[jboss-cvs] jboss-seam/src/main/org/jboss/seam/security/config ...
Shane Bryzak
Shane_Bryzak at symantec.com
Sat Dec 30 20:18:31 EST 2006
User: sbryzak2
Date: 06/12/30 20:18:31
Modified: src/main/org/jboss/seam/security/config
SecurityConfiguration.java
Log:
removed proprietary authentication stuff, replaced with JAAS authentication
Revision Changes Path
1.8 +384 -273 jboss-seam/src/main/org/jboss/seam/security/config/SecurityConfiguration.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: SecurityConfiguration.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/config/SecurityConfiguration.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -b -r1.7 -r1.8
--- SecurityConfiguration.java 27 Dec 2006 05:03:49 -0000 1.7
+++ SecurityConfiguration.java 31 Dec 2006 01:18:31 -0000 1.8
@@ -1,28 +1,37 @@
package org.jboss.seam.security.config;
+import static org.jboss.seam.ScopeType.APPLICATION;
+import static org.jboss.seam.annotations.Install.BUILT_IN;
+
import java.io.InputStream;
+import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
-import org.jboss.seam.log.LogProvider;
-import org.jboss.seam.log.Logging;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+
import org.dom4j.Document;
import org.dom4j.Element;
import org.dom4j.io.SAXReader;
-import static org.jboss.seam.ScopeType.APPLICATION;
+import org.jboss.seam.Component;
import org.jboss.seam.InterceptionType;
-import static org.jboss.seam.annotations.Install.BUILT_IN;
+import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.Create;
import org.jboss.seam.annotations.Install;
import org.jboss.seam.annotations.Intercept;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.Startup;
+import org.jboss.seam.contexts.Contexts;
+import org.jboss.seam.log.LogProvider;
+import org.jboss.seam.log.Logging;
import org.jboss.seam.security.Role;
import org.jboss.seam.security.SeamPermission;
+import org.jboss.seam.security.SeamSecurityManager;
import org.jboss.seam.util.Resources;
/**
@@ -33,48 +42,74 @@
@Startup
@Scope(APPLICATION)
@Name("org.jboss.seam.security.securityConfiguration")
- at Install(value = false, precedence=BUILT_IN, dependencies = "org.jboss.seam.securityManager")
+ at Install(value = false, precedence = BUILT_IN, dependencies = "org.jboss.seam.securityManager")
@Intercept(InterceptionType.NEVER)
public class SecurityConfiguration
{
+ public static final String LOGIN_MODULE_NAME = "default";
+
private static final String SECURITY_CONFIG_FILENAME = "/META-INF/security-config.xml";
- private static final LogProvider log = Logging.getLogProvider(SecurityConfiguration.class);
+ private static final LogProvider log = Logging
+ .getLogProvider(SecurityConfiguration.class);
// <security-constraint>
private static final String SECURITY_CONSTRAINT = "security-constraint";
+
private static final String WEB_RESOURCE_COLLECTION = "web-resource-collection";
+
private static final String URL_PATTERN = "url-pattern";
+
private static final String HTTP_METHOD = "http-method";
+
private static final String AUTH_CONSTRAINT = "auth-constraint";
+
private static final String ROLE_NAME = "role-name";
// <login-config>
-// private static final String LOGIN_CONFIG = "login-config";
-// private static final String AUTH_METHOD = "auth-method";
+ // private static final String LOGIN_CONFIG = "login-config";
+ // private static final String AUTH_METHOD = "auth-method";
// FORM
-// private static final String FORM_LOGIN_CONFIG = "form-login-config";
-// private static final String FORM_LOGIN_PAGE = "form-login-page";
-// private static final String FORM_ERROR_PAGE = "form-error-page";
-// private static final String FORM_DEFAULT_PAGE = "form-default-page";
+ // private static final String FORM_LOGIN_CONFIG = "form-login-config";
+ // private static final String FORM_LOGIN_PAGE = "form-login-page";
+ // private static final String FORM_ERROR_PAGE = "form-error-page";
+ // private static final String FORM_DEFAULT_PAGE = "form-default-page";
// roles
private static final String SECURITY_ROLES = "roles";
+
private static final String SECURITY_ROLE = "role";
+
private static final String SECURITY_MEMBERSHIPS = "memberships";
+
private static final String SECURITY_PERMISSIONS = "permissions";
+
private static final String SECURITY_PERMISSION = "permission";
+ private static final String LOGIN_MODULES = "loginmodules";
+
+ private static final String LOGIN_MODULE = "loginmodule";
+
+ private static final String LOGIN_MODULE_CLASS = "class";
+
+ private static final String LOGIN_MODULE_FLAG = "flag";
+
+ private static final String LOGIN_MODULE_OPTION = "option";
+
+ private static final String LOGIN_MODULE_OPTION_NAME = "name";
+
private Set<SecurityConstraint> securityConstraints = new HashSet<SecurityConstraint>();
- private Map<String,Role> securityRoles = new HashMap<String,Role>();
+ private Map<String, Role> securityRoles = new HashMap<String, Role>();
private String securityErrorPage = "/securityError.seam";
-// private AuthMethod authMethod;
+ private LoginModuleConfiguration loginModuleConfig;
-// private Handler authenticator;
+ // private AuthMethod authMethod;
+
+ // private Handler authenticator;
/**
* Initialization
@@ -82,14 +117,31 @@
* @throws SecurityConfigException
*/
@Create
- public void init()
- throws SecurityConfigException
+ public void init() throws SecurityConfigException
{
InputStream in = Resources.getResourceAsStream(SECURITY_CONFIG_FILENAME);
if (in != null)
loadConfigFromStream(in);
else
- log.warn(String.format("Security configuration file %s not found", SECURITY_CONFIG_FILENAME));
+ log.warn(String.format("Security configuration file %s not found",
+ SECURITY_CONFIG_FILENAME));
+ }
+
+ public static SecurityConfiguration instance()
+ {
+ if (!Contexts.isApplicationContextActive())
+ throw new IllegalStateException("No active application context");
+
+ SecurityConfiguration instance = (SecurityConfiguration) Component
+ .getInstance(SecurityConfiguration.class, ScopeType.APPLICATION);
+
+ if (instance == null)
+ {
+ throw new IllegalStateException(
+ "No SecurityConfiguration could be created, make sure the Component exists in application scope");
+ }
+
+ return instance;
}
public void setSecurityErrorPage(String securityErrorPage)
@@ -128,7 +180,8 @@
if (ex instanceof SecurityConfigException)
throw (SecurityConfigException) ex;
else
- throw new SecurityConfigException("Error loading security configuration", ex);
+ throw new SecurityConfigException(
+ "Error loading security configuration", ex);
}
}
@@ -143,23 +196,31 @@
}
/**
+ * Returns the login module configuration
*
- * @return AuthMethod
+ * @return
*/
-// public AuthMethod getAuthMethod()
-// {
-// return authMethod;
-// }
+ public Configuration getLoginModuleConfiguration()
+ {
+ return loginModuleConfig;
+ }
/**
*
+ * @return AuthMethod
+ */
+ // public AuthMethod getAuthMethod()
+ // {
+ // return authMethod;
+ // }
+ /**
+ *
* @return Authenticator
*/
-// public Handler getAuthenticator()
-// {
-// return authenticator;
-// }
-
+ // public Handler getAuthenticator()
+ // {
+ // return authenticator;
+ // }
/**
*
* @return Set
@@ -185,37 +246,38 @@
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraints.add(securityConstraint);
- for (Element wrcElement :
- (List<Element>) element.elements(WEB_RESOURCE_COLLECTION))
+ for (Element wrcElement : (List<Element>) element
+ .elements(WEB_RESOURCE_COLLECTION))
{
WebResourceCollection wrc = new WebResourceCollection();
securityConstraint.getResourceCollections().add(wrc);
- for (Element urlPatternElement :
- (List<Element>) wrcElement.elements(URL_PATTERN))
+ for (Element urlPatternElement : (List<Element>) wrcElement
+ .elements(URL_PATTERN))
{
wrc.getUrlPatterns().add(urlPatternElement.getTextTrim());
}
- for (Element httpMethodElement :
- (List<Element>) wrcElement.elements(HTTP_METHOD))
+ for (Element httpMethodElement : (List<Element>) wrcElement
+ .elements(HTTP_METHOD))
{
wrc.getHttpMethods().add(httpMethodElement.getTextTrim());
}
}
securityConstraint.setAuthConstraint(new AuthConstraint());
- for (Element roleNameElement :
- (List<Element>) element.element(AUTH_CONSTRAINT).elements(ROLE_NAME))
+ for (Element roleNameElement : (List<Element>) element.element(
+ AUTH_CONSTRAINT).elements(ROLE_NAME))
{
- securityConstraint.getAuthConstraint().getRoles().add(roleNameElement.
- getTextTrim());
+ securityConstraint.getAuthConstraint().getRoles().add(
+ roleNameElement.getTextTrim());
}
}
}
catch (Exception ex)
{
- throw new SecurityConfigException("Error loading security constraints", ex);
+ throw new SecurityConfigException(
+ "Error loading security constraints", ex);
}
}
@@ -225,53 +287,55 @@
* @param loginConfigElement Element
* @throws SecurityConfigurationException
*/
-// private void loadLoginConfig(Element loginConfigElement)
-// throws SecurityConfigException
-// {
-// String authMethodText = loginConfigElement.element(AUTH_METHOD).getTextTrim();
-// try
-// {
-// authMethod = AuthMethod.valueOf(authMethodText);
-// }
-// catch (Exception ex)
-// {
-// StringBuilder sb = new StringBuilder();
-// for (AuthMethod m : AuthMethod.values())
-// {
-// if (sb.length() > 0)
-// sb.append(',');
-// sb.append(m.toString());
-// }
-//
-// throw new SecurityConfigException(
-// String.format("Invalid auth-method [%s]. Valid options are: %s",
-// authMethodText, sb.toString()));
-// }
-//
-// switch (authMethod)
-// {
-// case BASIC:
-// authenticator = new BasicHandler();
-// break;
-// case FORM:
-// Element formConfigElement = loginConfigElement.element(FORM_LOGIN_CONFIG);
-// String loginPage = formConfigElement.elementText(FORM_LOGIN_PAGE);
-// String errorPage = formConfigElement.elementText(FORM_ERROR_PAGE);
-// String defaultPage = formConfigElement.elementText(FORM_DEFAULT_PAGE);
-// authenticator = new FormHandler(loginPage, errorPage, defaultPage);
-// break;
-// case SEAM:
-// Element seamConfigElement = loginConfigElement.element(SEAM_LOGIN_CONFIG);
-// loginPage = seamConfigElement.elementText(SEAM_LOGIN_PAGE);
-// authenticator = new SeamAuthenticator(loginPage);
-// break;
-// }
-//
-// if (authenticator == null)
-// throw new SecurityConfigException(
-// String.format("No valid authenticator for auth-method [%s]", authMethod.toString()));
-//
-// }
+ // private void loadLoginConfig(Element loginConfigElement)
+ // throws SecurityConfigException
+ // {
+ // String authMethodText =
+ // loginConfigElement.element(AUTH_METHOD).getTextTrim();
+ // try
+ // {
+ // authMethod = AuthMethod.valueOf(authMethodText);
+ // }
+ // catch (Exception ex)
+ // {
+ // StringBuilder sb = new StringBuilder();
+ // for (AuthMethod m : AuthMethod.values())
+ // {
+ // if (sb.length() > 0)
+ // sb.append(',');
+ // sb.append(m.toString());
+ // }
+ //
+ // throw new SecurityConfigException(
+ // String.format("Invalid auth-method [%s]. Valid options are: %s",
+ // authMethodText, sb.toString()));
+ // }
+ //
+ // switch (authMethod)
+ // {
+ // case BASIC:
+ // authenticator = new BasicHandler();
+ // break;
+ // case FORM:
+ // Element formConfigElement = loginConfigElement.element(FORM_LOGIN_CONFIG);
+ // String loginPage = formConfigElement.elementText(FORM_LOGIN_PAGE);
+ // String errorPage = formConfigElement.elementText(FORM_ERROR_PAGE);
+ // String defaultPage = formConfigElement.elementText(FORM_DEFAULT_PAGE);
+ // authenticator = new FormHandler(loginPage, errorPage, defaultPage);
+ // break;
+ // case SEAM:
+ // Element seamConfigElement = loginConfigElement.element(SEAM_LOGIN_CONFIG);
+ // loginPage = seamConfigElement.elementText(SEAM_LOGIN_PAGE);
+ // authenticator = new SeamAuthenticator(loginPage);
+ // break;
+ // }
+ //
+ // if (authenticator == null)
+ // throw new SecurityConfigException(
+ // String.format("No valid authenticator for auth-method [%s]",
+ // authMethod.toString()));
+ //
+ // }
/**
* Load the security roles
@@ -282,9 +346,10 @@
protected void loadSecurityRoles(Element securityRoleElement)
throws SecurityConfigException
{
- Map<String,Set<String>> members = new HashMap<String,Set<String>>();
+ Map<String, Set<String>> members = new HashMap<String, Set<String>>();
- for (Element role : (List<Element>) securityRoleElement.elements(SECURITY_ROLE))
+ for (Element role : (List<Element>) securityRoleElement
+ .elements(SECURITY_ROLE))
{
Role r = new Role(role.attributeValue("name"));
@@ -301,11 +366,12 @@
Element permissionsElement = role.element(SECURITY_PERMISSIONS);
if (permissionsElement != null)
{
- for (Element permission : (List<Element>) permissionsElement.elements(
- SECURITY_PERMISSION))
+ for (Element permission : (List<Element>) permissionsElement
+ .elements(SECURITY_PERMISSION))
{
- r.addPermission(new SeamPermission(permission.attributeValue("name"),
- permission.attributeValue("action")));
+ r.addPermission(new SeamPermission(permission
+ .attributeValue("name"), permission
+ .attributeValue("action")));
}
}
@@ -320,4 +386,49 @@
}
}
+ protected void loadLoginModules(Element loginModulesElement)
+ throws SecurityConfigException
+ {
+ loginModuleConfig = new LoginModuleConfiguration();
+ List<AppConfigurationEntry> entries = new ArrayList<AppConfigurationEntry>();
+
+ for (Element loginModule : (List<Element>) loginModulesElement
+ .elements(LOGIN_MODULE))
+ {
+ Map<String, String> options = new HashMap<String, String>();
+
+ for (Element option : (List<Element>) loginModule.elements(LOGIN_MODULE_OPTION))
+ {
+ options.put(option.attributeValue(LOGIN_MODULE_OPTION_NAME),
+ option.getTextTrim());
+ }
+
+ AppConfigurationEntry entry = new AppConfigurationEntry(loginModule
+ .attributeValue(LOGIN_MODULE_CLASS), getControlFlag(loginModule
+ .attributeValue(LOGIN_MODULE_FLAG)), options);
+ entries.add(entry);
+ }
+
+ AppConfigurationEntry[] e = new AppConfigurationEntry[entries.size()];
+ entries.toArray(e);
+
+ loginModuleConfig.addEntry(LOGIN_MODULE_NAME, e);
+
+ }
+
+ private AppConfigurationEntry.LoginModuleControlFlag getControlFlag(
+ String flag) throws SecurityConfigException
+ {
+ if ("REQUIRED".equalsIgnoreCase(flag))
+ return AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
+ else if ("OPTIONAL".equalsIgnoreCase(flag))
+ return AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL;
+ else if ("SUFFICIENT".equalsIgnoreCase(flag))
+ return AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT;
+ else if ("REQUISITE".equalsIgnoreCase(flag))
+ return AppConfigurationEntry.LoginModuleControlFlag.REQUISITE;
+ else
+ throw new SecurityConfigException(String.format(
+ "Unrecognized login module control flag [%s]", flag));
+ }
}
More information about the jboss-cvs-commits
mailing list