IllegalArgumentException("roles is null");
-
- String action = methodName;
-
- RequestCtx requestCtx = null;
- String username = principal.getName();
-
- //Create the subject set
- URI subjectAttrUri = new URI(XACMLConstants.SUBJECT_IDENTIFIER);
- Attribute subjectAttr = new Attribute(subjectAttrUri,null,null,
- new StringAttribute(username));
- Set<Attribute> subjectAttrSet = new HashSet<Attribute>();
- subjectAttrSet.add(subjectAttr);
- subjectAttrSet.addAll(getXACMLRoleSet(roles));
-
- Set<Subject> subjectSet = new HashSet<Subject>();
- subjectSet.add(new Subject(subjectAttrSet));
-
- //Create the resource set
- URI resourceUri = new URI(XACMLConstants.RESOURCE_IDENTIFIER);
- Attribute resourceAttr = new Attribute(resourceUri,null,null,
- new StringAttribute(ejbName));
- Set<Attribute> resourceSet = new HashSet<Attribute>();
- resourceSet.add(resourceAttr);
-
- //Create the action set
- Set<Attribute> actionSet = new HashSet<Attribute>();
- actionSet.add(new Attribute(new URI(XACMLConstants.ACTION_IDENTIFIER),
- null,null, new StringAttribute(action)));
-
- //TODO: Get hold of the invocation arguments and populate in the xacml request
-
- //Create the Environment set
- Set<Attribute> environSet = new HashSet<Attribute>();
- //Current time
- URI currentTimeUri = new URI(XACMLConstants.CURRENT_TIME_IDENTIFIER);
- Attribute currentTimeAttr = new Attribute(currentTimeUri,null,null,
- new TimeAttribute());
- environSet.add(currentTimeAttr);
-
- //Create the request context
- requestCtx = new RequestCtx(subjectSet,resourceSet,actionSet,environSet);
-
- if(trace)
- {
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- requestCtx.encode(baos, new Indenter());
- log.trace("XACML Request:"+baos.toString());
- baos.close();
- }
- return requestCtx;
- }
-
- private Set<Attribute> getXACMLRoleSet(Role role) throws Exception
- {
-
- Set<Attribute> roleset = new HashSet<Attribute>();
-
- if(role.getType() == RoleType.group)
- {
- RoleGroup rg = (RoleGroup) role;
- List<Role> roleList = rg.getRoles();
- for(Role r: roleList)
- {
- roleset.add(getRoleAttribute(r.getRoleName()));
- }
- }
- else
- roleset.add(getRoleAttribute(role.getRoleName()));
- return roleset;
- }
-
- private Attribute getRoleAttribute(String roleName) throws URISyntaxException
- {
- URI roleURI = new URI(XACMLConstants.SUBJECT_ROLE_IDENTIFIER);
- return new Attribute(roleURI,null,null, new StringAttribute(roleName));
- }
-
- private Set<Attribute> getXACMLRoleSet(Set<Principal> roles) throws Exception
- {
- URI roleURI = new URI(XACMLConstants.SUBJECT_ROLE_IDENTIFIER);
-
- Set<Attribute> roleset = new HashSet<Attribute>();
- Iterator<Principal> iter = roles != null ? roles.iterator(): null;
- while(iter != null && iter.hasNext())
- {
- Principal role = iter.next();
- Attribute roleAttr = new Attribute(roleURI,null,null,
- new StringAttribute(role.getName()));
- roleset.add(roleAttr);
- }
- return roleset;
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java (from rev 72325, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,126 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization.modules.ejb;
+
+import java.io.ByteArrayOutputStream;
+import java.security.Principal;
+import java.util.List;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.authorization.util.JBossXACMLUtil;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.xacml.core.model.context.ActionType;
+import org.jboss.security.xacml.core.model.context.AttributeType;
+import org.jboss.security.xacml.core.model.context.EnvironmentType;
+import org.jboss.security.xacml.core.model.context.RequestType;
+import org.jboss.security.xacml.core.model.context.ResourceType;
+import org.jboss.security.xacml.core.model.context.SubjectType;
+import org.jboss.security.xacml.factories.RequestAttributeFactory;
+import org.jboss.security.xacml.factories.RequestResponseContextFactory;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+
+//$Id$
+
+/**
+ * Utility class for the XACML Integration for the EJB Layer
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jul 6, 2006
+ * @version $Revision$
+ */
+public class EJBXACMLUtil extends JBossXACMLUtil
+{
+ private static Logger log = Logger.getLogger(EJBXACMLUtil.class);
+ private boolean trace = log.isTraceEnabled();
+
+ public RequestContext createXACMLRequest(String ejbName, String methodName,
+ Principal principal, RoleGroup callerRoles) throws Exception
+ {
+ if(principal == null)
+ throw new IllegalArgumentException("principal is null");
+
+ String action = methodName;
+
+ RequestContext requestCtx = RequestResponseContextFactory.createRequestCtx();
+
+ //Create a subject type
+ SubjectType subject = new SubjectType();
+ subject.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(
+ XACMLConstants.ATTRIBUTEID_SUBJECT_ID, "jboss.org",
+ principal.getName()));
+
+ List<Role> rolesList = callerRoles.getRoles();
+ if(rolesList != null)
+ {
+ for(Role role:rolesList)
+ {
+ String roleName = role.getRoleName();
+ AttributeType attSubjectID = RequestAttributeFactory.createStringAttributeType(
+ XACMLConstants.ATTRIBUTEID_ROLE, "jboss.org", roleName);
+ subject.getAttribute().add(attSubjectID);
+ }
+ }
+
+ //Create a resource type
+ ResourceType resourceType = new ResourceType();
+ resourceType.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(
+ XACMLConstants.ATTRIBUTEID_RESOURCE_ID,
+ null,
+ ejbName));
+
+ //Create an action type
+ ActionType actionType = new ActionType();
+ actionType.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(
+ XACMLConstants.ATTRIBUTEID_ACTION_ID,
+ "jboss.org",
+ action));
+
+ //Create an Environment Type (Optional)
+ EnvironmentType environmentType = new EnvironmentType();
+ environmentType.getAttribute().add(
+ RequestAttributeFactory.createDateTimeAttributeType(
+ XACMLConstants.ATTRIBUTEID_CURRENT_TIME, null));
+
+ //Create a Request Type
+ RequestType requestType = new RequestType();
+ requestType.getSubject().add(subject);
+ requestType.getResource().add(resourceType);
+ requestType.setAction(actionType);
+ requestType.setEnvironment(environmentType);
+
+ requestCtx.setRequest(requestType);
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ if(trace)
+ {
+ requestCtx.marshall(baos);
+ log.trace(new String(baos.toByteArray()));
+ }
+ return requestCtx;
+ }
+
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,144 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authorization.modules.web;
-
-import java.security.Principal;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.jacc.PolicyContext;
-import javax.servlet.http.HttpServletRequest;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.PolicyRegistration;
-import org.jboss.security.authorization.Resource;
-import org.jboss.security.authorization.ResourceKeys;
-import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
-import org.jboss.security.authorization.resources.WebResource;
-import org.jboss.security.authorization.sunxacml.JBossXACMLUtil;
-import org.jboss.security.identity.RoleGroup;
-
-import com.sun.xacml.Policy;
-import com.sun.xacml.ctx.RequestCtx;
-
-//$Id: WebXACMLPolicyModuleDelegate.java 46543 2006-07-27 20:22:05Z asaldhana $
-
-/**
- * XACML based authorization module helper that deals with the web layer
- * authorization decisions
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jun 13, 2006
- * @version $Revision: 46543 $
- */
-public class WebXACMLPolicyModuleDelegate extends AuthorizationModuleDelegate
-{
- public WebXACMLPolicyModuleDelegate()
- {
- log = Logger.getLogger(getClass());
- trace = log.isTraceEnabled();
- }
-
- /**
- * @see AuthorizationModuleDelegate#authorize(Resource)
- */
- public int authorize(Resource resource, Subject subject, RoleGroup role)
- {
- if(resource instanceof WebResource == false)
- throw new IllegalArgumentException("resource is not a WebResource");
-
- WebResource webResource = (WebResource) resource;
-
- //Get the contextual map
- Map<String,Object> map = resource.getMap();
- if(map == null)
- throw new IllegalStateException("Map from the Resource is null");
-
- if(map.size() == 0)
- throw new IllegalStateException("Map from the Resource is size zero");
- //Get the Catalina Request Object
- //HttpServletRequest request = (HttpServletRequest)map.get(ResourceKeys.WEB_REQUEST);
-
- HttpServletRequest request = (HttpServletRequest)webResource.getServletRequest();
-
- this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
- if(this.policyRegistration == null)
- throw new IllegalStateException("PolicyRegistration passed is null");
-
- Boolean userDataCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.USERDATA_PERM_CHECK));
- Boolean roleRefCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK));
-
- //If it is a userDataCheck or a RoleRefCheck, then the base class (RealmBase) decision holds
- if(userDataCheck || roleRefCheck)
- return AuthorizationContext.PERMIT; //Base class decision holds good
-
- if(request == null)
- throw new IllegalStateException("Request is null");
-
- return process(request, role);
- }
-
- /**
- * Ensure that the bool is a valid value
- * @param bool
- * @return bool or Boolean.FALSE (when bool is null)
- */
- private Boolean checkBooleanValue(Boolean bool)
- {
- if(bool == null)
- return Boolean.FALSE;
- return bool;
- }
-
- /**
- * Process the web request
- * @param request
- * @param sc
- * @return
- */
- private int process(HttpServletRequest request, RoleGroup callerRoles )
- {
- Principal userP = request.getUserPrincipal();
- if(userP == null)
- throw new IllegalStateException("User Principal is null");
-
- int result = AuthorizationContext.DENY;
- WebXACMLUtil util = new WebXACMLUtil();
- try
- {
- RequestCtx requestCtx = util.createXACMLRequest(request,callerRoles);
- String contextID = PolicyContext.getContextID();
- Policy policy = (Policy)policyRegistration.getPolicy(contextID,
- PolicyRegistration.XACML, null);
- if(policy == null)
- throw new IllegalStateException("Missing xacml policy for contextid:"+contextID);
- result = JBossXACMLUtil.checkXACMLAuthorization(requestCtx,policy);
- }
- catch(Exception e)
- {
- if(trace)
- log.trace("Exception in processing:",e);
- result = AuthorizationContext.DENY;
- }
- return result;
- }
- }
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java (from rev 72326, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,147 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization.modules.web;
+
+import java.security.Principal;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+import javax.servlet.http.HttpServletRequest;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.PolicyRegistration;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceKeys;
+import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
+import org.jboss.security.authorization.resources.WebResource;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.ResponseContext;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+
+//$Id: WebXACMLPolicyModuleDelegate.java 46543 2006-07-27 20:22:05Z asaldhana $
+
+/**
+ * XACML based authorization module helper that deals with the web layer
+ * authorization decisions
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jun 13, 2006
+ * @version $Revision: 46543 $
+ */
+public class WebXACMLPolicyModuleDelegate extends AuthorizationModuleDelegate
+{
+ private String policyContextID = null;
+
+ public WebXACMLPolicyModuleDelegate()
+ {
+ log = Logger.getLogger(getClass());
+ trace = log.isTraceEnabled();
+ }
+
+ /**
+ * @see AuthorizationModuleDelegate#authorize(Resource)
+ */
+ public int authorize(Resource resource, Subject subject, RoleGroup role)
+ {
+ if(resource instanceof WebResource == false)
+ throw new IllegalArgumentException("resource is not a WebResource");
+
+ WebResource webResource = (WebResource) resource;
+
+ //Get the contextual map
+ Map<String,Object> map = resource.getMap();
+ if(map == null)
+ throw new IllegalStateException("Map from the Resource is null");
+
+ if(map.size() == 0)
+ throw new IllegalStateException("Map from the Resource is size zero");
+
+ HttpServletRequest request = (HttpServletRequest)webResource.getServletRequest();
+
+ this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
+ if(this.policyRegistration == null)
+ throw new IllegalStateException("PolicyRegistration passed is null");
+ this.policyContextID = webResource.getPolicyContextID();
+
+ Boolean userDataCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.USERDATA_PERM_CHECK));
+ Boolean roleRefCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK));
+
+ //If it is a userDataCheck or a RoleRefCheck, then the base class (RealmBase) decision holds
+ if(userDataCheck || roleRefCheck)
+ return AuthorizationContext.PERMIT; //Base class decision holds good
+
+ if(request == null)
+ throw new IllegalStateException("Request is null");
+
+ return process(request, role);
+ }
+
+ /**
+ * Ensure that the bool is a valid value
+ * @param bool
+ * @return bool or Boolean.FALSE (when bool is null)
+ */
+ private Boolean checkBooleanValue(Boolean bool)
+ {
+ if(bool == null)
+ return Boolean.FALSE;
+ return bool;
+ }
+
+ /**
+ * Process the web request
+ * @param request
+ * @param sc
+ * @return
+ */
+ @SuppressWarnings("unchecked")
+ private int process(HttpServletRequest request, RoleGroup callerRoles )
+ {
+ Principal userP = request.getUserPrincipal();
+ if(userP == null)
+ throw new IllegalStateException("User Principal is null");
+
+ int result = AuthorizationContext.DENY;
+ WebXACMLUtil util = new WebXACMLUtil();
+ try
+ {
+ RequestContext requestCtx = util.createXACMLRequest(request,callerRoles);
+ if(this.policyContextID == null)
+ this.policyContextID = PolicyContext.getContextID();
+
+ PolicyDecisionPoint pdp = util.getPDP(this.policyRegistration, this.policyContextID);
+ ResponseContext response = pdp.evaluate(requestCtx);
+ result = response.getDecision() == XACMLConstants.DECISION_PERMIT ?
+ AuthorizationContext.PERMIT : AuthorizationContext.DENY;
+ }
+ catch(Exception e)
+ {
+ if(trace)
+ log.trace("Exception in processing:",e);
+ result = AuthorizationContext.DENY;
+ }
+ return result;
+ }
+ }
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLUtil.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLUtil.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,149 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authorization.modules.web;
-
-import java.io.ByteArrayOutputStream;
-import java.net.URI;
-import java.security.Principal;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.authorization.XACMLConstants;
-import org.jboss.security.identity.Role;
-import org.jboss.security.identity.RoleGroup;
-
-import com.sun.xacml.Indenter;
-import com.sun.xacml.attr.AnyURIAttribute;
-import com.sun.xacml.attr.StringAttribute;
-import com.sun.xacml.attr.TimeAttribute;
-import com.sun.xacml.ctx.Attribute;
-import com.sun.xacml.ctx.RequestCtx;
-import com.sun.xacml.ctx.Subject;
-
-//$Id: WebXACMLUtil.java 46543 2006-07-27 20:22:05Z asaldhana $
-
-/**
- * Utility class for creating XACML Requests
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jun 21, 2006
- * @version $Revision: 46543 $
- */
-public class WebXACMLUtil
-{
- private static Logger log = Logger.getLogger(WebXACMLUtil.class);
- private boolean trace = log.isTraceEnabled();
-
- public WebXACMLUtil()
- {
- }
-
- public RequestCtx createXACMLRequest(HttpServletRequest request,
- RoleGroup callerRoles) throws Exception
- {
- if(request == null)
- throw new IllegalArgumentException("Http Request is null");
- if(callerRoles == null)
- throw new IllegalArgumentException("roles is null");
- String httpMethod = request.getMethod();
- String action = "GET".equals(httpMethod)?"read":"write";
-
- //Non-standard uri
- String actionURIBase = XACMLConstants.JBOSS_RESOURCE_PARAM_IDENTIFIER;
-
- RequestCtx requestCtx = null;
- Principal principal = request.getUserPrincipal();
- String username = principal.getName();
- //Create the subject set
- URI subjectAttrUri = new URI(XACMLConstants.SUBJECT_IDENTIFIER);
- Attribute subjectAttr = new Attribute(subjectAttrUri,null,null,
- new StringAttribute(username));
- Set subjectAttrSet = new HashSet();
- subjectAttrSet.add(subjectAttr);
- subjectAttrSet.addAll(getXACMLRoleSet(callerRoles));
-
- Set subjectSet = new HashSet();
- subjectSet.add(new Subject(subjectAttrSet));
-
- //Create the resource set
- URI resourceUri = new URI(XACMLConstants.RESOURCE_IDENTIFIER);
- Attribute resourceAttr = new Attribute(resourceUri,null,null,
- new AnyURIAttribute(new URI(request.getRequestURI())));
- Set resourceSet = new HashSet();
- resourceSet.add(resourceAttr);
-
- //Create the action set
- Set actionSet = new HashSet();
- actionSet.add(new Attribute(new URI(XACMLConstants.ACTION_IDENTIFIER),
- null,null, new StringAttribute(action)));
-
- Enumeration<String> enumer = request.getParameterNames();
- while(enumer.hasMoreElements())
- {
- String paramName = enumer.nextElement();
- String paramValue = request.getParameter(paramName);
- URI actionUri = new URI(actionURIBase + paramName);
- Attribute actionAttr = new Attribute(actionUri,null,null,
- new StringAttribute(paramValue));
- actionSet.add(actionAttr);
- }
- //Create the Environment set
- Set environSet = new HashSet();
- //Current time
- URI currentTimeUri = new URI(XACMLConstants.CURRENT_TIME_IDENTIFIER);
- Attribute currentTimeAttr = new Attribute(currentTimeUri,null,null,
- new TimeAttribute());
- environSet.add(currentTimeAttr);
-
- //Create the request context
- requestCtx = new RequestCtx(subjectSet,resourceSet,actionSet,environSet);
-
- if(trace)
- {
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- requestCtx.encode(baos, new Indenter());
- log.trace("XACML Request:"+baos.toString());
- baos.close();
- }
- return requestCtx;
- }
-
- private Set<Attribute> getXACMLRoleSet(RoleGroup roles) throws Exception
- {
- URI roleURI = new URI(XACMLConstants.SUBJECT_ROLE_IDENTIFIER);
-
- Set<Attribute> roleset = new HashSet<Attribute>();
- List<Role> croles = roles.getRoles();
-
- for(Role r: croles)
- {
- Attribute roleAttr = new Attribute(roleURI,null,null,
- new StringAttribute(r.getRoleName()));
- roleset.add(roleAttr);
- }
- return roleset;
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLUtil.java (from rev 72325, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLUtil.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLUtil.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLUtil.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,153 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization.modules.web;
+
+import java.io.ByteArrayOutputStream;
+import java.net.URI;
+import java.security.Principal;
+import java.util.Enumeration;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.authorization.util.JBossXACMLUtil;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.xacml.core.model.context.ActionType;
+import org.jboss.security.xacml.core.model.context.AttributeType;
+import org.jboss.security.xacml.core.model.context.EnvironmentType;
+import org.jboss.security.xacml.core.model.context.RequestType;
+import org.jboss.security.xacml.core.model.context.ResourceType;
+import org.jboss.security.xacml.core.model.context.SubjectType;
+import org.jboss.security.xacml.factories.RequestAttributeFactory;
+import org.jboss.security.xacml.factories.RequestResponseContextFactory;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.XACMLConstants;
+
+//$Id: WebXACMLUtil.java 46543 2006-07-27 20:22:05Z asaldhana $
+
+/**
+ * Utility class for creating XACML Requests
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jun 21, 2006
+ * @version $Revision: 46543 $
+ */
+public class WebXACMLUtil extends JBossXACMLUtil
+{
+ private static Logger log = Logger.getLogger(WebXACMLUtil.class);
+ private boolean trace = log.isTraceEnabled();
+
+
+ @SuppressWarnings("unchecked")
+ public RequestContext createXACMLRequest(HttpServletRequest request,
+ RoleGroup callerRoles) throws Exception
+ {
+ if(request == null)
+ throw new IllegalArgumentException("Http Request is null");
+ if(callerRoles == null)
+ throw new IllegalArgumentException("roles is null");
+ String httpMethod = request.getMethod();
+ String action = "GET".equals(httpMethod) ? "read" : "write";
+
+ //Non-standard uri
+ String actionURIBase = "urn:oasis:names:tc:xacml:2.0:request-param:attribute:";
+
+ Principal principal = request.getUserPrincipal();
+
+
+ RequestContext requestCtx = RequestResponseContextFactory.createRequestCtx();
+
+ //Create a subject type
+ SubjectType subject = new SubjectType();
+ subject.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(
+ XACMLConstants.ATTRIBUTEID_SUBJECT_ID,
+ "jboss.org",
+ principal.getName()));
+
+ List<Role> rolesList = callerRoles.getRoles();
+ if(rolesList != null)
+ {
+ for(Role role:rolesList)
+ {
+ String roleName = role.getRoleName();
+ AttributeType attSubjectID = RequestAttributeFactory.createStringAttributeType(
+ XACMLConstants.ATTRIBUTEID_ROLE, "jboss.org", roleName);
+ subject.getAttribute().add(attSubjectID);
+ }
+ }
+
+ //Create a resource type
+ ResourceType resourceType = new ResourceType();
+ resourceType.getAttribute().add(
+ RequestAttributeFactory.createAnyURIAttributeType(
+ XACMLConstants.ATTRIBUTEID_RESOURCE_ID,
+ null,
+ new URI(request.getRequestURI())));
+
+ //Create an action type
+ ActionType actionType = new ActionType();
+ actionType.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(
+ XACMLConstants.ATTRIBUTEID_ACTION_ID,
+ "jboss.org",
+ action));
+
+ Enumeration<String> enumer = request.getParameterNames();
+ while(enumer.hasMoreElements())
+ {
+ String paramName = enumer.nextElement();
+ String paramValue = request.getParameter(paramName);
+ URI actionUri = new URI(actionURIBase + paramName);
+ actionType.getAttribute().add(
+ RequestAttributeFactory.createStringAttributeType(
+ actionUri.toASCIIString(),
+ "jboss.org",
+ paramValue));
+ }
+
+
+ //Create an Environment Type (Optional)
+ EnvironmentType environmentType = new EnvironmentType();
+ environmentType.getAttribute().add( RequestAttributeFactory.createDateTimeAttributeType(
+ XACMLConstants.ATTRIBUTEID_CURRENT_TIME, null));
+
+ //Create a Request Type
+ RequestType requestType = new RequestType();
+ requestType.getSubject().add(subject);
+ requestType.getResource().add(resourceType);
+ requestType.setAction(actionType);
+ requestType.setEnvironment(environmentType);
+
+ requestCtx.setRequest(requestType);
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ if(trace)
+ {
+ requestCtx.marshall(baos);
+ log.trace(new String(baos.toByteArray()));
+ }
+ return requestCtx;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/resources/JavaEEResource.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/resources/JavaEEResource.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/resources/JavaEEResource.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,172 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authorization.resources;
-
-import java.security.CodeSource;
-import java.security.Principal;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-
-import org.jboss.security.RunAs;
-import org.jboss.security.SecurityRoleRef;
-import org.jboss.security.authorization.Resource;
-import org.jboss.security.authorization.ResourceType;
-
-//$Id$
-
-/**
- * Represents a Java EE Resource
- * @author Anil.Saldhana at redhat.com
- * @since Nov 26, 2007
- * @version $Revision$
- */
-public abstract class JavaEEResource implements Resource
-{
- protected Map<String,Object> map = new HashMap<String,Object>();
-
- protected String policyContextID = null;
-
- protected Subject callerSubject = null;
- protected RunAs callerRunAsIdentity = null;
-
- protected CodeSource codeSource = null;
-
- protected Principal principal = null;
-
- protected Set<SecurityRoleRef> securityRoleReferences = null;
-
- public abstract ResourceType getLayer();
-
- /**
- * @see Resource#getMap()
- */
- public Map<String, Object> getMap()
- {
- return map;
- }
-
- /**
- * Get the Caller Subject
- * @return
- */
- public Subject getCallerSubject()
- {
- return callerSubject;
- }
-
- /**
- * Set the Caller Subject
- * @param callerSubject
- */
- public void setCallerSubject(Subject callerSubject)
- {
- this.callerSubject = callerSubject;
- }
-
- /**
- * Get the Caller RunAsIdentity
- * @return
- */
- public RunAs getCallerRunAsIdentity()
- {
- return callerRunAsIdentity;
- }
-
- /**
- * Set the Caller RunAsIdentity
- * @param callerRunAsIdentity
- */
- public void setCallerRunAsIdentity(RunAs callerRunAsIdentity)
- {
- this.callerRunAsIdentity = callerRunAsIdentity;
- }
-
- /**
- * Get the CodeSource
- * @return
- */
- public CodeSource getCodeSource()
- {
- return codeSource;
- }
-
- /**
- * Set the CodeSource
- * @param codeSource
- */
- public void setCodeSource(CodeSource codeSource)
- {
- this.codeSource = codeSource;
- }
-
- /**
- * Get the Policy Context ID
- * (Mainly to retrieve policy from policy configuration (JACC)
- * or PolicyRegistration (XACML))
- * @return
- */
- public String getPolicyContextID()
- {
- return policyContextID;
- }
-
- /**
- * Set the Policy Context ID
- * @param policyContextID
- */
- public void setPolicyContextID(String policyContextID)
- {
- this.policyContextID = policyContextID;
- }
-
- public Principal getPrincipal()
- {
- return principal;
- }
-
- public void setPrincipal(Principal principal)
- {
- this.principal = principal;
- }
-
- /**
- * Get the set of Security Role Reference objects
- * defined in the deployment descriptor
- * @return
- */
- public Set<SecurityRoleRef> getSecurityRoleReferences()
- {
- return securityRoleReferences;
- }
-
- /**
- * Set the security role references
- * @param securityRoleReferences
- */
- public void setSecurityRoleReferences(Set<SecurityRoleRef> securityRoleReferences)
- {
- this.securityRoleReferences = securityRoleReferences;
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/resources/JavaEEResource.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/resources/JavaEEResource.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/resources/JavaEEResource.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/resources/JavaEEResource.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,172 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization.resources;
+
+import java.security.CodeSource;
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import org.jboss.security.RunAs;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceType;
+import org.jboss.security.javaee.SecurityRoleRef;
+
+//$Id$
+
+/**
+ * Represents a Java EE Resource
+ * @author Anil.Saldhana at redhat.com
+ * @since Nov 26, 2007
+ * @version $Revision$
+ */
+public abstract class JavaEEResource implements Resource
+{
+ protected Map<String,Object> map = new HashMap<String,Object>();
+
+ protected String policyContextID = null;
+
+ protected Subject callerSubject = null;
+ protected RunAs callerRunAsIdentity = null;
+
+ protected CodeSource codeSource = null;
+
+ protected Principal principal = null;
+
+ protected Set<SecurityRoleRef> securityRoleReferences = null;
+
+ public abstract ResourceType getLayer();
+
+ /**
+ * @see Resource#getMap()
+ */
+ public Map<String, Object> getMap()
+ {
+ return map;
+ }
+
+ /**
+ * Get the Caller Subject
+ * @return
+ */
+ public Subject getCallerSubject()
+ {
+ return callerSubject;
+ }
+
+ /**
+ * Set the Caller Subject
+ * @param callerSubject
+ */
+ public void setCallerSubject(Subject callerSubject)
+ {
+ this.callerSubject = callerSubject;
+ }
+
+ /**
+ * Get the Caller RunAsIdentity
+ * @return
+ */
+ public RunAs getCallerRunAsIdentity()
+ {
+ return callerRunAsIdentity;
+ }
+
+ /**
+ * Set the Caller RunAsIdentity
+ * @param callerRunAsIdentity
+ */
+ public void setCallerRunAsIdentity(RunAs callerRunAsIdentity)
+ {
+ this.callerRunAsIdentity = callerRunAsIdentity;
+ }
+
+ /**
+ * Get the CodeSource
+ * @return
+ */
+ public CodeSource getCodeSource()
+ {
+ return codeSource;
+ }
+
+ /**
+ * Set the CodeSource
+ * @param codeSource
+ */
+ public void setCodeSource(CodeSource codeSource)
+ {
+ this.codeSource = codeSource;
+ }
+
+ /**
+ * Get the Policy Context ID
+ * (Mainly to retrieve policy from policy configuration (JACC)
+ * or PolicyRegistration (XACML))
+ * @return
+ */
+ public String getPolicyContextID()
+ {
+ return policyContextID;
+ }
+
+ /**
+ * Set the Policy Context ID
+ * @param policyContextID
+ */
+ public void setPolicyContextID(String policyContextID)
+ {
+ this.policyContextID = policyContextID;
+ }
+
+ public Principal getPrincipal()
+ {
+ return principal;
+ }
+
+ public void setPrincipal(Principal principal)
+ {
+ this.principal = principal;
+ }
+
+ /**
+ * Get the set of Security Role Reference objects
+ * defined in the deployment descriptor
+ * @return
+ */
+ public Set<SecurityRoleRef> getSecurityRoleReferences()
+ {
+ return securityRoleReferences;
+ }
+
+ /**
+ * Set the security role references
+ * @param securityRoleReferences
+ */
+ public void setSecurityRoleReferences(Set<SecurityRoleRef> securityRoleReferences)
+ {
+ this.securityRoleReferences = securityRoleReferences;
+ }
+}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/authorization/util (from rev 72325, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/util)
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/client/JBossSecurityClient.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/client/JBossSecurityClient.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/client/JBossSecurityClient.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,106 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.client;
-
-import java.security.Principal;
-
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextFactory;
-import org.jboss.security.SimplePrincipal;
-import org.jboss.security.SecurityContextAssociation;
-
-//$Id$
-
-/**
- * Implementation of the SecurityClient contract <br/>
- *
- * <b> Usage:<b>
- * <pre>
- * SecurityClient sc = SecurityClientFactory.getSecurityClient(JBossSecurityClient.class)
- * sc.setUserName(somestring);
- * etc...
- * sc.login();
- * </pre>
- * @author Anil.Saldhana at redhat.com
- * @since May 1, 2007
- * @version $Revision$
- */
-public class JBossSecurityClient extends SecurityClient
-{
- protected LoginContext lc = null;
-
- @Override
- protected void peformSASLLogin()
- {
- throw new RuntimeException("Not Implemented");
- }
-
- @Override
- protected void performJAASLogin() throws LoginException
- {
- lc = new LoginContext(this.loginConfigName, this.callbackHandler);
- lc.login();
- }
-
- @Override
- protected void performSimpleLogin()
- {
- Principal up = null;
- if(userPrincipal instanceof String)
- up = new SimplePrincipal((String)userPrincipal);
- else
- up = (Principal) userPrincipal;
-
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- if(sc == null)
- {
- try
- {
- sc = SecurityContextFactory.createSecurityContext("CLIENT");
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- sc.getUtil().createSubjectInfo(up, credential, null);
- }
- SecurityContextAssociation.setSecurityContext(sc);
- }
-
- @Override
- protected void cleanUp()
- {
- SecurityContextAssociation.clearSecurityContext();
- if(lc != null)
- try
- {
- lc.logout();
- }
- catch (LoginException e)
- {
- throw new RuntimeException(e);
- }
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/client/JBossSecurityClient.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/client/JBossSecurityClient.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/client/JBossSecurityClient.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/client/JBossSecurityClient.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,106 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.client;
+
+import java.security.Principal;
+
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
+import org.jboss.security.SimplePrincipal;
+
+//$Id$
+
+/**
+ * Implementation of the SecurityClient contract <br/>
+ *
+ * <b> Usage:<b>
+ * <pre>
+ * SecurityClient sc = SecurityClientFactory.getSecurityClient(JBossSecurityClient.class)
+ * sc.setUserName(somestring);
+ * etc...
+ * sc.login();
+ * </pre>
+ * @author Anil.Saldhana at redhat.com
+ * @since May 1, 2007
+ * @version $Revision$
+ */
+public class JBossSecurityClient extends SecurityClient
+{
+ protected LoginContext lc = null;
+
+ @Override
+ protected void peformSASLLogin()
+ {
+ throw new RuntimeException("Not Implemented");
+ }
+
+ @Override
+ protected void performJAASLogin() throws LoginException
+ {
+ lc = new LoginContext(this.loginConfigName, this.callbackHandler);
+ lc.login();
+ }
+
+ @Override
+ protected void performSimpleLogin()
+ {
+ Principal up = null;
+ if(userPrincipal instanceof String)
+ up = new SimplePrincipal((String)userPrincipal);
+ else
+ up = (Principal) userPrincipal;
+
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if(sc == null)
+ {
+ try
+ {
+ sc = SecurityContextFactory.createSecurityContext("CLIENT");
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ sc.getUtil().createSubjectInfo(up, credential, null);
+ }
+ SecurityContextAssociation.setSecurityContext(sc);
+ }
+
+ @Override
+ protected void cleanUp()
+ {
+ SecurityContextAssociation.clearSecurityContext();
+ if(lc != null)
+ try
+ {
+ lc.logout();
+ }
+ catch (LoginException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/identitytrust/config/IdentityTrustModuleEntry.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/config/IdentityTrustModuleEntry.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/identitytrust/config/IdentityTrustModuleEntry.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,80 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.identitytrust.config;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import org.jboss.security.config.ModuleOption;
-import org.jboss.security.config.ControlFlag;
-
-//$Id$
-
-/**
- * An entry representing an Identity Trust Module in the configuration
- * @author Anil.Saldhana at redhat.com
- * @since July 25, 2007
- * @version $Revision$
- */
-public class IdentityTrustModuleEntry
-{
- private String name;
- private ControlFlag controlFlag;
-
- private Map<String,Object> options = new HashMap<String,Object>();
-
- public IdentityTrustModuleEntry(String name)
- {
- this.name = name;
- }
-
- public IdentityTrustModuleEntry(String name, Map<String,Object> options)
- {
- this.name = name;
- this.options = options;
- }
-
- public String getName()
- {
- return name;
- }
-
- public void add(ModuleOption option)
- {
- options.put(option.getName(), option.getValue());
- }
-
- public Map<String,Object> getOptions()
- {
- return this.options;
- }
-
- public ControlFlag getControlFlag()
- {
- return controlFlag;
- }
-
- public void setControlFlag(ControlFlag controlFlag)
- {
- this.controlFlag = controlFlag;
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/identitytrust/config/IdentityTrustModuleEntry.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/config/IdentityTrustModuleEntry.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/identitytrust/config/IdentityTrustModuleEntry.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/identitytrust/config/IdentityTrustModuleEntry.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,80 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.identitytrust.config;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jboss.security.config.ControlFlag;
+import org.jboss.security.config.ModuleOption;
+
+//$Id$
+
+/**
+ * An entry representing an Identity Trust Module in the configuration
+ * @author Anil.Saldhana at redhat.com
+ * @since July 25, 2007
+ * @version $Revision$
+ */
+public class IdentityTrustModuleEntry
+{
+ private String name;
+ private ControlFlag controlFlag;
+
+ private Map<String,Object> options = new HashMap<String,Object>();
+
+ public IdentityTrustModuleEntry(String name)
+ {
+ this.name = name;
+ }
+
+ public IdentityTrustModuleEntry(String name, Map<String,Object> options)
+ {
+ this.name = name;
+ this.options = options;
+ }
+
+ public String getName()
+ {
+ return name;
+ }
+
+ public void add(ModuleOption option)
+ {
+ options.put(option.getName(), option.getValue());
+ }
+
+ public Map<String,Object> getOptions()
+ {
+ return this.options;
+ }
+
+ public ControlFlag getControlFlag()
+ {
+ return controlFlag;
+ }
+
+ public void setControlFlag(ControlFlag controlFlag)
+ {
+ this.controlFlag = controlFlag;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/jacc/SubjectPolicyContextHandler.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/SubjectPolicyContextHandler.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/jacc/SubjectPolicyContextHandler.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,119 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.jacc;
-
-import static org.jboss.security.SecurityConstants.SUBJECT_CONTEXT_KEY;
-
-import java.security.AccessController;
-import java.security.Principal;
-import java.security.PrivilegedAction;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.jacc.PolicyContextException;
-import javax.security.jacc.PolicyContextHandler;
-
-import org.jboss.security.RunAsIdentity;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SubjectInfo;
-import org.jboss.security.SecurityContextAssociation;
-
-/** A PolicyContextHandler for the current authenticated Subject.
- * @author Scott.Stark at jboss.org
- * @author Anil.Saldhana at redhat.com
- * @version $Revison:$
- */
-public class SubjectPolicyContextHandler implements PolicyContextHandler
-{
- public static final HashSet<Object> EMPTY_SET = new HashSet<Object>();
-
- private static class GetSubjectAction implements PrivilegedAction<Subject>
- {
- static PrivilegedAction<Subject> ACTION = new GetSubjectAction();
-
- public Subject run()
- {
- Subject theSubject = null;
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- if(sc != null)
- {
- SubjectInfo si = sc.getSubjectInfo();
-
- if(si != null)
- {
- Subject activeSubject = si.getAuthenticatedSubject();
- RunAsIdentity callerRunAsIdentity = (RunAsIdentity)sc.getIncomingRunAs();
-
- if( activeSubject != null )
- {
- Set<Principal> principalsSet = null;
- if( callerRunAsIdentity == null )
- {
- principalsSet = activeSubject.getPrincipals();
- }
- else
- {
- principalsSet = callerRunAsIdentity.getPrincipalsSet();
- }
-
- theSubject = new Subject(true, principalsSet,
- activeSubject.getPublicCredentials(),
- activeSubject.getPrivateCredentials());
- }
- else
- {
- if( callerRunAsIdentity != null )
- {
- Set<Principal> principalsSet = callerRunAsIdentity.getPrincipalsSet();
- theSubject = new Subject(true, principalsSet, EMPTY_SET, EMPTY_SET);
- }
- }
- }
- }
- return theSubject;
- }
- }
-
- public Object getContext(String key, Object data)
- throws PolicyContextException
- {
- if( key.equalsIgnoreCase(SUBJECT_CONTEXT_KEY) == false )
- return null;
-
- Subject subject = (Subject) AccessController.doPrivileged(GetSubjectAction.ACTION);
- return subject;
- }
-
- public String[] getKeys()
- throws PolicyContextException
- {
- String[] keys = {SUBJECT_CONTEXT_KEY};
- return keys;
- }
-
- public boolean supports(String key)
- throws PolicyContextException
- {
- return key.equalsIgnoreCase(SUBJECT_CONTEXT_KEY);
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/jacc/SubjectPolicyContextHandler.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/SubjectPolicyContextHandler.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/jacc/SubjectPolicyContextHandler.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/jacc/SubjectPolicyContextHandler.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,119 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.jacc;
+
+import static org.jboss.security.SecurityConstants.SUBJECT_CONTEXT_KEY;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContextException;
+import javax.security.jacc.PolicyContextHandler;
+
+import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SubjectInfo;
+
+/** A PolicyContextHandler for the current authenticated Subject.
+ * @author Scott.Stark at jboss.org
+ * @author Anil.Saldhana at redhat.com
+ * @version $Revison:$
+ */
+public class SubjectPolicyContextHandler implements PolicyContextHandler
+{
+ public static final HashSet<Object> EMPTY_SET = new HashSet<Object>();
+
+ private static class GetSubjectAction implements PrivilegedAction<Subject>
+ {
+ static PrivilegedAction<Subject> ACTION = new GetSubjectAction();
+
+ public Subject run()
+ {
+ Subject theSubject = null;
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if(sc != null)
+ {
+ SubjectInfo si = sc.getSubjectInfo();
+
+ if(si != null)
+ {
+ Subject activeSubject = si.getAuthenticatedSubject();
+ RunAsIdentity callerRunAsIdentity = (RunAsIdentity)sc.getIncomingRunAs();
+
+ if( activeSubject != null )
+ {
+ Set<Principal> principalsSet = null;
+ if( callerRunAsIdentity == null )
+ {
+ principalsSet = activeSubject.getPrincipals();
+ }
+ else
+ {
+ principalsSet = callerRunAsIdentity.getPrincipalsSet();
+ }
+
+ theSubject = new Subject(true, principalsSet,
+ activeSubject.getPublicCredentials(),
+ activeSubject.getPrivateCredentials());
+ }
+ else
+ {
+ if( callerRunAsIdentity != null )
+ {
+ Set<Principal> principalsSet = callerRunAsIdentity.getPrincipalsSet();
+ theSubject = new Subject(true, principalsSet, EMPTY_SET, EMPTY_SET);
+ }
+ }
+ }
+ }
+ return theSubject;
+ }
+ }
+
+ public Object getContext(String key, Object data)
+ throws PolicyContextException
+ {
+ if( key.equalsIgnoreCase(SUBJECT_CONTEXT_KEY) == false )
+ return null;
+
+ Subject subject = (Subject) AccessController.doPrivileged(GetSubjectAction.ACTION);
+ return subject;
+ }
+
+ public String[] getKeys()
+ throws PolicyContextException
+ {
+ String[] keys = {SUBJECT_CONTEXT_KEY};
+ return keys;
+ }
+
+ public boolean supports(String key)
+ throws PolicyContextException
+ {
+ return key.equalsIgnoreCase(SUBJECT_CONTEXT_KEY);
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/JBossPolicyRegistration.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossPolicyRegistration.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/JBossPolicyRegistration.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,118 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.plugins;
-
-import java.io.InputStream;
-import java.net.URL;
-import java.util.HashMap;
-import java.util.Map;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.authorization.PolicyRegistration;
-import org.jboss.util.NotImplementedException;
-import org.jboss.util.xml.DOMUtils;
-import org.w3c.dom.Element;
-
-import com.sun.xacml.Policy;
-
-/**
- * Default implementation of Policy Registration interface
- * @author Anil.Saldhana at redhat.com
- * @since Mar 31, 2008
- * @version $Revision$
- */
-public class JBossPolicyRegistration implements PolicyRegistration
-{
- private static Logger log = Logger.getLogger(JBossPolicyRegistration.class);
-
- protected boolean trace = log.isTraceEnabled();
-
- private Map<String,Policy> contextIdToXACMLPolicy = new HashMap<String,Policy>();
-
-
- public void deRegisterPolicy(String contextID, String type)
- {
- if(PolicyRegistration.XACML.equalsIgnoreCase(type))
- {
- this.contextIdToXACMLPolicy.remove(contextID);
- if(trace)
- log.trace("DeRegistered policy for contextId:" + contextID + ":type=" + type);
- }
- }
-
- @SuppressWarnings("unchecked")
- public <T> T getPolicy(String contextID, String type, Map<String, Object> contextMap)
- {
- if(PolicyRegistration.XACML.equalsIgnoreCase(type))
- {
- return (T) this.contextIdToXACMLPolicy.get(contextID);
- }
- throw new RuntimeException("Unsupported type:" + type);
- }
-
- /**
- * @see PolicyRegistration#registerPolicy(String, String, URL)
- */
- public void registerPolicy(String contextID, String type, URL location)
- {
- try
- {
- if(trace)
- log.trace("Registering policy for contextId:" +
- contextID + " type: " + type +
- "and location:" + location.getPath());
- registerPolicy( contextID, type, location.openStream());
- }
- catch(Exception e)
- {
- log.debug("Error in registering xacml policy:",e);
- }
- }
-
- /**
- * @see PolicyRegistration#registerPolicy(String, String, InputStream)
- */
- public void registerPolicy(String contextID, String type, InputStream stream)
- {
- if(PolicyRegistration.XACML.equalsIgnoreCase(type))
- {
- try
- {
- Element elm = DOMUtils.parse(stream);
- Policy policy = Policy.getInstance(elm);
- this.contextIdToXACMLPolicy.put(contextID, policy);
- }
- catch(Exception e)
- {
- log.debug("Error in registering xacml policy:",e);
- }
- }
- }
-
- /**
- * @see PolicyRegistration#registerPolicyConfigFile(String, String, InputStream)
- */
- public void registerPolicyConfigFile(String contextId, String type, InputStream stream)
- {
- throw new NotImplementedException();
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/JBossPolicyRegistration.java (from rev 72381, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossPolicyRegistration.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/JBossPolicyRegistration.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/JBossPolicyRegistration.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,151 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.plugins;
+
+import java.io.InputStream;
+import java.io.Serializable;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.authorization.PolicyRegistration;
+import org.jboss.security.xacml.core.JBossPDP;
+import org.jboss.security.xacml.factories.PolicyFactory;
+import org.jboss.security.xacml.interfaces.XACMLPolicy;
+
+/**
+ * Default implementation of Policy Registration interface
+ * @author Anil.Saldhana at redhat.com
+ * @since Mar 31, 2008
+ * @version $Revision$
+ */
+public class JBossPolicyRegistration implements PolicyRegistration, Serializable
+{
+ private static final long serialVersionUID = 1L;
+
+ private static Logger log = Logger.getLogger(JBossPolicyRegistration.class);
+
+ protected boolean trace = log.isTraceEnabled();
+
+ private Map<String,Set<XACMLPolicy>> contextIdToXACMLPolicy =
+ new HashMap<String,Set<XACMLPolicy>>();
+
+ /** When the policy configuration file is registered, we directly
+ * store a copy of the JBossPDP that has read in the config file
+ */
+ private Map<String,JBossPDP> contextIDToJBossPDP =
+ new HashMap<String,JBossPDP>();
+
+
+ public void deRegisterPolicy(String contextID, String type)
+ {
+ if(PolicyRegistration.XACML.equalsIgnoreCase(type))
+ {
+ this.contextIdToXACMLPolicy.remove(contextID);
+ if(trace)
+ log.trace("DeRegistered policy for contextId:" + contextID + ":type=" + type);
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ public <T> T getPolicy(String contextID, String type, Map<String, Object> contextMap)
+ {
+ if(PolicyRegistration.XACML.equalsIgnoreCase(type))
+ {
+ if(contextMap != null)
+ {
+ String pdp = (String) contextMap.get("PDP");
+ if(pdp != null)
+ return (T) this.contextIDToJBossPDP.get(contextID);
+ }
+ return (T) this.contextIdToXACMLPolicy.get(contextID);
+ }
+ throw new RuntimeException("Unsupported type:" + type);
+ }
+
+ /**
+ * @see PolicyRegistration#registerPolicy(String, String, URL)
+ */
+ public void registerPolicy(String contextID, String type, URL location)
+ {
+ try
+ {
+ if(trace)
+ log.trace("Registering policy for contextId:" +
+ contextID + " type: " + type +
+ "and location:" + location.getPath());
+ registerPolicy( contextID, type, location.openStream());
+ }
+ catch(Exception e)
+ {
+ log.debug("Error in registering xacml policy:",e);
+ }
+ }
+
+ /**
+ * @see PolicyRegistration#registerPolicy(String, String, InputStream)
+ */
+ public void registerPolicy(String contextID, String type, InputStream stream)
+ {
+ if(PolicyRegistration.XACML.equalsIgnoreCase(type))
+ {
+ try
+ {
+ XACMLPolicy policy = PolicyFactory.createPolicy(stream);
+
+ Set<XACMLPolicy> policySet = this.contextIdToXACMLPolicy.get(contextID);
+ if(policySet == null)
+ {
+ policySet = new HashSet<XACMLPolicy>();
+ }
+ policySet.add(policy);
+ this.contextIdToXACMLPolicy.put(contextID, policySet);
+ }
+ catch(Exception e)
+ {
+ log.debug("Error in registering xacml policy:",e);
+ }
+ }
+ }
+
+ /**
+ * @see PolicyRegistration#registerPolicyConfigFile(String, String, InputStream)
+ */
+ public void registerPolicyConfigFile(String contextId, String type, InputStream stream)
+ {
+ if(PolicyRegistration.XACML.equalsIgnoreCase(type))
+ {
+ try
+ {
+ JBossPDP pdp = new JBossPDP(stream);
+ this.contextIDToJBossPDP.put(contextId, pdp);
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContext.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContext.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContext.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,243 +0,0 @@
-/*
- * JBoss, the OpenSource J2EE webOS
- *
- * Distributable under LGPL license.
- * See terms of license at gnu.org.
- */
-package org.jboss.security.plugins;
-
-import static org.jboss.security.SecurityConstants.ROLES_IDENTIFIER;
-
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.security.auth.callback.CallbackHandler;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.AuthenticationManager;
-import org.jboss.security.AuthorizationManager;
-import org.jboss.security.ISecurityManagement;
-import org.jboss.security.RunAs;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextFactory;
-import org.jboss.security.SecurityContextUtil;
-import org.jboss.security.SecurityManagerLocator;
-import org.jboss.security.SubjectInfo;
-import org.jboss.security.audit.AuditManager;
-import org.jboss.security.auth.callback.SecurityAssociationHandler;
-import org.jboss.security.identitytrust.IdentityTrustManager;
-import org.jboss.security.mapping.MappingManager;
-
-/**
- * Implementation of the Security Context for the JBoss AS
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @version $Revision$
- * @since Aug 30, 2006
- */
-public class JBossSecurityContext implements SecurityContext, SecurityManagerLocator
-{
- private static final long serialVersionUID = 1L;
- protected static final Logger log = Logger.getLogger(JBossSecurityContext.class);
- protected boolean trace = log.isTraceEnabled();
-
- protected Map<String,Object> contextData = new HashMap<String,Object>();
-
- protected String securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
-
- protected SubjectInfo subjectInfo = null;
-
- protected RunAs incomingRunAs = null;
- protected RunAs outgoingRunAs = null;
-
- protected ISecurityManagement iSecurityManagement;
-
- protected CallbackHandler callbackHandler = new SecurityAssociationHandler();
-
- public JBossSecurityContext(String securityDomain)
- {
- this.securityDomain = securityDomain;
- iSecurityManagement = new DefaultSecurityManagement(this.callbackHandler);
- //Create a null subjectinfo as default
- getUtil().createSubjectInfo(null, null, null);
- }
-
-
- /**
- * @see SecurityContext#getSecurityManagement()
- */
- public ISecurityManagement getSecurityManagement()
- {
- return this.iSecurityManagement;
- }
-
- /**
- * @see SecurityContext#setSecurityManagement(ISecurityManagement)
- */
- public void setSecurityManagement(ISecurityManagement ism)
- {
- if(ism == null)
- throw new IllegalArgumentException("ism is null");
- this.iSecurityManagement = ism;
- }
-
- /**
- * @see SecurityContext#getData()
- */
- public Map<String,Object> getData()
- {
- return contextData;
- }
-
- public String getSecurityDomain()
- {
- return securityDomain;
- }
-
-
- /**
- * @see SecurityContext#getSubjectInfo()
- */
- public SubjectInfo getSubjectInfo()
- {
- return subjectInfo;
- }
-
- /**
- * @see SecurityContext#getOutgoingRunAs()
- */
- public RunAs getIncomingRunAs()
- {
- return this.incomingRunAs;
- }
-
- /**
- * @see SecurityContext#setOutgoingRunAs(RunAs)
- */
- public void setIncomingRunAs(RunAs runAs)
- {
- this.incomingRunAs = runAs;
- }
-
- /**
- * @see SecurityContext#getOutgoingRunAs()
- */
- public RunAs getOutgoingRunAs()
- {
- return this.outgoingRunAs;
- }
-
- /**
- * @see SecurityContext#setOutgoingRunAs(RunAs)
- */
- public void setOutgoingRunAs(RunAs runAs)
- {
- this.outgoingRunAs = runAs;
- }
-
- /**
- * @see SecurityContext#getUtil()
- */
- public SecurityContextUtil getUtil()
- {
- SecurityContextUtil util = null;
- try
- {
- util = SecurityContextFactory.createUtil(this);
- }
- catch (Exception e)
- {
- throw new IllegalStateException(e);
- }
- return util;
- }
-
-
-
- public AuditManager getAuditManager()
- {
- return this.iSecurityManagement.getAuditManager(this.securityDomain);
- }
-
-
- public AuthenticationManager getAuthenticationManager()
- {
- return this.iSecurityManagement.getAuthenticationManager(this.securityDomain);
- }
-
-
- public AuthorizationManager getAuthorizationManager()
- {
- return this.iSecurityManagement.getAuthorizationManager(this.securityDomain);
- }
-
-
- public IdentityTrustManager getIdentityTrustManager()
- {
- return this.iSecurityManagement.getIdentityTrustManager(this.securityDomain);
- }
-
-
- public MappingManager getMappingManager()
- {
- return this.iSecurityManagement.getMappingManager(this.securityDomain);
- }
-
-
- //Value Added Methods
-
- public void setSubjectInfo(SubjectInfo si)
- {
- this.subjectInfo = si;
- }
-
- public void setRoles(Group roles, boolean replace)
- {
- Group mergedRoles = roles;
- if(!replace)
- {
- mergedRoles = mergeGroups( (Group)contextData.get(ROLES_IDENTIFIER), roles);
- }
- contextData.put(ROLES_IDENTIFIER, mergedRoles);
- }
-
- private Group mergeGroups(Group a, Group b)
- {
- Group newGroup = b;
- if(a != null)
- {
- Enumeration<? extends Principal> en = a.members();
- while(en.hasMoreElements())
- {
- newGroup.addMember(en.nextElement());
- }
- }
- return newGroup;
- }
-
-
- /**
- * Set the CallbackHandler for the Managers in the SecurityContext
- * @param callbackHandler
- */
- public void setCallbackHandler(CallbackHandler callbackHandler)
- {
- this.callbackHandler = callbackHandler;
- }
-
- @SuppressWarnings("unchecked")
- @Override
- public Object clone() throws CloneNotSupportedException
- {
- JBossSecurityContext jsc = (JBossSecurityContext) super.clone();
- if(jsc != null)
- {
- HashMap<String,Object> cmap = (HashMap<String,Object>)contextData;
- jsc.contextData = (Map<String, Object>) (cmap).clone();
- }
- return super.clone();
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContext.java (from rev 72316, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContext.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContext.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContext.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,299 @@
+/*
+ * JBoss, the OpenSource J2EE webOS
+ *
+ * Distributable under LGPL license.
+ * See terms of license at gnu.org.
+ */
+package org.jboss.security.plugins;
+
+import static org.jboss.security.SecurityConstants.ROLES_IDENTIFIER;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.AuthorizationManager;
+import org.jboss.security.ISecurityManagement;
+import org.jboss.security.RunAs;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
+import org.jboss.security.SecurityContextUtil;
+import org.jboss.security.SecurityManagerLocator;
+import org.jboss.security.SubjectInfo;
+import org.jboss.security.audit.AuditManager;
+import org.jboss.security.auth.callback.SecurityAssociationHandler;
+import org.jboss.security.identitytrust.IdentityTrustManager;
+import org.jboss.security.mapping.MappingManager;
+
+/**
+ * Implementation of the Security Context for the JBoss AS
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @version $Revision$
+ * @since Aug 30, 2006
+ */
+public class JBossSecurityContext implements SecurityContext, SecurityManagerLocator
+{
+ private static final long serialVersionUID = 1L;
+
+ //Define Security Permissions
+
+ private static final RuntimePermission getDataPermission
+ = new RuntimePermission(JBossSecurityContext.class.getName() + "getData");
+
+ private static final RuntimePermission getSubjectInfoPermission
+ = new RuntimePermission(JBossSecurityContext.class.getName() + "getSubjectInfo");
+
+ private static final RuntimePermission setRolesPermission
+ = new RuntimePermission(JBossSecurityContext.class.getName() + "setRolesPermission");
+
+ private static final RuntimePermission setRunAsPermission
+ = new RuntimePermission(JBossSecurityContext.class.getName() + "setRunAsPermission");
+
+ private static final RuntimePermission setSubjectInfoPermission
+ = new RuntimePermission(JBossSecurityContext.class.getName() + "setSubjectInfo");
+
+ private static final RuntimePermission getSecurityManagementPermission
+ = new RuntimePermission(JBossSecurityContext.class.getName() + "getSecurityManagement");
+
+ private static final RuntimePermission setSecurityManagementPermission
+ = new RuntimePermission(JBossSecurityContext.class.getName() + "setSecurityManagement");
+
+ protected static final Logger log = Logger.getLogger(JBossSecurityContext.class);
+ protected boolean trace = log.isTraceEnabled();
+
+ protected Map<String,Object> contextData = new HashMap<String,Object>();
+
+ protected String securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
+
+ protected SubjectInfo subjectInfo = null;
+
+ protected RunAs incomingRunAs = null;
+ protected RunAs outgoingRunAs = null;
+
+ protected ISecurityManagement iSecurityManagement;
+
+ protected CallbackHandler callbackHandler = new SecurityAssociationHandler();
+
+ public JBossSecurityContext(String securityDomain)
+ {
+ this.securityDomain = securityDomain;
+ iSecurityManagement = new DefaultSecurityManagement(this.callbackHandler);
+ //Create a null subjectinfo as default
+ getUtil().createSubjectInfo(null, null, null);
+ }
+
+
+ /**
+ * @see SecurityContext#getSecurityManagement()
+ */
+ public ISecurityManagement getSecurityManagement()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(getSecurityManagementPermission);
+
+ return this.iSecurityManagement;
+ }
+
+ /**
+ * @see SecurityContext#setSecurityManagement(ISecurityManagement)
+ */
+ public void setSecurityManagement(ISecurityManagement ism)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setSecurityManagementPermission);
+
+ if(ism == null)
+ throw new IllegalArgumentException("ism is null");
+ this.iSecurityManagement = ism;
+ }
+
+ /**
+ * @see SecurityContext#getData()
+ */
+ public Map<String,Object> getData()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(getDataPermission);
+
+ return contextData;
+ }
+
+ public String getSecurityDomain()
+ {
+ return securityDomain;
+ }
+
+
+ /**
+ * @see SecurityContext#getSubjectInfo()
+ */
+ public SubjectInfo getSubjectInfo()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(getSubjectInfoPermission);
+
+ return subjectInfo;
+ }
+
+ /**
+ * @see SecurityContext#getOutgoingRunAs()
+ */
+ public RunAs getIncomingRunAs()
+ {
+ return this.incomingRunAs;
+ }
+
+ /**
+ * @see SecurityContext#setOutgoingRunAs(RunAs)
+ */
+ public void setIncomingRunAs(RunAs runAs)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setRunAsPermission);
+
+ this.incomingRunAs = runAs;
+ }
+
+ /**
+ * @see SecurityContext#getOutgoingRunAs()
+ */
+ public RunAs getOutgoingRunAs()
+ {
+ return this.outgoingRunAs;
+ }
+
+ /**
+ * @see SecurityContext#setOutgoingRunAs(RunAs)
+ */
+ public void setOutgoingRunAs(RunAs runAs)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setRunAsPermission);
+
+ this.outgoingRunAs = runAs;
+ }
+
+ /**
+ * @see SecurityContext#getUtil()
+ */
+ public SecurityContextUtil getUtil()
+ {
+ SecurityContextUtil util = null;
+ try
+ {
+ util = SecurityContextFactory.createUtil(this);
+ }
+ catch (Exception e)
+ {
+ throw new IllegalStateException(e);
+ }
+ return util;
+ }
+
+
+
+ public AuditManager getAuditManager()
+ {
+ return this.iSecurityManagement.getAuditManager(this.securityDomain);
+ }
+
+
+ public AuthenticationManager getAuthenticationManager()
+ {
+ return this.iSecurityManagement.getAuthenticationManager(this.securityDomain);
+ }
+
+
+ public AuthorizationManager getAuthorizationManager()
+ {
+ return this.iSecurityManagement.getAuthorizationManager(this.securityDomain);
+ }
+
+
+ public IdentityTrustManager getIdentityTrustManager()
+ {
+ return this.iSecurityManagement.getIdentityTrustManager(this.securityDomain);
+ }
+
+
+ public MappingManager getMappingManager()
+ {
+ return this.iSecurityManagement.getMappingManager(this.securityDomain);
+ }
+
+
+ //Value Added Methods
+
+ public void setSubjectInfo(SubjectInfo si)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setSubjectInfoPermission);
+
+ this.subjectInfo = si;
+ }
+
+ public void setRoles(Group roles, boolean replace)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setRolesPermission);
+
+ Group mergedRoles = roles;
+ if(!replace)
+ {
+ mergedRoles = mergeGroups( (Group)contextData.get(ROLES_IDENTIFIER), roles);
+ }
+ contextData.put(ROLES_IDENTIFIER, mergedRoles);
+ }
+
+ private Group mergeGroups(Group a, Group b)
+ {
+ Group newGroup = b;
+ if(a != null)
+ {
+ Enumeration<? extends Principal> en = a.members();
+ while(en.hasMoreElements())
+ {
+ newGroup.addMember(en.nextElement());
+ }
+ }
+ return newGroup;
+ }
+
+
+ /**
+ * Set the CallbackHandler for the Managers in the SecurityContext
+ * @param callbackHandler
+ */
+ public void setCallbackHandler(CallbackHandler callbackHandler)
+ {
+ this.callbackHandler = callbackHandler;
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public Object clone() throws CloneNotSupportedException
+ {
+ JBossSecurityContext jsc = (JBossSecurityContext) super.clone();
+ if(jsc != null)
+ {
+ HashMap<String,Object> cmap = (HashMap<String,Object>)contextData;
+ jsc.contextData = (Map<String, Object>) (cmap).clone();
+ }
+ return super.clone();
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,767 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.plugins.auth;
-
-import java.lang.reflect.Method;
-import java.lang.reflect.UndeclaredThrowableException;
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Arrays;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.MessageInfo;
-import javax.security.auth.message.config.AuthConfigFactory;
-import javax.security.auth.message.config.AuthConfigProvider;
-import javax.security.auth.message.config.ServerAuthConfig;
-import javax.security.auth.message.config.ServerAuthContext;
-import javax.security.jacc.PolicyContext;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.AuthenticationManager;
-import org.jboss.security.AuthorizationManager;
-import org.jboss.security.RealmMapping;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityUtil;
-import org.jboss.security.SubjectSecurityManager;
-import org.jboss.security.auth.callback.AppCallbackHandler;
-import org.jboss.security.auth.callback.SecurityAssociationHandler;
-import org.jboss.security.SecurityContextAssociation;
-import org.jboss.util.CachePolicy;
-import org.jboss.util.TimedCachePolicy;
-
-/** The JaasSecurityManager is responsible both for authenticating credentials
- associated with principals and for role mapping. This implementation relies
- on the JAAS LoginContext/LoginModules associated with the security
- domain name associated with the class for authentication,
- and the context JAAS Subject object for role mapping.
-
- @see #isValid(Principal, Object, Subject)
- @see #getPrincipal(Principal)
- @see #doesUserHaveRole(Principal, Set)
-
- @author <a href="on at ibis.odessa.ua">Oleg Nitz</a>
- @author Scott.Stark at jboss.org
- @author Anil.Saldhana at jboss.org
- @version $Revision: 62860 $
-*/
-public class JaasSecurityManagerBase
- implements SubjectSecurityManager, RealmMapping
-{
- /** The authentication cache object.
- */
- public static class DomainInfo implements TimedCachePolicy.TimedEntry
- {
- private static Logger log = Logger.getLogger(DomainInfo.class);
- private static boolean trace = log.isTraceEnabled();
- private LoginContext loginCtx;
- private Subject subject;
- private Object credential;
- private Principal callerPrincipal;
- private long expirationTime;
- /** Is there an active authentication in process */
- private boolean needsDestroy;
- /** The number of users sharing this DomainInfo */
- private int activeUsers;
-
- /**
- Create a cache entry with the given lifetime in seconds. Since this comes
- from the TimedCachePolicy, its expected to be <= Integer.MAX_VALUE.
-
- @param lifetime - lifetime in seconds. A lifetime <= 0 means no caching
- with the exception of -1 which indicates that the cache entry never
- expires.
- */
- public DomainInfo(long lifetime)
- {
- expirationTime = lifetime;
- if( expirationTime != -1 )
- expirationTime *= 1000;
- }
-
- synchronized int acquire()
- {
- return activeUsers ++;
- }
- synchronized int release()
- {
- int users = activeUsers --;
- if( needsDestroy == true && users == 0 )
- {
- if( trace )
- log.trace("needsDestroy is true, doing logout");
- logout();
- }
- return users;
- }
- synchronized void logout()
- {
- if( trace )
- log.trace("logout, subject="+subject+", this="+this);
- try
- {
- if( loginCtx != null )
- loginCtx.logout();
- }
- catch(Throwable e)
- {
- if( trace )
- log.trace("Cache entry logout failed", e);
- }
- }
-
- public void init(long now)
- {
- expirationTime += now;
- }
- public boolean isCurrent(long now)
- {
- boolean isCurrent = expirationTime == -1;
- if( isCurrent == false )
- isCurrent = expirationTime > now;
- return isCurrent;
- }
- public boolean refresh()
- {
- return false;
- }
- /**
- * This
- */
- public void destroy()
- {
- if( trace )
- {
- log.trace("destroy, subject="+subject+", this="+this
- +", activeUsers="+activeUsers);
- }
-
- synchronized( this )
- {
- if( activeUsers == 0 )
- logout();
- else
- {
- if( trace )
- log.trace("destroy saw activeUsers="+activeUsers);
- needsDestroy = true;
- }
- }
- }
- public Object getValue()
- {
- return this;
- }
- public String toString()
- {
- StringBuffer tmp = new StringBuffer(super.toString());
- tmp.append('[');
- tmp.append(SubjectActions.toString(subject));
- tmp.append(",credential.class=");
- if( credential != null )
- {
- Class c = credential.getClass();
- tmp.append(c.getName());
- tmp.append('@');
- tmp.append(System.identityHashCode(c));
- }
- else
- {
- tmp.append("null");
- }
- tmp.append(",expirationTime=");
- tmp.append(expirationTime);
- tmp.append(']');
-
- return tmp.toString();
- }
- }
-
- /** The name of the domain this instance is securing. It is used as
- the appName into the SecurityPolicy.
- */
- private String securityDomain;
- /** A cache of DomainInfo objects keyd by Principal. This is now
- always set externally by our security manager service.
- */
- private CachePolicy domainCache;
- /** The JAAS callback handler to use in defaultLogin */
- private CallbackHandler handler;
- /** The setSecurityInfo(Principal, Object) method of the handler obj */
- private transient Method setSecurityInfo;
- /** The flag to indicate that the Subject sets need to be deep copied*/
- private boolean deepCopySubjectOption = false;
-
- /** The log4j category for the security manager domain
- */
- protected Logger log;
- protected boolean trace;
-
- /** Creates a default JaasSecurityManager for with a securityDomain
- name of 'other'.
- */
- public JaasSecurityManagerBase()
- {
- this("other", new SecurityAssociationHandler());
- }
- /** Creates a JaasSecurityManager for with a securityDomain
- name of that given by the 'securityDomain' argument.
- @param securityDomain the name of the security domain
- @param handler the JAAS callback handler instance to use
- @exception UndeclaredThrowableException thrown if handler does not
- implement a setSecurityInfo(Princpal, Object) method
- */
- public JaasSecurityManagerBase(String securityDomain, CallbackHandler handler)
- {
- this.securityDomain = securityDomain;
- this.handler = handler;
- String categoryName = getClass().getName()+'.'+securityDomain;
- this.log = Logger.getLogger(categoryName);
- this.trace = log.isTraceEnabled();
-
- // Get the setSecurityInfo(Principal principal, Object credential) method
- Class[] sig = {Principal.class, Object.class};
- try
- {
- setSecurityInfo = handler.getClass().getMethod("setSecurityInfo", sig);
- }
- catch (Exception e)
- {
- String msg = "Failed to find setSecurityInfo(Princpal, Object) method in handler";
- throw new UndeclaredThrowableException(e, msg);
- }
- log.debug("CallbackHandler: "+handler);
- }
-
- /** The domainCache is typically a shared object that is populated
- by the login code(LoginModule, etc.) and read by this class in the
- isValid() method.
- @see #isValid(Principal, Object, Subject)
- */
- public void setCachePolicy(CachePolicy domainCache)
- {
- this.domainCache = domainCache;
- log.debug("CachePolicy set to: "+domainCache);
- }
-
- /**
- * Flag to specify if deep copy of subject sets needs to be
- * enabled
- *
- * @param flag
- */
- public void setDeepCopySubjectOption(Boolean flag)
- {
- log.debug("setDeepCopySubjectOption="+ flag);
- this.deepCopySubjectOption = (flag == Boolean.TRUE) ;
- }
-
- /** Not really used anymore as the security manager service manages the
- security domain authentication caches.
- */
- public void flushCache()
- {
- if( domainCache != null )
- domainCache.flush();
- }
-
- /** Get the name of the security domain associated with this security mgr.
- @return Name of the security manager security domain.
- */
- public String getSecurityDomain()
- {
- return securityDomain;
- }
-
- /** Get the currently authenticated Subject. This is a thread local
- property shared across all JaasSecurityManager instances.
- @return The Subject authenticated in the current thread if one
- exists, null otherwise.
- */
- public Subject getActiveSubject()
- {
- /* This does not use SubjectActions.getActiveSubject since the caller
- must have the correct permissions to access the
- SecurityAssociation.getSubject method.
- */
- //return SecurityAssociation.getSubject();
- Subject subj = null;
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- if(sc != null)
- {
- subj = sc.getUtil().getSubject();
- }
- return subj;
- }
-
- /** Validate that the given credential is correct for principal. This
- returns the value from invoking isValid(principal, credential, null).
- @param principal - the security domain principal attempting access
- @param credential - the proof of identity offered by the principal
- @return true if the principal was authenticated, false otherwise.
- */
- public boolean isValid(Principal principal, Object credential)
- {
- return isValid(principal, credential, null);
- }
-
- /** Validate that the given credential is correct for principal. This first
- will check the current CachePolicy object if one exists to see if the
- user's cached credentials match the given credential. If there is no
- credential cache or the cache information is invalid or does not match,
- the user is authenticated against the JAAS login modules configured for
- the security domain.
- @param principal - the security domain principal attempting access
- @param credential the proof of identity offered by the principal
- @param activeSubject - if not null, a Subject that will be populated with
- the state of the authenticated Subject.
- @return true if the principal was authenticated, false otherwise.
- */
- public boolean isValid(Principal principal, Object credential,
- Subject activeSubject)
- {
- // Check the cache first
- DomainInfo cacheInfo = getCacheInfo(principal, true);
- if( trace )
- log.trace("Begin isValid, principal:"+principal+", cache info: "+cacheInfo);
-
- boolean isValid = false;
- if( cacheInfo != null )
- {
- isValid = validateCache(cacheInfo, credential, activeSubject);
- if( cacheInfo != null )
- cacheInfo.release();
- }
- if( isValid == false )
- isValid = authenticate(principal, credential, activeSubject);
- if( trace )
- log.trace("End isValid, "+isValid);
- return isValid;
- }
-
- /**
- * @see AuthenticationManager#isValid(MessageInfo, Subject, String)
- */
- public boolean isValid(MessageInfo requestMessage,Subject clientSubject, String layer)
- {
- AuthStatus status = AuthStatus.FAILURE;
-
- try
- {
- String contextID = PolicyContext.getContextID();
- AuthConfigFactory factory = AuthConfigFactory.getFactory();
- AuthConfigProvider provider = factory.getConfigProvider(layer,contextID,null);
- ServerAuthConfig serverConfig = provider.getServerAuthConfig(layer,contextID,
- new AppCallbackHandler("DUMMY","DUMMY".toCharArray()));
- ServerAuthContext sctx = serverConfig.getAuthContext(contextID,
- new Subject(), new HashMap());
- if(clientSubject == null)
- clientSubject = new Subject();
- Subject serviceSubject = new Subject();
- status = sctx.validateRequest(requestMessage, clientSubject, serviceSubject);
- //TODO: Add caching
- }
- catch(AuthException ae)
- {
- log.trace("AuthException:",ae);
- }
- return AuthStatus.SUCCESS == status ;
- }
-
- /** Map the argument principal from the deployment environment principal
- to the developer environment. This is called by the EJB context
- getCallerPrincipal() to return the Principal as described by
- the EJB developer domain.
- @return a Principal object that is valid in the deployment environment
- if one exists. If no Subject exists or the Subject has no principals
- then the argument principal is returned.
- */
- public Principal getPrincipal(Principal principal)
- {
- if(domainCache == null)
- return principal;
- Principal result = principal;
- // Get the CallerPrincipal group member
- synchronized( domainCache )
- {
- DomainInfo info = getCacheInfo(principal, false);
- if( trace )
- log.trace("getPrincipal, cache info: "+info);
- if( info != null )
- {
- result = info.callerPrincipal;
- // If the mapping did not have a callerPrincipal just use principal
- if( result == null )
- result = principal;
- info.release();
- }
- }
-
- return result;
- }
-
- /** Does the current Subject have a role(a Principal) that equates to one
- of the role names. This method obtains the Group named 'Roles' from
- the principal set of the currently authenticated Subject as determined
- by the SecurityAssociation.getSubject() method and then creates a
- SimplePrincipal for each name in roleNames. If the role is a member of the
- Roles group, then the user has the role. This requires that the caller
- establish the correct SecurityAssociation subject prior to calling this
- method. In the past this was done as a side-effect of an isValid() call,
- but this is no longer the case.
-
- @param principal - ignored. The current authenticated Subject determines
- the active user and assigned user roles.
- @param rolePrincipals - a Set of Principals for the roles to check.
-
- @see java.security.acl.Group;
- @see Subject#getPrincipals()
- */
- public boolean doesUserHaveRole(Principal principal, Set<Principal> rolePrincipals)
- {
- AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain,
- SecurityConstants.JAAS_CONTEXT_ROOT);
- return am.doesUserHaveRole(principal, rolePrincipals);
- }
-
- /** Return the set of domain roles the current active Subject 'Roles' group
- found in the subject Principals set.
-
- @param principal - ignored. The current authenticated Subject determines
- the active user and assigned user roles.
- @return The Set<Principal> for the application domain roles that the
- principal has been assigned.
- */
- public Set<Principal> getUserRoles(Principal principal)
- {
- AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain,
- SecurityConstants.JAAS_CONTEXT_ROOT);
- return am.getUserRoles(principal);
- }
-
- /**
- * @see AuthenticationManager#getTargetPrincipal(Principal,Map)
- */
- public Principal getTargetPrincipal(Principal anotherDomainPrincipal,
- Map<String,Object> contextMap)
- {
- throw new RuntimeException("Not implemented yet");
- }
-
- /** Currently this simply calls defaultLogin() to do a JAAS login using the
- security domain name as the login module configuration name.
-
- * @param principal - the user id to authenticate
- * @param credential - an opaque credential.
- * @return false on failure, true on success.
- */
- private boolean authenticate(Principal principal, Object credential,
- Subject theSubject)
- {
- Subject subject = null;
- boolean authenticated = false;
- LoginException authException = null;
-
- try
- {
- // Validate the principal using the login configuration for this domain
- LoginContext lc = defaultLogin(principal, credential);
- subject = lc.getSubject();
-
- // Set the current subject if login was successful
- if( subject != null )
- {
- // Copy the current subject into theSubject
- if( theSubject != null )
- {
- SubjectActions.copySubject(subject, theSubject, false,this.deepCopySubjectOption);
- }
- else
- {
- theSubject = subject;
- }
-
- authenticated = true;
- // Build the Subject based DomainInfo cache value
- updateCache(lc, subject, principal, credential);
- }
- }
- catch(LoginException e)
- {
- // Don't log anonymous user failures unless trace level logging is on
- if( principal != null && principal.getName() != null || trace )
- log.trace("Login failure", e);
- authException = e;
- }
- // Set the security association thread context info exception
- SubjectActions.setContextInfo("org.jboss.security.exception", authException);
-
- return authenticated;
- }
-
- /** Pass the security info to the login modules configured for
- this security domain using our SecurityAssociationHandler.
- @return The authenticated Subject if successful.
- @exception LoginException throw if login fails for any reason.
- */
- private LoginContext defaultLogin(Principal principal, Object credential)
- throws LoginException
- {
- /* We use our internal CallbackHandler to provide the security info. A
- copy must be made to ensure there is a unique handler per active
- login since there can be multiple active logins.
- */
- Object[] securityInfo = {principal, credential};
- CallbackHandler theHandler = null;
- try
- {
- theHandler = (CallbackHandler) handler.getClass().newInstance();
- setSecurityInfo.invoke(theHandler, securityInfo);
- }
- catch (Throwable e)
- {
- if( trace )
- log.trace("Failed to create/setSecurityInfo on handler", e);
- LoginException le = new LoginException("Failed to setSecurityInfo on handler");
- le.initCause(e);
- throw le;
- }
- Subject subject = new Subject();
- LoginContext lc = null;
- if( trace )
- log.trace("defaultLogin, principal="+principal);
- lc = SubjectActions.createLoginContext(securityDomain, subject, theHandler);
- lc.login();
- if( trace )
- log.trace("defaultLogin, lc="+lc+", subject="+SubjectActions.toString(subject));
- return lc;
- }
-
- /** Validate the cache credential value against the provided credential
- */
- private boolean validateCache(DomainInfo info, Object credential,
- Subject theSubject)
- {
- if( trace )
- {
- StringBuffer tmp = new StringBuffer("Begin validateCache, info=");
- tmp.append(info.toString());
- tmp.append(";credential.class=");
- if( credential != null )
- {
- Class c = credential.getClass();
- tmp.append(c.getName());
- tmp.append('@');
- tmp.append(System.identityHashCode(c));
- }
- else
- {
- tmp.append("null");
- }
- log.trace(tmp.toString());
- }
-
- Object subjectCredential = info.credential;
- boolean isValid = false;
- // Check for a null credential as can be the case for an anonymous user
- if( credential == null || subjectCredential == null )
- {
- // Both credentials must be null
- isValid = (credential == null) && (subjectCredential == null);
- }
- // See if the credential is assignable to the cache value
- else if( subjectCredential.getClass().isAssignableFrom(credential.getClass()) )
- {
- /* Validate the credential by trying Comparable, char[], byte[],
- Object[], and finally Object.equals()
- */
- if( subjectCredential instanceof Comparable )
- {
- Comparable c = (Comparable) subjectCredential;
- isValid = c.compareTo(credential) == 0;
- }
- else if( subjectCredential instanceof char[] )
- {
- char[] a1 = (char[]) subjectCredential;
- char[] a2 = (char[]) credential;
- isValid = Arrays.equals(a1, a2);
- }
- else if( subjectCredential instanceof byte[] )
- {
- byte[] a1 = (byte[]) subjectCredential;
- byte[] a2 = (byte[]) credential;
- isValid = Arrays.equals(a1, a2);
- }
- else if( subjectCredential.getClass().isArray() )
- {
- Object[] a1 = (Object[]) subjectCredential;
- Object[] a2 = (Object[]) credential;
- isValid = Arrays.equals(a1, a2);
- }
- else
- {
- isValid = subjectCredential.equals(credential);
- }
- }
- else if( subjectCredential instanceof char[] && credential instanceof String )
- {
- char[] a1 = (char[]) subjectCredential;
- char[] a2 = ((String) credential).toCharArray();
- isValid = Arrays.equals(a1, a2);
- }
- else if( subjectCredential instanceof String && credential instanceof char[] )
- {
- char[] a1 = ((String) subjectCredential).toCharArray();
- char[] a2 = (char[]) credential;
- isValid = Arrays.equals(a1, a2);
- }
-
- // If the credentials match, set the thread's active Subject
- if( isValid )
- {
- // Copy the current subject into theSubject
- if( theSubject != null )
- {
- SubjectActions.copySubject(info.subject, theSubject, false,this.deepCopySubjectOption);
- }
- }
- if( trace )
- log.trace("End validateCache, isValid="+isValid);
-
- return isValid;
- }
-
- /** An accessor method that synchronizes access on the domainCache
- to avoid a race condition that can occur when the cache entry expires
- in the presence of multi-threaded access. The allowRefresh flag should
- be true for authentication accesses and false for other accesses.
- Previously the other accesses included authorization and caller principal
- mapping. Now the only use of the
-
- @param principal - the caller identity whose cached credentials are to
- be accessed.
- @param allowRefresh - a flag indicating if the cache access should flush
- any expired entries.
- */
- private DomainInfo getCacheInfo(Principal principal, boolean allowRefresh)
- {
- if( domainCache == null )
- return null;
-
- DomainInfo cacheInfo = null;
- synchronized( domainCache )
- {
- if( allowRefresh == true )
- cacheInfo = (DomainInfo) domainCache.get(principal);
- else
- cacheInfo = (DomainInfo) domainCache.peek(principal);
- if( cacheInfo != null )
- cacheInfo.acquire();
- }
- return cacheInfo;
- }
-
- private Subject updateCache(LoginContext lc, Subject subject,
- Principal principal, Object credential)
- {
- // If we don't have a cache there is nothing to update
- if( domainCache == null )
- return subject;
-
- long lifetime = 0;
- if( domainCache instanceof TimedCachePolicy )
- {
- TimedCachePolicy cache = (TimedCachePolicy) domainCache;
- lifetime = cache.getDefaultLifetime();
- }
- DomainInfo info = new DomainInfo(lifetime);
- info.loginCtx = lc;
- info.subject = new Subject();
- SubjectActions.copySubject(subject, info.subject, true, this.deepCopySubjectOption);
- info.credential = credential;
-
- if( trace )
- {
- log.trace("updateCache, inputSubject="+SubjectActions.toString(subject)
- +", cacheSubject="+SubjectActions.toString(info.subject));
- }
-
- /* Get the Subject callerPrincipal by looking for a Group called
- 'CallerPrincipal'
- */
- Set subjectGroups = subject.getPrincipals(Group.class);
- Iterator iter = subjectGroups.iterator();
- while( iter.hasNext() )
- {
- Group grp = (Group) iter.next();
- String name = grp.getName();
- if( name.equals("CallerPrincipal") )
- {
- Enumeration members = grp.members();
- if( members.hasMoreElements() )
- info.callerPrincipal = (Principal) members.nextElement();
- }
- }
-
- /* Handle null principals with no callerPrincipal. This is an indication
- of an user that has not provided any authentication info, but
- has been authenticated by the domain login module stack. Here we look
- for the first non-Group Principal and use that.
- */
- if( principal == null && info.callerPrincipal == null )
- {
- Set subjectPrincipals = subject.getPrincipals(Principal.class);
- iter = subjectPrincipals.iterator();
- while( iter.hasNext() )
- {
- Principal p = (Principal) iter.next();
- if( (p instanceof Group) == false )
- info.callerPrincipal = p;
- }
- }
-
- /* If the user already exists another login is active. Currently
- only one is allowed so remove the old and insert the new. Synchronize
- on the domainCache to ensure the removal and addition are an atomic
- operation so that getCacheInfo cannot see stale data.
- */
- synchronized( domainCache )
- {
- if( domainCache.peek(principal) != null )
- domainCache.remove(principal);
- domainCache.insert(principal, info);
- if( trace )
- log.trace("Inserted cache info: "+info);
- }
- return info.subject;
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,767 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.plugins.auth;
+
+import java.lang.reflect.Method;
+import java.lang.reflect.UndeclaredThrowableException;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Arrays;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.AuthConfigFactory;
+import javax.security.auth.message.config.AuthConfigProvider;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.config.ServerAuthContext;
+import javax.security.jacc.PolicyContext;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.AuthorizationManager;
+import org.jboss.security.RealmMapping;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityUtil;
+import org.jboss.security.SubjectSecurityManager;
+import org.jboss.security.auth.callback.AppCallbackHandler;
+import org.jboss.security.auth.callback.SecurityAssociationHandler;
+import org.jboss.util.CachePolicy;
+import org.jboss.util.TimedCachePolicy;
+
+/** The JaasSecurityManager is responsible both for authenticating credentials
+ associated with principals and for role mapping. This implementation relies
+ on the JAAS LoginContext/LoginModules associated with the security
+ domain name associated with the class for authentication,
+ and the context JAAS Subject object for role mapping.
+
+ @see #isValid(Principal, Object, Subject)
+ @see #getPrincipal(Principal)
+ @see #doesUserHaveRole(Principal, Set)
+
+ @author <a href="on at ibis.odessa.ua">Oleg Nitz</a>
+ @author Scott.Stark at jboss.org
+ @author Anil.Saldhana at jboss.org
+ @version $Revision: 62860 $
+*/
+public class JaasSecurityManagerBase
+ implements SubjectSecurityManager, RealmMapping
+{
+ /** The authentication cache object.
+ */
+ public static class DomainInfo implements TimedCachePolicy.TimedEntry
+ {
+ private static Logger log = Logger.getLogger(DomainInfo.class);
+ private static boolean trace = log.isTraceEnabled();
+ private LoginContext loginCtx;
+ private Subject subject;
+ private Object credential;
+ private Principal callerPrincipal;
+ private long expirationTime;
+ /** Is there an active authentication in process */
+ private boolean needsDestroy;
+ /** The number of users sharing this DomainInfo */
+ private int activeUsers;
+
+ /**
+ Create a cache entry with the given lifetime in seconds. Since this comes
+ from the TimedCachePolicy, its expected to be <= Integer.MAX_VALUE.
+
+ @param lifetime - lifetime in seconds. A lifetime <= 0 means no caching
+ with the exception of -1 which indicates that the cache entry never
+ expires.
+ */
+ public DomainInfo(long lifetime)
+ {
+ expirationTime = lifetime;
+ if( expirationTime != -1 )
+ expirationTime *= 1000;
+ }
+
+ synchronized int acquire()
+ {
+ return activeUsers ++;
+ }
+ synchronized int release()
+ {
+ int users = activeUsers --;
+ if( needsDestroy == true && users == 0 )
+ {
+ if( trace )
+ log.trace("needsDestroy is true, doing logout");
+ logout();
+ }
+ return users;
+ }
+ synchronized void logout()
+ {
+ if( trace )
+ log.trace("logout, subject="+subject+", this="+this);
+ try
+ {
+ if( loginCtx != null )
+ loginCtx.logout();
+ }
+ catch(Throwable e)
+ {
+ if( trace )
+ log.trace("Cache entry logout failed", e);
+ }
+ }
+
+ public void init(long now)
+ {
+ expirationTime += now;
+ }
+ public boolean isCurrent(long now)
+ {
+ boolean isCurrent = expirationTime == -1;
+ if( isCurrent == false )
+ isCurrent = expirationTime > now;
+ return isCurrent;
+ }
+ public boolean refresh()
+ {
+ return false;
+ }
+ /**
+ * This
+ */
+ public void destroy()
+ {
+ if( trace )
+ {
+ log.trace("destroy, subject="+subject+", this="+this
+ +", activeUsers="+activeUsers);
+ }
+
+ synchronized( this )
+ {
+ if( activeUsers == 0 )
+ logout();
+ else
+ {
+ if( trace )
+ log.trace("destroy saw activeUsers="+activeUsers);
+ needsDestroy = true;
+ }
+ }
+ }
+ public Object getValue()
+ {
+ return this;
+ }
+ public String toString()
+ {
+ StringBuffer tmp = new StringBuffer(super.toString());
+ tmp.append('[');
+ tmp.append(SubjectActions.toString(subject));
+ tmp.append(",credential.class=");
+ if( credential != null )
+ {
+ Class c = credential.getClass();
+ tmp.append(c.getName());
+ tmp.append('@');
+ tmp.append(System.identityHashCode(c));
+ }
+ else
+ {
+ tmp.append("null");
+ }
+ tmp.append(",expirationTime=");
+ tmp.append(expirationTime);
+ tmp.append(']');
+
+ return tmp.toString();
+ }
+ }
+
+ /** The name of the domain this instance is securing. It is used as
+ the appName into the SecurityPolicy.
+ */
+ private String securityDomain;
+ /** A cache of DomainInfo objects keyd by Principal. This is now
+ always set externally by our security manager service.
+ */
+ private CachePolicy domainCache;
+ /** The JAAS callback handler to use in defaultLogin */
+ private CallbackHandler handler;
+ /** The setSecurityInfo(Principal, Object) method of the handler obj */
+ private transient Method setSecurityInfo;
+ /** The flag to indicate that the Subject sets need to be deep copied*/
+ private boolean deepCopySubjectOption = false;
+
+ /** The log4j category for the security manager domain
+ */
+ protected Logger log;
+ protected boolean trace;
+
+ /** Creates a default JaasSecurityManager for with a securityDomain
+ name of 'other'.
+ */
+ public JaasSecurityManagerBase()
+ {
+ this("other", new SecurityAssociationHandler());
+ }
+ /** Creates a JaasSecurityManager for with a securityDomain
+ name of that given by the 'securityDomain' argument.
+ @param securityDomain the name of the security domain
+ @param handler the JAAS callback handler instance to use
+ @exception UndeclaredThrowableException thrown if handler does not
+ implement a setSecurityInfo(Princpal, Object) method
+ */
+ public JaasSecurityManagerBase(String securityDomain, CallbackHandler handler)
+ {
+ this.securityDomain = securityDomain;
+ this.handler = handler;
+ String categoryName = getClass().getName()+'.'+securityDomain;
+ this.log = Logger.getLogger(categoryName);
+ this.trace = log.isTraceEnabled();
+
+ // Get the setSecurityInfo(Principal principal, Object credential) method
+ Class[] sig = {Principal.class, Object.class};
+ try
+ {
+ setSecurityInfo = handler.getClass().getMethod("setSecurityInfo", sig);
+ }
+ catch (Exception e)
+ {
+ String msg = "Failed to find setSecurityInfo(Princpal, Object) method in handler";
+ throw new UndeclaredThrowableException(e, msg);
+ }
+ log.debug("CallbackHandler: "+handler);
+ }
+
+ /** The domainCache is typically a shared object that is populated
+ by the login code(LoginModule, etc.) and read by this class in the
+ isValid() method.
+ @see #isValid(Principal, Object, Subject)
+ */
+ public void setCachePolicy(CachePolicy domainCache)
+ {
+ this.domainCache = domainCache;
+ log.debug("CachePolicy set to: "+domainCache);
+ }
+
+ /**
+ * Flag to specify if deep copy of subject sets needs to be
+ * enabled
+ *
+ * @param flag
+ */
+ public void setDeepCopySubjectOption(Boolean flag)
+ {
+ log.debug("setDeepCopySubjectOption="+ flag);
+ this.deepCopySubjectOption = (flag == Boolean.TRUE) ;
+ }
+
+ /** Not really used anymore as the security manager service manages the
+ security domain authentication caches.
+ */
+ public void flushCache()
+ {
+ if( domainCache != null )
+ domainCache.flush();
+ }
+
+ /** Get the name of the security domain associated with this security mgr.
+ @return Name of the security manager security domain.
+ */
+ public String getSecurityDomain()
+ {
+ return securityDomain;
+ }
+
+ /** Get the currently authenticated Subject. This is a thread local
+ property shared across all JaasSecurityManager instances.
+ @return The Subject authenticated in the current thread if one
+ exists, null otherwise.
+ */
+ public Subject getActiveSubject()
+ {
+ /* This does not use SubjectActions.getActiveSubject since the caller
+ must have the correct permissions to access the
+ SecurityAssociation.getSubject method.
+ */
+ //return SecurityAssociation.getSubject();
+ Subject subj = null;
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if(sc != null)
+ {
+ subj = sc.getUtil().getSubject();
+ }
+ return subj;
+ }
+
+ /** Validate that the given credential is correct for principal. This
+ returns the value from invoking isValid(principal, credential, null).
+ @param principal - the security domain principal attempting access
+ @param credential - the proof of identity offered by the principal
+ @return true if the principal was authenticated, false otherwise.
+ */
+ public boolean isValid(Principal principal, Object credential)
+ {
+ return isValid(principal, credential, null);
+ }
+
+ /** Validate that the given credential is correct for principal. This first
+ will check the current CachePolicy object if one exists to see if the
+ user's cached credentials match the given credential. If there is no
+ credential cache or the cache information is invalid or does not match,
+ the user is authenticated against the JAAS login modules configured for
+ the security domain.
+ @param principal - the security domain principal attempting access
+ @param credential the proof of identity offered by the principal
+ @param activeSubject - if not null, a Subject that will be populated with
+ the state of the authenticated Subject.
+ @return true if the principal was authenticated, false otherwise.
+ */
+ public boolean isValid(Principal principal, Object credential,
+ Subject activeSubject)
+ {
+ // Check the cache first
+ DomainInfo cacheInfo = getCacheInfo(principal, true);
+ if( trace )
+ log.trace("Begin isValid, principal:"+principal+", cache info: "+cacheInfo);
+
+ boolean isValid = false;
+ if( cacheInfo != null )
+ {
+ isValid = validateCache(cacheInfo, credential, activeSubject);
+ if( cacheInfo != null )
+ cacheInfo.release();
+ }
+ if( isValid == false )
+ isValid = authenticate(principal, credential, activeSubject);
+ if( trace )
+ log.trace("End isValid, "+isValid);
+ return isValid;
+ }
+
+ /**
+ * @see AuthenticationManager#isValid(MessageInfo, Subject, String)
+ */
+ public boolean isValid(MessageInfo requestMessage,Subject clientSubject, String layer)
+ {
+ AuthStatus status = AuthStatus.FAILURE;
+
+ try
+ {
+ String contextID = PolicyContext.getContextID();
+ AuthConfigFactory factory = AuthConfigFactory.getFactory();
+ AuthConfigProvider provider = factory.getConfigProvider(layer,contextID,null);
+ ServerAuthConfig serverConfig = provider.getServerAuthConfig(layer,contextID,
+ new AppCallbackHandler("DUMMY","DUMMY".toCharArray()));
+ ServerAuthContext sctx = serverConfig.getAuthContext(contextID,
+ new Subject(), new HashMap());
+ if(clientSubject == null)
+ clientSubject = new Subject();
+ Subject serviceSubject = new Subject();
+ status = sctx.validateRequest(requestMessage, clientSubject, serviceSubject);
+ //TODO: Add caching
+ }
+ catch(AuthException ae)
+ {
+ log.trace("AuthException:",ae);
+ }
+ return AuthStatus.SUCCESS == status ;
+ }
+
+ /** Map the argument principal from the deployment environment principal
+ to the developer environment. This is called by the EJB context
+ getCallerPrincipal() to return the Principal as described by
+ the EJB developer domain.
+ @return a Principal object that is valid in the deployment environment
+ if one exists. If no Subject exists or the Subject has no principals
+ then the argument principal is returned.
+ */
+ public Principal getPrincipal(Principal principal)
+ {
+ if(domainCache == null)
+ return principal;
+ Principal result = principal;
+ // Get the CallerPrincipal group member
+ synchronized( domainCache )
+ {
+ DomainInfo info = getCacheInfo(principal, false);
+ if( trace )
+ log.trace("getPrincipal, cache info: "+info);
+ if( info != null )
+ {
+ result = info.callerPrincipal;
+ // If the mapping did not have a callerPrincipal just use principal
+ if( result == null )
+ result = principal;
+ info.release();
+ }
+ }
+
+ return result;
+ }
+
+ /** Does the current Subject have a role(a Principal) that equates to one
+ of the role names. This method obtains the Group named 'Roles' from
+ the principal set of the currently authenticated Subject as determined
+ by the SecurityAssociation.getSubject() method and then creates a
+ SimplePrincipal for each name in roleNames. If the role is a member of the
+ Roles group, then the user has the role. This requires that the caller
+ establish the correct SecurityAssociation subject prior to calling this
+ method. In the past this was done as a side-effect of an isValid() call,
+ but this is no longer the case.
+
+ @param principal - ignored. The current authenticated Subject determines
+ the active user and assigned user roles.
+ @param rolePrincipals - a Set of Principals for the roles to check.
+
+ @see java.security.acl.Group;
+ @see Subject#getPrincipals()
+ */
+ public boolean doesUserHaveRole(Principal principal, Set<Principal> rolePrincipals)
+ {
+ AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain,
+ SecurityConstants.JAAS_CONTEXT_ROOT);
+ return am.doesUserHaveRole(principal, rolePrincipals);
+ }
+
+ /** Return the set of domain roles the current active Subject 'Roles' group
+ found in the subject Principals set.
+
+ @param principal - ignored. The current authenticated Subject determines
+ the active user and assigned user roles.
+ @return The Set<Principal> for the application domain roles that the
+ principal has been assigned.
+ */
+ public Set<Principal> getUserRoles(Principal principal)
+ {
+ AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain,
+ SecurityConstants.JAAS_CONTEXT_ROOT);
+ return am.getUserRoles(principal);
+ }
+
+ /**
+ * @see AuthenticationManager#getTargetPrincipal(Principal,Map)
+ */
+ public Principal getTargetPrincipal(Principal anotherDomainPrincipal,
+ Map<String,Object> contextMap)
+ {
+ throw new RuntimeException("Not implemented yet");
+ }
+
+ /** Currently this simply calls defaultLogin() to do a JAAS login using the
+ security domain name as the login module configuration name.
+
+ * @param principal - the user id to authenticate
+ * @param credential - an opaque credential.
+ * @return false on failure, true on success.
+ */
+ private boolean authenticate(Principal principal, Object credential,
+ Subject theSubject)
+ {
+ Subject subject = null;
+ boolean authenticated = false;
+ LoginException authException = null;
+
+ try
+ {
+ // Validate the principal using the login configuration for this domain
+ LoginContext lc = defaultLogin(principal, credential);
+ subject = lc.getSubject();
+
+ // Set the current subject if login was successful
+ if( subject != null )
+ {
+ // Copy the current subject into theSubject
+ if( theSubject != null )
+ {
+ SubjectActions.copySubject(subject, theSubject, false,this.deepCopySubjectOption);
+ }
+ else
+ {
+ theSubject = subject;
+ }
+
+ authenticated = true;
+ // Build the Subject based DomainInfo cache value
+ updateCache(lc, subject, principal, credential);
+ }
+ }
+ catch(LoginException e)
+ {
+ // Don't log anonymous user failures unless trace level logging is on
+ if( principal != null && principal.getName() != null || trace )
+ log.trace("Login failure", e);
+ authException = e;
+ }
+ // Set the security association thread context info exception
+ SubjectActions.setContextInfo("org.jboss.security.exception", authException);
+
+ return authenticated;
+ }
+
+ /** Pass the security info to the login modules configured for
+ this security domain using our SecurityAssociationHandler.
+ @return The authenticated Subject if successful.
+ @exception LoginException throw if login fails for any reason.
+ */
+ private LoginContext defaultLogin(Principal principal, Object credential)
+ throws LoginException
+ {
+ /* We use our internal CallbackHandler to provide the security info. A
+ copy must be made to ensure there is a unique handler per active
+ login since there can be multiple active logins.
+ */
+ Object[] securityInfo = {principal, credential};
+ CallbackHandler theHandler = null;
+ try
+ {
+ theHandler = (CallbackHandler) handler.getClass().newInstance();
+ setSecurityInfo.invoke(theHandler, securityInfo);
+ }
+ catch (Throwable e)
+ {
+ if( trace )
+ log.trace("Failed to create/setSecurityInfo on handler", e);
+ LoginException le = new LoginException("Failed to setSecurityInfo on handler");
+ le.initCause(e);
+ throw le;
+ }
+ Subject subject = new Subject();
+ LoginContext lc = null;
+ if( trace )
+ log.trace("defaultLogin, principal="+principal);
+ lc = SubjectActions.createLoginContext(securityDomain, subject, theHandler);
+ lc.login();
+ if( trace )
+ log.trace("defaultLogin, lc="+lc+", subject="+SubjectActions.toString(subject));
+ return lc;
+ }
+
+ /** Validate the cache credential value against the provided credential
+ */
+ private boolean validateCache(DomainInfo info, Object credential,
+ Subject theSubject)
+ {
+ if( trace )
+ {
+ StringBuffer tmp = new StringBuffer("Begin validateCache, info=");
+ tmp.append(info.toString());
+ tmp.append(";credential.class=");
+ if( credential != null )
+ {
+ Class c = credential.getClass();
+ tmp.append(c.getName());
+ tmp.append('@');
+ tmp.append(System.identityHashCode(c));
+ }
+ else
+ {
+ tmp.append("null");
+ }
+ log.trace(tmp.toString());
+ }
+
+ Object subjectCredential = info.credential;
+ boolean isValid = false;
+ // Check for a null credential as can be the case for an anonymous user
+ if( credential == null || subjectCredential == null )
+ {
+ // Both credentials must be null
+ isValid = (credential == null) && (subjectCredential == null);
+ }
+ // See if the credential is assignable to the cache value
+ else if( subjectCredential.getClass().isAssignableFrom(credential.getClass()) )
+ {
+ /* Validate the credential by trying Comparable, char[], byte[],
+ Object[], and finally Object.equals()
+ */
+ if( subjectCredential instanceof Comparable )
+ {
+ Comparable c = (Comparable) subjectCredential;
+ isValid = c.compareTo(credential) == 0;
+ }
+ else if( subjectCredential instanceof char[] )
+ {
+ char[] a1 = (char[]) subjectCredential;
+ char[] a2 = (char[]) credential;
+ isValid = Arrays.equals(a1, a2);
+ }
+ else if( subjectCredential instanceof byte[] )
+ {
+ byte[] a1 = (byte[]) subjectCredential;
+ byte[] a2 = (byte[]) credential;
+ isValid = Arrays.equals(a1, a2);
+ }
+ else if( subjectCredential.getClass().isArray() )
+ {
+ Object[] a1 = (Object[]) subjectCredential;
+ Object[] a2 = (Object[]) credential;
+ isValid = Arrays.equals(a1, a2);
+ }
+ else
+ {
+ isValid = subjectCredential.equals(credential);
+ }
+ }
+ else if( subjectCredential instanceof char[] && credential instanceof String )
+ {
+ char[] a1 = (char[]) subjectCredential;
+ char[] a2 = ((String) credential).toCharArray();
+ isValid = Arrays.equals(a1, a2);
+ }
+ else if( subjectCredential instanceof String && credential instanceof char[] )
+ {
+ char[] a1 = ((String) subjectCredential).toCharArray();
+ char[] a2 = (char[]) credential;
+ isValid = Arrays.equals(a1, a2);
+ }
+
+ // If the credentials match, set the thread's active Subject
+ if( isValid )
+ {
+ // Copy the current subject into theSubject
+ if( theSubject != null )
+ {
+ SubjectActions.copySubject(info.subject, theSubject, false,this.deepCopySubjectOption);
+ }
+ }
+ if( trace )
+ log.trace("End validateCache, isValid="+isValid);
+
+ return isValid;
+ }
+
+ /** An accessor method that synchronizes access on the domainCache
+ to avoid a race condition that can occur when the cache entry expires
+ in the presence of multi-threaded access. The allowRefresh flag should
+ be true for authentication accesses and false for other accesses.
+ Previously the other accesses included authorization and caller principal
+ mapping. Now the only use of the
+
+ @param principal - the caller identity whose cached credentials are to
+ be accessed.
+ @param allowRefresh - a flag indicating if the cache access should flush
+ any expired entries.
+ */
+ private DomainInfo getCacheInfo(Principal principal, boolean allowRefresh)
+ {
+ if( domainCache == null )
+ return null;
+
+ DomainInfo cacheInfo = null;
+ synchronized( domainCache )
+ {
+ if( allowRefresh == true )
+ cacheInfo = (DomainInfo) domainCache.get(principal);
+ else
+ cacheInfo = (DomainInfo) domainCache.peek(principal);
+ if( cacheInfo != null )
+ cacheInfo.acquire();
+ }
+ return cacheInfo;
+ }
+
+ private Subject updateCache(LoginContext lc, Subject subject,
+ Principal principal, Object credential)
+ {
+ // If we don't have a cache there is nothing to update
+ if( domainCache == null )
+ return subject;
+
+ long lifetime = 0;
+ if( domainCache instanceof TimedCachePolicy )
+ {
+ TimedCachePolicy cache = (TimedCachePolicy) domainCache;
+ lifetime = cache.getDefaultLifetime();
+ }
+ DomainInfo info = new DomainInfo(lifetime);
+ info.loginCtx = lc;
+ info.subject = new Subject();
+ SubjectActions.copySubject(subject, info.subject, true, this.deepCopySubjectOption);
+ info.credential = credential;
+
+ if( trace )
+ {
+ log.trace("updateCache, inputSubject="+SubjectActions.toString(subject)
+ +", cacheSubject="+SubjectActions.toString(info.subject));
+ }
+
+ /* Get the Subject callerPrincipal by looking for a Group called
+ 'CallerPrincipal'
+ */
+ Set subjectGroups = subject.getPrincipals(Group.class);
+ Iterator iter = subjectGroups.iterator();
+ while( iter.hasNext() )
+ {
+ Group grp = (Group) iter.next();
+ String name = grp.getName();
+ if( name.equals("CallerPrincipal") )
+ {
+ Enumeration members = grp.members();
+ if( members.hasMoreElements() )
+ info.callerPrincipal = (Principal) members.nextElement();
+ }
+ }
+
+ /* Handle null principals with no callerPrincipal. This is an indication
+ of an user that has not provided any authentication info, but
+ has been authenticated by the domain login module stack. Here we look
+ for the first non-Group Principal and use that.
+ */
+ if( principal == null && info.callerPrincipal == null )
+ {
+ Set subjectPrincipals = subject.getPrincipals(Principal.class);
+ iter = subjectPrincipals.iterator();
+ while( iter.hasNext() )
+ {
+ Principal p = (Principal) iter.next();
+ if( (p instanceof Group) == false )
+ info.callerPrincipal = p;
+ }
+ }
+
+ /* If the user already exists another login is active. Currently
+ only one is allowed so remove the old and insert the new. Synchronize
+ on the domainCache to ensure the removal and addition are an atomic
+ operation so that getCacheInfo cannot see stale data.
+ */
+ synchronized( domainCache )
+ {
+ if( domainCache.peek(principal) != null )
+ domainCache.remove(principal);
+ domainCache.insert(principal, info);
+ if( trace )
+ log.trace("Inserted cache info: "+info);
+ }
+ return info.subject;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,380 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.plugins.authorization;
-
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.AuthorizationException;
-import org.jboss.security.authorization.AuthorizationModule;
-import org.jboss.security.authorization.Resource;
-import org.jboss.security.authorization.ResourceKeys;
-import org.jboss.security.authorization.ResourceType;
-import org.jboss.security.authorization.config.AuthorizationModuleEntry;
-import org.jboss.security.authorization.modules.DelegatingAuthorizationModule;
-import org.jboss.security.config.ApplicationPolicy;
-import org.jboss.security.config.AuthorizationInfo;
-import org.jboss.security.config.ControlFlag;
-import org.jboss.security.config.SecurityConfiguration;
-import org.jboss.security.identity.Role;
-import org.jboss.security.identity.RoleGroup;
-
-//$Id: JBossAuthorizationContext.java 62954 2007-05-10 04:12:18Z anil.saldhana at jboss.com $
-
-/**
- * JBAS-3374: Authorization Framework for Policy Decision Modules
- * For information on the behavior of the Authorization Modules,
- * For Authorization Modules behavior(Required, Requisite, Sufficient and Optional)
- * please refer to the javadoc for @see javax.security.auth.login.Configuration
- *
- * The AuthorizationContext derives the AuthorizationInfo(configuration for the modules)
- * in the following way:
- * a) If there has been an injection of ApplicationPolicy, then it will be used.
- * b) Util.getApplicationPolicy will be used(which relies on SecurityConfiguration static class).
- * c) Flag an error that there is no available Application Policy
- *
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jun 11, 2006
- * @version $Revision: 62954 $
- */
-public class JBossAuthorizationContext extends AuthorizationContext
-{
- private static Logger log = Logger.getLogger(JBossAuthorizationContext.class);
- private boolean trace = log.isTraceEnabled();
-
- private final String EJB = SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY;
- private final String WEB = SecurityConstants.DEFAULT_WEB_APPLICATION_POLICY;
-
- private Subject authenticatedSubject = null;
-
- //Application Policy can be injected
- private ApplicationPolicy applicationPolicy = null;
-
- public JBossAuthorizationContext(String name)
- {
- this.securityDomainName = name;
- }
-
- public JBossAuthorizationContext(String name, CallbackHandler handler)
- {
- this(name);
- this.callbackHandler = handler;
- }
-
- public JBossAuthorizationContext(String name, Subject subject, CallbackHandler handler)
- {
- this(name,handler);
- this.authenticatedSubject = subject;
- }
-
- /**
- * Inject an ApplicationPolicy that contains AuthorizationInfo
- * @param aPolicy
- * @throws IllegalArgumentException if ApplicationPolicy is null or
- * does not contain AuthorizationInfo or domain name does not match
- */
- public void setApplicationPolicy(ApplicationPolicy aPolicy)
- {
- if(aPolicy == null)
- throw new IllegalArgumentException("Application Policy is null:domain="+this.securityDomainName);
- AuthorizationInfo authzInfo = aPolicy.getAuthorizationInfo();
- if( authzInfo == null)
- throw new IllegalArgumentException("Application Policy has no AuthorizationInfo");
- if(!authzInfo.getName().equals(securityDomainName))
- throw new IllegalArgumentException("Application Policy ->AuthorizationInfo:" + authzInfo.getName()
- + " does not match required domain name=" + this.securityDomainName);
- this.applicationPolicy = aPolicy;
- }
-
-
- /**
- * Authorize the Resource
- * @param resource
- * @return AuthorizationContext.PERMIT or AuthorizationContext.DENY
- * @throws AuthorizationException
- */
- @SuppressWarnings("unchecked")
- public int authorize(final Resource resource) throws AuthorizationException
- {
- return this.authorize(resource, this.authenticatedSubject,
- (RoleGroup)resource.getMap().get(ResourceKeys.SECURITY_CONTEXT_ROLES));
- }
-
- /**
- * @see AuthorizationContext#authorize(Resource, Role)
- */
- public int authorize(final Resource resource,
- final Subject subject,
- final RoleGroup callerRoles) throws AuthorizationException
- {
- try
- {
- this.authenticatedSubject = subject;
- initializeModules(resource, callerRoles);
- }
- catch (PrivilegedActionException e1)
- {
- throw new RuntimeException(e1);
- }
- //Do a PrivilegedAction
- try
- {
- AccessController.doPrivileged(new PrivilegedExceptionAction<Object>()
- {
- public Object run() throws AuthorizationException
- {
- int result = invokeAuthorize(resource);
- if(result == PERMIT)
- invokeCommit();
- if(result == DENY)
- {
- invokeAbort();
- throw new AuthorizationException("Denied");
- }
- return null;
- }
- });
- }
- catch (PrivilegedActionException e)
- {
- Exception exc = e.getException();
- if(trace)
- log.trace("Error in authorize:", exc);
- invokeAbort();
- throw ((AuthorizationException)exc);
- }
- return PERMIT;
- //return authorize(resource);
- }
-
- //Private Methods
- private void initializeModules(Resource resource, RoleGroup role) throws PrivilegedActionException
- {
- AuthorizationInfo authzInfo = getAuthorizationInfo(securityDomainName, resource);
- if(authzInfo == null)
- throw new IllegalStateException("Authorization Info is null");
- AuthorizationModuleEntry[] entries = authzInfo.getAuthorizationModuleEntry();
- int len = entries != null ? entries.length : 0;
- for(int i = 0 ; i < len; i++)
- {
- AuthorizationModuleEntry entry = entries[i];
- ControlFlag flag = entry.getControlFlag();
- if(flag == null)
- {
- if(trace)
- log.trace("Null Control flag for entry:"+entry+". Defaults to REQUIRED!");
- flag = ControlFlag.REQUIRED;
- }
- else
- if(trace)
- log.trace("Control flag for entry:"+entry+"is:["+flag+"]");
-
- this.controlFlags.add(flag);
- modules.add(instantiateModule(entry.getPolicyModuleName(), entry.getOptions(), role));
- }
- }
-
- private int invokeAuthorize(Resource resource)
- throws AuthorizationException
- {
- //Control Flag behavior
- boolean encounteredRequiredError = false;
- boolean encounteredOptionalError = false;
- AuthorizationException moduleException = null;
- int overallDecision = DENY;
-
- int length = modules.size();
- for(int i = 0; i < length; i++)
- {
- AuthorizationModule module = (AuthorizationModule)modules.get(i);
- ControlFlag flag = (ControlFlag)this.controlFlags.get(i);
- int decision = DENY;
- try
- {
- decision = module.authorize(resource);
- }
- catch(Exception ae)
- {
- decision = DENY;
- if(moduleException == null)
- moduleException = new AuthorizationException(ae.getMessage());
- }
-
- if(decision == PERMIT)
- {
- overallDecision = PERMIT;
- //SUFFICIENT case
- if(flag == ControlFlag.SUFFICIENT && encounteredRequiredError == false)
- return PERMIT;
- continue; //Continue with the other modules
- }
- //Go through the failure cases
- //REQUISITE case
- if(flag == ControlFlag.REQUISITE)
- {
- if(trace)
- log.trace("REQUISITE failed for " + module);
- if(moduleException == null)
- moduleException = new AuthorizationException("Authorization failed");
- else
- throw moduleException;
- }
- //REQUIRED Case
- if(flag == ControlFlag.REQUIRED)
- {
- if(trace)
- log.trace("REQUIRED failed for " + module);
- if(encounteredRequiredError == false)
- encounteredRequiredError = true;
- }
- if(flag == ControlFlag.OPTIONAL)
- encounteredOptionalError = true;
- }
-
- //All the authorization modules have been visited.
- String msg = getAdditionalErrorMessage(moduleException);
- if(encounteredRequiredError)
- throw new AuthorizationException("Authorization Failed:"+ msg);
- if(overallDecision == DENY && encounteredOptionalError)
- throw new AuthorizationException("Authorization Failed:" + msg);
- if(overallDecision == DENY)
- throw new AuthorizationException("Authorization Failed:No modules active.");
- return PERMIT;
- }
-
- private void invokeCommit()
- throws AuthorizationException
- {
- int length = modules.size();
- for(int i = 0; i < length; i++)
- {
- AuthorizationModule module = (AuthorizationModule)modules.get(i);
- boolean bool = module.commit();
- if(!bool)
- throw new AuthorizationException("commit on modules failed:"+module.getClass());
- }
- modules.clear();
- }
-
- private void invokeAbort()
- throws AuthorizationException
- {
- int length = modules.size();
- for(int i = 0; i < length; i++)
- {
- AuthorizationModule module = (AuthorizationModule)modules.get(i);
- boolean bool = module.abort();
- if(!bool)
- throw new AuthorizationException("abort on modules failed:"+module.getClass());
- }
- modules.clear();
- }
-
- private AuthorizationModule instantiateModule(String name,
- Map<String,Object> map, RoleGroup subjectRoles)
- throws PrivilegedActionException
- {
- AuthorizationModule am = null;
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- try
- {
- Class<?> clazz = tcl.loadClass(name);
- am = (AuthorizationModule)clazz.newInstance();
- }
- catch ( Exception e)
- {
- log.debug("Error instantiating AuthorizationModule:",e);
- }
- if(am == null)
- throw new IllegalStateException("AuthorizationModule has not " +
- "been instantiated");
- am.initialize(this.authenticatedSubject, this.callbackHandler,
- this.sharedState,map, subjectRoles);
- return am;
- }
-
- private AuthorizationInfo getAuthorizationInfo(String domainName, Resource resource)
- {
- ResourceType layer = resource.getLayer();
-
- //Check if an instance of ApplicationPolicy is available
- if(this.applicationPolicy != null)
- return applicationPolicy.getAuthorizationInfo();
-
- ApplicationPolicy aPolicy = SecurityConfiguration.getApplicationPolicy(domainName);
-
- if(aPolicy == null)
- {
- if(trace)
- log.trace("Application Policy not obtained for domain="+ domainName +
- ". Trying to obtain the App policy for the default domain of the layer:");
- if(layer == ResourceType.EJB)
- aPolicy = SecurityConfiguration.getApplicationPolicy(EJB);
- else
- if(layer == ResourceType.WEB)
- aPolicy = SecurityConfiguration.getApplicationPolicy(WEB);
- }
- if(aPolicy == null)
- throw new IllegalStateException("Application Policy is null for domain:"+ domainName);
-
- AuthorizationInfo ai = aPolicy.getAuthorizationInfo();
- if(ai == null)
- return getAuthorizationInfo(layer);
- else
- return aPolicy.getAuthorizationInfo();
- }
-
- private AuthorizationInfo getAuthorizationInfo(ResourceType layer)
- {
- AuthorizationInfo ai = null;
-
- if(layer == ResourceType.EJB)
- ai = SecurityConfiguration.getApplicationPolicy(EJB).getAuthorizationInfo();
- else
- if(layer == ResourceType.WEB)
- ai = SecurityConfiguration.getApplicationPolicy(WEB).getAuthorizationInfo();
- else
- {
- if(log.isTraceEnabled())
- log.trace("AuthorizationInfo not found. Providing default authorization info");
- ai = new AuthorizationInfo(SecurityConstants.DEFAULT_APPLICATION_POLICY);
- ai.add(new AuthorizationModuleEntry(DelegatingAuthorizationModule.class.getName()));
- }
- return ai;
- }
-
- private String getAdditionalErrorMessage(Exception e)
- {
- StringBuilder msg = new StringBuilder(" ");
- if(e != null)
- msg.append(e.getLocalizedMessage());
- return msg.toString();
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,380 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.plugins.authorization;
+
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.AuthorizationException;
+import org.jboss.security.authorization.AuthorizationModule;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceKeys;
+import org.jboss.security.authorization.ResourceType;
+import org.jboss.security.authorization.config.AuthorizationModuleEntry;
+import org.jboss.security.authorization.modules.DelegatingAuthorizationModule;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.AuthorizationInfo;
+import org.jboss.security.config.ControlFlag;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
+
+//$Id: JBossAuthorizationContext.java 62954 2007-05-10 04:12:18Z anil.saldhana at jboss.com $
+
+/**
+ * JBAS-3374: Authorization Framework for Policy Decision Modules
+ * For information on the behavior of the Authorization Modules,
+ * For Authorization Modules behavior(Required, Requisite, Sufficient and Optional)
+ * please refer to the javadoc for @see javax.security.auth.login.Configuration
+ *
+ * The AuthorizationContext derives the AuthorizationInfo(configuration for the modules)
+ * in the following way:
+ * a) If there has been an injection of ApplicationPolicy, then it will be used.
+ * b) Util.getApplicationPolicy will be used(which relies on SecurityConfiguration static class).
+ * c) Flag an error that there is no available Application Policy
+ *
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jun 11, 2006
+ * @version $Revision: 62954 $
+ */
+public class JBossAuthorizationContext extends AuthorizationContext
+{
+ private static Logger log = Logger.getLogger(JBossAuthorizationContext.class);
+ private boolean trace = log.isTraceEnabled();
+
+ private final String EJB = SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY;
+ private final String WEB = SecurityConstants.DEFAULT_WEB_APPLICATION_POLICY;
+
+ private Subject authenticatedSubject = null;
+
+ //Application Policy can be injected
+ private ApplicationPolicy applicationPolicy = null;
+
+ public JBossAuthorizationContext(String name)
+ {
+ this.securityDomainName = name;
+ }
+
+ public JBossAuthorizationContext(String name, CallbackHandler handler)
+ {
+ this(name);
+ this.callbackHandler = handler;
+ }
+
+ public JBossAuthorizationContext(String name, Subject subject, CallbackHandler handler)
+ {
+ this(name,handler);
+ this.authenticatedSubject = subject;
+ }
+
+ /**
+ * Inject an ApplicationPolicy that contains AuthorizationInfo
+ * @param aPolicy
+ * @throws IllegalArgumentException if ApplicationPolicy is null or
+ * does not contain AuthorizationInfo or domain name does not match
+ */
+ public void setApplicationPolicy(ApplicationPolicy aPolicy)
+ {
+ if(aPolicy == null)
+ throw new IllegalArgumentException("Application Policy is null:domain="+this.securityDomainName);
+ AuthorizationInfo authzInfo = aPolicy.getAuthorizationInfo();
+ if( authzInfo == null)
+ throw new IllegalArgumentException("Application Policy has no AuthorizationInfo");
+ if(!authzInfo.getName().equals(securityDomainName))
+ throw new IllegalArgumentException("Application Policy ->AuthorizationInfo:" + authzInfo.getName()
+ + " does not match required domain name=" + this.securityDomainName);
+ this.applicationPolicy = aPolicy;
+ }
+
+
+ /**
+ * Authorize the Resource
+ * @param resource
+ * @return AuthorizationContext.PERMIT or AuthorizationContext.DENY
+ * @throws AuthorizationException
+ */
+ @SuppressWarnings("unchecked")
+ public int authorize(final Resource resource) throws AuthorizationException
+ {
+ return this.authorize(resource, this.authenticatedSubject,
+ (RoleGroup)resource.getMap().get(ResourceKeys.SECURITY_CONTEXT_ROLES));
+ }
+
+ /**
+ * @see AuthorizationContext#authorize(Resource, Role)
+ */
+ public int authorize(final Resource resource,
+ final Subject subject,
+ final RoleGroup callerRoles) throws AuthorizationException
+ {
+ try
+ {
+ this.authenticatedSubject = subject;
+ initializeModules(resource, callerRoles);
+ }
+ catch (PrivilegedActionException e1)
+ {
+ throw new RuntimeException(e1);
+ }
+ //Do a PrivilegedAction
+ try
+ {
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws AuthorizationException
+ {
+ int result = invokeAuthorize(resource);
+ if(result == PERMIT)
+ invokeCommit();
+ if(result == DENY)
+ {
+ invokeAbort();
+ throw new AuthorizationException("Denied");
+ }
+ return null;
+ }
+ });
+ }
+ catch (PrivilegedActionException e)
+ {
+ Exception exc = e.getException();
+ if(trace)
+ log.trace("Error in authorize:", exc);
+ invokeAbort();
+ throw ((AuthorizationException)exc);
+ }
+ return PERMIT;
+ //return authorize(resource);
+ }
+
+ //Private Methods
+ private void initializeModules(Resource resource, RoleGroup role) throws PrivilegedActionException
+ {
+ AuthorizationInfo authzInfo = getAuthorizationInfo(securityDomainName, resource);
+ if(authzInfo == null)
+ throw new IllegalStateException("Authorization Info is null");
+ AuthorizationModuleEntry[] entries = authzInfo.getAuthorizationModuleEntry();
+ int len = entries != null ? entries.length : 0;
+ for(int i = 0 ; i < len; i++)
+ {
+ AuthorizationModuleEntry entry = entries[i];
+ ControlFlag flag = entry.getControlFlag();
+ if(flag == null)
+ {
+ if(trace)
+ log.trace("Null Control flag for entry:"+entry+". Defaults to REQUIRED!");
+ flag = ControlFlag.REQUIRED;
+ }
+ else
+ if(trace)
+ log.trace("Control flag for entry:"+entry+"is:["+flag+"]");
+
+ this.controlFlags.add(flag);
+ modules.add(instantiateModule(entry.getPolicyModuleName(), entry.getOptions(), role));
+ }
+ }
+
+ private int invokeAuthorize(Resource resource)
+ throws AuthorizationException
+ {
+ //Control Flag behavior
+ boolean encounteredRequiredError = false;
+ boolean encounteredOptionalError = false;
+ AuthorizationException moduleException = null;
+ int overallDecision = DENY;
+
+ int length = modules.size();
+ for(int i = 0; i < length; i++)
+ {
+ AuthorizationModule module = (AuthorizationModule)modules.get(i);
+ ControlFlag flag = (ControlFlag)this.controlFlags.get(i);
+ int decision = DENY;
+ try
+ {
+ decision = module.authorize(resource);
+ }
+ catch(Exception ae)
+ {
+ decision = DENY;
+ if(moduleException == null)
+ moduleException = new AuthorizationException(ae.getMessage());
+ }
+
+ if(decision == PERMIT)
+ {
+ overallDecision = PERMIT;
+ //SUFFICIENT case
+ if(flag == ControlFlag.SUFFICIENT && encounteredRequiredError == false)
+ return PERMIT;
+ continue; //Continue with the other modules
+ }
+ //Go through the failure cases
+ //REQUISITE case
+ if(flag == ControlFlag.REQUISITE)
+ {
+ if(trace)
+ log.trace("REQUISITE failed for " + module);
+ if(moduleException == null)
+ moduleException = new AuthorizationException("Authorization failed");
+ else
+ throw moduleException;
+ }
+ //REQUIRED Case
+ if(flag == ControlFlag.REQUIRED)
+ {
+ if(trace)
+ log.trace("REQUIRED failed for " + module);
+ if(encounteredRequiredError == false)
+ encounteredRequiredError = true;
+ }
+ if(flag == ControlFlag.OPTIONAL)
+ encounteredOptionalError = true;
+ }
+
+ //All the authorization modules have been visited.
+ String msg = getAdditionalErrorMessage(moduleException);
+ if(encounteredRequiredError)
+ throw new AuthorizationException("Authorization Failed:"+ msg);
+ if(overallDecision == DENY && encounteredOptionalError)
+ throw new AuthorizationException("Authorization Failed:" + msg);
+ if(overallDecision == DENY)
+ throw new AuthorizationException("Authorization Failed:No modules active.");
+ return PERMIT;
+ }
+
+ private void invokeCommit()
+ throws AuthorizationException
+ {
+ int length = modules.size();
+ for(int i = 0; i < length; i++)
+ {
+ AuthorizationModule module = (AuthorizationModule)modules.get(i);
+ boolean bool = module.commit();
+ if(!bool)
+ throw new AuthorizationException("commit on modules failed:"+module.getClass());
+ }
+ modules.clear();
+ }
+
+ private void invokeAbort()
+ throws AuthorizationException
+ {
+ int length = modules.size();
+ for(int i = 0; i < length; i++)
+ {
+ AuthorizationModule module = (AuthorizationModule)modules.get(i);
+ boolean bool = module.abort();
+ if(!bool)
+ throw new AuthorizationException("abort on modules failed:"+module.getClass());
+ }
+ modules.clear();
+ }
+
+ private AuthorizationModule instantiateModule(String name,
+ Map<String,Object> map, RoleGroup subjectRoles)
+ throws PrivilegedActionException
+ {
+ AuthorizationModule am = null;
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ try
+ {
+ Class<?> clazz = tcl.loadClass(name);
+ am = (AuthorizationModule)clazz.newInstance();
+ }
+ catch ( Exception e)
+ {
+ log.debug("Error instantiating AuthorizationModule:",e);
+ }
+ if(am == null)
+ throw new IllegalStateException("AuthorizationModule has not " +
+ "been instantiated");
+ am.initialize(this.authenticatedSubject, this.callbackHandler,
+ this.sharedState,map, subjectRoles);
+ return am;
+ }
+
+ private AuthorizationInfo getAuthorizationInfo(String domainName, Resource resource)
+ {
+ ResourceType layer = resource.getLayer();
+
+ //Check if an instance of ApplicationPolicy is available
+ if(this.applicationPolicy != null)
+ return applicationPolicy.getAuthorizationInfo();
+
+ ApplicationPolicy aPolicy = SecurityConfiguration.getApplicationPolicy(domainName);
+
+ if(aPolicy == null)
+ {
+ if(trace)
+ log.trace("Application Policy not obtained for domain="+ domainName +
+ ". Trying to obtain the App policy for the default domain of the layer:");
+ if(layer == ResourceType.EJB)
+ aPolicy = SecurityConfiguration.getApplicationPolicy(EJB);
+ else
+ if(layer == ResourceType.WEB)
+ aPolicy = SecurityConfiguration.getApplicationPolicy(WEB);
+ }
+ if(aPolicy == null)
+ throw new IllegalStateException("Application Policy is null for domain:"+ domainName);
+
+ AuthorizationInfo ai = aPolicy.getAuthorizationInfo();
+ if(ai == null)
+ return getAuthorizationInfo(layer);
+ else
+ return aPolicy.getAuthorizationInfo();
+ }
+
+ private AuthorizationInfo getAuthorizationInfo(ResourceType layer)
+ {
+ AuthorizationInfo ai = null;
+
+ if(layer == ResourceType.EJB)
+ ai = SecurityConfiguration.getApplicationPolicy(EJB).getAuthorizationInfo();
+ else
+ if(layer == ResourceType.WEB)
+ ai = SecurityConfiguration.getApplicationPolicy(WEB).getAuthorizationInfo();
+ else
+ {
+ if(log.isTraceEnabled())
+ log.trace("AuthorizationInfo not found. Providing default authorization info");
+ ai = new AuthorizationInfo(SecurityConstants.DEFAULT_APPLICATION_POLICY);
+ ai.add(new AuthorizationModuleEntry(DelegatingAuthorizationModule.class.getName()));
+ }
+ return ai;
+ }
+
+ private String getAdditionalErrorMessage(Exception e)
+ {
+ StringBuilder msg = new StringBuilder(" ");
+ if(e != null)
+ msg.append(e.getLocalizedMessage());
+ return msg.toString();
+ }
+}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/main/org/jboss/security/plugins/javaee (from rev 72464, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/javaee)
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/WebJASPIAuthMgrUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/WebJASPIAuthMgrUnitTestCase.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/WebJASPIAuthMgrUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,98 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.authentication;
-
-import java.net.URL;
-
-import javax.security.auth.login.Configuration;
-import javax.security.auth.message.MessageInfo;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.security.AuthenticationManager;
-import org.jboss.security.SimplePrincipal;
-import org.jboss.security.auth.callback.AppCallbackHandler;
-import org.jboss.security.auth.login.XMLLoginConfigImpl;
-import org.jboss.security.auth.message.GenericMessageInfo;
-import org.jboss.security.plugins.JBossAuthenticationManager;
-import org.jboss.security.plugins.JBossSecurityContext;
-import org.jboss.security.SecurityContextAssociation;
-import org.jboss.test.SecurityActions;
-import org.jboss.test.util.TestHttpServletRequest;
-
-
-/**
- * Unit tests for the JBossAuthenticationManager with JASPI
- * @author Anil.Saldhana at redhat.com
- * @since May 10, 2007
- * @version $Revision$
- */
-public class WebJASPIAuthMgrUnitTestCase
-extends JBossAuthenticationManagerUnitTestCase
-{
- String securityDomain = "web-jaspi";
- AppCallbackHandler acbh = new AppCallbackHandler();
-
- @Override
- protected void setUp() throws Exception
- {
- super.setUp();
- JBossSecurityContext jsc = new JBossSecurityContext(securityDomain);
- SecurityContextAssociation.setSecurityContext(jsc);
- establishSecurityConfiguration();
- }
-
- public void testLogin() throws Exception
- {
- HttpServletRequest hsr = getHttpServletRequest("jduke", "theduke");
- MessageInfo mi = new GenericMessageInfo(hsr, (HttpServletResponse)null);
- AuthenticationManager am = new JBossAuthenticationManager(securityDomain,acbh);
- assertTrue(am.isValid(mi, null, "HTTP"));
- }
-
- public void testUnsuccessfulLogin() throws Exception
- {
- HttpServletRequest hsr = getHttpServletRequest("jduke", "BAD");
- MessageInfo mi = new GenericMessageInfo(hsr, (HttpServletResponse)null);
- AuthenticationManager am = new JBossAuthenticationManager(securityDomain,acbh);
- assertFalse(am.isValid(mi, null, "HTTP"));
- }
-
- private void establishSecurityConfiguration()
- {
- XMLLoginConfigImpl xli = new XMLLoginConfigImpl();
- SecurityActions.setJAASConfiguration((Configuration)xli);
- URL configURL = Thread.currentThread().getContextClassLoader().getResource("config/jaspi-config.xml");
- assertNotNull("Config URL",configURL);
- xli.setConfigURL(configURL);
- xli.loadConfig();
- }
-
- @SuppressWarnings("unchecked")
- public HttpServletRequest getHttpServletRequest(String username, String pass)
- {
- HttpServletRequest hsr = new TestHttpServletRequest(new SimplePrincipal(username), pass, "GET");
- hsr.getParameterMap().put("j_username", username);
- hsr.getParameterMap().put("j_password", pass);
- return hsr;
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/WebJASPIAuthMgrUnitTestCase.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/WebJASPIAuthMgrUnitTestCase.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/WebJASPIAuthMgrUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/WebJASPIAuthMgrUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,98 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authentication;
+
+import java.net.URL;
+
+import javax.security.auth.login.Configuration;
+import javax.security.auth.message.MessageInfo;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.auth.callback.AppCallbackHandler;
+import org.jboss.security.auth.login.XMLLoginConfigImpl;
+import org.jboss.security.auth.message.GenericMessageInfo;
+import org.jboss.security.plugins.JBossAuthenticationManager;
+import org.jboss.security.plugins.JBossSecurityContext;
+import org.jboss.test.SecurityActions;
+import org.jboss.test.util.TestHttpServletRequest;
+
+
+/**
+ * Unit tests for the JBossAuthenticationManager with JASPI
+ * @author Anil.Saldhana at redhat.com
+ * @since May 10, 2007
+ * @version $Revision$
+ */
+public class WebJASPIAuthMgrUnitTestCase
+extends JBossAuthenticationManagerUnitTestCase
+{
+ String securityDomain = "web-jaspi";
+ AppCallbackHandler acbh = new AppCallbackHandler();
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ JBossSecurityContext jsc = new JBossSecurityContext(securityDomain);
+ SecurityContextAssociation.setSecurityContext(jsc);
+ establishSecurityConfiguration();
+ }
+
+ public void testLogin() throws Exception
+ {
+ HttpServletRequest hsr = getHttpServletRequest("jduke", "theduke");
+ MessageInfo mi = new GenericMessageInfo(hsr, (HttpServletResponse)null);
+ AuthenticationManager am = new JBossAuthenticationManager(securityDomain,acbh);
+ assertTrue(am.isValid(mi, null, "HTTP"));
+ }
+
+ public void testUnsuccessfulLogin() throws Exception
+ {
+ HttpServletRequest hsr = getHttpServletRequest("jduke", "BAD");
+ MessageInfo mi = new GenericMessageInfo(hsr, (HttpServletResponse)null);
+ AuthenticationManager am = new JBossAuthenticationManager(securityDomain,acbh);
+ assertFalse(am.isValid(mi, null, "HTTP"));
+ }
+
+ private void establishSecurityConfiguration()
+ {
+ XMLLoginConfigImpl xli = new XMLLoginConfigImpl();
+ SecurityActions.setJAASConfiguration((Configuration)xli);
+ URL configURL = Thread.currentThread().getContextClassLoader().getResource("config/jaspi-config.xml");
+ assertNotNull("Config URL",configURL);
+ xli.setConfigURL(configURL);
+ xli.loadConfig();
+ }
+
+ @SuppressWarnings("unchecked")
+ public HttpServletRequest getHttpServletRequest(String username, String pass)
+ {
+ HttpServletRequest hsr = new TestHttpServletRequest(new SimplePrincipal(username), pass, "GET");
+ hsr.getParameterMap().put("j_username", username);
+ hsr.getParameterMap().put("j_password", pass);
+ return hsr;
+ }
+}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaas (from rev 72496, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaas)
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPILoginModuleDelgateUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPILoginModuleDelgateUnitTestCase.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPILoginModuleDelgateUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,129 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.authentication.jaspi;
-
-import java.net.URL;
-import java.util.HashMap;
-
-import javax.security.auth.Subject;
-import javax.security.auth.login.Configuration;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.MessageInfo;
-import javax.security.auth.message.config.AuthConfigFactory;
-import javax.security.auth.message.config.AuthConfigProvider;
-import javax.security.auth.message.config.ServerAuthConfig;
-import javax.security.auth.message.config.ServerAuthContext;
-
-import junit.framework.TestCase;
-
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.auth.callback.AppCallbackHandler;
-import org.jboss.security.auth.login.XMLLoginConfigImpl;
-import org.jboss.security.auth.message.GenericMessageInfo;
-import org.jboss.security.auth.message.config.JBossAuthConfigProvider;
-import org.jboss.security.plugins.JBossSecurityContext;
-import org.jboss.security.SecurityContextAssociation;
-import org.jboss.test.SecurityActions;
-
-//$Id$
-
-/**
- * Test the delegation to a JAAS Login Module
- * by a Server Auth Module
- * @author Anil.Saldhana at redhat.com
- * @since Jul 27, 2007
- * @version $Revision$
- */
-public class JASPILoginModuleDelgateUnitTestCase extends TestCase
-{
- AuthConfigFactory factory = null;
- String layer = SecurityConstants.SERVLET_LAYER;
- String appId = "localhost /petstore";
-
- String configFile="config/jaspi-config.xml";
-
- @Override
- protected void setUp() throws Exception
- {
- factory = AuthConfigFactory.getFactory();
- factory.registerConfigProvider(new JBossAuthConfigProvider(new HashMap()),
- layer, appId, "Test Config Provider");
-
- JBossSecurityContext jsc = new JBossSecurityContext("conf-jaspi-2");
- SecurityContextAssociation.setSecurityContext(jsc);
-
- XMLLoginConfigImpl xli = new XMLLoginConfigImpl();
- SecurityActions.setJAASConfiguration((Configuration)xli);
-
- URL configURL = Thread.currentThread().getContextClassLoader().getResource(configFile);
- assertNotNull("Config URL",configURL);
-
- xli.setConfigURL(configURL);
- xli.loadConfig();
- }
-
- public void testSuccessfulJASPI() throws Exception
- {
- AuthConfigProvider provider = factory.getConfigProvider(layer,appId,null);
- ServerAuthConfig serverConfig = provider.getServerAuthConfig(layer,appId,
- new AppCallbackHandler("jduke","theduke".toCharArray()));
- assertNotNull("ServerAuthConfig is not null", serverConfig);
-
- MessageInfo mi = new GenericMessageInfo(new Object(), new Object());
- String authContextID = serverConfig.getAuthContextID(mi);
- assertNotNull("AuthContext ID != null",authContextID);
- ServerAuthContext sctx = serverConfig.getAuthContext(authContextID,
- new Subject(), new HashMap());
- assertNotNull("ServerAuthContext != null",sctx);
- Subject clientSubject = new Subject();
- Subject serviceSubject = new Subject();
- AuthStatus status = sctx.validateRequest(mi, clientSubject, serviceSubject);
- assertEquals(AuthStatus.SUCCESS, status );
- }
-
- public void testUnSuccessfulJASPI() throws Exception
- {
- AuthConfigProvider provider = factory.getConfigProvider(layer,appId,null);
- ServerAuthConfig serverConfig = provider.getServerAuthConfig(layer,appId,
- new AppCallbackHandler("jduke","badpwd".toCharArray()));
- assertNotNull("ServerAuthConfig is not null", serverConfig);
-
- MessageInfo mi = new GenericMessageInfo(new Object(), new Object());
- String authContextID = serverConfig.getAuthContextID(mi);
- assertNotNull("AuthContext ID != null",authContextID);
- ServerAuthContext sctx = serverConfig.getAuthContext(authContextID,
- new Subject(), new HashMap());
- assertNotNull("ServerAuthContext != null",sctx);
- Subject clientSubject = new Subject();
- Subject serviceSubject = new Subject();
- try
- {
- AuthStatus status = sctx.validateRequest(mi, clientSubject, serviceSubject);
- assertEquals(AuthStatus.FAILURE, status );
- }
- catch(AuthException ae)
- {
- //Pass
- }
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPILoginModuleDelgateUnitTestCase.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPILoginModuleDelgateUnitTestCase.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPILoginModuleDelgateUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPILoginModuleDelgateUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,129 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authentication.jaspi;
+
+import java.net.URL;
+import java.util.HashMap;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.AuthConfigFactory;
+import javax.security.auth.message.config.AuthConfigProvider;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.config.ServerAuthContext;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.auth.callback.AppCallbackHandler;
+import org.jboss.security.auth.login.XMLLoginConfigImpl;
+import org.jboss.security.auth.message.GenericMessageInfo;
+import org.jboss.security.auth.message.config.JBossAuthConfigProvider;
+import org.jboss.security.plugins.JBossSecurityContext;
+import org.jboss.test.SecurityActions;
+
+//$Id$
+
+/**
+ * Test the delegation to a JAAS Login Module
+ * by a Server Auth Module
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 27, 2007
+ * @version $Revision$
+ */
+public class JASPILoginModuleDelgateUnitTestCase extends TestCase
+{
+ AuthConfigFactory factory = null;
+ String layer = SecurityConstants.SERVLET_LAYER;
+ String appId = "localhost /petstore";
+
+ String configFile="config/jaspi-config.xml";
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ factory = AuthConfigFactory.getFactory();
+ factory.registerConfigProvider(new JBossAuthConfigProvider(new HashMap()),
+ layer, appId, "Test Config Provider");
+
+ JBossSecurityContext jsc = new JBossSecurityContext("conf-jaspi-2");
+ SecurityContextAssociation.setSecurityContext(jsc);
+
+ XMLLoginConfigImpl xli = new XMLLoginConfigImpl();
+ SecurityActions.setJAASConfiguration((Configuration)xli);
+
+ URL configURL = Thread.currentThread().getContextClassLoader().getResource(configFile);
+ assertNotNull("Config URL",configURL);
+
+ xli.setConfigURL(configURL);
+ xli.loadConfig();
+ }
+
+ public void testSuccessfulJASPI() throws Exception
+ {
+ AuthConfigProvider provider = factory.getConfigProvider(layer,appId,null);
+ ServerAuthConfig serverConfig = provider.getServerAuthConfig(layer,appId,
+ new AppCallbackHandler("jduke","theduke".toCharArray()));
+ assertNotNull("ServerAuthConfig is not null", serverConfig);
+
+ MessageInfo mi = new GenericMessageInfo(new Object(), new Object());
+ String authContextID = serverConfig.getAuthContextID(mi);
+ assertNotNull("AuthContext ID != null",authContextID);
+ ServerAuthContext sctx = serverConfig.getAuthContext(authContextID,
+ new Subject(), new HashMap());
+ assertNotNull("ServerAuthContext != null",sctx);
+ Subject clientSubject = new Subject();
+ Subject serviceSubject = new Subject();
+ AuthStatus status = sctx.validateRequest(mi, clientSubject, serviceSubject);
+ assertEquals(AuthStatus.SUCCESS, status );
+ }
+
+ public void testUnSuccessfulJASPI() throws Exception
+ {
+ AuthConfigProvider provider = factory.getConfigProvider(layer,appId,null);
+ ServerAuthConfig serverConfig = provider.getServerAuthConfig(layer,appId,
+ new AppCallbackHandler("jduke","badpwd".toCharArray()));
+ assertNotNull("ServerAuthConfig is not null", serverConfig);
+
+ MessageInfo mi = new GenericMessageInfo(new Object(), new Object());
+ String authContextID = serverConfig.getAuthContextID(mi);
+ assertNotNull("AuthContext ID != null",authContextID);
+ ServerAuthContext sctx = serverConfig.getAuthContext(authContextID,
+ new Subject(), new HashMap());
+ assertNotNull("ServerAuthContext != null",sctx);
+ Subject clientSubject = new Subject();
+ Subject serviceSubject = new Subject();
+ try
+ {
+ AuthStatus status = sctx.validateRequest(mi, clientSubject, serviceSubject);
+ assertEquals(AuthStatus.FAILURE, status );
+ }
+ catch(AuthException ae)
+ {
+ //Pass
+ }
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,120 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.authentication.jaspi;
-
-import java.net.URL;
-import java.util.HashMap;
-
-import javax.security.auth.Subject;
-import javax.security.auth.login.Configuration;
-import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.MessageInfo;
-import javax.security.auth.message.config.AuthConfigFactory;
-import javax.security.auth.message.config.AuthConfigProvider;
-import javax.security.auth.message.config.ServerAuthConfig;
-import javax.security.auth.message.config.ServerAuthContext;
-
-import junit.framework.TestCase;
-
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.auth.callback.AppCallbackHandler;
-import org.jboss.security.auth.login.XMLLoginConfigImpl;
-import org.jboss.security.auth.message.GenericMessageInfo;
-import org.jboss.security.auth.message.config.JBossAuthConfigProvider;
-import org.jboss.security.plugins.JBossSecurityContext;
-import org.jboss.security.SecurityContextAssociation;
-import org.jboss.test.SecurityActions;
-
-//$Id$
-
-/**
- * Test the Server side workflow for JASPI
- * @author Anil.Saldhana at redhat.com
- * @since Jul 16, 2007
- * @version $Revision$
- */
-public class JASPIWorkflowUnitTestCase extends TestCase
-{
- AuthConfigFactory factory = null;
- String layer = SecurityConstants.SERVLET_LAYER;
- String appId = "localhost /petstore";
-
- String configFile="config/jaspi-config.xml";
-
- @Override
- protected void setUp() throws Exception
- {
- factory = AuthConfigFactory.getFactory();
- factory.registerConfigProvider(new JBossAuthConfigProvider(new HashMap()),
- layer, appId, "Test Config Provider");
-
- JBossSecurityContext jsc = new JBossSecurityContext("conf-jaspi");
- SecurityContextAssociation.setSecurityContext(jsc);
-
- XMLLoginConfigImpl xli = new XMLLoginConfigImpl();
- SecurityActions.setJAASConfiguration((Configuration)xli);
-
- URL configURL = Thread.currentThread().getContextClassLoader().getResource(configFile);
- assertNotNull("Config URL",configURL);
-
- xli.setConfigURL(configURL);
- xli.loadConfig();
- }
-
- public void testSuccessfulJASPI() throws Exception
- {
- AuthConfigProvider provider = factory.getConfigProvider(layer,appId,null);
- ServerAuthConfig serverConfig = provider.getServerAuthConfig(layer,appId,
- new AppCallbackHandler("anil","anilpwd".toCharArray()));
- assertNotNull("ServerAuthConfig is not null", serverConfig);
-
- MessageInfo mi = new GenericMessageInfo(new Object(), new Object());
- String authContextID = serverConfig.getAuthContextID(mi);
- assertNotNull("AuthContext ID != null",authContextID);
- ServerAuthContext sctx = serverConfig.getAuthContext(authContextID,
- new Subject(), new HashMap());
- assertNotNull("ServerAuthContext != null",sctx);
- Subject clientSubject = new Subject();
- Subject serviceSubject = new Subject();
- AuthStatus status = sctx.validateRequest(mi, clientSubject, serviceSubject);
- assertEquals(AuthStatus.SUCCESS, status );
- }
-
- public void testUnSuccessfulJASPI() throws Exception
- {
- AuthConfigProvider provider = factory.getConfigProvider(layer,appId,null);
- ServerAuthConfig serverConfig = provider.getServerAuthConfig(layer,appId,
- new AppCallbackHandler("anil","badpwd".toCharArray()));
- assertNotNull("ServerAuthConfig is not null", serverConfig);
-
- MessageInfo mi = new GenericMessageInfo(new Object(), new Object());
- String authContextID = serverConfig.getAuthContextID(mi);
- assertNotNull("AuthContext ID != null",authContextID);
- ServerAuthContext sctx = serverConfig.getAuthContext(authContextID,
- new Subject(), new HashMap());
- assertNotNull("ServerAuthContext != null",sctx);
- Subject clientSubject = new Subject();
- Subject serviceSubject = new Subject();
- AuthStatus status = sctx.validateRequest(mi, clientSubject, serviceSubject);
- assertEquals(AuthStatus.FAILURE, status );
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,120 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authentication.jaspi;
+
+import java.net.URL;
+import java.util.HashMap;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.AuthConfigFactory;
+import javax.security.auth.message.config.AuthConfigProvider;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.config.ServerAuthContext;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.auth.callback.AppCallbackHandler;
+import org.jboss.security.auth.login.XMLLoginConfigImpl;
+import org.jboss.security.auth.message.GenericMessageInfo;
+import org.jboss.security.auth.message.config.JBossAuthConfigProvider;
+import org.jboss.security.plugins.JBossSecurityContext;
+import org.jboss.test.SecurityActions;
+
+//$Id$
+
+/**
+ * Test the Server side workflow for JASPI
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 16, 2007
+ * @version $Revision$
+ */
+public class JASPIWorkflowUnitTestCase extends TestCase
+{
+ AuthConfigFactory factory = null;
+ String layer = SecurityConstants.SERVLET_LAYER;
+ String appId = "localhost /petstore";
+
+ String configFile="config/jaspi-config.xml";
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ factory = AuthConfigFactory.getFactory();
+ factory.registerConfigProvider(new JBossAuthConfigProvider(new HashMap()),
+ layer, appId, "Test Config Provider");
+
+ JBossSecurityContext jsc = new JBossSecurityContext("conf-jaspi");
+ SecurityContextAssociation.setSecurityContext(jsc);
+
+ XMLLoginConfigImpl xli = new XMLLoginConfigImpl();
+ SecurityActions.setJAASConfiguration((Configuration)xli);
+
+ URL configURL = Thread.currentThread().getContextClassLoader().getResource(configFile);
+ assertNotNull("Config URL",configURL);
+
+ xli.setConfigURL(configURL);
+ xli.loadConfig();
+ }
+
+ public void testSuccessfulJASPI() throws Exception
+ {
+ AuthConfigProvider provider = factory.getConfigProvider(layer,appId,null);
+ ServerAuthConfig serverConfig = provider.getServerAuthConfig(layer,appId,
+ new AppCallbackHandler("anil","anilpwd".toCharArray()));
+ assertNotNull("ServerAuthConfig is not null", serverConfig);
+
+ MessageInfo mi = new GenericMessageInfo(new Object(), new Object());
+ String authContextID = serverConfig.getAuthContextID(mi);
+ assertNotNull("AuthContext ID != null",authContextID);
+ ServerAuthContext sctx = serverConfig.getAuthContext(authContextID,
+ new Subject(), new HashMap());
+ assertNotNull("ServerAuthContext != null",sctx);
+ Subject clientSubject = new Subject();
+ Subject serviceSubject = new Subject();
+ AuthStatus status = sctx.validateRequest(mi, clientSubject, serviceSubject);
+ assertEquals(AuthStatus.SUCCESS, status );
+ }
+
+ public void testUnSuccessfulJASPI() throws Exception
+ {
+ AuthConfigProvider provider = factory.getConfigProvider(layer,appId,null);
+ ServerAuthConfig serverConfig = provider.getServerAuthConfig(layer,appId,
+ new AppCallbackHandler("anil","badpwd".toCharArray()));
+ assertNotNull("ServerAuthConfig is not null", serverConfig);
+
+ MessageInfo mi = new GenericMessageInfo(new Object(), new Object());
+ String authContextID = serverConfig.getAuthContextID(mi);
+ assertNotNull("AuthContext ID != null",authContextID);
+ ServerAuthContext sctx = serverConfig.getAuthContext(authContextID,
+ new Subject(), new HashMap());
+ assertNotNull("ServerAuthContext != null",sctx);
+ Subject clientSubject = new Subject();
+ Subject serviceSubject = new Subject();
+ AuthStatus status = sctx.validateRequest(mi, clientSubject, serviceSubject);
+ assertEquals(AuthStatus.FAILURE, status );
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestAuthConfigProvider.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestAuthConfigProvider.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestAuthConfigProvider.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,59 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.authentication.jaspi.helpers;
-
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.config.AuthConfigProvider;
-import javax.security.auth.message.config.ClientAuthConfig;
-import javax.security.auth.message.config.ServerAuthConfig;
-
-//$Id$
-
-/**
- * Test AuthConfigProvider
- * @author Anil.Saldhana at redhat.com
- * @since Jul 11, 2007
- * @version $Revision$
- */
-public class TestAuthConfigProvider implements AuthConfigProvider
-{
- private CallbackHandler theHandler;
-
- public ClientAuthConfig getClientAuthConfig(String layer,
- String appcontext, CallbackHandler handler) throws AuthException,
- SecurityException
- {
- return new TestClientAuthConfig();
- }
-
- public ServerAuthConfig getServerAuthConfig(String layer,
- String appcontext, CallbackHandler handler) throws AuthException,
- SecurityException
- {
- return new TestServerAuthConfig() ;
- }
-
- public void refresh() throws AuthException, SecurityException
- {
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestAuthConfigProvider.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestAuthConfigProvider.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestAuthConfigProvider.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestAuthConfigProvider.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,56 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authentication.jaspi.helpers;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.config.AuthConfigProvider;
+import javax.security.auth.message.config.ClientAuthConfig;
+import javax.security.auth.message.config.ServerAuthConfig;
+
+
+/**
+ * Test AuthConfigProvider
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 11, 2007
+ * @version $Revision$
+ */
+public class TestAuthConfigProvider implements AuthConfigProvider
+{
+ public ClientAuthConfig getClientAuthConfig(String layer,
+ String appcontext, CallbackHandler handler) throws AuthException,
+ SecurityException
+ {
+ return new TestClientAuthConfig();
+ }
+
+ public ServerAuthConfig getServerAuthConfig(String layer,
+ String appcontext, CallbackHandler handler) throws AuthException,
+ SecurityException
+ {
+ return new TestServerAuthConfig() ;
+ }
+
+ public void refresh() throws AuthException, SecurityException
+ {
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestClientAuthConfig.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestClientAuthConfig.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestClientAuthConfig.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,73 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.authentication.jaspi.helpers;
-
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.MessageInfo;
-import javax.security.auth.message.config.ClientAuthConfig;
-import javax.security.auth.message.config.ClientAuthContext;
-
-//$Id$
-
-/**
- * Test ClientAuthConfig
- * @author Anil.Saldhana at redhat.com
- * @since Jul 16, 2007
- * @version $Revision$
- */
-public class TestClientAuthConfig implements ClientAuthConfig
-{
-
- public ClientAuthContext getAuthContext(String authContextID,
- Subject clientSubject, Map properties)
- throws AuthException
- {
- return new TestClientAuthContext();
- }
-
- public String getAppContext()
- {
- return "TEST";
- }
-
- public String getAuthContextID(MessageInfo messageInfo)
- {
- return "AUTHCONTEXTID";
- }
-
- public String getMessageLayer()
- {
- return "TESTCLIENT";
- }
-
- public boolean isProtected()
- {
- return false;
- }
-
- public void refresh() throws AuthException, SecurityException
- {
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestClientAuthConfig.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestClientAuthConfig.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestClientAuthConfig.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestClientAuthConfig.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,71 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authentication.jaspi.helpers;
+
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.ClientAuthConfig;
+import javax.security.auth.message.config.ClientAuthContext;
+
+/**
+ * Test ClientAuthConfig
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 16, 2007
+ * @version $Revision$
+ */
+public class TestClientAuthConfig implements ClientAuthConfig
+{
+
+ public ClientAuthContext getAuthContext(String authContextID,
+ Subject clientSubject, Map properties)
+ throws AuthException
+ {
+ return new TestClientAuthContext();
+ }
+
+ public String getAppContext()
+ {
+ return "TEST";
+ }
+
+ public String getAuthContextID(MessageInfo messageInfo)
+ {
+ return "AUTHCONTEXTID";
+ }
+
+ public String getMessageLayer()
+ {
+ return "TESTCLIENT";
+ }
+
+ public boolean isProtected()
+ {
+ return false;
+ }
+
+ public void refresh() throws AuthException, SecurityException
+ {
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestServerAuthConfig.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestServerAuthConfig.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestServerAuthConfig.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,71 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.authentication.jaspi.helpers;
-
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.MessageInfo;
-import javax.security.auth.message.config.ServerAuthConfig;
-import javax.security.auth.message.config.ServerAuthContext;
-
-//$Id$
-
-/**
- * Test ServerAuthConfig
- * @author Anil.Saldhana at redhat.com
- * @since Jul 11, 2007
- * @version $Revision$
- */
-public class TestServerAuthConfig implements ServerAuthConfig
-{
- public ServerAuthContext getAuthContext(String authContextID,
- Subject serviceSubject, Map properties)
- {
- return new TestServerAuthContext();
- }
-
- public String getAppContext()
- {
- return null;
- }
-
- public String getAuthContextID(MessageInfo messageInfo)
- {
- return "AUTHCONTEXTID";
- }
-
- public String getMessageLayer()
- {
- return "TEST";
- }
-
- public boolean isProtected()
- {
- return false;
- }
-
- public void refresh() throws AuthException, SecurityException
- {
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestServerAuthConfig.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestServerAuthConfig.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestServerAuthConfig.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authentication/jaspi/helpers/TestServerAuthConfig.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,70 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authentication.jaspi.helpers;
+
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.config.ServerAuthContext;
+
+
+/**
+ * Test ServerAuthConfig
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 11, 2007
+ * @version $Revision$
+ */
+public class TestServerAuthConfig implements ServerAuthConfig
+{
+ public ServerAuthContext getAuthContext(String authContextID,
+ Subject serviceSubject, Map properties)
+ {
+ return new TestServerAuthContext();
+ }
+
+ public String getAppContext()
+ {
+ return null;
+ }
+
+ public String getAuthContextID(MessageInfo messageInfo)
+ {
+ return "AUTHCONTEXTID";
+ }
+
+ public String getMessageLayer()
+ {
+ return "TEST";
+ }
+
+ public boolean isProtected()
+ {
+ return false;
+ }
+
+ public void refresh() throws AuthException, SecurityException
+ {
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthZMgrSafetyUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthZMgrSafetyUnitTestCase.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthZMgrSafetyUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,139 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.authorization;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.concurrent.Callable;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
-
-import javax.security.auth.Subject;
-
-import junit.framework.TestCase;
-
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.Resource;
-import org.jboss.security.authorization.ResourceType;
-import org.jboss.security.authorization.config.AuthorizationModuleEntry;
-import org.jboss.security.authorization.modules.DelegatingAuthorizationModule;
-import org.jboss.security.config.ApplicationPolicy;
-import org.jboss.security.config.AuthorizationInfo;
-import org.jboss.security.config.SecurityConfiguration;
-import org.jboss.security.identity.RoleGroup;
-import org.jboss.security.identity.plugins.SimpleRole;
-import org.jboss.security.identity.plugins.SimpleRoleGroup;
-import org.jboss.security.plugins.JBossAuthorizationManager;
-
-//$Id$
-
-/**
- * Test the concurrency correctness of JBossAuthorizationManager
- * @author Anil.Saldhana at redhat.com
- * @since Dec 15, 2007
- * @version $Revision$
- */
-public class JBossAuthZMgrSafetyUnitTestCase extends TestCase
-{
- private JBossAuthorizationManager am = new JBossAuthorizationManager("other");
-
- protected void setUp() throws Exception
- {
- setUpRegularConfiguration();
- }
-
- public void testThreadSafety() throws Exception
- {
- //Create 3 authz threads and 2 authzsetandcall threads
- AuthzCallable t1 = new AuthzCallable();
- AuthzSetAndCall t2 = new AuthzSetAndCall();
- AuthzCallable t3 = new AuthzCallable();
- AuthzSetAndCall t4 = new AuthzSetAndCall();
- AuthzCallable t5 = new AuthzCallable();
-
- ExecutorService es = Executors.newFixedThreadPool(5) ;
- assertTrue(es.submit(t1).get());
- assertTrue(es.submit(t2).get());
- assertTrue(es.submit(t3).get());
- assertTrue(es.submit(t4).get());
- assertTrue(es.submit(t5).get());
- }
-
- private class AuthzCallable implements Callable<Boolean>
- {
- private TestResource resource = new TestResource();
- public Boolean call() throws Exception
- {
- RoleGroup role = getRoleGroup("roleA");
- Subject subject = new Subject();
- return am.authorize(resource, subject, role) == AuthorizationContext.PERMIT;
- }
- }
-
- private class AuthzSetAndCall implements Callable<Boolean>
- {
- private TestResource resource = new TestResource();
- public Boolean call() throws Exception
- {
- RoleGroup role = getRoleGroup("roleA");
- Subject subject = new Subject();
- return am.authorize(resource, subject, role) == AuthorizationContext.PERMIT;
- }
- }
-
- private class TestResource implements Resource
- {
- public ResourceType getLayer()
- {
- return ResourceType.WEB;
- }
-
- public Map<String, Object> getMap()
- {
- return new HashMap<String,Object>();
- }
- }
-
- private void setUpRegularConfiguration() throws Exception
- {
- SecurityConfiguration.addApplicationPolicy(getApplicationPolicy("other"));
- }
-
- private ApplicationPolicy getApplicationPolicy(String domain)
- {
- AuthorizationInfo ai = new AuthorizationInfo(domain);
- String moduleName = DelegatingAuthorizationModule.class.getName();
- AuthorizationModuleEntry ame = new AuthorizationModuleEntry(moduleName);
- ai.add(ame);
- ApplicationPolicy ap = new ApplicationPolicy(domain);
- ap.setAuthorizationInfo(ai);
- return ap;
- }
-
- private RoleGroup getRoleGroup(String rolename)
- {
- SimpleRoleGroup srg = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
- srg.getRoles().add(new SimpleRole(rolename));
- return srg;
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthZMgrSafetyUnitTestCase.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthZMgrSafetyUnitTestCase.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthZMgrSafetyUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthZMgrSafetyUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,109 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authorization;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+import javax.security.auth.Subject;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceType;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.plugins.JBossAuthorizationManager;
+import org.jboss.test.util.SecurityTestUtil;
+
+/**
+ * Test the concurrency correctness of JBossAuthorizationManager
+ * @author Anil.Saldhana at redhat.com
+ * @since Dec 15, 2007
+ * @version $Revision$
+ */
+public class JBossAuthZMgrSafetyUnitTestCase extends TestCase
+{
+ private JBossAuthorizationManager am = new JBossAuthorizationManager("other");
+
+ protected void setUp() throws Exception
+ {
+ ApplicationPolicy ap = SecurityTestUtil.getApplicationPolicy("other", null);
+ SecurityTestUtil.setUpRegularConfiguration(ap);
+ }
+
+ public void testThreadSafety() throws Exception
+ {
+ //Create 3 authz threads and 2 authzsetandcall threads
+ AuthzCallable t1 = new AuthzCallable();
+ AuthzSetAndCall t2 = new AuthzSetAndCall();
+ AuthzCallable t3 = new AuthzCallable();
+ AuthzSetAndCall t4 = new AuthzSetAndCall();
+ AuthzCallable t5 = new AuthzCallable();
+
+ ExecutorService es = Executors.newFixedThreadPool(5) ;
+ assertTrue(es.submit(t1).get());
+ assertTrue(es.submit(t2).get());
+ assertTrue(es.submit(t3).get());
+ assertTrue(es.submit(t4).get());
+ assertTrue(es.submit(t5).get());
+ }
+
+ private class AuthzCallable implements Callable<Boolean>
+ {
+ private TestResource resource = new TestResource();
+ public Boolean call() throws Exception
+ {
+ RoleGroup role = SecurityTestUtil.getRoleGroup("roleA");
+ Subject subject = new Subject();
+ return am.authorize(resource, subject, role) == AuthorizationContext.PERMIT;
+ }
+ }
+
+ private class AuthzSetAndCall implements Callable<Boolean>
+ {
+ private TestResource resource = new TestResource();
+ public Boolean call() throws Exception
+ {
+ RoleGroup role = SecurityTestUtil.getRoleGroup("roleA");
+ Subject subject = new Subject();
+ return am.authorize(resource, subject, role) == AuthorizationContext.PERMIT;
+ }
+ }
+
+ private class TestResource implements Resource
+ {
+ public ResourceType getLayer()
+ {
+ return ResourceType.WEB;
+ }
+
+ public Map<String, Object> getMap()
+ {
+ return new HashMap<String,Object>();
+ }
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,114 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.authorization;
-
-import java.security.Principal;
-import java.util.HashMap;
-
-import javax.security.auth.Subject;
-import javax.security.jacc.PolicyContext;
-
-import junit.framework.TestCase;
-
-import org.jboss.security.AuthorizationManager;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextFactory;
-import org.jboss.security.SimplePrincipal;
-import org.jboss.security.authorization.config.AuthorizationModuleEntry;
-import org.jboss.security.authorization.resources.WebResource;
-import org.jboss.security.config.ApplicationPolicy;
-import org.jboss.security.config.AuthorizationInfo;
-import org.jboss.security.config.SecurityConfiguration;
-import org.jboss.security.identity.RoleGroup;
-import org.jboss.security.identity.plugins.SimpleRole;
-import org.jboss.security.identity.plugins.SimpleRoleGroup;
-import org.jboss.security.jacc.SubjectPolicyContextHandler;
-import org.jboss.security.plugins.JBossAuthorizationManager;
-import org.jboss.security.SecurityContextAssociation;
-import org.jboss.test.util.TestHttpServletRequest;
-
-//$Id$
-
-/**
- * Unit test the JBossAuthorizationManager
- * @author Anil.Saldhana at redhat.com
- * @since May 17, 2007
- * @version $Revision$
- */
-public class JBossAuthorizationManagerUnitTestCase extends TestCase
-{
- private Principal p = new SimplePrincipal("jduke");
- private String contextID = "web.war";
-
- protected void setUp() throws Exception
- {
- super.setUp();
- setSecurityContext();
- setUpPolicyContext();
- setSecurityConfiguration();
- }
-
- public void testAuthorization() throws Exception
- {
- HashMap<String,Object> cmap = new HashMap<String,Object>();
- WebResource wr = new WebResource(cmap);
- wr.setServletRequest(new TestHttpServletRequest(p,"test", "get"));
- AuthorizationManager am = new JBossAuthorizationManager("other");
- am.authorize(wr);//This should just pass as the default module PERMITS all
- }
-
- private RoleGroup getRoleGroup()
- {
- RoleGroup rg = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
- rg.addRole(new SimpleRole("ServletUserRole"));
- return rg;
- }
-
- private void setSecurityContext() throws Exception
- {
- Subject subj = new Subject();
- subj.getPrincipals().add(p);
- SecurityContext sc = SecurityContextFactory.createSecurityContext("other");
- sc.getUtil().createSubjectInfo(p, "cred", subj);
- sc.getUtil().setRoles(getRoleGroup());
- SecurityContextAssociation.setSecurityContext(sc);
- }
-
- private void setUpPolicyContext() throws Exception
- {
- PolicyContext.setContextID(contextID);
- PolicyContext.registerHandler(SecurityConstants.SUBJECT_CONTEXT_KEY,
- new SubjectPolicyContextHandler(), true);
- }
-
- private void setSecurityConfiguration() throws Exception
- {
- String name = "org.jboss.security.authorization.modules.web.WebAuthorizationModule";
- ApplicationPolicy ap = new ApplicationPolicy("other");
- AuthorizationInfo ai = new AuthorizationInfo("other");
- AuthorizationModuleEntry ame = new AuthorizationModuleEntry(name);
- ai.add(ame);
- ap.setAuthorizationInfo(ai);
- SecurityConfiguration.addApplicationPolicy(ap);
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,114 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authorization;
+
+import java.security.Principal;
+import java.util.HashMap;
+
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.AuthorizationManager;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.authorization.config.AuthorizationModuleEntry;
+import org.jboss.security.authorization.resources.WebResource;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.AuthorizationInfo;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
+import org.jboss.security.jacc.SubjectPolicyContextHandler;
+import org.jboss.security.plugins.JBossAuthorizationManager;
+import org.jboss.test.util.TestHttpServletRequest;
+
+//$Id$
+
+/**
+ * Unit test the JBossAuthorizationManager
+ * @author Anil.Saldhana at redhat.com
+ * @since May 17, 2007
+ * @version $Revision$
+ */
+public class JBossAuthorizationManagerUnitTestCase extends TestCase
+{
+ private Principal p = new SimplePrincipal("jduke");
+ private String contextID = "web.war";
+
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ setSecurityContext();
+ setUpPolicyContext();
+ setSecurityConfiguration();
+ }
+
+ public void testAuthorization() throws Exception
+ {
+ HashMap<String,Object> cmap = new HashMap<String,Object>();
+ WebResource wr = new WebResource(cmap);
+ wr.setServletRequest(new TestHttpServletRequest(p,"test", "get"));
+ AuthorizationManager am = new JBossAuthorizationManager("other");
+ am.authorize(wr);//This should just pass as the default module PERMITS all
+ }
+
+ private RoleGroup getRoleGroup()
+ {
+ RoleGroup rg = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+ rg.addRole(new SimpleRole("ServletUserRole"));
+ return rg;
+ }
+
+ private void setSecurityContext() throws Exception
+ {
+ Subject subj = new Subject();
+ subj.getPrincipals().add(p);
+ SecurityContext sc = SecurityContextFactory.createSecurityContext("other");
+ sc.getUtil().createSubjectInfo(p, "cred", subj);
+ sc.getUtil().setRoles(getRoleGroup());
+ SecurityContextAssociation.setSecurityContext(sc);
+ }
+
+ private void setUpPolicyContext() throws Exception
+ {
+ PolicyContext.setContextID(contextID);
+ PolicyContext.registerHandler(SecurityConstants.SUBJECT_CONTEXT_KEY,
+ new SubjectPolicyContextHandler(), true);
+ }
+
+ private void setSecurityConfiguration() throws Exception
+ {
+ String name = "org.jboss.security.authorization.modules.web.WebAuthorizationModule";
+ ApplicationPolicy ap = new ApplicationPolicy("other");
+ AuthorizationInfo ai = new AuthorizationInfo("other");
+ AuthorizationModuleEntry ame = new AuthorizationModuleEntry(name);
+ ai.add(ame);
+ ap.setAuthorizationInfo(ai);
+ SecurityConfiguration.addApplicationPolicy(ap);
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/acl/JBossAuthorizationManagerACLUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/acl/JBossAuthorizationManagerACLUnitTestCase.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/acl/JBossAuthorizationManagerACLUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,110 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.authorization.acl;
-
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.HashMap;
-import java.util.Set;
-
-import junit.framework.TestCase;
-
-import org.jboss.security.acl.config.ACLProviderEntry;
-import org.jboss.security.authorization.EntitlementHolder;
-import org.jboss.security.authorization.Resource;
-import org.jboss.security.config.ACLInfo;
-import org.jboss.security.config.ApplicationPolicy;
-import org.jboss.security.config.SecurityConfiguration;
-import org.jboss.security.identity.Identity;
-import org.jboss.security.identity.Role;
-import org.jboss.security.plugins.JBossAuthorizationManager;
-
-//$Id$
-
-/**
- * ACL Unit Tests using JBossAuthorizationManager
- * @author Anil.Saldhana at redhat.com
- * @since Jan 30, 2008
- * @version $Revision$
- */
-public class JBossAuthorizationManagerACLUnitTestCase extends TestCase
-{
- protected void setUp()
- {
- ApplicationPolicy ap = new ApplicationPolicy("test-acl");
- ACLInfo aclInfo = new ACLInfo("test-acl");
- ACLProviderEntry ame = new ACLProviderEntry(TestACLProvider.class.getName());
- aclInfo.add(ame);
- ap.setAclInfo(aclInfo);
- SecurityConfiguration.addApplicationPolicy(ap);
- }
-
- public void testACL() throws Exception
- {
- Resource resource = getResource();
- Identity identity = getIdentity();
-
- JBossAuthorizationManager jam = new JBossAuthorizationManager("test-acl");
- EntitlementHolder<?> eh = jam.getEntitlements(ACLResourceType.class,
- resource, identity);
- assertNotNull(eh);
- Set<?> entitled = eh.getEntitled();
- assertNotNull(entitled);
- assertTrue(entitled.size() > 0);
- }
-
-
- public class ACLResourceType
- {
- }
-
- public Resource getResource()
- {
- return new ACLTestResource(new HashMap<String,Object>());
- }
-
- public Identity getIdentity()
- {
- return new Identity()
- {
- public Group asGroup()
- {
- return null;
- }
-
- public Principal asPrincipal()
- {
- return null;
- }
-
- public String getName()
- {
- return null;
- }
-
- public Role getRole()
- {
- return null;
- }
- };
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/acl/JBossAuthorizationManagerACLUnitTestCase.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/acl/JBossAuthorizationManagerACLUnitTestCase.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/acl/JBossAuthorizationManagerACLUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/acl/JBossAuthorizationManagerACLUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,111 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authorization.acl;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.HashMap;
+import java.util.Set;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.acl.config.ACLProviderEntry;
+import org.jboss.security.authorization.EntitlementHolder;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.config.ACLInfo;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.identity.Identity;
+import org.jboss.security.identity.Role;
+import org.jboss.security.plugins.JBossAuthorizationManager;
+
+
+/**
+ * ACL Unit Tests using JBossAuthorizationManager
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 30, 2008
+ * @version $Revision$
+ */
+public class JBossAuthorizationManagerACLUnitTestCase extends TestCase
+{
+ protected void setUp()
+ {
+ ApplicationPolicy ap = new ApplicationPolicy("test-acl");
+ ACLInfo aclInfo = new ACLInfo("test-acl");
+ ACLProviderEntry ame = new ACLProviderEntry(TestACLProvider.class.getName());
+ aclInfo.add(ame);
+ ap.setAclInfo(aclInfo);
+ SecurityConfiguration.addApplicationPolicy(ap);
+ }
+
+ public void testACL() throws Exception
+ {
+ Resource resource = getResource();
+ Identity identity = getIdentity();
+
+ JBossAuthorizationManager jam = new JBossAuthorizationManager("test-acl");
+ EntitlementHolder<?> eh = jam.getEntitlements(ACLResourceType.class,
+ resource, identity);
+ assertNotNull(eh);
+ Set<?> entitled = eh.getEntitled();
+ assertNotNull(entitled);
+ assertTrue(entitled.size() > 0);
+ }
+
+
+ public class ACLResourceType
+ {
+ }
+
+ public Resource getResource()
+ {
+ return new ACLTestResource(new HashMap<String,Object>());
+ }
+
+ public Identity getIdentity()
+ {
+ return new Identity()
+ {
+ private static final long serialVersionUID = 1L;
+
+ public Group asGroup()
+ {
+ return null;
+ }
+
+ public Principal asPrincipal()
+ {
+ return null;
+ }
+
+ public String getName()
+ {
+ return null;
+ }
+
+ public Role getRole()
+ {
+ return null;
+ }
+ };
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBAuthorizationUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBAuthorizationUnitTestCase.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBAuthorizationUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,200 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.authorization.ejb;
-
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-
-import junit.framework.TestCase;
-
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityRoleRef;
-import org.jboss.security.SimplePrincipal;
-import org.jboss.security.auth.callback.AppCallbackHandler;
-import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.AuthorizationException;
-import org.jboss.security.authorization.ResourceKeys;
-import org.jboss.security.authorization.config.AuthorizationModuleEntry;
-import org.jboss.security.authorization.modules.DelegatingAuthorizationModule;
-import org.jboss.security.authorization.resources.EJBResource;
-import org.jboss.security.config.ApplicationPolicy;
-import org.jboss.security.config.AuthorizationInfo;
-import org.jboss.security.config.SecurityConfiguration;
-import org.jboss.security.identity.Role;
-import org.jboss.security.identity.RoleGroup;
-import org.jboss.security.identity.plugins.SimpleRole;
-import org.jboss.security.identity.plugins.SimpleRoleGroup;
-import org.jboss.security.plugins.authorization.JBossAuthorizationContext;
-
-//$Id$
-
-/**
- * EJB Authorization Unit Test Case
- * @author Anil.Saldhana at redhat.com
- * @since Nov 26, 2007
- * @version $Revision$
- */
-public class EJBAuthorizationUnitTestCase extends TestCase
-{
- protected void setUp() throws Exception
- {
- setUpRegularConfiguration();
- }
-
- /**
- * Test EJB Authorization.
- * TestEJB is an ejb that has a method "void someMethod()"
- * which is usable by roles (roleA,roleB)
- * @throws Exception
- */
- public void testRegularEJBAuthorizationPass() throws Exception
- {
- RoleGroup principalRole = this.getRoleGroup(new String[] {"roleA"});
-
- //Create a ContextMap
- Map<String,Object> cmap = new HashMap<String,Object>();
-
- EJBResource ejbResource = new EJBResource(cmap);
- ejbResource.setPrincipal(new SimplePrincipal("AuthenticatedPrincipal"));
- ejbResource.setEjbName("TestEJB");
- ejbResource.setEjbMethod(DummyClass.class.getMethod("someMethod", new Class[0]));
- ejbResource.setEjbMethodInterface("void someMethod");
- ejbResource.setEjbMethodRoles(this.getRoleGroup(new String[]{"roleA", "roleC"}));
-
- AuthorizationContext ac = new JBossAuthorizationContext("test",
- new AppCallbackHandler("a","b".toCharArray()));
- int result = ac.authorize(ejbResource, new Subject(), principalRole);
- assertEquals(AuthorizationContext.PERMIT, result);
- }
-
- /**
- * Test EJB Authorization.
- * TestEJB is an ejb that has a method "void someMethod()"
- * which is usable by roles (roleA,roleB)
- *
- * This method tests with a bad role
- * @throws Exception
- */
- public void testInvalidRegularEJBAuthorization() throws Exception
- {
- RoleGroup principalRole = this.getRoleGroup(new String[] {"badRole"});
-
- //Create a ContextMap
- Map<String,Object> cmap = new HashMap<String,Object>();
-
- EJBResource ejbResource = new EJBResource(cmap);
- ejbResource.setEjbName("TestEJB");
- ejbResource.setEjbMethod(DummyClass.class.getMethod("someMethod", new Class[0]));
- ejbResource.setEjbMethodInterface("void someMethod");
- ejbResource.setEjbMethodRoles(this.getRoleGroup(new String[]{"roleA", "roleC"}));
-
- AuthorizationContext ac = new JBossAuthorizationContext("test",
- new AppCallbackHandler("a","b".toCharArray()));
- try
- {
- ac.authorize(ejbResource, new Subject(), principalRole);
- fail("Should have failed");
- }
- catch(AuthorizationException ignore)
- {
- }
- catch(Exception e)
- {
- fail(e.getLocalizedMessage());
- }
- }
-
- public void testSecurityRoleRef() throws Exception
- {
- RoleGroup principalRole = this.getRoleGroup(new String[] {"roleA"});
-
- //Create a ContextMap
- Map<String,Object> cmap = new HashMap<String,Object>();
-
- EJBResource ejbResource = new EJBResource(cmap);
- ejbResource.setEjbName("TestEJB");
- ejbResource.setEjbMethod(DummyClass.class.getMethod("someMethod", new Class[0]));
- ejbResource.setEjbMethodInterface("void someMethod");
- ejbResource.setEjbMethodRoles(getRoleGroup(new String[]{"roleA"}));
- //For Security Role Refs, we check that there is a principal
- ejbResource.setPrincipal(new SimplePrincipal("SomePrincipal"));
-
- //Additional entries needed for role ref
- Set<SecurityRoleRef> roleRefSet = new HashSet<SecurityRoleRef>();
- SecurityRoleRef srr = new SecurityRoleRef( "roleLink", "roleA", "something");
- roleRefSet.add(srr);
- ejbResource.setSecurityRoleReferences(roleRefSet);
-
- cmap.put(ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);
- cmap.put(ResourceKeys.ROLENAME, "roleLink");
-
- AuthorizationContext ac = new JBossAuthorizationContext("test",
- new AppCallbackHandler("a","b".toCharArray()));
- int result = ac.authorize(ejbResource, new Subject(), principalRole);
- assertEquals(AuthorizationContext.PERMIT, result);
- }
-
- private void setUpRegularConfiguration() throws Exception
- {
- SecurityConfiguration.addApplicationPolicy(getApplicationPolicy("test"));
- }
-
- private ApplicationPolicy getApplicationPolicy(String domain)
- {
- AuthorizationInfo ai = new AuthorizationInfo(domain);
- String moduleName = DelegatingAuthorizationModule.class.getName();
- AuthorizationModuleEntry ame = new AuthorizationModuleEntry(moduleName);
- ai.add(ame);
- ApplicationPolicy ap = new ApplicationPolicy(domain);
- ap.setAuthorizationInfo(ai);
- return ap;
- }
-
- private RoleGroup getRoleGroup(String[] roles)
- {
- SimpleRoleGroup srg = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
-
- List<Role> roleList = srg.getRoles();
-
- for(String role:roles)
- {
- roleList.add(new SimpleRole(role));
- }
- return srg;
- }
-
- /**
- * Dummy Class just to get a Method instance
- * by calling DummyClass.class.getMethod()
- * @author asaldhana
- *
- */
- public class DummyClass
- {
- public void someMethod(){}
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBAuthorizationUnitTestCase.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBAuthorizationUnitTestCase.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBAuthorizationUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBAuthorizationUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,163 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authorization.ejb;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.auth.callback.AppCallbackHandler;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.AuthorizationException;
+import org.jboss.security.authorization.ResourceKeys;
+import org.jboss.security.authorization.resources.EJBResource;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.javaee.SecurityRoleRef;
+import org.jboss.security.plugins.authorization.JBossAuthorizationContext;
+import org.jboss.test.util.SecurityTestUtil;
+
+
+/**
+ * EJB Authorization Unit Test Case
+ * @author Anil.Saldhana at redhat.com
+ * @since Nov 26, 2007
+ * @version $Revision$
+ */
+public class EJBAuthorizationUnitTestCase extends TestCase
+{
+ protected void setUp() throws Exception
+ {
+ ApplicationPolicy ap = SecurityTestUtil.getApplicationPolicy("test", null);
+ SecurityTestUtil.setUpRegularConfiguration(ap);
+ }
+
+ /**
+ * Test EJB Authorization.
+ * TestEJB is an ejb that has a method "void someMethod()"
+ * which is usable by roles (roleA,roleB)
+ * @throws Exception
+ */
+ public void testRegularEJBAuthorizationPass() throws Exception
+ {
+ RoleGroup principalRole = SecurityTestUtil.getRoleGroup(new String[] {"roleA"});
+
+ //Create a ContextMap
+ Map<String,Object> cmap = new HashMap<String,Object>();
+
+ EJBResource ejbResource = new EJBResource(cmap);
+ ejbResource.setPrincipal(new SimplePrincipal("AuthenticatedPrincipal"));
+ ejbResource.setEjbName("TestEJB");
+ ejbResource.setEjbMethod(DummyClass.class.getMethod("someMethod", new Class[0]));
+ ejbResource.setEjbMethodInterface("void someMethod");
+ ejbResource.setEjbMethodRoles(SecurityTestUtil.getRoleGroup(new String[]{"roleA", "roleC"}));
+
+ AuthorizationContext ac = new JBossAuthorizationContext("test",
+ new AppCallbackHandler("a","b".toCharArray()));
+ int result = ac.authorize(ejbResource, new Subject(), principalRole);
+ assertEquals(AuthorizationContext.PERMIT, result);
+ }
+
+ /**
+ * Test EJB Authorization.
+ * TestEJB is an ejb that has a method "void someMethod()"
+ * which is usable by roles (roleA,roleB)
+ *
+ * This method tests with a bad role
+ * @throws Exception
+ */
+ public void testInvalidRegularEJBAuthorization() throws Exception
+ {
+ RoleGroup principalRole = SecurityTestUtil.getRoleGroup(new String[] {"badRole"});
+
+ //Create a ContextMap
+ Map<String,Object> cmap = new HashMap<String,Object>();
+
+ EJBResource ejbResource = new EJBResource(cmap);
+ ejbResource.setEjbName("TestEJB");
+ ejbResource.setEjbMethod(DummyClass.class.getMethod("someMethod", new Class[0]));
+ ejbResource.setEjbMethodInterface("void someMethod");
+ ejbResource.setEjbMethodRoles(SecurityTestUtil.getRoleGroup(new String[]{"roleA", "roleC"}));
+
+ AuthorizationContext ac = new JBossAuthorizationContext("test",
+ new AppCallbackHandler("a","b".toCharArray()));
+ try
+ {
+ ac.authorize(ejbResource, new Subject(), principalRole);
+ fail("Should have failed");
+ }
+ catch(AuthorizationException ignore)
+ {
+ }
+ catch(Exception e)
+ {
+ fail(e.getLocalizedMessage());
+ }
+ }
+
+ public void testSecurityRoleRef() throws Exception
+ {
+ RoleGroup principalRole = SecurityTestUtil.getRoleGroup(new String[] {"roleA"});
+
+ //Create a ContextMap
+ Map<String,Object> cmap = new HashMap<String,Object>();
+
+ EJBResource ejbResource = new EJBResource(cmap);
+ ejbResource.setEjbName("TestEJB");
+ ejbResource.setEjbMethod(DummyClass.class.getMethod("someMethod", new Class[0]));
+ ejbResource.setEjbMethodInterface("void someMethod");
+ ejbResource.setEjbMethodRoles(SecurityTestUtil.getRoleGroup(new String[]{"roleA"}));
+ //For Security Role Refs, we check that there is a principal
+ ejbResource.setPrincipal(new SimplePrincipal("SomePrincipal"));
+
+ //Additional entries needed for role ref
+ Set<SecurityRoleRef> roleRefSet = new HashSet<SecurityRoleRef>();
+ SecurityRoleRef srr = new SecurityRoleRef( "roleLink", "roleA", "something");
+ roleRefSet.add(srr);
+ ejbResource.setSecurityRoleReferences(roleRefSet);
+
+ cmap.put(ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);
+ cmap.put(ResourceKeys.ROLENAME, "roleLink");
+
+ AuthorizationContext ac = new JBossAuthorizationContext("test",
+ new AppCallbackHandler("a","b".toCharArray()));
+ int result = ac.authorize(ejbResource, new Subject(), principalRole);
+ assertEquals(AuthorizationContext.PERMIT, result);
+ }
+
+ /**
+ * Dummy Class just to get a Method instance
+ * by calling DummyClass.class.getMethod()
+ * @author asaldhana
+ *
+ */
+ public class DummyClass
+ {
+ public void someMethod(){}
+ }
+}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/web/TestWebAuthorizationModuleDelegate.java (from rev 72464, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/web/TestWebAuthorizationModuleDelegate.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/web/TestWebAuthorizationModuleDelegate.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/web/TestWebAuthorizationModuleDelegate.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,56 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authorization.web;
+
+import javax.security.auth.Subject;
+
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
+import org.jboss.security.authorization.resources.WebResource;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+
+/**
+ * Simple Test AuthorizationDelegate that uses the system property
+ * uri=role
+ * @author asaldhana
+ */
+public class TestWebAuthorizationModuleDelegate extends AuthorizationModuleDelegate
+{
+ public TestWebAuthorizationModuleDelegate()
+ {
+ }
+
+ @Override
+ public int authorize(Resource resource, Subject subject, RoleGroup role)
+ {
+ WebResource webResource = (WebResource) resource;
+ String requestURI = webResource.getCanonicalRequestURI();
+
+ String roleName = System.getProperty(requestURI);
+ if( role.containsRole(new SimpleRole(roleName)))
+ return AuthorizationContext.PERMIT;
+
+ return AuthorizationContext.DENY;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/web/WebAuthorizationUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/web/WebAuthorizationUnitTestCase.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/web/WebAuthorizationUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,106 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.authorization.web;
-
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.servlet.http.HttpServletRequest;
-
-import junit.framework.TestCase;
-
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.SimplePrincipal;
-import org.jboss.security.auth.callback.AppCallbackHandler;
-import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.config.AuthorizationModuleEntry;
-import org.jboss.security.authorization.modules.DelegatingAuthorizationModule;
-import org.jboss.security.authorization.resources.WebResource;
-import org.jboss.security.config.ApplicationPolicy;
-import org.jboss.security.config.AuthorizationInfo;
-import org.jboss.security.config.SecurityConfiguration;
-import org.jboss.security.identity.Role;
-import org.jboss.security.identity.RoleGroup;
-import org.jboss.security.identity.plugins.SimpleRole;
-import org.jboss.security.identity.plugins.SimpleRoleGroup;
-import org.jboss.security.plugins.authorization.JBossAuthorizationContext;
-import org.jboss.test.util.TestHttpServletRequest;
-
-//$Id$
-
-/**
- * Unit Test the Web Authorization Modules
- * @author Anil.Saldhana at redhat.com
- * @since Nov 26, 2007
- * @version $Revision$
- */
-public class WebAuthorizationUnitTestCase extends TestCase
-{
- public void testRegularWebAccess() throws Exception
- {
- setUpRegularConfiguration();
-
- //Create a ContextMap
- Map<String,Object> cmap = new HashMap<String,Object>();
-
- HttpServletRequest hsr = new TestHttpServletRequest(new SimplePrincipal("someprincipal"),
- "/someuri", "GET");
- WebResource webResource = new WebResource(cmap);
- webResource.setServletRequest(hsr);
-
- AuthorizationContext ac = new JBossAuthorizationContext("test",
- new Subject(), new AppCallbackHandler("a","b".toCharArray()));
- int result = ac.authorize(webResource, new Subject(), getRoleGroup(new String[]{"roleA"}));
- assertEquals(AuthorizationContext.PERMIT, result);
- }
-
- private void setUpRegularConfiguration() throws Exception
- {
- SecurityConfiguration.addApplicationPolicy(getApplicationPolicy("test"));
- }
-
- private ApplicationPolicy getApplicationPolicy(String domain)
- {
- AuthorizationInfo ai = new AuthorizationInfo(domain);
- String moduleName = DelegatingAuthorizationModule.class.getName();
- AuthorizationModuleEntry ame = new AuthorizationModuleEntry(moduleName);
- ai.add(ame);
- ApplicationPolicy ap = new ApplicationPolicy(domain);
- ap.setAuthorizationInfo(ai);
- return ap;
- }
-
- private RoleGroup getRoleGroup(String[] roles)
- {
- SimpleRoleGroup srg = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
-
- List<Role> roleList = srg.getRoles();
-
- for(String role:roles)
- {
- roleList.add(new SimpleRole(role));
- }
- return srg;
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/web/WebAuthorizationUnitTestCase.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/web/WebAuthorizationUnitTestCase.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/web/WebAuthorizationUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/web/WebAuthorizationUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,86 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authorization.web;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.servlet.http.HttpServletRequest;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.auth.callback.AppCallbackHandler;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.resources.WebResource;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.plugins.authorization.JBossAuthorizationContext;
+import org.jboss.test.util.SecurityTestUtil;
+import org.jboss.test.util.TestHttpServletRequest;
+
+/**
+ * Unit Test the Web Authorization Modules
+ * @author Anil.Saldhana at redhat.com
+ * @since Nov 26, 2007
+ * @version $Revision$
+ */
+public class WebAuthorizationUnitTestCase extends TestCase
+{
+ private WebResource webResource;
+
+ protected void setUp() throws Exception
+ {
+ Map<String,Object> moduleOptions = SecurityTestUtil.getWebDelegateOptions();
+ ApplicationPolicy ap = SecurityTestUtil.getApplicationPolicy("test", moduleOptions);
+ SecurityTestUtil.setUpRegularConfiguration(ap);
+
+ HttpServletRequest hsr = new TestHttpServletRequest(new SimplePrincipal("someprincipal"),
+ "/someuri", "GET");
+ //Create a ContextMap
+ Map<String,Object> cmap = new HashMap<String,Object>();
+ webResource = new WebResource(cmap);
+ webResource.setServletRequest(hsr);
+ webResource.setCanonicalRequestURI("/someuri");
+
+ //Mainly for the TestWebAuthorizationModuleDelegate
+ System.setProperty("/someuri", "roleA");
+ }
+
+ public void testRegularWebAccess() throws Exception
+ {
+ AuthorizationContext ac = new JBossAuthorizationContext("test",
+ new Subject(), new AppCallbackHandler("a","b".toCharArray()));
+ int result = ac.authorize(webResource, new Subject(),
+ SecurityTestUtil.getRoleGroup(new String[]{"roleA"}));
+ assertEquals(AuthorizationContext.PERMIT, result);
+ }
+
+ public void testInvalidWebAccess() throws Exception
+ {
+ AuthorizationContext ac = new JBossAuthorizationContext("test",
+ new Subject(), new AppCallbackHandler("a","b".toCharArray()));
+ int result = ac.authorize(webResource, new Subject(),
+ SecurityTestUtil.getRoleGroup(new String[]{"roleA"}));
+ assertEquals(AuthorizationContext.PERMIT, result);
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/xacml/WebXACMLUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/xacml/WebXACMLUnitTestCase.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/xacml/WebXACMLUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,170 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.authorization.xacml;
-
-import java.io.InputStream;
-import java.security.Principal;
-import java.util.HashMap;
-
-import javax.security.auth.Subject;
-import javax.security.jacc.PolicyContext;
-import javax.servlet.http.HttpServletRequest;
-
-import junit.framework.TestCase;
-
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextAssociation;
-import org.jboss.security.SecurityContextFactory;
-import org.jboss.security.SimplePrincipal;
-import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.PolicyRegistration;
-import org.jboss.security.authorization.ResourceKeys;
-import org.jboss.security.authorization.modules.web.WebXACMLPolicyModuleDelegate;
-import org.jboss.security.authorization.resources.WebResource;
-import org.jboss.security.config.ApplicationPolicy;
-import org.jboss.security.config.SecurityConfiguration;
-import org.jboss.security.identity.RoleGroup;
-import org.jboss.security.identity.plugins.SimpleRole;
-import org.jboss.security.identity.plugins.SimpleRoleGroup;
-import org.jboss.security.jacc.SubjectPolicyContextHandler;
-import org.jboss.security.plugins.JBossPolicyRegistration;
-import org.jboss.test.SecurityActions;
-import org.jboss.test.util.TestHttpServletRequest;
-
-
-/**
- * XACML integration tests for the Web Layer
- * @author Anil.Saldhana at redhat.com
- * @since May 8, 2007
- * @version $Revision$
- */
-public class WebXACMLUnitTestCase extends TestCase
-{
- private Principal p = new SimplePrincipal("jduke");
- private String contextID = "web.jar";
- private String uri = "/xacml-subjectrole/test";
-
- protected void setUp() throws Exception
- {
- super.setUp();
- setSecurityContext();
- setUpPolicyContext();
- setSecurityConfiguration();
- }
-
- public void testValidWebPolicyContextHandler() throws Exception
- {
- WebXACMLPolicyModuleDelegate pc = new WebXACMLPolicyModuleDelegate();
-
- PolicyRegistration policyRegistration = new JBossPolicyRegistration();
- registerPolicy(policyRegistration);
- WebResource er = getResource(policyRegistration);
-
- er.setServletRequest(new TestHttpServletRequest(p, uri, "GET"));
- assertEquals(AuthorizationContext.PERMIT,
- pc.authorize(er, getSubject(), getRoleGroup()));
-
- Principal principal = new SimplePrincipal("Notjduke");
- HttpServletRequest hsr = new TestHttpServletRequest(principal, uri, "GET");
- //Now change the ejb principal
- er.setServletRequest(hsr);
- assertEquals(AuthorizationContext.DENY,
- pc.authorize(er, getSubject(), getRoleGroup()));
- }
-
- public void testInvalidWebPolicyContextHandler() throws Exception
- {
- WebXACMLPolicyModuleDelegate pc = new WebXACMLPolicyModuleDelegate();
-
- PolicyRegistration policyRegistration = new JBossPolicyRegistration();
- registerPolicy(policyRegistration);
- WebResource er = getResource(policyRegistration);
-
- Principal principal = new SimplePrincipal("Notjduke");
- HttpServletRequest hsr = new TestHttpServletRequest(principal, uri, "GET");
- //Now change the ejb principal
- er.setServletRequest(hsr);
- assertEquals(AuthorizationContext.DENY,
- pc.authorize(er, getSubject(), getRoleGroup()));
- }
-
- private WebResource getResource(PolicyRegistration policyRegistration)
- {
- HashMap<String,Object> map = new HashMap<String,Object>();
- // map.put(ResourceKeys.WEB_REQUEST, new TestHttpServletRequest(p, uri, "GET"));
- map.put(ResourceKeys.POLICY_REGISTRATION, policyRegistration);
- return new WebResource(map);
- }
-
- private void registerPolicy(PolicyRegistration policyRegistration)
- {
- String xacmlPolicyFile = "authorization/xacml/jboss-xacml-web-policy.xml";
- ClassLoader cl = Thread.currentThread().getContextClassLoader();
- InputStream is = cl.getResourceAsStream(xacmlPolicyFile);
- if(is == null)
- throw new RuntimeException("Input stream is null");
- policyRegistration.registerPolicy(contextID, PolicyRegistration.XACML, is);
- }
-
- private RoleGroup getRoleGroup()
- {
- SimpleRoleGroup srg = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
- srg.getRoles().add(new SimpleRole("ServletUserRole"));
- return srg;
- }
-
- private Subject getSubject()
- {
- Subject subj = new Subject();
- SecurityActions.addPrincipalToSubject(subj, p);
- return subj;
- }
-
- private void setSecurityContext()
- {
- SecurityContext sc = null;
- try
- {
- sc = SecurityContextFactory.createSecurityContext("other");
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- sc.getUtil().createSubjectInfo(p, "cred", getSubject());
- //sc.getUtil().setRoles(getRoleGroup());
- SecurityContextAssociation.setSecurityContext(sc);
- }
-
- private void setUpPolicyContext() throws Exception
- {
- SecurityActions.setPolicyContextID(contextID);
- PolicyContext.registerHandler(SecurityConstants.SUBJECT_CONTEXT_KEY,
- new SubjectPolicyContextHandler(), true);
- }
-
- private void setSecurityConfiguration() throws Exception
- {
- SecurityConfiguration.addApplicationPolicy(new ApplicationPolicy("other"));
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/xacml/WebXACMLUnitTestCase.java (from rev 72326, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/xacml/WebXACMLUnitTestCase.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/xacml/WebXACMLUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/authorization/xacml/WebXACMLUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,161 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authorization.xacml;
+
+import java.io.InputStream;
+import java.security.Principal;
+import java.util.HashMap;
+
+import javax.security.auth.Subject;
+import javax.servlet.http.HttpServletRequest;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.PolicyRegistration;
+import org.jboss.security.authorization.ResourceKeys;
+import org.jboss.security.authorization.modules.web.WebXACMLPolicyModuleDelegate;
+import org.jboss.security.authorization.resources.WebResource;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
+import org.jboss.security.plugins.JBossPolicyRegistration;
+import org.jboss.test.SecurityActions;
+import org.jboss.test.util.TestHttpServletRequest;
+
+
+/**
+ * XACML integration tests for the Web Layer
+ * @author Anil.Saldhana at redhat.com
+ * @since May 8, 2007
+ * @version $Revision$
+ */
+public class WebXACMLUnitTestCase extends TestCase
+{
+ private Principal p = new SimplePrincipal("jduke");
+ private String contextID = "web.jar";
+ private String uri = "/xacml-subjectrole/test";
+
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ setSecurityContext();
+ setSecurityConfiguration();
+ }
+
+ public void testValidWebPolicyContextHandler() throws Exception
+ {
+ WebXACMLPolicyModuleDelegate pc = new WebXACMLPolicyModuleDelegate();
+
+ PolicyRegistration policyRegistration = new JBossPolicyRegistration();
+ registerPolicy(policyRegistration);
+ WebResource er = getResource(policyRegistration);
+ er.setPolicyContextID(this.contextID);
+
+ er.setServletRequest(new TestHttpServletRequest(p, uri, "GET"));
+ assertEquals(AuthorizationContext.PERMIT,
+ pc.authorize(er, getSubject(), getRoleGroup()));
+
+ Principal principal = new SimplePrincipal("Notjduke");
+ HttpServletRequest hsr = new TestHttpServletRequest(principal, uri, "GET");
+ //Now change the ejb principal
+ er.setServletRequest(hsr);
+ assertEquals(AuthorizationContext.DENY,
+ pc.authorize(er, getSubject(), getRoleGroup()));
+ }
+
+ public void testInvalidWebPolicyContextHandler() throws Exception
+ {
+ WebXACMLPolicyModuleDelegate pc = new WebXACMLPolicyModuleDelegate();
+
+ PolicyRegistration policyRegistration = new JBossPolicyRegistration();
+ registerPolicy(policyRegistration);
+ WebResource er = getResource(policyRegistration);
+ er.setPolicyContextID(this.contextID);
+
+ Principal principal = new SimplePrincipal("Notjduke");
+ HttpServletRequest hsr = new TestHttpServletRequest(principal, uri, "GET");
+ //Now change the ejb principal
+ er.setServletRequest(hsr);
+ assertEquals(AuthorizationContext.DENY,
+ pc.authorize(er, getSubject(), getRoleGroup()));
+ }
+
+ private WebResource getResource(PolicyRegistration policyRegistration)
+ {
+ HashMap<String,Object> map = new HashMap<String,Object>();
+ // map.put(ResourceKeys.WEB_REQUEST, new TestHttpServletRequest(p, uri, "GET"));
+ map.put(ResourceKeys.POLICY_REGISTRATION, policyRegistration);
+ return new WebResource(map);
+ }
+
+ private void registerPolicy(PolicyRegistration policyRegistration)
+ {
+ String xacmlPolicyFile = "authorization/xacml/jboss-xacml-web-policy.xml";
+ ClassLoader cl = Thread.currentThread().getContextClassLoader();
+ InputStream is = cl.getResourceAsStream(xacmlPolicyFile);
+ if(is == null)
+ throw new RuntimeException("Input stream is null");
+ policyRegistration.registerPolicy(contextID, PolicyRegistration.XACML, is);
+ }
+
+ private RoleGroup getRoleGroup()
+ {
+ SimpleRoleGroup srg = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+ srg.getRoles().add(new SimpleRole("ServletUserRole"));
+ return srg;
+ }
+
+ private Subject getSubject()
+ {
+ Subject subj = new Subject();
+ SecurityActions.addPrincipalToSubject(subj, p);
+ return subj;
+ }
+
+ private void setSecurityContext()
+ {
+ SecurityContext sc = null;
+ try
+ {
+ sc = SecurityContextFactory.createSecurityContext("other");
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ sc.getUtil().createSubjectInfo(p, "cred", getSubject());
+ SecurityContextAssociation.setSecurityContext(sc);
+ }
+
+ private void setSecurityConfiguration() throws Exception
+ {
+ SecurityConfiguration.addApplicationPolicy(new ApplicationPolicy("other"));
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/security/client/JBossSecurityClientTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/client/JBossSecurityClientTestCase.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/security/client/JBossSecurityClientTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,63 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.security.client;
-
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SubjectInfo;
-import org.jboss.security.client.JBossSecurityClient;
-import org.jboss.security.client.SecurityClient;
-import org.jboss.security.client.SecurityClientFactory;
-import org.jboss.security.SecurityContextAssociation;
-import org.jboss.test.AbstractJBossSXTest;
-
-//$Id$
-
-/**
- * Test the JBoss Security Client
- * @author Anil.Saldhana at redhat.com
- * @since Aug 16, 2007
- * @version $Revision$
- */
-public class JBossSecurityClientTestCase extends AbstractJBossSXTest
-{
- public JBossSecurityClientTestCase(String name)
- {
- super(name);
- }
-
- public void testClient() throws Exception
- {
- SecurityClient client = SecurityClientFactory.getSecurityClient();
- assertEquals("JBossSecurityClient", JBossSecurityClient.class,client.getClass());
- client.setSimple("anil", "pass");
- client.login();
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- assertNotNull("SecurityContext is not null", sc);
- SubjectInfo si = sc.getSubjectInfo();
- assertNotNull("SubjectInfo is not null", si);
- assertNotNull("Principal is not null", sc.getUtil().getUserPrincipal());
- assertEquals("Principal==anil", "anil", sc.getUtil().getUserPrincipal().getName());
- assertNotNull("Cred is not null", sc.getUtil().getCredential());
- assertEquals("Cred==pass", "pass", sc.getUtil().getCredential());
- }
-
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/security/client/JBossSecurityClientTestCase.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/client/JBossSecurityClientTestCase.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/security/client/JBossSecurityClientTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/security/client/JBossSecurityClientTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,63 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.client;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SubjectInfo;
+import org.jboss.security.client.JBossSecurityClient;
+import org.jboss.security.client.SecurityClient;
+import org.jboss.security.client.SecurityClientFactory;
+import org.jboss.test.AbstractJBossSXTest;
+
+//$Id$
+
+/**
+ * Test the JBoss Security Client
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 16, 2007
+ * @version $Revision$
+ */
+public class JBossSecurityClientTestCase extends AbstractJBossSXTest
+{
+ public JBossSecurityClientTestCase(String name)
+ {
+ super(name);
+ }
+
+ public void testClient() throws Exception
+ {
+ SecurityClient client = SecurityClientFactory.getSecurityClient();
+ assertEquals("JBossSecurityClient", JBossSecurityClient.class,client.getClass());
+ client.setSimple("anil", "pass");
+ client.login();
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ assertNotNull("SecurityContext is not null", sc);
+ SubjectInfo si = sc.getSubjectInfo();
+ assertNotNull("SubjectInfo is not null", si);
+ assertNotNull("Principal is not null", sc.getUtil().getUserPrincipal());
+ assertEquals("Principal==anil", "anil", sc.getUtil().getUserPrincipal().getName());
+ assertNotNull("Cred is not null", sc.getUtil().getCredential());
+ assertEquals("Cred==pass", "pass", sc.getUtil().getCredential());
+ }
+
+}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/security/helpers (from rev 72464, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/helpers)
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securityassociation/LegacySecurityAssociationTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securityassociation/LegacySecurityAssociationTestCase.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securityassociation/LegacySecurityAssociationTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,177 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.securityassociation;
-
-import java.security.Principal;
-
-import org.jboss.security.RunAs;
-import org.jboss.security.RunAsIdentity;
-import org.jboss.security.SecurityAssociation;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SimplePrincipal;
-import org.jboss.security.plugins.JBossSecurityContext;
-import org.jboss.security.SecurityContextAssociation;
-import org.jboss.test.AbstractJBossSXTest;
-
-//$Id$
-
-/**
- * Legacy SecurityAssociation deeper integration test case
- * @author Anil.Saldhana at redhat.com
- * @since Aug 22, 2007
- * @version $Revision$
- */
-public class LegacySecurityAssociationTestCase extends AbstractJBossSXTest
-{
- public LegacySecurityAssociationTestCase(String name)
- {
- super(name);
- }
-
- public void testClientSideSecurityAssociation()
- {
- assertFalse("Client Side", SecurityAssociation.isServer());
- checkSA(false);
- }
-
- public void testServerSideSecurityAssociation()
- {
- assertFalse("Client Side", SecurityAssociation.isServer());
- SecurityAssociation.setServer();
- assertTrue("Server Side", SecurityAssociation.isServer());
- checkSA(true);
- }
-
- @SuppressWarnings("deprecation")
- public void testSecurityAssociation()
- {
- SecurityAssociation.clear();
- SecurityAssociation.pushSubjectContext(null, new SimplePrincipal("bill"), "password".toCharArray());
- assertEquals("bill", SecurityAssociation.getPrincipal().getName());
- SecurityAssociation.popSubjectContext();
- assertNull(SecurityAssociation.getPrincipal());
- }
-
- public void testCallerPrincipal()
- {
- //With no security context
- assertNull("Caller Principal is null", SecurityAssociation.getCallerPrincipal());
- //Create a security context
- SecurityContext sc = new JBossSecurityContext("TEST");
- Principal p = new SimplePrincipal("anil");
- sc.getUtil().createSubjectInfo(p, "pass", null);
- SecurityContextAssociation.setSecurityContext(sc);
-
- assertEquals("CallerPrincipal=anil",p,SecurityAssociation.getCallerPrincipal());
-
- //Clear the SecurityContext
- SecurityContextAssociation.clearSecurityContext();
- assertNull("Caller Principal is null", SecurityAssociation.getCallerPrincipal());
-
- //Create a security context with runas
- sc = new JBossSecurityContext("TEST");
-
- @SuppressWarnings("unchecked")
- RunAs ras = new RunAs()
- {
- public <T> T getIdentity()
- {
- return (T) getName();
- }
-
- public <T> T getProof()
- {
- return null;
- }
-
- public String getName()
- {
- return "anil";
- }};
-
- sc.setIncomingRunAs(ras);
- SecurityContextAssociation.setSecurityContext(sc);
- assertEquals("CallerPrincipal=anil",p,SecurityAssociation.getCallerPrincipal());
- }
-
- public void testSetPrincipal()
- {
- assertNull("Principal is null", SecurityAssociation.getPrincipal());
- Principal p = new SimplePrincipal("anil");
- SecurityAssociation.setPrincipal(p);
- assertEquals("Principal=anil",p, SecurityAssociation.getPrincipal());
-
- //Check the SecurityContext also
- SecurityContext sc = getSecurityContext();
- assertEquals("Principal=anil","anil", sc.getUtil().getUserPrincipal().getName());
- }
-
- public void testSetCredential()
- {
- Object cred = new String("pass");
- assertNull("Credential is null", SecurityAssociation.getCredential());
- SecurityAssociation.setCredential(cred);
- assertEquals("Credential=pass",cred, SecurityAssociation.getCredential());
-
- //Check the SecurityContext also
- SecurityContext sc = getSecurityContext();
- assertEquals("cred=pass",cred, sc.getUtil().getCredential());
- }
-
- public void testPushPopRunAsIdentity()
- {
- assertNull("RunAsIdentity is null", SecurityAssociation.popRunAsIdentity());
-
- RunAsIdentity rai = new RunAsIdentity("role", "anil");
- SecurityAssociation.pushRunAsIdentity(rai);
-
- //Check the security context
- SecurityContext sc = getSecurityContext();
- assertEquals("RAI = anil,role", rai, sc.getOutgoingRunAs());
- assertEquals("RAI = anil,role", rai, SecurityAssociation.popRunAsIdentity());
- assertNull("RAI is null", sc.getOutgoingRunAs());
- }
-
- private void checkSA(boolean threaded)
- {
- SecurityAssociation.setPrincipal(new SimplePrincipal("Anil"));
- SecurityAssociation.setCredential("p".toCharArray());
-
- Principal p = null;
- Object cred = null;
-
- if(threaded)
- {
- //Check the security context
- SecurityContext sc = getSecurityContext();
- p = sc.getUtil().getUserPrincipal();
- cred = sc.getUtil().getCredential();
- }
- else
- {
- p = SecurityAssociation.getPrincipal();
- cred = SecurityAssociation.getCredential();
- }
- assertEquals("Principal=Anil","Anil", p.getName());
- assertEquals("Cred=p","p", new String((char[])cred));
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securityassociation/LegacySecurityAssociationTestCase.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securityassociation/LegacySecurityAssociationTestCase.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securityassociation/LegacySecurityAssociationTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securityassociation/LegacySecurityAssociationTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,177 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.securityassociation;
+
+import java.security.Principal;
+
+import org.jboss.security.RunAs;
+import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SecurityAssociation;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.plugins.JBossSecurityContext;
+import org.jboss.test.AbstractJBossSXTest;
+
+//$Id$
+
+/**
+ * Legacy SecurityAssociation deeper integration test case
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 22, 2007
+ * @version $Revision$
+ */
+public class LegacySecurityAssociationTestCase extends AbstractJBossSXTest
+{
+ public LegacySecurityAssociationTestCase(String name)
+ {
+ super(name);
+ }
+
+ public void testClientSideSecurityAssociation()
+ {
+ assertFalse("Client Side", SecurityAssociation.isServer());
+ checkSA(false);
+ }
+
+ public void testServerSideSecurityAssociation()
+ {
+ assertFalse("Client Side", SecurityAssociation.isServer());
+ SecurityAssociation.setServer();
+ assertTrue("Server Side", SecurityAssociation.isServer());
+ checkSA(true);
+ }
+
+ @SuppressWarnings("deprecation")
+ public void testSecurityAssociation()
+ {
+ SecurityAssociation.clear();
+ SecurityAssociation.pushSubjectContext(null, new SimplePrincipal("bill"), "password".toCharArray());
+ assertEquals("bill", SecurityAssociation.getPrincipal().getName());
+ SecurityAssociation.popSubjectContext();
+ assertNull(SecurityAssociation.getPrincipal());
+ }
+
+ public void testCallerPrincipal()
+ {
+ //With no security context
+ assertNull("Caller Principal is null", SecurityAssociation.getCallerPrincipal());
+ //Create a security context
+ SecurityContext sc = new JBossSecurityContext("TEST");
+ Principal p = new SimplePrincipal("anil");
+ sc.getUtil().createSubjectInfo(p, "pass", null);
+ SecurityContextAssociation.setSecurityContext(sc);
+
+ assertEquals("CallerPrincipal=anil",p,SecurityAssociation.getCallerPrincipal());
+
+ //Clear the SecurityContext
+ SecurityContextAssociation.clearSecurityContext();
+ assertNull("Caller Principal is null", SecurityAssociation.getCallerPrincipal());
+
+ //Create a security context with runas
+ sc = new JBossSecurityContext("TEST");
+
+ @SuppressWarnings("unchecked")
+ RunAs ras = new RunAs()
+ {
+ public <T> T getIdentity()
+ {
+ return (T) getName();
+ }
+
+ public <T> T getProof()
+ {
+ return null;
+ }
+
+ public String getName()
+ {
+ return "anil";
+ }};
+
+ sc.setIncomingRunAs(ras);
+ SecurityContextAssociation.setSecurityContext(sc);
+ assertEquals("CallerPrincipal=anil",p,SecurityAssociation.getCallerPrincipal());
+ }
+
+ public void testSetPrincipal()
+ {
+ assertNull("Principal is null", SecurityAssociation.getPrincipal());
+ Principal p = new SimplePrincipal("anil");
+ SecurityAssociation.setPrincipal(p);
+ assertEquals("Principal=anil",p, SecurityAssociation.getPrincipal());
+
+ //Check the SecurityContext also
+ SecurityContext sc = getSecurityContext();
+ assertEquals("Principal=anil","anil", sc.getUtil().getUserPrincipal().getName());
+ }
+
+ public void testSetCredential()
+ {
+ Object cred = new String("pass");
+ assertNull("Credential is null", SecurityAssociation.getCredential());
+ SecurityAssociation.setCredential(cred);
+ assertEquals("Credential=pass",cred, SecurityAssociation.getCredential());
+
+ //Check the SecurityContext also
+ SecurityContext sc = getSecurityContext();
+ assertEquals("cred=pass",cred, sc.getUtil().getCredential());
+ }
+
+ public void testPushPopRunAsIdentity()
+ {
+ assertNull("RunAsIdentity is null", SecurityAssociation.popRunAsIdentity());
+
+ RunAsIdentity rai = new RunAsIdentity("role", "anil");
+ SecurityAssociation.pushRunAsIdentity(rai);
+
+ //Check the security context
+ SecurityContext sc = getSecurityContext();
+ assertEquals("RAI = anil,role", rai, sc.getOutgoingRunAs());
+ assertEquals("RAI = anil,role", rai, SecurityAssociation.popRunAsIdentity());
+ assertNull("RAI is null", sc.getOutgoingRunAs());
+ }
+
+ private void checkSA(boolean threaded)
+ {
+ SecurityAssociation.setPrincipal(new SimplePrincipal("Anil"));
+ SecurityAssociation.setCredential("p".toCharArray());
+
+ Principal p = null;
+ Object cred = null;
+
+ if(threaded)
+ {
+ //Check the security context
+ SecurityContext sc = getSecurityContext();
+ p = sc.getUtil().getUserPrincipal();
+ cred = sc.getUtil().getCredential();
+ }
+ else
+ {
+ p = SecurityAssociation.getPrincipal();
+ cred = SecurityAssociation.getCredential();
+ }
+ assertEquals("Principal=Anil","Anil", p.getName());
+ assertEquals("Cred=p","p", new String((char[])cred));
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securitycontext/IdentityUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/IdentityUnitTestCase.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securitycontext/IdentityUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,111 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.securitycontext;
-
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Set;
-
-import junit.framework.TestCase;
-
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextFactory;
-import org.jboss.security.SecurityContextUtil;
-import org.jboss.security.identity.Identity;
-import org.jboss.security.identity.Role;
-
-//$Id$
-
-/**
- * Identity in Security Context Unit Tests
- * @author Anil.Saldhana at redhat.com
- * @since Feb 13, 2008
- * @version $Revision$
- */
-public class IdentityUnitTestCase extends TestCase
-{
- public void testSetIdentity() throws Exception
- {
- SecurityContext sc = SecurityContextFactory.createSecurityContext("Test");
- Identity i1 = new Identity1();
- Identity i2 = new Identity2();
-
- SecurityContextUtil util = sc.getUtil();
-
- util.addIdentity(i1);
- util.addIdentity(i2);
-
- Set<Identity> s1 = util.getIdentities(Identity1.class);
- Set<Identity> s2 = util.getIdentities(Identity2.class);
-
- assertEquals(1,s1.size());
- assertEquals(1,s2.size());
- assertTrue(s1.contains(i1));
- assertTrue(s2.contains(i2));
- }
-
- private class Identity1 implements Identity
- {
- public Group asGroup()
- {
- return null;
- }
-
- public Principal asPrincipal()
- {
- return null;
- }
-
- public String getName()
- {
- return null;
- }
-
- public Role getRole()
- {
- return null;
- }
- }
-
- private class Identity2 implements Identity
- {
- public Group asGroup()
- {
- return null;
- }
-
- public Principal asPrincipal()
- {
- return null;
- }
-
- public String getName()
- {
- return null;
- }
-
- public Role getRole()
- {
- return null;
- }
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securitycontext/IdentityUnitTestCase.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/IdentityUnitTestCase.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securitycontext/IdentityUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securitycontext/IdentityUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,113 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.securitycontext;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Set;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
+import org.jboss.security.SecurityContextUtil;
+import org.jboss.security.identity.Identity;
+import org.jboss.security.identity.Role;
+
+/**
+ * Identity in Security Context Unit Tests
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 13, 2008
+ * @version $Revision$
+ */
+public class IdentityUnitTestCase extends TestCase
+{
+ public void testSetIdentity() throws Exception
+ {
+ SecurityContext sc = SecurityContextFactory.createSecurityContext("Test");
+ Identity i1 = new Identity1();
+ Identity i2 = new Identity2();
+
+ SecurityContextUtil util = sc.getUtil();
+
+ util.addIdentity(i1);
+ util.addIdentity(i2);
+
+ Set<Identity> s1 = util.getIdentities(Identity1.class);
+ Set<Identity> s2 = util.getIdentities(Identity2.class);
+
+ assertEquals(1,s1.size());
+ assertEquals(1,s2.size());
+ assertTrue(s1.contains(i1));
+ assertTrue(s2.contains(i2));
+ }
+
+ private class Identity1 implements Identity
+ {
+ private static final long serialVersionUID = 1L;
+
+ public Group asGroup()
+ {
+ return null;
+ }
+
+ public Principal asPrincipal()
+ {
+ return null;
+ }
+
+ public String getName()
+ {
+ return null;
+ }
+
+ public Role getRole()
+ {
+ return null;
+ }
+ }
+
+ private class Identity2 implements Identity
+ {
+ private static final long serialVersionUID = 1L;
+
+ public Group asGroup()
+ {
+ return null;
+ }
+
+ public Principal asPrincipal()
+ {
+ return null;
+ }
+
+ public String getName()
+ {
+ return null;
+ }
+
+ public Role getRole()
+ {
+ return null;
+ }
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securitycontext/SubjectInfoUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/SubjectInfoUnitTestCase.java 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securitycontext/SubjectInfoUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,57 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.securitycontext;
-
-import java.security.Principal;
-
-import javax.security.auth.Subject;
-
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextFactory;
-import org.jboss.security.SimplePrincipal;
-
-import junit.framework.TestCase;
-
-//$Id$
-
-/**
- * SubjectInfo interface tests
- * @author Anil.Saldhana at redhat.com
- * @since Feb 25, 2008
- * @version $Revision$
- */
-public class SubjectInfoUnitTestCase extends TestCase
-{
- public void testCreateSubjectInfo() throws Exception
- {
- Principal thePrincipal = new SimplePrincipal("Anil");
-
- Subject theSubject = new Subject();
- theSubject.getPrincipals().add(thePrincipal);
- SecurityContext sc = SecurityContextFactory.createSecurityContext("TEST");
- sc.getUtil().createSubjectInfo(thePrincipal, "pass", theSubject);
-
- assertEquals(thePrincipal, sc.getUtil().getUserPrincipal());
- assertEquals("pass", sc.getUtil().getCredential());
- assertEquals(theSubject, sc.getUtil().getSubject());
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securitycontext/SubjectInfoUnitTestCase.java (from rev 72458, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/SubjectInfoUnitTestCase.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securitycontext/SubjectInfoUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/securitycontext/SubjectInfoUnitTestCase.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,57 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.securitycontext;
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
+import org.jboss.security.SimplePrincipal;
+
+//$Id$
+
+/**
+ * SubjectInfo interface tests
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 25, 2008
+ * @version $Revision$
+ */
+public class SubjectInfoUnitTestCase extends TestCase
+{
+ public void testCreateSubjectInfo() throws Exception
+ {
+ Principal thePrincipal = new SimplePrincipal("Anil");
+
+ Subject theSubject = new Subject();
+ theSubject.getPrincipals().add(thePrincipal);
+ SecurityContext sc = SecurityContextFactory.createSecurityContext("TEST");
+ sc.getUtil().createSubjectInfo(thePrincipal, "pass", theSubject);
+
+ assertEquals(thePrincipal, sc.getUtil().getUserPrincipal());
+ assertEquals("pass", sc.getUtil().getCredential());
+ assertEquals(theSubject, sc.getUtil().getSubject());
+ }
+}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/util/SecurityTestUtil.java (from rev 72464, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/util/SecurityTestUtil.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/util/SecurityTestUtil.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx/src/tests/org/jboss/test/util/SecurityTestUtil.java 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,101 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.util;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.authorization.ResourceType;
+import org.jboss.security.authorization.config.AuthorizationModuleEntry;
+import org.jboss.security.authorization.modules.DelegatingAuthorizationModule;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.AuthorizationInfo;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
+import org.jboss.test.authorization.web.TestWebAuthorizationModuleDelegate;
+
+/**
+ * Util Class
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 18, 2008
+ * @version $Revision$
+ */
+public class SecurityTestUtil
+{
+ public static RoleGroup getRoleGroup(String[] roles)
+ {
+ SimpleRoleGroup srg = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+
+ List<Role> roleList = srg.getRoles();
+
+ for(String role:roles)
+ {
+ roleList.add(new SimpleRole(role));
+ }
+ return srg;
+ }
+
+ public static RoleGroup getRoleGroup(String rolename)
+ {
+ SimpleRoleGroup srg = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+ srg.getRoles().add(new SimpleRole(rolename));
+ return srg;
+ }
+
+ public static ApplicationPolicy getApplicationPolicy(String domain,
+ Map<String,Object> moduleOptions)
+ {
+ AuthorizationInfo ai = new AuthorizationInfo(domain);
+ String moduleName = DelegatingAuthorizationModule.class.getName();
+ AuthorizationModuleEntry ame;
+
+ if(moduleOptions != null)
+ ame = new AuthorizationModuleEntry(moduleName, moduleOptions);
+ else
+ ame = new AuthorizationModuleEntry(moduleName);
+
+ ai.add(ame);
+ ApplicationPolicy ap = new ApplicationPolicy(domain);
+ ap.setAuthorizationInfo(ai);
+ return ap;
+ }
+
+ public static Map<String,Object> getWebDelegateOptions()
+ {
+ Map<String,Object> options = new HashMap<String,Object>();
+ options.put("delegateMap",
+ ResourceType.WEB.toString()
+ + "="
+ + TestWebAuthorizationModuleDelegate.class.getName());
+ return options;
+ }
+
+ public static void setUpRegularConfiguration(ApplicationPolicy ap) throws Exception
+ {
+ SecurityConfiguration.addApplicationPolicy(ap);
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx-client/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx-client/pom.xml 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx-client/pom.xml 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,96 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-parent</artifactId>
- <version>3</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <groupId>org.jboss.security</groupId>
- <artifactId>jbosssx-client</artifactId>
- <version>2.0.2-SNAPSHOT</version>
- <packaging>jar</packaging>
- <name>JBoss Security Client</name>
- <url>http://www.jboss.org</url>
- <description>JBoss Security Client Library</description>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-jar-plugin</artifactId>
- <executions>
- <execution>
- <goals>
- <goal>jar</goal>
- </goals>
- </execution>
- </executions>
- <configuration>
- <archive>
- <manifestFile>../jbosssx/src/etc/default.mf</manifestFile>
- </archive>
- <classesDirectory>../jbosssx/target/classes</classesDirectory>
- </configuration>
- </plugin>
- <plugin>
- <artifactId>maven-antrun-plugin</artifactId>
- <version>1.1</version>
- <inherited>true</inherited>
- <executions>
- <execution>
- <id>buildjar</id>
- <phase>package</phase>
- <configuration>
- <tasks>
- <!-- Build jbosssx-client.jar -->
- <jar jarfile="${basedir}/target/jbosssx-client-${version}.jar" manifest="${basedir}/../jbosssx/src/etc/default.mf" update="true">
- <fileset dir="${basedir}/../jbosssx/target/classes">
- <exclude name="META-INF/MANIFEST.MF" />
- <!-- HACK -->
- <include name="org/jboss/crypto/JBossSXProvider.class" />
- <include name="org/jboss/crypto/digest/*" />
- <include name="org/jboss/security/*" />
- <include name="org/jboss/security/auth/callback/*" />
- <include name="org/jboss/security/auth/login/*" />
- <include name="org/jboss/security/client/*" />
- <exclude name="org/jboss/security/auth/login/XMLLoginConfig.class" />
- <exclude name="org/jboss/security/auth/login/XMLLoginConfigMBean.class" />
- <include name="org/jboss/security/jndi/LoginInitialContextFactory.class" />
- <include name="org/jboss/security/jndi/JndiLoginInitialContextFactory.class" />
- <include name="org/jboss/security/plugins/PBEUtils.class" />
- <include name="org/jboss/security/ssl/ClientSocketFactory.class" />
- <include name="org/jboss/security/ssl/RMISSLClientSocketFactory.class" />
- <include name="org/jboss/security/plugins/*SecurityContext*.class" />
- </fileset>
- <fileset file="${basedir}/../jbosssx/JBossORG-EULA.txt" />
- </jar>
- </tasks>
- </configuration>
- <goals>
- <goal>run</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.jboss.maven.plugins</groupId>
- <artifactId>maven-jboss-deploy-plugin</artifactId>
- <version>1.4</version>
- <executions>
- <execution>
- <id>jboss-deploy</id>
- <goals>
- <goal>jboss-deploy</goal>
- </goals>
- <phase>deploy</phase>
- </execution>
- </executions>
- <configuration>
- <groupId>jboss</groupId>
- <jbossDeployRoot>${jboss.repository.root}</jbossDeployRoot>
- <removeArtifactVersion>true</removeArtifactVersion>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
-</project>
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx-client/pom.xml (from rev 72656, projects/security/security-jboss-sx/trunk/jbosssx-client/pom.xml)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx-client/pom.xml (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/jbosssx-client/pom.xml 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,74 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-parent</artifactId>
+ <version>3</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx-client</artifactId>
+ <version>2.0.2.Beta7</version>
+ <packaging>jar</packaging>
+ <name>JBoss Security Client</name>
+ <url>http://www.jboss.org</url>
+ <description>JBoss Security Client Library</description>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <executions>
+ <execution>
+ <goals>
+ <goal>jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ <version>2.2</version>
+ <configuration>
+ <archive>
+ <manifest>
+ <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
+ <addDefaultSpecificationEntries />
+ </manifest>
+ </archive>
+ <classesDirectory>../jbosssx/target/classes</classesDirectory>
+ <includes>
+ <include>JBossORG-EULA.txt</include>
+ <include>org/jboss/crypto/JBossSXProvider.class</include>
+ <include>org/jboss/crypto/digest/*</include>
+ <include>org/jboss/security/*</include>
+ <include>org/jboss/security/auth/callback/*</include>
+ <include>org/jboss/security/auth/login/*</include>
+ <include>org/jboss/security/client/*</include>
+ <include>org/jboss/security/auth/login/XMLLoginConfig.class</include>
+ <include>org/jboss/security/auth/login/XMLLoginConfigMBean.class</include>
+ <include>org/jboss/security/plugins/PBEUtils.class</include>
+ <include>org/jboss/security/ssl/ClientSocketFactory.class</include>
+ <include>org/jboss/security/ssl/RMISSLClientSocketFactory.class</include>
+ <include>org/jboss/security/plugins/*SecurityContext*.class</include>
+ <include>org/jboss/resource/security/*.class</include> </includes>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.jboss.maven.plugins</groupId>
+ <artifactId>maven-jboss-deploy-plugin</artifactId>
+ <version>1.4</version>
+ <executions>
+ <execution>
+ <id>jboss-deploy</id>
+ <goals>
+ <goal>jboss-deploy</goal>
+ </goals>
+ <phase>deploy</phase>
+ </execution>
+ </executions>
+ <configuration>
+ <groupId>jboss</groupId>
+ <jbossDeployRoot>${jboss.repository.root}</jbossDeployRoot>
+ <removeArtifactVersion>true</removeArtifactVersion>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Deleted: projects/security/security-jboss-sx/tags/2.0.2.Beta7/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/pom.xml 2008-04-11 14:13:32 UTC (rev 72024)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/pom.xml 2008-04-24 02:14:44 UTC (rev 72657)
@@ -1,252 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-parent</artifactId>
- <version>3</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <groupId>org.jboss.security</groupId>
- <artifactId>jbosssx-parent</artifactId>
- <version>2.0.2-SNAPSHOT</version>
- <packaging>pom</packaging>
- <name>JBoss Security Implementation for the JBAS - Parent</name>
- <url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <scm>
- <connection>scm:svn:http://anonsvn.jboss.org/repos/jbossas/projects/security/security-jboss-sx/trunk</connection>
- <developerConnection>scm:svn:https://svn.jboss.org/repos/jbossas/projects/security/security-jboss-sx/trunk</developerConnection>
- </scm>
- <repositories>
- <repository>
- <id>repository.jboss.org</id>
- <name>JBoss Repository</name>
- <layout>default</layout>
- <url>http://repository.jboss.org/maven2/</url>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </repository>
-
- <repository>
- <id>snapshots.jboss.org</id>
- <name>JBoss Snapshots Repository</name>
- <layout>default</layout>
- <url>http://snapshots.jboss.org/maven2/</url>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- <releases>
- <enabled>false</enabled>
- </releases>
- </repository>
- </repositories>
-
- <modules>
- <module>identity</module>
- <module>acl</module>
- <module>jbosssx</module>
- <module>jbosssx-client</module>
- <module>assembly</module>
- </modules>
-
- <profiles>
- <!-- mvn install -Psecurity-manager -->
- <profile>
- <id>security-manager</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <properties>
- <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
- <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
- <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} ${test.env}</surefire.jvm.args>
- </properties>
- <modules>
- <module>jbosssx</module>
- </modules>
- </profile>
- <!-- mvn install -Psecurity-manager-debug -->
- <!-- Best Practice: mvn install -Psecurity-manager-debug 2>&1 > logfile2>&1 > logfile -->
- <profile>
- <id>security-manager-debug</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <properties>
- <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
- <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
- <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} -Djava.security.debug=failure,access ${test.env}</surefire.jvm.args>
- </properties>
- <modules>
- <module>jbosssx</module>
- </modules>
- </profile>
-
- <!-- Specify heap size for ACL tests -->
- <profile>
- <id>acl-heap-profile</id>
- <activation>
- <activeByDefault>true</activeByDefault>
- </activation>
- <properties>
- <surefire.jvm.args>-Xms512m -Xmx1024m</surefire.jvm.args>
- </properties>
- <modules>
- <module>acl</module>
- </modules>
- </profile>
- </profiles>
-
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <configuration>
- <printSummary>true</printSummary>
- <disableXmlReport>false</disableXmlReport>
- <testFailureIgnore>true</testFailureIgnore>
- <includes>
- <include>**/**TestCase.java</include>
- </includes>
- <forkMode>pertest</forkMode>
- <argLine>${surefire.jvm.args}</argLine>
- <useFile>false</useFile>
- <trimStackTrace>false</trimStackTrace>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.jboss.maven.plugins</groupId>
- <artifactId>maven-jboss-deploy-plugin</artifactId>
- <version>1.6</version>
- <executions>
- <execution>
- <id>jboss-deploy</id>
- <goals>
- <goal>jboss-deploy</goal>
- </goals>
- <phase>deploy</phase>
- </execution>
- </executions>
- <configuration>
- <groupId>jboss</groupId>
- <jbossDeployRoot>${jboss.repository.root}</jbossDeployRoot>
- <removeArtifactVersion>true</removeArtifactVersion>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <dependencyManagement>
- <dependencies>
- <dependency>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-common-core</artifactId>
- <version>2.2.1.GA</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-logging-spi</artifactId>
- <version>2.0.2.GA</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-logging-log4j</artifactId>
- <version>2.0.2.GA</version>
- <scope>runtime</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.javaee</groupId>
- <artifactId>jboss-jacc-api</artifactId>
- <version>1.1.0.${org.jboss.javaee.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.javaee</groupId>
- <artifactId>jboss-transaction-api</artifactId>
- <version>1.0.1.${org.jboss.javaee.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.javaee</groupId>
- <artifactId>jboss-jaspi-api</artifactId>
- <version>1.0.0.${org.jboss.javaee.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>acl-spi</artifactId>
- <version>${org.jboss.security.spi.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>authorization-spi</artifactId>
- <version>${org.jboss.security.spi.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>identity-spi</artifactId>
- <version>${org.jboss.security.spi.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-security-spi-bare</artifactId>
- <version>${org.jboss.security.spi.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>apache-log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>1.2.14</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>3.8.1</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-test</artifactId>
- <version>1.0.4.GA</version>
- <scope>test</scope>
- </dependency>
- </dependencies>
- </dependencyManagement>
-
- <distributionManagement>
- <repository>
- <!-- Copy the distribution jar file to a local checkout of the maven repositry
- - This variable can be set in $MAVEN_HOME/conf/settings.xml -->
- <id>repository.jboss.org</id>
- <url>file://${maven.repository.root}</url>
- </repository>
- <snapshotRepository>
- <id>snapshots.jboss.org</id>
- <name>JBoss Inc. Repository</name>
- <layout>default</layout>
- <url>dav:https://snapshots.jboss.org/maven2/</url>
- </snapshotRepository>
- </distributionManagement>
-
- <properties>
- <org.jboss.javaee.version>Beta3Update1</org.jboss.javaee.version>
- <org.jboss.security.spi.version>2.0.2-SNAPSHOT</org.jboss.security.spi.version>
- </properties>
-
-</project>
Copied: projects/security/security-jboss-sx/tags/2.0.2.Beta7/pom.xml (from rev 72656, projects/security/security-jboss-sx/trunk/pom.xml)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.Beta7/pom.xml (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.Beta7/pom.xml 2008-04-24 02:14:44 UTC (rev 72657)
@@ -0,0 +1,252 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-parent</artifactId>
+ <version>3</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx-parent</artifactId>
+ <version>2.0.2.Beta7</version>
+ <packaging>pom</packaging>
+ <name>JBoss Security Implementation for the JBAS - Parent</name>
+ <url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <scm>
+ <connection>scm:svn:http://anonsvn.jboss.org/repos/jbossas/projects/security/security-jboss-sx/tags/2.0.2.Beta7</connection>
+ <developerConnection>scm:svn:https://svn.jboss.org/repos/jbossas/projects/security/security-jboss-sx/tags/2.0.2.Beta7</developerConnection>
+ </scm>
+ <repositories>
+ <repository>
+ <id>repository.jboss.org</id>
+ <name>JBoss Repository</name>
+ <layout>default</layout>
+ <url>http://repository.jboss.org/maven2/</url>
+ <snapshots>
+ <enabled>false</enabled>
+ </snapshots>
+ </repository>
+
+ <repository>
+ <id>snapshots.jboss.org</id>
+ <name>JBoss Snapshots Repository</name>
+ <layout>default</layout>
+ <url>http://snapshots.jboss.org/maven2/</url>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ </repository>
+ </repositories>
+
+ <modules>
+ <module>identity</module>
+ <module>acl</module>
+ <module>jbosssx</module>
+ <module>jbosssx-client</module>
+ <module>assembly</module>
+ </modules>
+
+ <profiles>
+ <!-- mvn install -Psecurity-manager -->
+ <profile>
+ <id>security-manager</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <properties>
+ <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
+ <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
+ <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} ${test.env}</surefire.jvm.args>
+ </properties>
+ <modules>
+ <module>jbosssx</module>
+ </modules>
+ </profile>
+ <!-- mvn install -Psecurity-manager-debug -->
+ <!-- Best Practice: mvn install -Psecurity-manager-debug 2>&1 > logfile2>&1 > logfile -->
+ <profile>
+ <id>security-manager-debug</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <properties>
+ <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
+ <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
+ <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} -Djava.security.debug=failure,access ${test.env}</surefire.jvm.args>
+ </properties>
+ <modules>
+ <module>jbosssx</module>
+ </modules>
+ </profile>
+
+ <!-- Specify heap size for ACL tests -->
+ <profile>
+ <id>acl-heap-profile</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+ <properties>
+ <surefire.jvm.args>-Xms512m -Xmx1024m</surefire.jvm.args>
+ </properties>
+ <modules>
+ <module>acl</module>
+ </modules>
+ </profile>
+ </profiles>
+
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <printSummary>true</printSummary>
+ <disableXmlReport>false</disableXmlReport>
+ <testFailureIgnore>true</testFailureIgnore>
+ <includes>
+ <include>**/**TestCase.java</include>
+ </includes>
+ <forkMode>pertest</forkMode>
+ <argLine>${surefire.jvm.args}</argLine>
+ <useFile>false</useFile>
+ <trimStackTrace>false</trimStackTrace>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.jboss.maven.plugins</groupId>
+ <artifactId>maven-jboss-deploy-plugin</artifactId>
+ <version>1.6</version>
+ <executions>
+ <execution>
+ <id>jboss-deploy</id>
+ <goals>
+ <goal>jboss-deploy</goal>
+ </goals>
+ <phase>deploy</phase>
+ </execution>
+ </executions>
+ <configuration>
+ <groupId>jboss</groupId>
+ <jbossDeployRoot>${jboss.repository.root}</jbossDeployRoot>
+ <removeArtifactVersion>true</removeArtifactVersion>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-common-core</artifactId>
+ <version>2.2.1.GA</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-logging-spi</artifactId>
+ <version>2.0.2.GA</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-logging-log4j</artifactId>
+ <version>2.0.2.GA</version>
+ <scope>runtime</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.javaee</groupId>
+ <artifactId>jboss-jacc-api</artifactId>
+ <version>1.1.0.${org.jboss.javaee.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.javaee</groupId>
+ <artifactId>jboss-transaction-api</artifactId>
+ <version>1.0.1.${org.jboss.javaee.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.javaee</groupId>
+ <artifactId>jboss-jaspi-api</artifactId>
+ <version>1.0.0.${org.jboss.javaee.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>acl-spi</artifactId>
+ <version>${org.jboss.security.spi.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>authorization-spi</artifactId>
+ <version>${org.jboss.security.spi.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>identity-spi</artifactId>
+ <version>${org.jboss.security.spi.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-security-spi-bare</artifactId>
+ <version>${org.jboss.security.spi.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>apache-log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>1.2.14</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>3.8.1</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-test</artifactId>
+ <version>1.0.4.GA</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
+ <distributionManagement>
+ <repository>
+ <!-- Copy the distribution jar file to a local checkout of the maven repositry
+ - This variable can be set in $MAVEN_HOME/conf/settings.xml -->
+ <id>repository.jboss.org</id>
+ <url>file://${maven.repository.root}</url>
+ </repository>
+ <snapshotRepository>
+ <id>snapshots.jboss.org</id>
+ <name>JBoss Inc. Repository</name>
+ <layout>default</layout>
+ <url>dav:https://snapshots.jboss.org/maven2/</url>
+ </snapshotRepository>
+ </distributionManagement>
+
+ <properties>
+ <org.jboss.javaee.version>Beta3Update1</org.jboss.javaee.version>
+ <org.jboss.security.spi.version>2.0.2.Beta7</org.jboss.security.spi.version>
+ </properties>
+
+</project>
More information about the jboss-cvs-commits
mailing list