[jboss-cvs] JBossAS SVN: r75508 - in projects/security/security-jboss-sx/trunk: acl/src/main/java/org/jboss/security/acl and 11 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Tue Jul 8 17:21:00 EDT 2008


Author: sguilhen at redhat.com
Date: 2008-07-08 17:21:00 -0400 (Tue, 08 Jul 2008)
New Revision: 75508

Added:
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLInfoContainer.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLProviderEntry.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLProviderEntryHolder.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/resources/schema/
   projects/security/security-jboss-sx/trunk/jbosssx/src/resources/schema/security-config_4_0.xsd
   projects/security/security-jboss-sx/trunk/jbosssx/src/resources/schema/security-config_4_1.xsd
   projects/security/security-jboss-sx/trunk/jbosssx/src/resources/schema/security-config_5_0.xsd
Removed:
   projects/security/security-jboss-sx/trunk/acl/src/main/java/org/jboss/security/acl/config/
   projects/security/security-jboss-sx/trunk/jbosssx/src/tests/resources/schema/security-config_4_1.xsd
   projects/security/security-jboss-sx/trunk/jbosssx/src/tests/resources/schema/security-config_5_0.xsd
Modified:
   projects/security/security-jboss-sx/trunk/acl/.classpath
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/LoginConfigObjectModelFactory.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicyContainer.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/tests/resources/config/securityConfig5.xml
Log:
SECURITY-260: Moved the security-config schemas from the Metadata project to JBossSX. Changed the security-config_5_0.xsd to allow for the specification of acl configurations in application policies. Relevant classes that participate in the parsing process have been updated as well to create the necessary ACLInfo objects and to set the created infos into the ApplicationPolicy.
The test classes have also been updated to test policies that specify an acl configuration.



Modified: projects/security/security-jboss-sx/trunk/acl/.classpath
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/.classpath	2008-07-08 20:15:07 UTC (rev 75507)
+++ projects/security/security-jboss-sx/trunk/acl/.classpath	2008-07-08 21:21:00 UTC (rev 75508)
@@ -6,6 +6,7 @@
   <classpathentry kind="src" path="src/tests/resources" output="target/test-classes" including="**/*.xml" excluding="**/*.java"/>
   <classpathentry kind="output" path="target/classes"/>
   <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+  <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.0.2/activation-1.0.2.jar"/>
   <classpathentry kind="var" path="M2_REPO/ant/ant/1.6.5/ant-1.6.5.jar"/>
   <classpathentry kind="var" path="M2_REPO/ant/ant-junit/1.6.5/ant-junit-1.6.5.jar"/>
   <classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar"/>
@@ -16,6 +17,7 @@
   <classpathentry kind="var" path="M2_REPO/apache-httpclient/commons-httpclient/2.0.2/commons-httpclient-2.0.2.jar"/>
   <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
   <classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar"/>
+  <classpathentry kind="var" path="M2_REPO/wutka-dtdparser/dtdparser121/1.2.1/dtdparser121-1.2.1.jar"/>
   <classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.3/ehcache-1.2.3.jar"/>
   <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate/3.2.4.sp1/hibernate-3.2.4.sp1.jar"/>
   <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-annotations/3.3.0.ga/hibernate-annotations-3.3.0.ga.jar"/>
@@ -25,20 +27,26 @@
   <classpathentry kind="var" path="M2_REPO/hsqldb/hsqldb/1.8.0.2/hsqldb-1.8.0.2.jar"/>
   <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT-sources.jar"/>
   <classpathentry kind="var" path="M2_REPO/javassist/javassist/3.3.GA/javassist-3.3.GA.jar"/>
+  <classpathentry kind="var" path="M2_REPO/javax/xml/bind/jaxb-api/2.1/jaxb-api-2.1.jar"/>
   <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-core/2.0.2.GA/jboss-common-core-2.0.2.GA.jar"/>
   <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.1.GA/jboss-common-core-2.2.1.GA.jar"/>
   <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-log4j/2.0.4.GA/jboss-common-logging-log4j-2.0.4.GA.jar"/>
   <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA.jar"/>
   <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-log4j/2.0.2.GA/jboss-logging-log4j-2.0.2.GA.jar"/>
   <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.2.GA/jboss-logging-spi-2.0.2.GA.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/jboss/logging/jboss-logging-spi/2.0.5.GA/jboss-logging-spi-2.0.5.GA.jar"/>
   <classpathentry kind="var" path="M2_REPO/jboss/profiler/jvmti/jboss-profiler-jvmti/1.0.0.CR5/jboss-profiler-jvmti-1.0.0.CR5.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-reflect/2.0.0.Beta12/jboss-reflect-2.0.0.Beta12.jar"/>
   <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.CR6/jboss-security-spi-2.0.2.CR6.jar"/>
   <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-test/1.0.4.GA/jboss-test-1.0.4.GA.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/jboss/jbossxb/2.0.0.CR10/jbossxb-2.0.0.CR10.jar"/>
   <classpathentry kind="var" path="M2_REPO/javax/transaction/jta/1.0.1B/jta-1.0.1B.jar"/>
   <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
   <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
   <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
   <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar"/>
+  <classpathentry kind="var" path="M2_REPO/javax/xml/stream/stax-api/1.0-2/stax-api-1.0-2.jar"/>
   <classpathentry kind="var" path="M2_REPO/apache-slide/webdavlib/2.0/webdavlib-2.0.jar"/>
+  <classpathentry kind="var" path="M2_REPO/apache-xerces/xercesImpl/2.9.1/xercesImpl-2.9.1.jar"/>
   <classpathentry kind="var" path="M2_REPO/apache-xerces/xml-apis/2.7.1/xml-apis-2.7.1.jar"/>
 </classpath>
\ No newline at end of file

Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLInfoContainer.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLInfoContainer.java	                        (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLInfoContainer.java	2008-07-08 21:21:00 UTC (rev 75508)
@@ -0,0 +1,86 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.acl.config;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.config.ACLInfo;
+import org.jboss.xb.binding.GenericValueContainer;
+
+/**
+ * <p>
+ * A container for creating {@code ACLInfo} objects when an application policy that specifies ACL modules is parsed by
+ * JBoss XB.
+ * </p>
+ * 
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class ACLInfoContainer implements GenericValueContainer
+{
+   private static Logger log = Logger.getLogger(ACLInfoContainer.class);
+
+   private final List<ACLProviderEntry> providerEntries = new ArrayList<ACLProviderEntry>();
+
+   /*
+    * (non-Javadoc)
+    * 
+    * @see org.jboss.xb.binding.GenericValueContainer#addChild(javax.xml.namespace.QName, java.lang.Object)
+    */
+   public void addChild(QName name, Object value)
+   {
+      if (log.isTraceEnabled())
+         log.trace("addChild:Qname=" + name + ":value=" + value);
+
+      if (value instanceof ACLProviderEntry)
+      {
+         ACLProviderEntry entry = (ACLProviderEntry) value;
+         this.providerEntries.add(entry);
+      }
+   }
+
+   /*
+    * (non-Javadoc)
+    * 
+    * @see org.jboss.xb.binding.GenericValueContainer#instantiate()
+    */
+   public Object instantiate()
+   {
+      ACLInfo info = new ACLInfo("dummy");
+      info.add(providerEntries);
+      return info;
+   }
+
+   /*
+    * (non-Javadoc)
+    * 
+    * @see org.jboss.xb.binding.GenericValueContainer#getTargetClass()
+    */
+   public Class<?> getTargetClass()
+   {
+      return ACLInfo.class;
+   }
+
+}

Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLProviderEntry.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLProviderEntry.java	                        (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLProviderEntry.java	2008-07-08 21:21:00 UTC (rev 75508)
@@ -0,0 +1,114 @@
+/*
+  * JBoss, Home of Professional Open Source
+  * Copyright 2007, JBoss Inc., and individual contributors as indicated
+  * by the @authors tag. See the copyright.txt in the distribution for a
+  * full listing of individual contributors.
+  *
+  * This is free software; you can redistribute it and/or modify it
+  * under the terms of the GNU Lesser General Public License as
+  * published by the Free Software Foundation; either version 2.1 of
+  * the License, or (at your option) any later version.
+  *
+  * This software is distributed in the hope that it will be useful,
+  * but WITHOUT ANY WARRANTY; without even the implied warranty of
+  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  * Lesser General Public License for more details.
+  *
+  * You should have received a copy of the GNU Lesser General Public
+  * License along with this software; if not, write to the Free
+  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  */
+package org.jboss.security.acl.config;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jboss.security.config.ControlFlag;
+import org.jboss.security.config.ModuleOption;
+
+/**
+ *  Configuration Entry for ACL Providers
+ *  @author Anil.Saldhana at redhat.com
+ *  @since  Jan 30, 2008 
+ *  @version $Revision$
+ */
+public class ACLProviderEntry
+{
+   private String aclProviderName;
+   private ControlFlag controlFlag; 
+   private Map<String,Object> options = new HashMap<String,Object>();
+   
+   /** 
+    * Create a new AuthorizationModuleEntry.
+    * 
+    * @param name Policy Module Name 
+    */
+   public ACLProviderEntry(String name)
+   {
+      this.aclProviderName = name; 
+   }
+   
+   /** 
+    * Create a new AuthorizationModuleEntry.
+    * 
+    * @param name Policy Module Name
+    * @param options Options
+    */
+   public ACLProviderEntry(String name, Map<String,Object> options)
+   {
+      this.aclProviderName = name;
+      this.options = options;
+   }
+   
+   public void add(ModuleOption option)
+   { 
+      options.put(option.getName(), option.getValue());
+   }
+
+   /**
+    * Get the Policy Module Name
+    * @return
+    */
+   public String getAclProviderName()
+   {
+      return aclProviderName;
+   }
+
+   /**
+    * Get the options
+    * @return
+    */
+   public Map<String,Object> getOptions()
+   {
+      return options;
+   } 
+    
+   /**
+    * Get the Control Flag (Required,Requisite,Sufficient or Optional)
+    * @return
+    */
+   public ControlFlag getControlFlag()
+   {
+      return controlFlag;
+   }
+   
+   /**
+    * Set the Control Flag (Required,Requisite,Sufficient or Optional)
+    * @return
+    */
+   public void setControlFlag(ControlFlag controlFlag)
+   {
+      this.controlFlag = controlFlag;
+   }
+
+   @Override
+   public String toString()
+   {
+      StringBuilder builder = new StringBuilder();
+      builder.append(super.toString());
+      builder.append("{").append(this.aclProviderName).append(":");
+      builder.append(this.controlFlag).append(":").append(this.options).append("}");
+      return builder.toString();
+   } 
+}
\ No newline at end of file

Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLProviderEntryHolder.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLProviderEntryHolder.java	                        (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/acl/config/ACLProviderEntryHolder.java	2008-07-08 21:21:00 UTC (rev 75508)
@@ -0,0 +1,125 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.acl.config;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+
+import org.jboss.security.config.ControlFlag;
+import org.jboss.security.config.ModuleOption;
+import org.jboss.xb.binding.GenericValueContainer;
+
+/**
+ * <p>
+ * A container for creating {@code ACLProviderEntry} objects when an application policy that specifies ACL modules is
+ * parsed by JBoss XB.
+ * </p>
+ * 
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class ACLProviderEntryHolder implements GenericValueContainer
+{
+   private String moduleName = null;
+
+   private ControlFlag controlFlag = ControlFlag.REQUIRED;
+
+   private final Map<String, Object> moduleOptions = new HashMap<String, Object>();
+
+   /*
+    * (non-Javadoc)
+    * 
+    * @see org.jboss.xb.binding.GenericValueContainer#addChild(javax.xml.namespace.QName, java.lang.Object)
+    */
+   public void addChild(QName name, Object value)
+   {
+      // the fully-qualified class name of the ACLProvider.
+      if ("code".equals(name.getLocalPart()))
+      {
+         this.moduleName = (String) value;
+      }
+      // the control flag.
+      if ("flag".equals(name.getLocalPart()))
+      {
+         String flag = (String) value;
+         if ("optional".equals(flag))
+            this.controlFlag = ControlFlag.OPTIONAL;
+         else if ("requisite".equals(flag))
+            this.controlFlag = ControlFlag.REQUISITE;
+         else if ("sufficient".equals(flag))
+            this.controlFlag = ControlFlag.SUFFICIENT;
+      }
+      // the options of the ACLProvider.
+      if (value instanceof ModuleOption)
+      {
+         ModuleOption option = (ModuleOption) value;
+         this.moduleOptions.put(option.getName(), option.getValue());
+      }
+   }
+
+   /**
+    * <p>
+    * Adds the specified option to the set of options used by the {@code ACLProvider}.
+    * </p>
+    * 
+    * @param option a {@code ModuleOption} instance representing the option to be added.
+    */
+   public void addOption(ModuleOption option)
+   {
+      moduleOptions.put(option.getName(), option.getValue());
+   }
+
+   /**
+    * <p>
+    * Constructs and returns an {@code ACLProviderEntry} with the information contained in this class.
+    * </p>
+    * 
+    * @return a reference to the constructed {@code ACLProviderEntry} object.
+    */
+   public ACLProviderEntry getEntry()
+   {
+      return (ACLProviderEntry) instantiate();
+   }
+
+   /*
+    * (non-Javadoc)
+    * 
+    * @see org.jboss.xb.binding.GenericValueContainer#instantiate()
+    */
+   public Object instantiate()
+   {
+      ACLProviderEntry entry = new ACLProviderEntry(this.moduleName, this.moduleOptions);
+      entry.setControlFlag(this.controlFlag);
+      return entry;
+   }
+
+   /*
+    * (non-Javadoc)
+    * 
+    * @see org.jboss.xb.binding.GenericValueContainer#getTargetClass()
+    */
+   public Class<?> getTargetClass()
+   {
+      return ACLProviderEntry.class;
+   }
+}

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/LoginConfigObjectModelFactory.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/LoginConfigObjectModelFactory.java	2008-07-08 20:15:07 UTC (rev 75507)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/LoginConfigObjectModelFactory.java	2008-07-08 21:21:00 UTC (rev 75508)
@@ -1,24 +1,24 @@
 /*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
 package org.jboss.security.auth.login;
 
 import javax.security.auth.login.AppConfigurationEntry;
@@ -33,159 +33,159 @@
 import org.jboss.xb.binding.UnmarshallingContext;
 import org.xml.sax.Attributes;
 
-/** A JBossXB object factory for parsing the login-config.xml object model. 
+/**
+ * A JBossXB object factory for parsing the login-config.xml object model.
  * 
- * @author Scott.Stark at jboss.org 
+ * @author Scott.Stark at jboss.org
  * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil.Saldhana at jboss.org</a>
  * @version $Revision$
  */
 public class LoginConfigObjectModelFactory implements ObjectModelFactory
 {
    private static Logger log = Logger.getLogger(LoginConfigObjectModelFactory.class);
+
    private boolean trace;
 
-   public Object completeRoot(Object root, UnmarshallingContext ctx,
-         String uri, String name)
+   public Object completeRoot(Object root, UnmarshallingContext ctx, String uri, String name)
    {
-      if( trace )
+      if (trace)
          log.trace("completeRoot");
       return root;
    }
 
-   public Object newRoot(Object root, UnmarshallingContext navigator,
-      String namespaceURI, String localName, Attributes attrs)
+   public Object newRoot(Object root, UnmarshallingContext navigator, String namespaceURI, String localName,
+         Attributes attrs)
    {
       trace = log.isTraceEnabled();
       if (!localName.equals("policy"))
       {
          throw new IllegalStateException("Unexpected root element: was expecting 'policy' but got '" + localName + "'");
       }
-      if( trace )
+      if (trace)
          log.trace("newRoot, created PolicyConfig for policy element");
       return new PolicyConfig();
    }
 
-   
-   public Object newChild(PolicyConfig config, UnmarshallingContext navigator,
-      String namespaceUri, String localName, Attributes attrs)
+   public Object newChild(PolicyConfig config, UnmarshallingContext navigator, String namespaceUri, String localName,
+         Attributes attrs)
    {
       Object child = null;
-      if( trace )
-         log.trace("newChild.PolicyConfig, localName: "+localName);
-      if("application-policy".equals(localName))
+      if (trace)
+         log.trace("newChild.PolicyConfig, localName: " + localName);
+      if ("application-policy".equals(localName))
       {
          String name = attrs.getValue("name");
-         name = StringPropertyReplacer.replaceProperties(name); 
+         name = StringPropertyReplacer.replaceProperties(name);
          ApplicationPolicy aPolicy = new ApplicationPolicy(name);
-         aPolicy.setPolicyConfig(config);  
+         aPolicy.setPolicyConfig(config);
          String baseAppPolicyName = attrs.getValue("extends");
-         if(baseAppPolicyName != null)
+         if (baseAppPolicyName != null)
             aPolicy.setBaseApplicationPolicyName(baseAppPolicyName);
-         if( trace )
-            log.trace("newChild.PolicyConfig, AuthenticationInfo: "+name);
+         if (trace)
+            log.trace("newChild.PolicyConfig, AuthenticationInfo: " + name);
          child = aPolicy;
-      } 
+      }
       return child;
    }
-   
-   public Object newChild(ApplicationPolicy aPolicy,UnmarshallingContext navigator,
-         String namespaceUri, String localName, Attributes attrs)
-   { 
+
+   public Object newChild(ApplicationPolicy aPolicy, UnmarshallingContext navigator, String namespaceUri,
+         String localName, Attributes attrs)
+   {
       Object child = null;
-      if( trace )
-         log.trace("newChild.ApplicationPolicy, localName: "+localName);
+      if (trace)
+         log.trace("newChild.ApplicationPolicy, localName: " + localName);
       String name = aPolicy.getName();
-      if("authentication".equals(localName))
-      { 
+      if ("authentication".equals(localName))
+      {
          child = new AuthenticationInfo(name);
-         if( trace )
-            log.trace("newChild.PolicyConfig, AuthenticationInfo: " +name);
+         if (trace)
+            log.trace("newChild.PolicyConfig, AuthenticationInfo: " + name);
       }
-      else if("authentication-jaspi".equals(localName))
-      { 
+      else if ("authentication-jaspi".equals(localName))
+      {
          child = new JASPIAuthenticationInfo(name);
-         if( trace )
-            log.trace("newChild.PolicyConfig, AuthenticationInfo: "+name);
+         if (trace)
+            log.trace("newChild.PolicyConfig, AuthenticationInfo: " + name);
       }
       return child;
    }
-   
-   public Object newChild(BaseAuthenticationInfo info, UnmarshallingContext navigator,
-         String namespaceUri, String localName, Attributes attrs)
+
+   public Object newChild(BaseAuthenticationInfo info, UnmarshallingContext navigator, String namespaceUri,
+         String localName, Attributes attrs)
    {
       Object child = null;
-      if( trace )
-         log.trace("newChild.AuthenticationInfo, localName: "+localName);
-      if("authentication".equals(localName))
+      if (trace)
+         log.trace("newChild.AuthenticationInfo, localName: " + localName);
+      if ("authentication".equals(localName))
       {
          child = new AuthenticationInfo(info.getName());
-         if( trace )
+         if (trace)
             log.trace("newChild.PolicyConfig, AuthenticationInfo: " + info.getName());
       }
-      else if("authentication-jaspi".equals(localName))
+      else if ("authentication-jaspi".equals(localName))
       {
          child = new JASPIAuthenticationInfo(info.getName());
-         if( trace )
+         if (trace)
             log.trace("newChild.PolicyConfig, AuthenticationInfo: " + info.getName());
       }
       return child;
    }
-   
-   public Object newChild(AuthenticationInfo info, UnmarshallingContext navigator,
-      String namespaceUri, String localName, Attributes attrs)
+
+   public Object newChild(AuthenticationInfo info, UnmarshallingContext navigator, String namespaceUri,
+         String localName, Attributes attrs)
    {
       Object child = null;
-      if( trace )
-         log.trace("newChild.AuthenticationInfo, localName: "+localName);
-      if("login-module".equals(localName))
+      if (trace)
+         log.trace("newChild.AuthenticationInfo, localName: " + localName);
+      if ("login-module".equals(localName))
       {
          String code = attrs.getValue("code");
          code = StringPropertyReplacer.replaceProperties(code.trim());
          String flag = attrs.getValue("flag");
-         if(flag != null)
+         if (flag != null)
             flag = StringPropertyReplacer.replaceProperties(flag.trim());
          AppConfigurationEntryHolder holder = new AppConfigurationEntryHolder(code, flag);
          child = holder;
-         if( trace )
-            log.trace("newChild.AuthenticationInfo, login-module code: "+code);
+         if (trace)
+            log.trace("newChild.AuthenticationInfo, login-module code: " + code);
       }
 
       return child;
    }
-   
-   public Object newChild(JASPIAuthenticationInfo info, UnmarshallingContext navigator,
-         String namespaceUri, String localName, Attributes attrs)
+
+   public Object newChild(JASPIAuthenticationInfo info, UnmarshallingContext navigator, String namespaceUri,
+         String localName, Attributes attrs)
    {
       Object child = null;
-      if( trace )
-         log.trace("newChild.AuthenticationJaspiInfo, localName: "+localName);
-      if("login-module-stack".equals(localName))
+      if (trace)
+         log.trace("newChild.AuthenticationJaspiInfo, localName: " + localName);
+      if ("login-module-stack".equals(localName))
       {
          String lmsName = attrs.getValue("name");
-         lmsName = StringPropertyReplacer.replaceProperties(lmsName.trim()); 
-         child = new LoginModuleStackHolder(lmsName, null);  
-         if( trace )
-            log.trace("newChild.AuthenticationInfo, login-module-stack: "+ lmsName);
+         lmsName = StringPropertyReplacer.replaceProperties(lmsName.trim());
+         child = new LoginModuleStackHolder(lmsName, null);
+         if (trace)
+            log.trace("newChild.AuthenticationInfo, login-module-stack: " + lmsName);
       }
-      else if( "auth-module".equals(localName))
+      else if ("auth-module".equals(localName))
       {
          String code = attrs.getValue("code");
          child = new AuthModuleEntry(code, null, null);
          String lmsRef = attrs.getValue("login-module-stack-ref");
-         if(lmsRef != null)
-            ((AuthModuleEntry)child).setLoginModuleStackHolder(info.getLoginModuleStackHolder(lmsRef));
+         if (lmsRef != null)
+            ((AuthModuleEntry) child).setLoginModuleStackHolder(info.getLoginModuleStackHolder(lmsRef));
       }
-      
+
       return child;
    }
-   
-   public Object newChild(LoginModuleStackHolder entry, UnmarshallingContext navigator,
-         String namespaceUri, String localName, Attributes attrs)
+
+   public Object newChild(LoginModuleStackHolder entry, UnmarshallingContext navigator, String namespaceUri,
+         String localName, Attributes attrs)
    {
       Object child = null;
-      if( trace )
-         log.trace("newChild.LoginModuleStackHolder, localName: "+localName);
-      if("login-module".equals(localName))
+      if (trace)
+         log.trace("newChild.LoginModuleStackHolder, localName: " + localName);
+      if ("login-module".equals(localName))
       {
          String code = attrs.getValue("code");
          code = StringPropertyReplacer.replaceProperties(code.trim());
@@ -193,150 +193,134 @@
          flag = StringPropertyReplacer.replaceProperties(flag.trim());
          AppConfigurationEntryHolder holder = new AppConfigurationEntryHolder(code, flag);
          child = holder;
-         if( trace )
-            log.trace("newChild.AuthenticationInfo, login-module code: "+code);
+         if (trace)
+            log.trace("newChild.AuthenticationInfo, login-module code: " + code);
       }
-      
+
       return child;
    }
-   
-   
-   public Object newChild(AppConfigurationEntryHolder entry, UnmarshallingContext navigator,
-         String namespaceUri, String localName, Attributes attrs)
+
+   public Object newChild(AppConfigurationEntryHolder entry, UnmarshallingContext navigator, String namespaceUri,
+         String localName, Attributes attrs)
    {
       Object child = null;
-      if( trace )
-         log.trace("newChild.AppConfigurationEntryHolder, localName: "+localName);
-      if("module-option".equals(localName))
+      if (trace)
+         log.trace("newChild.AppConfigurationEntryHolder, localName: " + localName);
+      if ("module-option".equals(localName))
       {
-         String name = attrs.getValue("name");         
+         String name = attrs.getValue("name");
          child = new ModuleOption(name);
-         if( trace )
-            log.trace("newChild.AppConfigurationEntryHolder, module-option name: "+name);
+         if (trace)
+            log.trace("newChild.AppConfigurationEntryHolder, module-option name: " + name);
       }
-      
+
       return child;
    }
-   
-   public Object newChild(AuthModuleEntry entry, UnmarshallingContext navigator,
-         String namespaceUri, String localName, Attributes attrs)
+
+   public Object newChild(AuthModuleEntry entry, UnmarshallingContext navigator, String namespaceUri, String localName,
+         Attributes attrs)
    {
       Object child = null;
-      if( trace )
-         log.trace("newChild.AppConfigurationEntryHolder, localName: "+localName);
-      if("module-option".equals(localName))
+      if (trace)
+         log.trace("newChild.AppConfigurationEntryHolder, localName: " + localName);
+      if ("module-option".equals(localName))
       {
-         String name = attrs.getValue("name");         
+         String name = attrs.getValue("name");
          child = new ModuleOption(name);
-         if( trace )
-            log.trace("newChild.AuthModuleEntry, module-option name: "+name);
+         if (trace)
+            log.trace("newChild.AuthModuleEntry, module-option name: " + name);
       }
-      
+
       return child;
    }
-   
-   public void setValue(ModuleOption option, UnmarshallingContext navigator,
-         String namespaceUri, String localName, String value)
+
+   public void setValue(ModuleOption option, UnmarshallingContext navigator, String namespaceUri, String localName,
+         String value)
    {
-      if("module-option".equals(localName))
+      if ("module-option".equals(localName))
       {
          String valueWithReplacement = StringPropertyReplacer.replaceProperties(value.trim());
          option.setValue(valueWithReplacement);
-         if( trace )
-            log.trace("setValue.ModuleOption, name: "+localName 
-                  + ":valueWithReplacement:" + valueWithReplacement);
+         if (trace)
+            log.trace("setValue.ModuleOption, name: " + localName + ":valueWithReplacement:" + valueWithReplacement);
       }
-   }  
-   
-   public void addChild(ModuleOption option, Object value,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+   }
+
+   public void addChild(ModuleOption option, Object value, UnmarshallingContext navigator, String namespaceURI,
+         String localName)
    {
       option.setValue(value);
-      if( trace )
-         log.trace("addChild.ModuleOption, name: "+option.getName());
-   }  
-   
+      if (trace)
+         log.trace("addChild.ModuleOption, name: " + option.getName());
+   }
+
    public void addChild(AuthenticationInfo authInfo, AppConfigurationEntryHolder entryInfo,
          UnmarshallingContext navigator, String namespaceURI, String localName)
    {
       AppConfigurationEntry entry = entryInfo.getEntry();
       authInfo.addAppConfigurationEntry(entry);
-      if( trace )
-         log.trace("addChild.AuthenticationInfo, name: "+entry.getLoginModuleName());
+      if (trace)
+         log.trace("addChild.AuthenticationInfo, name: " + entry.getLoginModuleName());
    }
-   
-   public void addChild(AppConfigurationEntryHolder entryInfo, ModuleOption option,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+
+   public void addChild(AppConfigurationEntryHolder entryInfo, ModuleOption option, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
    {
       entryInfo.addOption(option);
-      if( trace )
-         log.trace("addChild.AppConfigurationEntryHolder, name: "+option.getName());
+      if (trace)
+         log.trace("addChild.AppConfigurationEntryHolder, name: " + option.getName());
    }
-   
-   public void addChild(JASPIAuthenticationInfo authInfo, AuthModuleEntry entry ,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+
+   public void addChild(JASPIAuthenticationInfo authInfo, AuthModuleEntry entry, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
    {
-      authInfo.add(entry); 
+      authInfo.add(entry);
    }
-   
+
    public void addChild(LoginModuleStackHolder lmsh, AppConfigurationEntryHolder entryInfo,
          UnmarshallingContext navigator, String namespaceURI, String localName)
    {
       lmsh.addAppConfigurationEntry(entryInfo.getEntry());
-      if( trace )
-         log.trace("addChild.LoginModuleStackHolder, name: "+entryInfo.getEntry().getLoginModuleName());
+      if (trace)
+         log.trace("addChild.LoginModuleStackHolder, name: " + entryInfo.getEntry().getLoginModuleName());
    }
-   
-   public void addChild(AuthModuleEntry entry , ModuleOption option,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+
+   public void addChild(AuthModuleEntry entry, ModuleOption option, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
    {
       entry.addOption(option);
-      if( trace )
-         log.trace("addChild.AppConfigurationEntryHolder, name: "+option.getName());
+      if (trace)
+         log.trace("addChild.AppConfigurationEntryHolder, name: " + option.getName());
    }
-   
-   public void addChild(JASPIAuthenticationInfo authInfo, LoginModuleStackHolder lmsHolder ,
+
+   public void addChild(JASPIAuthenticationInfo authInfo, LoginModuleStackHolder lmsHolder,
          UnmarshallingContext navigator, String namespaceURI, String localName)
    {
       authInfo.add(lmsHolder);
    }
-   
-   public void addChild(ApplicationPolicy aPolicy, JASPIAuthenticationInfo authInfo,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+
+   public void addChild(ApplicationPolicy aPolicy, JASPIAuthenticationInfo authInfo, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
    {
-      aPolicy.setAuthenticationInfo(authInfo); 
-      if(trace)
+      aPolicy.setAuthenticationInfo(authInfo);
+      if (trace)
          log.trace("addChild.ApplicationPolicy, name: " + aPolicy.getName());
    }
-   
-   public void addChild(ApplicationPolicy aPolicy, AuthenticationInfo authInfo,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+
+   public void addChild(ApplicationPolicy aPolicy, AuthenticationInfo authInfo, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
    {
-      aPolicy.setAuthenticationInfo(authInfo);  
-      if(trace)
+      aPolicy.setAuthenticationInfo(authInfo);
+      if (trace)
          log.trace("addChild.ApplicationPolicy, name: " + aPolicy.getName());
    }
-   
-   public void addChild(PolicyConfig pc, ApplicationPolicy aPolicy,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+
+   public void addChild(PolicyConfig pc, ApplicationPolicy aPolicy, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
    {
-      pc.add(aPolicy); 
-      if(trace)
+      pc.add(aPolicy);
+      if (trace)
          log.trace("Added ApplicationPolicy to PolicyConfig, name: " + aPolicy.getName());
    }
-   
-   /**
-    * 
-    * Inner Class that is needed as neither the <authentication>
-    * element or the <authentication-jaspi> element do not have a name -  the
-    * parent application-policy element has a name
-    * 
-    * @author <a href="anil.saldhana at jboss.com">Anil.Saldhana at jboss.org</a>
-    * @version $Revision$
-    */
-   /*class ApplicationPolicy
-   {
-      PolicyConfig pConfig = null;
-      String name = null; 
-   } */
-}
+
+}
\ No newline at end of file

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java	2008-07-08 20:15:07 UTC (rev 75507)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java	2008-07-08 21:21:00 UTC (rev 75508)
@@ -1,29 +1,34 @@
 /*
-  * JBoss, Home of Professional Open Source
-  * Copyright 2005, JBoss Inc., and individual contributors as indicated
-  * by the @authors tag. See the copyright.txt in the distribution for a
-  * full listing of individual contributors.
-  *
-  * This is free software; you can redistribute it and/or modify it
-  * under the terms of the GNU Lesser General Public License as
-  * published by the Free Software Foundation; either version 2.1 of
-  * the License, or (at your option) any later version.
-  *
-  * This software is distributed in the hope that it will be useful,
-  * but WITHOUT ANY WARRANTY; without even the implied warranty of
-  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  * Lesser General Public License for more details.
-  *
-  * You should have received a copy of the GNU Lesser General Public
-  * License along with this software; if not, write to the Free
-  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-  */
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
 package org.jboss.security.authorization.config;
- 
+
+import java.util.HashMap;
+import java.util.Map;
+
 import org.jboss.logging.Logger;
+import org.jboss.security.acl.config.ACLProviderEntry;
 import org.jboss.security.audit.config.AuditProviderEntry;
 import org.jboss.security.auth.login.LoginConfigObjectModelFactory;
+import org.jboss.security.config.ACLInfo;
 import org.jboss.security.config.ApplicationPolicy;
 import org.jboss.security.config.AuditInfo;
 import org.jboss.security.config.AuthorizationInfo;
@@ -37,340 +42,414 @@
 import org.jboss.xb.binding.UnmarshallingContext;
 import org.xml.sax.Attributes;
 
-//$Id$
+// $Id$
 
 /**
- *  JBossXB Object Factory capable of parsing the security configuration
- *  file that can include both authentication,authorization and mapping 
- *  module configuration
- *  @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- *  @since  Jun 9, 2006 
- *  @version $Revision$
+ * JBossXB Object Factory capable of parsing the security configuration file that can include both
+ * authentication,authorization and mapping module configuration
+ * 
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jun 9, 2006
+ * @version $Revision$
  */
 public class SecurityConfigObjectModelFactory extends LoginConfigObjectModelFactory
 {
    private static Logger log = Logger.getLogger(SecurityConfigObjectModelFactory.class);
-   private boolean trace = log.isTraceEnabled();
-   
-   public Object newChild(ApplicationPolicy aPolicy,UnmarshallingContext navigator,
-         String namespaceUri, String localName, Attributes attrs)
-   { 
-      Object child = super.newChild(aPolicy,  navigator,
-                             namespaceUri,localName,attrs);
-      if(child == null && "authorization".equals(localName))
+
+   private final boolean trace = log.isTraceEnabled();
+
+   private final Map<String, ControlFlag> controlFlags;
+
+   /**
+    * <p>
+    * Creates an instance of {@code SecurityConfigObjectModelFactory}.
+    * </p>
+    */
+   public SecurityConfigObjectModelFactory()
+   {
+      this.controlFlags = new HashMap<String, ControlFlag>();
+      controlFlags.put("REQUIRED", ControlFlag.REQUIRED);
+      controlFlags.put("REQUISITE", ControlFlag.REQUISITE);
+      controlFlags.put("OPTIONAL", ControlFlag.OPTIONAL);
+      controlFlags.put("SUFFICIENT", ControlFlag.SUFFICIENT);
+   }
+
+   @Override
+   public Object newChild(ApplicationPolicy aPolicy, UnmarshallingContext navigator, String namespaceUri,
+         String localName, Attributes attrs)
+   {
+      Object child = super.newChild(aPolicy, navigator, namespaceUri, localName, attrs);
+      if (child == null && "authorization".equals(localName))
       {
-         child = new AuthorizationInfo(aPolicy.getName());  
-      } 
-      else
-         if(child == null && "rolemapping".equals(localName))
-         {
-            MappingInfo mi = new MappingInfo();
-            mi.setName(aPolicy.getName());
-            child = mi;  
-         }
-         else
-            if(child == null && "audit".equals(localName))
-            {
-               AuditInfo ai = new AuditInfo(aPolicy.getName());
-               child = ai;
-            }
-            else
-               if(child == null && "identity-trust".equals(localName))
-               {
-                  IdentityTrustInfo ai = new IdentityTrustInfo(aPolicy.getName());
-                  child = ai;
-               }
+         child = new AuthorizationInfo(aPolicy.getName());
+      }
+      else if (child == null && "acl".equals(localName))
+      {
+         child = new ACLInfo(aPolicy.getName());
+      }
+      else if (child == null && "rolemapping".equals(localName))
+      {
+         child = new MappingInfo(aPolicy.getName());
+      }
+      else if (child == null && "audit".equals(localName))
+      {
+         child = new AuditInfo(aPolicy.getName());
+      }
+      else if (child == null && "identity-trust".equals(localName))
+      {
+         child = new IdentityTrustInfo(aPolicy.getName());
+      }
       return child;
    }
-   
-   public Object newChild(AuthorizationInfo info, UnmarshallingContext navigator,
-         String namespaceUri, String localName, Attributes attrs)
+
+   // authorization
+   public Object newChild(AuthorizationInfo info, UnmarshallingContext navigator, String namespaceUri,
+         String localName, Attributes attrs)
    {
       Object child = null;
-      if( trace )
-         log.trace("newChild.AuthorizationInfo, localName: "+localName);
-      if("policy-module".equals(localName))
+      if (trace)
+         log.trace("newChild.AuthorizationInfo, localName: " + localName);
+      if ("policy-module".equals(localName))
       {
          String code = attrs.getValue("code");
          code = StringPropertyReplacer.replaceProperties(code.trim());
+
          String flag = attrs.getValue("flag");
-         if(flag != null)
-            flag = StringPropertyReplacer.replaceProperties(flag.trim()); 
-         if(flag == null)
+         if (flag == null)
             flag = "REQUIRED";
-         else
-            flag = flag.toUpperCase();
-         AuthorizationModuleEntry entry = new AuthorizationModuleEntry(code); 
-         if("REQUIRED".equals(flag)) 
-            entry.setControlFlag(ControlFlag.REQUIRED);
-         else
-            if("REQUISITE".equals(flag)) 
-              entry.setControlFlag(ControlFlag.REQUISITE);
-            else
-               if("SUFFICIENT".equals(flag)) 
-                  entry.setControlFlag(ControlFlag.SUFFICIENT);
-               else
-                  entry.setControlFlag(ControlFlag.OPTIONAL);
+         flag = StringPropertyReplacer.replaceProperties(flag.trim());
+
+         ControlFlag controlFlag = this.controlFlags.get(flag.toUpperCase());
+         if (controlFlag == null)
+            controlFlag = ControlFlag.REQUIRED;
+
+         AuthorizationModuleEntry entry = new AuthorizationModuleEntry(code);
+         entry.setControlFlag(controlFlag);
+
          child = entry;
-         if( trace )
-            log.trace("newChild.AuthorizationInfo, policy-module code: "+code);
+         if (trace)
+            log.trace("newChild.AuthorizationInfo, policy-module code: " + code);
       }
-      
+
       return child;
    }
-   
-   public Object newChild(AuthorizationModuleEntry entry, UnmarshallingContext navigator,
-         String namespaceUri, String localName, Attributes attrs)
+
+   public Object newChild(AuthorizationModuleEntry entry, UnmarshallingContext navigator, String namespaceUri,
+         String localName, Attributes attrs)
    {
       Object child = null;
-      if( trace )
-         log.trace("newChild.AppConfigurationEntryHolder, localName: "+localName);
-      if("module-option".equals(localName))
+      if (trace)
+         log.trace("newChild.AppConfigurationEntryHolder, localName: " + localName);
+      if ("module-option".equals(localName))
       {
-         String name = attrs.getValue("name");         
+         String name = attrs.getValue("name");
          child = new ModuleOption(name);
-         if( trace )
-            log.trace("newChild.AuthModuleEntry, module-option name: "+name);
+         if (trace)
+            log.trace("newChild.AuthModuleEntry, module-option name: " + name);
       }
-      
+
       return child;
    }
-   
-   public void addChild(ApplicationPolicy aPolicy, AuthorizationInfo authInfo,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+
+   public void addChild(ApplicationPolicy aPolicy, AuthorizationInfo authInfo, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
    {
-      aPolicy.setAuthorizationInfo(authInfo);  
-      if(trace)
+      aPolicy.setAuthorizationInfo(authInfo);
+      if (trace)
          log.trace("addChild.ApplicationPolicy, name: " + aPolicy.getName());
    }
-   
+
    public void addChild(AuthorizationInfo authInfo, AuthorizationConfigEntryHolder entryInfo,
          UnmarshallingContext navigator, String namespaceURI, String localName)
    {
       AuthorizationModuleEntry entry = entryInfo.getEntry();
       authInfo.add(entry);
-      if( trace )
-         log.trace("addChild.AuthorizationInfo, name: "+entry.getPolicyModuleName());
+      if (trace)
+         log.trace("addChild.AuthorizationInfo, name: " + entry.getPolicyModuleName());
    }
-   
-   public void addChild(AuthorizationConfigEntryHolder entryInfo, ModuleOption option,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+
+   public void addChild(AuthorizationConfigEntryHolder entryInfo, ModuleOption option, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
    {
       entryInfo.addOption(option);
-      if( trace )
-         log.trace("addChild.AuthorizationConfigEntryHolder, name: "+option.getName());
+      if (trace)
+         log.trace("addChild.AuthorizationConfigEntryHolder, name: " + option.getName());
    }
-   
-   public void addChild(AuthorizationInfo authInfo, AuthorizationModuleEntry entry ,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+
+   public void addChild(AuthorizationInfo authInfo, AuthorizationModuleEntry entry, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
    {
-      authInfo.add(entry); 
+      authInfo.add(entry);
    }
-   
-   public void addChild(AuthorizationModuleEntry entry , ModuleOption option,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+
+   public void addChild(AuthorizationModuleEntry entry, ModuleOption option, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
    {
       entry.add(option);
-      if( trace )
-         log.trace("addChild.AuthorizationModuleEntry, name: "+option.getName());
+      if (trace)
+         log.trace("addChild.AuthorizationModuleEntry, name: " + option.getName());
    }
-   
-   //RoleMapping
-   public Object newChild(MappingInfo info, UnmarshallingContext navigator,
-         String namespaceUri, String localName, Attributes attrs)
+
+   // Instance-based authorization (ACL)
+   public Object newChild(ACLInfo info, UnmarshallingContext navigator, String namespaceUri, String localName,
+         Attributes attrs)
    {
       Object child = null;
-      if( trace )
-         log.trace("newChild.RoleMappingInfo, localName: "+localName);
-      if("mapping-module".equals(localName))
+      if (trace)
+         log.trace("newChild.ACLInfo, localName: " + localName);
+      if ("acl-module".equals(localName))
       {
          String code = attrs.getValue("code");
-         code = StringPropertyReplacer.replaceProperties(code.trim()); 
-         MappingModuleEntry entry = new MappingModuleEntry(code);  
+         code = StringPropertyReplacer.replaceProperties(code.trim());
+
+         String flag = attrs.getValue("flag");
+         if (flag == null)
+            flag = "REQUIRED";
+         flag = StringPropertyReplacer.replaceProperties(flag.trim());
+
+         ControlFlag controlFlag = this.controlFlags.get(flag.toUpperCase());
+         if (controlFlag == null)
+            controlFlag = ControlFlag.REQUIRED;
+
+         ACLProviderEntry entry = new ACLProviderEntry(code);
+         entry.setControlFlag(controlFlag);
+
          child = entry;
-         if( trace )
-            log.trace("newChild.RoleMappingInfo, mapping-module code: "+code);
+         if (trace)
+            log.trace("newChild.ACLInfo, acl-module code: " + code);
       }
-      
+
       return child;
    }
-   
-   public Object newChild(MappingModuleEntry entry, 
-         UnmarshallingContext navigator,
-         String namespaceUri, String localName, Attributes attrs)
+
+   public Object newChild(ACLProviderEntry entry, UnmarshallingContext navigator, String namespaceUri,
+         String localName, Attributes attrs)
    {
       Object child = null;
-      if( trace )
-         log.trace("newChild.MappingModuleEntry, localName: "+localName);
-      if("module-option".equals(localName))
+      if (trace)
+         log.trace("newChild.ACLProviderEntry, localName: " + localName);
+      if ("module-option".equals(localName))
       {
-         String name = attrs.getValue("name");         
+         String name = attrs.getValue("name");
          child = new ModuleOption(name);
-         if( trace )
-            log.trace("newChild.MappingModuleEntry, module-option name: "+name);
+         if (trace)
+            log.trace("newChild.trustProviderEntry, module-option name: " + name);
       }
-      
+
       return child;
    }
-   
-   public void addChild(ApplicationPolicy aPolicy, MappingInfo authInfo,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+
+   public void addChild(ApplicationPolicy aPolicy, ACLInfo aclInfo, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
    {
-      aPolicy.setRoleMappingInfo(authInfo);  
-      if(trace)
+      aPolicy.setAclInfo(aclInfo);
+      if (trace)
+         log.trace("Adding ACLInfo as a child of ApplicationPolicy " + aPolicy.getName());
+   }
+
+   public void addChild(ACLInfo aclInfo, ACLProviderEntry aclEntry, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
+   {
+      aclInfo.add(aclEntry);
+      if (trace)
+         log.trace("Adding ACLProviderEntry " + aclEntry.getAclProviderName() + " to ACLInfo " + aclInfo.getName());
+   }
+
+   public void addChild(ACLProviderEntry aclEntry, ModuleOption option, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
+   {
+      aclEntry.add(option);
+      if (trace)
+         log.trace("Adding module-option " + option.getName() + " to ACLProviderEntry " + aclEntry.getAclProviderName());
+   }
+
+   // RoleMapping
+   public Object newChild(MappingInfo info, UnmarshallingContext navigator, String namespaceUri, String localName,
+         Attributes attrs)
+   {
+      Object child = null;
+      if (trace)
+         log.trace("newChild.RoleMappingInfo, localName: " + localName);
+      if ("mapping-module".equals(localName))
+      {
+         String code = attrs.getValue("code");
+         code = StringPropertyReplacer.replaceProperties(code.trim());
+         MappingModuleEntry entry = new MappingModuleEntry(code);
+         child = entry;
+         if (trace)
+            log.trace("newChild.RoleMappingInfo, mapping-module code: " + code);
+      }
+
+      return child;
+   }
+
+   public Object newChild(MappingModuleEntry entry, UnmarshallingContext navigator, String namespaceUri,
+         String localName, Attributes attrs)
+   {
+      Object child = null;
+      if (trace)
+         log.trace("newChild.MappingModuleEntry, localName: " + localName);
+      if ("module-option".equals(localName))
+      {
+         String name = attrs.getValue("name");
+         child = new ModuleOption(name);
+         if (trace)
+            log.trace("newChild.MappingModuleEntry, module-option name: " + name);
+      }
+
+      return child;
+   }
+
+   public void addChild(ApplicationPolicy aPolicy, MappingInfo authInfo, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
+   {
+      aPolicy.setRoleMappingInfo(authInfo);
+      if (trace)
          log.trace("addChild.ApplicationPolicy, name: " + aPolicy.getName());
-   } 
-   
-   public void addChild(MappingModuleEntry entry , ModuleOption option,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+   }
+
+   public void addChild(MappingModuleEntry entry, ModuleOption option, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
    {
       entry.add(option);
-      if( trace )
-         log.trace("addChild.MappingModuleEntry, name: "+option.getName());
+      if (trace)
+         log.trace("addChild.MappingModuleEntry, name: " + option.getName());
    }
-   
-   public void addChild(MappingInfo authInfo, MappingModuleEntry entry ,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+
+   public void addChild(MappingInfo authInfo, MappingModuleEntry entry, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
    {
-      authInfo.add(entry); 
-   } 
-   
-   //Audit Info
-   public Object newChild(AuditInfo info, UnmarshallingContext navigator,
-         String namespaceUri, String localName, Attributes attrs)
+      authInfo.add(entry);
+   }
+
+   // Audit Info
+   public Object newChild(AuditInfo info, UnmarshallingContext navigator, String namespaceUri, String localName,
+         Attributes attrs)
    {
       Object child = null;
-      if( trace )
-         log.trace("newChild.AuditInfo, localName: "+localName);
-      if("provider-module".equals(localName))
+      if (trace)
+         log.trace("newChild.AuditInfo, localName: " + localName);
+      if ("provider-module".equals(localName))
       {
          String code = attrs.getValue("code");
-         code = StringPropertyReplacer.replaceProperties(code.trim()); 
-         AuditProviderEntry entry = new AuditProviderEntry(code);  
+         code = StringPropertyReplacer.replaceProperties(code.trim());
+         AuditProviderEntry entry = new AuditProviderEntry(code);
          child = entry;
-         if( trace )
-            log.trace("newChild.AuditInfo, provider-module code: "+code);
+         if (trace)
+            log.trace("newChild.AuditInfo, provider-module code: " + code);
       }
-      
+
       return child;
    }
-   
-   public Object newChild(AuditProviderEntry entry, 
-         UnmarshallingContext navigator,
-         String namespaceUri, String localName, Attributes attrs)
+
+   public Object newChild(AuditProviderEntry entry, UnmarshallingContext navigator, String namespaceUri,
+         String localName, Attributes attrs)
    {
       Object child = null;
-      if( trace )
-         log.trace("newChild.AuditProviderEntry, localName: "+localName);
-      if("module-option".equals(localName))
+      if (trace)
+         log.trace("newChild.AuditProviderEntry, localName: " + localName);
+      if ("module-option".equals(localName))
       {
-         String name = attrs.getValue("name");         
+         String name = attrs.getValue("name");
          child = new ModuleOption(name);
-         if( trace )
-            log.trace("newChild.AuditProviderEntry, module-option name: "+name);
+         if (trace)
+            log.trace("newChild.AuditProviderEntry, module-option name: " + name);
       }
-      
+
       return child;
-   }  
-   
-   public void addChild(ApplicationPolicy aPolicy, AuditInfo auditInfo,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+   }
+
+   public void addChild(ApplicationPolicy aPolicy, AuditInfo auditInfo, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
    {
-      aPolicy.setAuditInfo(auditInfo) ;
-      if(trace)
+      aPolicy.setAuditInfo(auditInfo);
+      if (trace)
          log.trace("addChild.ApplicationPolicy, name: " + aPolicy.getName());
-   } 
-   
-   public void addChild(AuditProviderEntry entry , ModuleOption option,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+   }
+
+   public void addChild(AuditProviderEntry entry, ModuleOption option, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
    {
       entry.add(option);
-      if( trace )
-         log.trace("addChild.MappingModuleEntry, name: "+option.getName());
+      if (trace)
+         log.trace("addChild.MappingModuleEntry, name: " + option.getName());
    }
-   
-   public void addChild(AuditInfo auditInfo, AuditProviderEntry entry ,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+
+   public void addChild(AuditInfo auditInfo, AuditProviderEntry entry, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
    {
-      auditInfo.add(entry); 
-   } 
-   
-   //Identity Trust 
-   public Object newChild(IdentityTrustInfo info, UnmarshallingContext navigator,
-         String namespaceUri, String localName, Attributes attrs)
+      auditInfo.add(entry);
+   }
+
+   // Identity Trust
+   public Object newChild(IdentityTrustInfo info, UnmarshallingContext navigator, String namespaceUri,
+         String localName, Attributes attrs)
    {
       Object child = null;
-      if( trace )
-         log.trace("newChild.IdentityTrustInfo, localName: "+localName);
-      if("trust-module".equals(localName))
+      if (trace)
+         log.trace("newChild.IdentityTrustInfo, localName: " + localName);
+      if ("trust-module".equals(localName))
       {
          String code = attrs.getValue("code");
-         code = StringPropertyReplacer.replaceProperties(code.trim()); 
-         
+         code = StringPropertyReplacer.replaceProperties(code.trim());
+
          String flag = attrs.getValue("flag");
-         if(flag != null)
-           flag = StringPropertyReplacer.replaceProperties(flag.trim());
-         if(flag == null)
+         if (flag == null)
             flag = "REQUIRED";
-         else
-            flag = flag.toUpperCase();
-         IdentityTrustModuleEntry entry = new IdentityTrustModuleEntry(code);  
-         if("REQUIRED".equals(flag)) 
-            entry.setControlFlag(ControlFlag.REQUIRED);
-         else
-            if("REQUISITE".equals(flag)) 
-              entry.setControlFlag(ControlFlag.REQUISITE);
-            else
-               if("SUFFICIENT".equals(flag)) 
-                  entry.setControlFlag(ControlFlag.SUFFICIENT);
-               else
-                  entry.setControlFlag(ControlFlag.OPTIONAL); 
-         
+         flag = StringPropertyReplacer.replaceProperties(flag.trim());
+
+         ControlFlag controlFlag = this.controlFlags.get(flag.toUpperCase());
+         if (controlFlag == null)
+            controlFlag = ControlFlag.REQUIRED;
+
+         IdentityTrustModuleEntry entry = new IdentityTrustModuleEntry(code);
+         entry.setControlFlag(controlFlag);
+
          child = entry;
-         if( trace )
-            log.trace("newChild.IdentityTrustInfo, trust-module code: "+code);
+         if (trace)
+            log.trace("newChild.IdentityTrustInfo, trust-module code: " + code);
       }
-      
+
       return child;
    }
-   
-   public Object newChild(IdentityTrustModuleEntry entry, 
-         UnmarshallingContext navigator,
-         String namespaceUri, String localName, Attributes attrs)
+
+   public Object newChild(IdentityTrustModuleEntry entry, UnmarshallingContext navigator, String namespaceUri,
+         String localName, Attributes attrs)
    {
       Object child = null;
-      if( trace )
-         log.trace("newChild.trustProviderEntry, localName: "+localName);
-      if("module-option".equals(localName))
+      if (trace)
+         log.trace("newChild.trustProviderEntry, localName: " + localName);
+      if ("module-option".equals(localName))
       {
-         String name = attrs.getValue("name");         
+         String name = attrs.getValue("name");
          child = new ModuleOption(name);
-         if( trace )
-            log.trace("newChild.trustProviderEntry, module-option name: "+name);
+         if (trace)
+            log.trace("newChild.trustProviderEntry, module-option name: " + name);
       }
-      
+
       return child;
-   }  
-   
-   public void addChild(ApplicationPolicy aPolicy, IdentityTrustInfo auditInfo,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+   }
+
+   public void addChild(ApplicationPolicy aPolicy, IdentityTrustInfo auditInfo, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
    {
-      aPolicy.setIdentityTrustInfo(auditInfo) ;
-      if(trace)
+      aPolicy.setIdentityTrustInfo(auditInfo);
+      if (trace)
          log.trace("addChild.ApplicationPolicy, name: " + aPolicy.getName());
-   } 
-   
-   public void addChild(IdentityTrustModuleEntry entry , ModuleOption option,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+   }
+
+   public void addChild(IdentityTrustModuleEntry entry, ModuleOption option, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
    {
       entry.add(option);
-      if( trace )
-         log.trace("addChild.MappingModuleEntry, name: "+option.getName());
+      if (trace)
+         log.trace("addChild.MappingModuleEntry, name: " + option.getName());
    }
-   
-   public void addChild(IdentityTrustInfo auditInfo, IdentityTrustModuleEntry entry ,
-         UnmarshallingContext navigator, String namespaceURI, String localName)
+
+   public void addChild(IdentityTrustInfo auditInfo, IdentityTrustModuleEntry entry, UnmarshallingContext navigator,
+         String namespaceURI, String localName)
    {
-      auditInfo.add(entry); 
-   } 
+      auditInfo.add(entry);
+   }
+
 }

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicyContainer.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicyContainer.java	2008-07-08 20:15:07 UTC (rev 75507)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicyContainer.java	2008-07-08 21:21:00 UTC (rev 75508)
@@ -1,24 +1,24 @@
 /*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
 package org.jboss.security.config;
 
 import java.util.ArrayList;
@@ -43,45 +43,56 @@
 import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry;
 import org.jboss.xb.binding.GenericValueContainer;
 
-//$Id$
+// $Id$
 
 /**
  * A container for creating ApplicationPolicy during jbxb parse.
- *  
- * @author Anil.Saldhana at jboss.org 
+ * 
+ * @author Anil.Saldhana at jboss.org
  * @version $Revision$
  */
-public class ApplicationPolicyContainer
-   implements GenericValueContainer
+public class ApplicationPolicyContainer implements GenericValueContainer
 {
-   private static Logger log = Logger.getLogger(ApplicationPolicyContainer.class); 
+   private static Logger log = Logger.getLogger(ApplicationPolicyContainer.class);
 
    ApplicationPolicy info = null;
-   
-   String authName = null;  
-   
+
+   String authName = null;
+
    String baseAppPolicyName = null;
-    
+
    @SuppressWarnings("unchecked")
    List authenticationModuleEntries = new ArrayList();
-   List<AuthorizationModuleEntry> authorizationModuleEntries = new ArrayList<AuthorizationModuleEntry>(); 
-   List<AuditProviderEntry> auditProviderEntries = new ArrayList<AuditProviderEntry>(); 
+
+   List<AuthorizationModuleEntry> authorizationModuleEntries = new ArrayList<AuthorizationModuleEntry>();
+
+   List<AuditProviderEntry> auditProviderEntries = new ArrayList<AuditProviderEntry>();
+
    List<IdentityTrustModuleEntry> identityTrustModuleEntries = new ArrayList<IdentityTrustModuleEntry>();
-   
-   Map<String,LoginModuleStackHolder> loginModuleStackMap = new HashMap<String,LoginModuleStackHolder>();
-   
+
+   Map<String, LoginModuleStackHolder> loginModuleStackMap = new HashMap<String, LoginModuleStackHolder>();
+
    boolean isJASPIAuthentication = false;
+
    boolean isJAASAuthentication = false;
+
    boolean isAuthorization = false;
+
    boolean containsAudit = false;
+
    boolean containsIdentityTrust = false;
+
    boolean containsRoleMapping = false;
-   
-   //Mapping Info Object
+
+   // Mapping Info Object
    RoleMappingInfo roleMappingInfo = null;
+
+   ACLInfo aclInfo = null;
+
    AuditInfo auditInfo = null;
+
    IdentityTrustInfo identityTrustInfo = null;
-   
+
    /**
     * @see GenericValueContainer#addChild(javax.xml.namespace.QName, java.lang.Object)
     */
@@ -89,80 +100,80 @@
    public void addChild(QName name, Object value)
    {
       log.debug("addChild::" + name + ":" + value);
-      if("name".equals(name.getLocalPart()))
-      { 
-         authName = (String)value;
+      if ("name".equals(name.getLocalPart()))
+      {
+         authName = (String) value;
       }
-      else if("extends".equals(name.getLocalPart()))
-      { 
-         baseAppPolicyName = (String)value;
+      else if ("extends".equals(name.getLocalPart()))
+      {
+         baseAppPolicyName = (String) value;
       }
-      else if( value instanceof AppConfigurationEntryHolder )
-      {   
-         AppConfigurationEntryHolder ace = (AppConfigurationEntryHolder) value; 
+      else if (value instanceof AppConfigurationEntryHolder)
+      {
+         AppConfigurationEntryHolder ace = (AppConfigurationEntryHolder) value;
          authenticationModuleEntries.add(ace.getEntry());
          isJAASAuthentication = true;
       }
-      else if( value instanceof AppConfigurationEntry )
-      {  
-         AppConfigurationEntry ace = (AppConfigurationEntry) value; 
+      else if (value instanceof AppConfigurationEntry)
+      {
+         AppConfigurationEntry ace = (AppConfigurationEntry) value;
          authenticationModuleEntries.add(ace);
          isJAASAuthentication = true;
-      } 
-      else if( value instanceof AuthModuleEntry )
+      }
+      else if (value instanceof AuthModuleEntry)
       {
-         AuthModuleEntry ame = (AuthModuleEntry)value;
-         //Check if the authmodule needs a reference to a loginmodulestack
+         AuthModuleEntry ame = (AuthModuleEntry) value;
+         // Check if the authmodule needs a reference to a loginmodulestack
          String lmshName = ame.getLoginModuleStackHolderName();
-         if( lmshName != null )
-            ame.setLoginModuleStackHolder((LoginModuleStackHolder)loginModuleStackMap.get(lmshName));
+         if (lmshName != null)
+            ame.setLoginModuleStackHolder(loginModuleStackMap.get(lmshName));
          authenticationModuleEntries.add(ame);
          isJASPIAuthentication = true;
-      } 
-      else if( value instanceof LoginModuleStackHolder )
+      }
+      else if (value instanceof LoginModuleStackHolder)
       {
-         LoginModuleStackHolder lmsh = (LoginModuleStackHolder)value;
-         loginModuleStackMap.put( lmsh.getName(), lmsh );
+         LoginModuleStackHolder lmsh = (LoginModuleStackHolder) value;
+         loginModuleStackMap.put(lmsh.getName(), lmsh);
          isJASPIAuthentication = true;
       }
-      else if( value instanceof AuthorizationModuleEntry )
+      else if (value instanceof AuthorizationModuleEntry)
       {
-         AuthorizationModuleEntry ame = (AuthorizationModuleEntry)value;
-         if(!authorizationModuleEntries.contains(ame))
+         AuthorizationModuleEntry ame = (AuthorizationModuleEntry) value;
+         if (!authorizationModuleEntries.contains(ame))
             authorizationModuleEntries.add(ame);
          isAuthorization = true;
       }
-      else if( value instanceof AuthorizationConfigEntryHolder )
+      else if (value instanceof AuthorizationConfigEntryHolder)
       {
-         AuthorizationConfigEntryHolder ame = (AuthorizationConfigEntryHolder)value;
+         AuthorizationConfigEntryHolder ame = (AuthorizationConfigEntryHolder) value;
          AuthorizationModuleEntry ameEntry = ame.getEntry();
-         if(!authorizationModuleEntries.contains(ameEntry))
+         if (!authorizationModuleEntries.contains(ameEntry))
             authorizationModuleEntries.add(ameEntry);
          isAuthorization = true;
-      } 
-      else if( value instanceof AuditProviderEntry)
-      { 
-         AuditProviderEntry ameEntry = (AuditProviderEntry)value;
-         if(!auditProviderEntries.contains(ameEntry))
-            auditProviderEntries.add(ameEntry); 
+      }
+      else if (value instanceof AuditProviderEntry)
+      {
+         AuditProviderEntry ameEntry = (AuditProviderEntry) value;
+         if (!auditProviderEntries.contains(ameEntry))
+            auditProviderEntries.add(ameEntry);
          containsAudit = true;
-      } 
-      else if( value instanceof ACLProviderEntry)
-      { 
-         AuditProviderEntry ameEntry = (AuditProviderEntry)value;
-         if(!auditProviderEntries.contains(ameEntry))
-            auditProviderEntries.add(ameEntry); 
+      }
+      else if (value instanceof ACLProviderEntry)
+      {
+         AuditProviderEntry ameEntry = (AuditProviderEntry) value;
+         if (!auditProviderEntries.contains(ameEntry))
+            auditProviderEntries.add(ameEntry);
          containsAudit = true;
-      } 
-      else if( value instanceof IdentityTrustModuleEntry )
-      { 
+      }
+      else if (value instanceof IdentityTrustModuleEntry)
+      {
          IdentityTrustModuleEntry ameEntry = (IdentityTrustModuleEntry) value;
-         if(!identityTrustModuleEntries.contains(ameEntry))
-            identityTrustModuleEntries.add(ameEntry); 
+         if (!identityTrustModuleEntries.contains(ameEntry))
+            identityTrustModuleEntries.add(ameEntry);
          containsIdentityTrust = true;
       }
-   } 
-   
+   }
+
    /**
     * Mapping Objects are added to the Application Policy
     * 
@@ -171,62 +182,84 @@
    public void addMappingInfo(Object obj)
    {
       log.debug(obj);
-      if(obj instanceof RoleMappingInfo)
+      if (obj instanceof RoleMappingInfo)
       {
-         this.roleMappingInfo = (RoleMappingInfo)obj;
-         roleMappingInfo.setName(authName); 
+         this.roleMappingInfo = (RoleMappingInfo) obj;
+         roleMappingInfo.setName(authName);
          this.containsRoleMapping = true;
       }
    }
 
    /**
+    * <p>
+    * Adds the {@code ACLInfo} object constructed by the XB parse to the application policy.
+    * </p>
+    * 
+    * @param info a reference to the {@code ACLInfo} being added.
+    */
+   public void addACLInfo(Object info)
+   {
+      if (info instanceof ACLInfo)
+      {
+         this.aclInfo = (ACLInfo) info;
+         this.aclInfo.setName(this.authName);
+      }
+   }
+
+   /**
     * @see GenericValueContainer#instantiate()
     */
    @SuppressWarnings("unchecked")
    public Object instantiate()
-   {  
-      info = new ApplicationPolicy(authName); 
-      if(baseAppPolicyName != null)
+   {
+      info = new ApplicationPolicy(authName);
+      if (baseAppPolicyName != null)
          info.setBaseApplicationPolicyName(baseAppPolicyName);
-      
+
       BaseAuthenticationInfo binfo = null;
-      AuthorizationInfo ainfo = null; 
-      
-      if(isJAASAuthentication)
+      AuthorizationInfo ainfo = null;
+
+      if (isJAASAuthentication)
       {
          binfo = new AuthenticationInfo(authName);
-         SecurityActions.addModules(binfo, authenticationModuleEntries); 
-         info.setAuthenticationInfo(binfo); 
+         SecurityActions.addModules(binfo, authenticationModuleEntries);
+         info.setAuthenticationInfo(binfo);
       }
-      if(isJASPIAuthentication)
+      if (isJASPIAuthentication)
       {
-         binfo = new JASPIAuthenticationInfo(authName);
-         SecurityActions.addModules(binfo, authenticationModuleEntries); 
-         info.setAuthenticationInfo(binfo); 
+         JASPIAuthenticationInfo jaspiInfo = new JASPIAuthenticationInfo(authName);
+         SecurityActions.addModules(jaspiInfo, authenticationModuleEntries);
+         for (LoginModuleStackHolder holder : this.loginModuleStackMap.values())
+            jaspiInfo.add(holder);
+         info.setAuthenticationInfo(jaspiInfo);
       }
-      if(isAuthorization)
+      if (isAuthorization)
       {
          ainfo = new AuthorizationInfo(authName);
-         SecurityActions.addModules(ainfo, authorizationModuleEntries); 
+         SecurityActions.addModules(ainfo, authorizationModuleEntries);
          info.setAuthorizationInfo(ainfo);
       }
-      if(containsRoleMapping)
-      { 
+      if (this.aclInfo != null)
+      {
+         info.setAclInfo(this.aclInfo);
+      }
+      if (containsRoleMapping)
+      {
          info.setRoleMappingInfo(roleMappingInfo);
       }
-      if(containsAudit)
+      if (containsAudit)
       {
          auditInfo = new AuditInfo(authName);
-         SecurityActions.addModules(auditInfo, auditProviderEntries); 
+         SecurityActions.addModules(auditInfo, auditProviderEntries);
          info.setAuditInfo(auditInfo);
       }
-      if(containsIdentityTrust)
+      if (containsIdentityTrust)
       {
          identityTrustInfo = new IdentityTrustInfo(authName);
-         SecurityActions.addModules(identityTrustInfo, identityTrustModuleEntries); 
+         SecurityActions.addModules(identityTrustInfo, identityTrustModuleEntries);
          info.setIdentityTrustInfo(identityTrustInfo);
       }
-      return info; 
+      return info;
    }
 
    /**
@@ -235,5 +268,5 @@
    public Class<?> getTargetClass()
    {
       return ApplicationPolicy.class;
-   } 
+   }
 }

Added: projects/security/security-jboss-sx/trunk/jbosssx/src/resources/schema/security-config_4_0.xsd
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/resources/schema/security-config_4_0.xsd	                        (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/resources/schema/security-config_4_0.xsd	2008-07-08 21:21:00 UTC (rev 75508)
@@ -0,0 +1,160 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
+   xmlns="http://www.jboss.org/j2ee/schema/jaas"
+   targetNamespace="http://www.jboss.org/j2ee/schema/jaas"
+   elementFormDefault="unqualified" attributeFormDefault="unqualified" version="4.0">
+   <xs:annotation>
+      <xs:documentation><![CDATA[
+   $Id: security-config_4_0.xsd 26729 2004-12-19 00:44:45Z starksm $
+	This is the XML Schema for the jboss 4.0 security configuration descriptor.
+	The default version of the descriptor is found in conf/login-config.xml
+   and this version of the schema is indicated using:
+
+	    <policy xmlns="http://www.jboss.org/j2ee/schema/jaas"
+	      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	      xsi:schemaLocation="http://www.jboss.org/j2ee/schema/security-config_4_0.xsd"
+	      version="4.0">
+	      ...
+	    </policy>
+
+	The instance documents may indicate the published version of
+	the schema using the xsi:schemaLocation attribute:
+	http://www.jboss.org/j2ee/schema/security-config_4_0.xsd
+
+   The outline of a policy/application-policy is:
+   <policy>
+    <application-policy name="security-domain-name">
+     <authentication>
+       <login-module code="login.module1.class.name" flag="control_flag">
+         <module-option name = "option1-name">option1-value</module-option>
+         <module-option name = "option2-name">option2-value</module-option>
+         ...
+       </login-module>
+   
+       <login-module code="login.module2.class.name" flag="control_flag">
+         ...
+       </login-module>
+       ...
+     </authentication>
+    </application-policy>
+   </policy>
+	]]></xs:documentation>
+   </xs:annotation>
+   <xs:element name="policy">
+      <xs:annotation>
+         <xs:documentation>The policy element is the root of the security
+            configuration descriptor.</xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:sequence>
+            <xs:element maxOccurs="unbounded" ref="application-policy"/>
+         </xs:sequence>
+      </xs:complexType>
+   </xs:element>
+   <xs:element name="application-policy">
+      <xs:annotation>
+         <xs:documentation>The application-policy lists configuration for a
+            named policy. This currently only consists of the authentication
+            configuration. </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:sequence>
+            <xs:element ref="authentication"/>
+         </xs:sequence>
+         <xs:attribute name="name" use="required" type="xs:NCName">
+            <xs:annotation>
+               <xs:documentation>The name attribute defines the authentication
+                  configuration name. This is the name that would be passed to
+                  the JAAS LoginContext ctor to use the associated login module stack.</xs:documentation>
+            </xs:annotation>
+         </xs:attribute>
+      </xs:complexType>
+   </xs:element>
+   <xs:element name="authentication">
+      <xs:annotation>
+         <xs:documentation>The authentication element contains the login module
+            stack configuration. Each login module configuration is specified
+            using a login-module element.</xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:sequence>
+            <xs:element maxOccurs="unbounded" ref="login-module"/>
+         </xs:sequence>
+      </xs:complexType>
+   </xs:element>
+   <xs:element name="login-module">
+      <xs:annotation>
+         <xs:documentation>The login-module element defines a JAAS login module
+            configuration entry. Each entry must have a code and flag attribute
+            along with zero or more login module options specified via the
+            module-option element. </xs:documentation>
+      </xs:annotation>
+      <xs:complexType>
+         <xs:sequence>
+            <xs:element minOccurs="0" maxOccurs="unbounded" ref="module-option"/>
+         </xs:sequence>
+         <xs:attribute name="code" use="required">
+            <xs:annotation>
+               <xs:documentation>The code attribute gives the fully qualifed class
+                  name of the javax.security.auth.spi.LoginModule interface implementation
+                  for the login module.
+               </xs:documentation>
+            </xs:annotation>
+         </xs:attribute>
+         <xs:attribute name="flag" use="required">
+            <xs:annotation>
+               <xs:documentation>The flag attribute controls how a login module
+                  participates in the overall authentication proceedure.
+                  Required - The LoginModule is required to succeed. If it
+                  succeeds or fails, authentication still continues to proceed
+                  down the LoginModule list.
+
+                  Requisite - The LoginModule is required to succeed. If it succeeds,
+                  authentication continues down the LoginModule list. If it fails,
+                  control immediately returns to the application (authentication does not proceed
+                  down the LoginModule list).
+
+                  Sufficient - The LoginModule is  not required to succeed. If it does
+                  succeed, control immediately returns to the application (authentication
+                  does not proceed down the LoginModule list). If it fails,
+                  authentication continues down the LoginModule list.
+                  
+                  Optional - The LoginModule is not required to succeed. If it succeeds or
+                  fails, authentication still continues to proceed down the
+                  LoginModule list.
+                  
+                  The overall authentication succeeds only if
+                  all required and requisite LoginModules succeed. If a
+                  sufficient LoginModule is configured and succeeds, then only
+                  the required and requisite LoginModules prior to that
+                  sufficient LoginModule need to have succeeded for the overall
+                  authentication to succeed. If no required or requisite
+                  LoginModules are configured for an application, then at least
+                  one sufficient or optional LoginModule must succeed. </xs:documentation>
+            </xs:annotation>
+         </xs:attribute>
+      </xs:complexType>
+   </xs:element>
+   <xs:element name="module-option">
+      <xs:annotation>
+         <xs:documentation>A module option defines a name, value pair that are
+         passed to a LoginModule when it is initialized during the login proceedure.
+         The name attribute defines the option name while the element value is the
+         option value. The type of the value can be anything from a string obtained
+         from the module-option body, to arbitary objects unmarshalled based on
+         the namespace associated with the module-option child element.</xs:documentation>
+      </xs:annotation>
+      <xs:complexType mixed="true">
+         <xs:sequence>
+            <xs:any namespace="##any"/>
+         </xs:sequence>
+         <xs:attribute name="name" use="required" type="xs:NCName">
+            <xs:annotation>
+               <xs:documentation>The module option name. This is the key used to store
+               the module value in the LoginModule initalize options Map.</xs:documentation>
+            </xs:annotation>
+         </xs:attribute>
+      </xs:complexType>
+   </xs:element>
+</xs:schema>
+

Added: projects/security/security-jboss-sx/trunk/jbosssx/src/resources/schema/security-config_4_1.xsd
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/resources/schema/security-config_4_1.xsd	                        (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/resources/schema/security-config_4_1.xsd	2008-07-08 21:21:00 UTC (rev 75508)
@@ -0,0 +1,182 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- $Id: security-config_4_1.xsd 45686 2006-06-20 04:47:48Z asaldhana $ -->
+
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+   elementFormDefault="qualified"
+   xmlns:jaas="urn:jboss:security-config:4.1"
+   xmlns:jbxb="http://www.jboss.org/xml/ns/jbxb"
+   targetNamespace="urn:jboss:security-config:4.1">
+
+   <xsd:annotation>
+      <xsd:documentation><![CDATA[
+         The login-config.xml schema with jbossxb annotations that map conforming
+         documents to the org.jboss.security.auth.login.PolicyConfig.
+     $Id: security-config_4_1.xsd 45686 2006-06-20 04:47:48Z asaldhana $
+    This is the XML Schema for the jboss 4.1 security configuration descriptor.
+    The default version of the descriptor is found in conf/login-config.xml
+     and this version of the schema is indicated using:
+
+        <policy xmlns="urn:jboss:security-config:4.1"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          version="4.1">
+          ...
+        </policy>
+
+     The outline of a policy/application-policy is:
+     <policy>
+      <application-policy name="security-domain-name">
+       <authentication>
+         <login-module code="login.module1.class.name" flag="control_flag">
+           <module-option name = "option1-name">option1-value</module-option>
+           <module-option name = "option2-name">option2-value</module-option>
+           ...
+         </login-module>
+   
+         <login-module code="login.module2.class.name" flag="control_flag">
+           ...
+         </login-module>
+         ...
+       </authentication>
+      </application-policy>
+     </policy>
+    ]]></xsd:documentation>
+      <xsd:appinfo>
+         <jbxb:schemaBindings>
+            <jbxb:package name="org.jboss.security.config"/>
+            <jbxb:ignoreUnresolvedFieldOrClass>false</jbxb:ignoreUnresolvedFieldOrClass>
+         </jbxb:schemaBindings>
+      </xsd:appinfo>
+   </xsd:annotation>
+
+  <xsd:element name="policy">
+    <xsd:complexType>
+       <xsd:annotation>
+         <xsd:documentation>The policy element is the root of the security
+            configuration descriptor.</xsd:documentation>
+          <xsd:appinfo>
+             <jbxb:class impl="org.jboss.security.config.PolicyConfig"/>
+          </xsd:appinfo>
+       </xsd:annotation>
+
+      <xsd:sequence>
+        <xsd:element maxOccurs="unbounded" ref="jaas:application-policy"/>
+      </xsd:sequence>
+    </xsd:complexType>
+  </xsd:element>
+
+  <xsd:element name="application-policy">
+    <xsd:complexType>
+       <xsd:annotation>
+          <xsd:documentation>The application-policy lists configuration for a
+             named policy. This currently only consists of the authentication
+             configuration. </xsd:documentation>
+          <xsd:appinfo>
+            <jbxb:class impl="org.jboss.security.config.ApplicationPolicyContainer"/>
+            <jbxb:addMethod name="add" valueType="org.jboss.security.config.ApplicationPolicy"/>
+          </xsd:appinfo>
+       </xsd:annotation>
+
+      <xsd:sequence>
+        <xsd:element ref="jaas:authentication"/>
+      </xsd:sequence>
+      <xsd:attribute name="name" use="required" type="xsd:string"/>
+    </xsd:complexType>
+  </xsd:element>
+
+  <xsd:element name="authentication">
+    <xsd:annotation>
+      <xsd:documentation>The authentication element contains the login module
+         stack configuration. Each login module configuration is specified
+         using a login-module element.</xsd:documentation>
+       <xsd:appinfo>
+          <jbxb:skip/>
+       </xsd:appinfo>
+    </xsd:annotation>
+    <xsd:complexType>
+      <xsd:sequence>
+        <xsd:element maxOccurs="unbounded" ref="jaas:login-module"/>
+      </xsd:sequence>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:element name="login-module">
+    <xsd:complexType>
+       <xsd:annotation>
+         <xsd:documentation>The login-module element defines a JAAS login module
+            configuration entry. Each entry must have a code and flag attribute
+            along with zero or more login module options specified via the
+            module-option element. </xsd:documentation>
+          <xsd:appinfo>
+             <jbxb:class impl="org.jboss.security.auth.login.AppConfigurationEntryHolder"/>
+          </xsd:appinfo>
+       </xsd:annotation>
+      <xsd:sequence>
+        <xsd:element minOccurs="0" maxOccurs="unbounded" ref="jaas:module-option"/>
+      </xsd:sequence>
+      <xsd:attribute name="code" use="required" type="xsd:string"/>
+      <xsd:attribute name="flag" use="required">
+        <xsd:annotation>
+           <xsd:documentation>The flag attribute controls how a login module
+              participates in the overall authentication proceedure.
+              Required - The LoginModule is required to succeed. If it
+              succeeds or fails, authentication still continues to proceed
+              down the LoginModule list.
+
+              Requisite - The LoginModule is required to succeed. If it succeeds,
+              authentication continues down the LoginModule list. If it fails,
+              control immediately returns to the application (authentication does not proceed
+              down the LoginModule list).
+
+              Sufficient - The LoginModule is  not required to succeed. If it does
+              succeed, control immediately returns to the application (authentication
+              does not proceed down the LoginModule list). If it fails,
+              authentication continues down the LoginModule list.
+                  
+              Optional - The LoginModule is not required to succeed. If it succeeds or
+              fails, authentication still continues to proceed down the
+              LoginModule list.
+                  
+              The overall authentication succeeds only if
+              all required and requisite LoginModules succeed. If a
+              sufficient LoginModule is configured and succeeds, then only
+              the required and requisite LoginModules prior to that
+              sufficient LoginModule need to have succeeded for the overall
+              authentication to succeed. If no required or requisite
+              LoginModules are configured for an application, then at least
+              one sufficient or optional LoginModule must succeed.
+           </xsd:documentation>
+        </xsd:annotation>
+        <xsd:simpleType>
+          <xsd:restriction base="xsd:string">
+            <xsd:enumeration value="required" />
+            <xsd:enumeration value="requisite" />
+            <xsd:enumeration value="sufficient" />
+            <xsd:enumeration value="optional" />
+          </xsd:restriction>
+        </xsd:simpleType>
+      </xsd:attribute>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:element name="module-option">
+    <xsd:complexType mixed="true">
+       <xsd:annotation>
+            <xsd:documentation>A module option defines a name, value pair that are
+            passed to a LoginModule when it is initialized during the login proceedure.
+            The name attribute defines the option name while the element value is the
+            option value. The type of the value can be anything from a string obtained
+            from the module-option body, to arbitary objects unmarshalled based on
+            the namespace associated with the module-option child element
+            </xsd:documentation>
+          <xsd:appinfo>
+             <!-- ModuleOption declares a constructor that takes name as a parameter
+                  while the value should be set with the setter.
+                  This use-case is not supported out-of-the-box. So, we use this container. -->
+             <jbxb:class impl="org.jboss.security.auth.login.ModuleOptionContainer"/>
+          </xsd:appinfo>
+       </xsd:annotation>
+      <xsd:sequence>
+        <xsd:any minOccurs="0" maxOccurs="1" namespace="##other" />
+      </xsd:sequence>
+      <xsd:attribute name="name" use="required" type="xsd:string"/>
+    </xsd:complexType>
+  </xsd:element>
+</xsd:schema>

Added: projects/security/security-jboss-sx/trunk/jbosssx/src/resources/schema/security-config_5_0.xsd
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/resources/schema/security-config_5_0.xsd	                        (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/resources/schema/security-config_5_0.xsd	2008-07-08 21:21:00 UTC (rev 75508)
@@ -0,0 +1,299 @@
+<!-- $Id: security-config_5_0.xsd 65769 2007-10-02 19:17:34Z anil.saldhana at jboss.com $ -->
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
+            xmlns:jbsx="urn:jboss:security-config:5.0" 
+            xmlns="urn:jboss:security-config:5.0" 
+            xmlns:jbxb="http://www.jboss.org/xml/ns/jbxb" 
+            targetNamespace="urn:jboss:security-config:5.0" 
+            elementFormDefault="qualified"
+            attributeFormDefault="unqualified">
+   <xsd:annotation>
+      <xsd:appinfo>
+         <jbxb:schemaBindings>
+            <jbxb:package name="org.jboss.security.config"/>
+            <jbxb:ignoreUnresolvedFieldOrClass>
+               false</jbxb:ignoreUnresolvedFieldOrClass>
+         </jbxb:schemaBindings>
+      </xsd:appinfo>
+   </xsd:annotation>
+   <xsd:element name="policy" type="jbsx:PolicyConfig"/>
+   <xsd:complexType name="PolicyConfig">
+      <xsd:annotation>
+         <xsd:appinfo>
+            <jbxb:class impl="org.jboss.security.config.PolicyConfig"/>
+         </xsd:appinfo>
+      </xsd:annotation>
+      <xsd:sequence>
+         <xsd:element ref="jbsx:application-policy" maxOccurs="unbounded"/>
+      </xsd:sequence>
+   </xsd:complexType>
+   <xsd:element name="application-policy">
+      <xsd:complexType>
+         <xsd:annotation>
+            <xsd:appinfo>
+               <jbxb:class impl="org.jboss.security.config.ApplicationPolicyContainer"/>
+               <jbxb:addMethod name="add" valueType="org.jboss.security.config.ApplicationPolicy"/>
+            </xsd:appinfo>
+         </xsd:annotation>
+         <xsd:sequence>
+            <xsd:choice>
+               <xsd:element ref="jbsx:authentication"/>
+               <xsd:element ref="jbsx:authentication-jaspi"/>
+            </xsd:choice>
+            <xsd:element ref="jbsx:authorization" minOccurs="0"/>
+            <xsd:element ref="acl" minOccurs="0"/>
+            <xsd:element ref="jbsx:rolemapping" minOccurs="0"/>
+            <xsd:element ref="jbsx:audit" minOccurs="0"/>
+            <xsd:element ref="jbsx:identity-trust" minOccurs="0"/>
+         </xsd:sequence>
+         <xsd:attribute name="name" type="xsd:string" use="required"/>
+         <xsd:attribute name="extends" type="xsd:string"/>
+      </xsd:complexType>
+   </xsd:element>
+   <xsd:element name="authentication" type="jbsx:authenticationInfo"/>
+   <xsd:element name="authentication-jaspi" type="jbsx:authenticationJaspiInfo"/>
+   <xsd:element name="authorization" type="jbsx:authorizationInfo"/>
+   <xsd:element name="acl" type="aclInfo"/>
+   <xsd:element name="rolemapping" type="jbsx:roleMappingInfo"/>
+   <xsd:element name="audit" type="jbsx:auditInfo"/>
+   <xsd:element name="identity-trust" type="jbsx:identityTrustInfo"/>
+   <xsd:complexType name="authenticationInfo">
+      <xsd:annotation>
+         <xsd:appinfo>
+            <jbxb:skip/>
+         </xsd:appinfo>
+      </xsd:annotation>
+      <xsd:sequence>
+         <xsd:element ref="jbsx:login-module" maxOccurs="unbounded"/>
+      </xsd:sequence>
+   </xsd:complexType>
+   <xsd:complexType name="authenticationJaspiInfo">
+      <xsd:annotation>
+         <xsd:appinfo>
+            <jbxb:skip/>
+         </xsd:appinfo>
+      </xsd:annotation>
+      <xsd:sequence>
+         <xsd:element ref="jbsx:login-module-stack" maxOccurs="unbounded"/>
+         <xsd:element ref="jbsx:auth-module" maxOccurs="unbounded"/>
+      </xsd:sequence>
+   </xsd:complexType>
+   <xsd:complexType name="authorizationInfo">
+      <xsd:annotation>
+         <xsd:appinfo>
+            <jbxb:skip/>
+         </xsd:appinfo>
+      </xsd:annotation>
+      <xsd:sequence>
+         <xsd:element ref="jbsx:policy-module"  maxOccurs="unbounded"/>
+      </xsd:sequence>
+   </xsd:complexType>
+   <xsd:complexType name="aclInfo">
+      <xsd:annotation>
+         <xsd:appinfo>
+            <jbxb:class impl="org.jboss.security.acl.config.ACLInfoContainer"/>
+            <jbxb:addMethod name="addACLInfo"/>
+         </xsd:appinfo>
+      </xsd:annotation>
+      <xsd:sequence>
+         <xsd:element ref="acl-module"  maxOccurs="unbounded"/>
+      </xsd:sequence>
+   </xsd:complexType>
+   <xsd:complexType name="roleMappingInfo">
+      <xsd:annotation>
+         <xsd:appinfo>
+            <jbxb:class impl="org.jboss.security.mapping.config.RoleMappingConfigContainer"/>
+            <jbxb:addMethod name="addMappingInfo"/>
+         </xsd:appinfo>
+      </xsd:annotation>
+      <xsd:sequence>
+         <xsd:element ref="jbsx:mapping-module" maxOccurs="unbounded"/>
+      </xsd:sequence>
+   </xsd:complexType>
+   <xsd:complexType name="auditInfo">
+      <xsd:annotation>
+         <xsd:appinfo>
+            <jbxb:skip/>
+         </xsd:appinfo>
+      </xsd:annotation>
+      <xsd:sequence>
+         <xsd:element ref="jbsx:provider-module"  maxOccurs="unbounded"/>
+      </xsd:sequence>
+   </xsd:complexType>
+   <xsd:complexType name="identityTrustInfo">
+      <xsd:annotation>
+         <xsd:appinfo>
+            <jbxb:skip/>
+         </xsd:appinfo>
+      </xsd:annotation>
+      <xsd:sequence>
+         <xsd:element ref="jbsx:trust-module"  maxOccurs="unbounded"/>
+      </xsd:sequence>
+   </xsd:complexType>
+    
+   
+   <xsd:simpleType name="module-option-flag">
+      <xsd:annotation>
+           <xsd:documentation>The flag attribute controls how a login module
+              participates in the overall authentication proceedure.
+              Required - The LoginModule is required to succeed. If it
+              succeeds or fails, authentication still continues to proceed
+              down the LoginModule list.
+
+              Requisite - The LoginModule is required to succeed. If it succeeds,
+              authentication continues down the LoginModule list. If it fails,
+              control immediately returns to the application (authentication does not proceed
+              down the LoginModule list).
+
+              Sufficient - The LoginModule is  not required to succeed. If it does
+              succeed, control immediately returns to the application (authentication
+              does not proceed down the LoginModule list). If it fails,
+              authentication continues down the LoginModule list.
+                  
+              Optional - The LoginModule is not required to succeed. If it succeeds or
+              fails, authentication still continues to proceed down the
+              LoginModule list.
+                  
+              The overall authentication succeeds only if
+              all required and requisite LoginModules succeed. If a
+              sufficient LoginModule is configured and succeeds, then only
+              the required and requisite LoginModules prior to that
+              sufficient LoginModule need to have succeeded for the overall
+              authentication to succeed. If no required or requisite
+              LoginModules are configured for an application, then at least
+              one sufficient or optional LoginModule must succeed.
+           </xsd:documentation>
+        </xsd:annotation> 
+      <xsd:restriction base="xsd:string">
+         <xsd:enumeration value="required"/>
+         <xsd:enumeration value="requisite"/>
+         <xsd:enumeration value="sufficient"/>
+         <xsd:enumeration value="optional"/>
+      </xsd:restriction>
+   </xsd:simpleType>
+
+   <xsd:element name="login-module" type="jbsx:loginModuleInfo"/>
+   <xsd:complexType name="loginModuleInfo">
+      <xsd:annotation>
+         <xsd:appinfo>
+            <jbxb:class impl="org.jboss.security.auth.login.AppConfigurationEntryHolder"/>
+         </xsd:appinfo>
+      </xsd:annotation>
+      <xsd:sequence>
+         <xsd:element ref="jbsx:module-option" minOccurs="0" maxOccurs="unbounded"/>
+      </xsd:sequence>
+      <xsd:attribute name="code" type="xsd:string" use="required"/>
+      <xsd:attribute name="flag" type="jbsx:module-option-flag" use="required"/>
+   </xsd:complexType>
+   
+   <xsd:element name="module-option">
+      <xsd:complexType mixed="true">
+         <xsd:annotation>
+            <xsd:appinfo>
+               <!-- ModuleOption declares a constructor that takes name as a parameter
+                 while the value should be set with the setter.
+               
+                 This use-case is not supported out-of-the-box. So, we use this container. -->
+               <jbxb:class impl="org.jboss.security.auth.login.ModuleOptionContainer"/>
+            </xsd:appinfo>
+         </xsd:annotation>
+         <xsd:sequence>
+            <xsd:any namespace="##other" minOccurs="0"/>
+         </xsd:sequence>
+         <xsd:attribute name="name" type="xsd:string" use="required"/>
+      </xsd:complexType>
+   </xsd:element>
+   <xsd:element name="login-module-stack">
+      <xsd:complexType>
+         <xsd:annotation>
+            <xsd:appinfo>
+               <jbxb:class impl="org.jboss.security.auth.login.LoginModuleStackContainer"/>
+            </xsd:appinfo>
+         </xsd:annotation>
+         <xsd:sequence>
+            <xsd:element ref="jbsx:login-module" maxOccurs="unbounded"/>
+         </xsd:sequence>
+         <xsd:attribute name="name" type="xsd:string" use="required"/>
+      </xsd:complexType>
+   </xsd:element>
+   <xsd:element name="auth-module" type="jbsx:authModuleInfo"/>
+   <xsd:complexType name="authModuleInfo">
+      <xsd:annotation>
+         <xsd:appinfo>
+            <jbxb:class impl="org.jboss.security.auth.container.config.AuthModuleEntryHolder"/>
+         </xsd:appinfo>
+      </xsd:annotation>
+      <xsd:sequence>
+         <xsd:element ref="jbsx:module-option" minOccurs="0" maxOccurs="unbounded"/>
+      </xsd:sequence>
+      <xsd:attribute name="code" type="xsd:string" use="required"/>
+      <xsd:attribute name="login-module-stack-ref" type="xsd:string"/>
+   </xsd:complexType>
+   <xsd:element name="policy-module">
+      <xsd:complexType>
+         <xsd:annotation>
+            <xsd:appinfo>
+               <jbxb:class impl="org.jboss.security.authorization.config.AuthorizationConfigEntryHolder"/>
+            </xsd:appinfo>
+         </xsd:annotation>
+         <xsd:sequence>
+            <xsd:element ref="jbsx:module-option" minOccurs="0" maxOccurs="unbounded"/>
+         </xsd:sequence>
+         <xsd:attribute name="code" type="xsd:string" use="required"/>
+         <xsd:attribute name="flag" type="jbsx:module-option-flag" use="required"/>
+      </xsd:complexType>
+   </xsd:element>
+   <xsd:element name="acl-module">
+      <xsd:complexType>
+         <xsd:annotation>
+            <xsd:appinfo>
+               <jbxb:class impl="org.jboss.security.acl.config.ACLProviderEntryHolder"/>
+            </xsd:appinfo>
+         </xsd:annotation>
+         <xsd:sequence>
+            <xsd:element ref="module-option" minOccurs="0" maxOccurs="unbounded"/>
+         </xsd:sequence>
+         <xsd:attribute name="code" type="xsd:string" use="required"/>
+         <xsd:attribute name="flag" type="module-option-flag" use="required"/>
+      </xsd:complexType>
+   </xsd:element>
+   <xsd:element name="mapping-module">
+      <xsd:complexType>
+         <xsd:annotation>
+            <xsd:appinfo>
+               <jbxb:class impl="org.jboss.security.mapping.config.MappingConfigEntryHolder"/>
+            </xsd:appinfo>
+         </xsd:annotation>
+         <xsd:sequence>
+            <xsd:element ref="jbsx:module-option" minOccurs="0" maxOccurs="unbounded"/>
+         </xsd:sequence>
+         <xsd:attribute name="code" type="xsd:string" use="required"/>
+      </xsd:complexType>
+   </xsd:element>
+   <xsd:element name="provider-module">
+      <xsd:complexType>
+         <xsd:annotation>
+            <xsd:appinfo>
+               <jbxb:class impl="org.jboss.security.audit.config.AuditConfigEntryHolder"/>
+            </xsd:appinfo>
+         </xsd:annotation>
+         <xsd:sequence>
+            <xsd:element ref="jbsx:module-option" minOccurs="0" maxOccurs="unbounded"/>
+         </xsd:sequence>
+         <xsd:attribute name="code" type="xsd:string" use="required"/>
+      </xsd:complexType>
+   </xsd:element>
+   <xsd:element name="trust-module">
+      <xsd:complexType>
+         <xsd:annotation>
+            <xsd:appinfo>
+               <jbxb:class impl="org.jboss.security.identitytrust.config.IdentityTrustConfigEntryHolder"/>
+            </xsd:appinfo>
+         </xsd:annotation>
+         <xsd:sequence>
+            <xsd:element ref="jbsx:module-option" minOccurs="0" maxOccurs="unbounded"/>
+         </xsd:sequence>
+         <xsd:attribute name="code" type="xsd:string" use="required"/>
+         <xsd:attribute name="flag" type="jbsx:module-option-flag" use="required"/>
+      </xsd:complexType>
+   </xsd:element>
+</xsd:schema>


Property changes on: projects/security/security-jboss-sx/trunk/jbosssx/src/resources/schema/security-config_5_0.xsd
___________________________________________________________________
Name: svn:executable
   + *

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java	2008-07-08 20:15:07 UTC (rev 75507)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java	2008-07-08 21:21:00 UTC (rev 75508)
@@ -30,6 +30,9 @@
 
 import javax.security.auth.login.AppConfigurationEntry;
 
+import junit.framework.Assert;
+
+import org.jboss.security.acl.config.ACLProviderEntry;
 import org.jboss.security.audit.config.AuditProviderEntry;
 import org.jboss.security.auth.container.config.AuthModuleEntry;
 import org.jboss.security.auth.login.BaseAuthenticationInfo;
@@ -38,6 +41,7 @@
 import org.jboss.security.auth.spi.UsersObjectModelFactory;
 import org.jboss.security.authorization.config.AuthorizationModuleEntry;
 import org.jboss.security.authorization.config.SecurityConfigObjectModelFactory;
+import org.jboss.security.config.ACLInfo;
 import org.jboss.security.config.ApplicationPolicy;
 import org.jboss.security.config.AuditInfo;
 import org.jboss.security.config.AuthorizationInfo;
@@ -203,6 +207,31 @@
       assertEquals("name=authz", "authz", authzoptions.get("name"));
       assertEquals("succeed=true", "true", authzoptions.get("succeed"));
 
+      // ACL (instance-based authorization)
+      ACLInfo aclInfo = completeConfig.getAclInfo();
+      assertNotNull("Unexpected null ACLInfo found", aclInfo);
+      ACLProviderEntry[] aclEntries = aclInfo.getACLProviderEntry();
+      assertNotNull("Unexpected null set of acl entries", aclEntries);
+      assertEquals("Invalid number of acl entries", 2, aclEntries.length);
+      // first entry should be org.jboss.security.authz.ACLModule1.
+      Assert.assertEquals("org.jboss.security.authz.ACLModule1", aclEntries[0].getAclProviderName());
+      Assert.assertEquals("REQUIRED", aclEntries[0].getControlFlag().toString());
+      Map<String, ?> options = aclEntries[0].getOptions();
+      Assert.assertNotNull("Unexpected null options map", options);
+      Assert.assertTrue("Option aclOption1 was not found", options.containsKey("aclOption1"));
+      Assert.assertEquals("value1", options.get("aclOption1"));
+      Assert.assertTrue("Option aclOption2 was not found", options.containsKey("aclOption2"));
+      Assert.assertEquals("value2", options.get("aclOption2"));
+      // second entry should be the org.jboss.security.authz.ACLModule2.
+      Assert.assertEquals("org.jboss.security.authz.ACLModule2", aclEntries[1].getAclProviderName());
+      Assert.assertEquals("REQUIRED", aclEntries[1].getControlFlag().toString());
+      options = aclEntries[1].getOptions();
+      Assert.assertNotNull("Unexpected null options map", options);
+      Assert.assertTrue("Option aclOption3 was not found", options.containsKey("aclOption3"));
+      Assert.assertEquals("value3", options.get("aclOption3"));
+      Assert.assertTrue("Option aclOption4 was not found", options.containsKey("aclOption4"));
+      Assert.assertEquals("value4", options.get("aclOption4"));
+
       // Role Mapping
       MappingInfo mappingInfo = completeConfig.getRoleMappingInfo();
       assertNotNull("MappingInfo is not null", mappingInfo);
@@ -248,92 +277,41 @@
       BaseAuthenticationInfo bai = completeConfig.getAuthenticationInfo();
       assertNotNull("BaseAuthenticationInfo is not null", bai);
       assertEquals("3 login modules", 3, bai.getModuleEntries().size());
+
+      // Authorization
       AuthorizationInfo azi = completeConfig.getAuthorizationInfo();
       assertNotNull("AuthorizationInfo is not null", azi);
       assertEquals("3 authz modules", 3, azi.getModuleEntries().size());
+
+      // ACL
+      ACLInfo aclInfo = completeConfig.getAclInfo();
+      assertNotNull("Unexpected null ACLInfo", aclInfo);
+      assertEquals("Unexpected number of acl modules", 3, aclInfo.getModuleEntries().size());
+
       // Role Mapping
       MappingInfo mappingInfo = completeConfig.getRoleMappingInfo();
       assertNotNull("MappingInfo is not null", mappingInfo);
       assertEquals("1 map modules", 1, mappingInfo.getModuleEntries().size());
+
       // Audit
       AuditInfo ai = completeConfig.getAuditInfo();
       assertNotNull("AuditInfo", ai);
       AuditProviderEntry[] apelist = ai.getAuditProviderEntry();
       assertEquals("Audit entry length=1", 1, apelist.length);
+
       // Identity Trust
       IdentityTrustInfo iti = completeConfig.getIdentityTrustInfo();
       assertNotNull("IdentityTrustInfo", iti);
       IdentityTrustModuleEntry[] itilist = iti.getIdentityTrustModuleEntry();
       assertEquals("IdentityTrustModuleEntry length=1", 1, itilist.length);
 
-      // test the jaspi policy extension
+      // JASPI authentication policy extension
       ApplicationPolicy jaspiPolicy = config.get("conf-jaspi-extend");
       assertNotNull("Unexpected null conf-jaspi-extend application policy", jaspiPolicy);
       BaseAuthenticationInfo authInfo = jaspiPolicy.getAuthenticationInfo();
       assertNotNull("Unexpected null jaspi configuration", authInfo);
       List<?> entries = authInfo.getModuleEntries();
       assertEquals("Invalid number of auth modules", 3, entries.size());
-
-      // First Entry - from parent application policy.
-      Object entry = entries.get(0);
-      assertTrue("Entry instanceof AppConfigurationEntry", entry instanceof AuthModuleEntry);
-      AuthModuleEntry ace = (AuthModuleEntry) entry;
-      assertEquals("LM Name", "TestAuthModule", ace.getAuthModuleName());
-      assertEquals("Required", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, ace.getControlFlag());
-      Map<String, ?> aceOptions = ace.getOptions();
-      assertEquals("Number of options = 3", 3, aceOptions.size());
-      assertEquals("usersProperties=u", "u", aceOptions.get("usersProperties"));
-      assertEquals("rolesProperties=r", "r", aceOptions.get("rolesProperties"));
-      assertEquals("unauthenticatedIdentity=anonymous", "anonymous", aceOptions.get("unauthenticatedIdentity"));
-
-      // Second Entry - from parent application policy.
-      entry = entries.get(1);
-      assertTrue("Entry instanceof AppConfigurationEntry", entry instanceof AuthModuleEntry);
-      ace = (AuthModuleEntry) entry;
-      assertEquals("LM Name", "TestAuthModule2", ace.getAuthModuleName());
-      assertEquals("Required", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, ace.getControlFlag());
-      aceOptions = ace.getOptions();
-      assertEquals("Number of options = 0", 0, aceOptions.size());
-      LoginModuleStackHolder lmsh = ace.getLoginModuleStackHolder();
-      assertEquals("lm-stack", "lm-stack", lmsh.getName());
-      AppConfigurationEntry[] appEntries = lmsh.getAppConfigurationEntry();
-      assertEquals("App Entries in LMSH=1", 1, appEntries.length);
-
-      Object appEntry = appEntries[0];
-      assertTrue("Entry instanceof AppConfigurationEntry", appEntry instanceof AppConfigurationEntry);
-      AppConfigurationEntry appace = (AppConfigurationEntry) appEntry;
-      assertEquals("LM Name", "org.jboss.security.auth.spi.UsersRolesLoginModule", appace.getLoginModuleName());
-      assertEquals("Optional", AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, appace.getControlFlag());
-      Map<String, ?> appaceOptions = appace.getOptions();
-      assertEquals("Number of options = 3", 3, appaceOptions.size());
-      assertEquals("usersProperties=u", "u", appaceOptions.get("usersProperties"));
-      assertEquals("rolesProperties=r", "r", appaceOptions.get("rolesProperties"));
-      assertEquals("unauthenticatedIdentity=anonymous", "anonymous", appaceOptions.get("unauthenticatedIdentity"));
-
-      // Third Entry - defined by the conf-jaspi-extend policy.
-      entry = entries.get(2);
-      assertTrue("Entry instanceof AppConfigurationEntry", entry instanceof AuthModuleEntry);
-      ace = (AuthModuleEntry) entry;
-      assertEquals("Invalid module name", "org.jboss.security.JASPITestModule", ace.getAuthModuleName());
-      aceOptions = ace.getOptions();
-      assertEquals("Invalid number of module options", 1, aceOptions.size());
-      assertEquals("Invalid value for auth.option property", "auth.value", aceOptions.get("auth.option"));
-      lmsh = ace.getLoginModuleStackHolder();
-      assertEquals("Invalid login module stack ref", "lm-stack2", lmsh.getName());
-      appEntries = lmsh.getAppConfigurationEntry();
-      assertEquals(1, appEntries.length);
-
-      appEntry = appEntries[0];
-      assertTrue("Entry instanceof AppConfigurationEntry", appEntry instanceof AppConfigurationEntry);
-      appace = (AppConfigurationEntry) appEntry;
-      assertEquals("Invalid module name", "org.jboss.security.TestModule2", appace.getLoginModuleName());
-      assertEquals("Invalid module flag", AppConfigurationEntry.LoginModuleControlFlag.REQUISITE, appace
-            .getControlFlag());
-      appaceOptions = appace.getOptions();
-      assertEquals("Invalid number of module options", 2, appaceOptions.size());
-      assertEquals("Invalid value for prop1 property", "value1", appaceOptions.get("prop1"));
-      assertEquals("Invalid value for prop2 property", "value2", appaceOptions.get("prop2"));
-
    }
 
    public void testAddDeletionOfApplicationPolicies()

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/resources/config/securityConfig5.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/resources/config/securityConfig5.xml	2008-07-08 20:15:07 UTC (rev 75507)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/resources/config/securityConfig5.xml	2008-07-08 21:21:00 UTC (rev 75508)
@@ -57,7 +57,17 @@
              <module-option name = "name">authz</module-option>
              <module-option name = "succeed">true</module-option> 
           </policy-module> 
-       </authorization>
+       </authorization>
+       <acl>
+          <acl-module code="org.jboss.security.authz.ACLModule1" flag="required">
+             <module-option name="aclOption1">value1</module-option>
+             <module-option name="aclOption2">value2</module-option>
+          </acl-module>
+          <acl-module code="org.jboss.security.authz.ACLModule2" flag="required">
+             <module-option name="aclOption3">value3</module-option>
+             <module-option name="aclOption4">value4</module-option>
+          </acl-module>
+       </acl>
        <rolemapping>
           <mapping-module code = "org.jboss.test.TestMappingModule"> 
              <module-option name = "name">rolemap</module-option>
@@ -108,6 +118,12 @@
              <module-option name = "succeed">true</module-option> 
           </policy-module> 
        </authorization>
+       <acl>
+          <acl-module code="org.jboss.security.authz.ACLModule3" flag="optional">
+             <module-option name="aclOption5">value5</module-option>
+             <module-option name="aclOption6">value6</module-option>
+          </acl-module>
+       </acl>
     </application-policy>
     
     <application-policy name="conf-jaspi-extend" extends="conf-jaspi">

Deleted: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/resources/schema/security-config_4_1.xsd
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/resources/schema/security-config_4_1.xsd	2008-07-08 20:15:07 UTC (rev 75507)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/resources/schema/security-config_4_1.xsd	2008-07-08 21:21:00 UTC (rev 75508)
@@ -1,182 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- $Id: security-config_4_1.xsd 45686 2006-06-20 04:47:48Z asaldhana $ -->
-
-<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
-   elementFormDefault="qualified"
-   xmlns:jaas="urn:jboss:security-config:4.1"
-   xmlns:jbxb="http://www.jboss.org/xml/ns/jbxb"
-   targetNamespace="urn:jboss:security-config:4.1">
-
-   <xsd:annotation>
-      <xsd:documentation><![CDATA[
-         The login-config.xml schema with jbossxb annotations that map conforming
-         documents to the org.jboss.security.auth.login.PolicyConfig.
-     $Id: security-config_4_1.xsd 45686 2006-06-20 04:47:48Z asaldhana $
-    This is the XML Schema for the jboss 4.1 security configuration descriptor.
-    The default version of the descriptor is found in conf/login-config.xml
-     and this version of the schema is indicated using:
-
-        <policy xmlns="urn:jboss:security-config:4.1"
-          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-          version="4.1">
-          ...
-        </policy>
-
-     The outline of a policy/application-policy is:
-     <policy>
-      <application-policy name="security-domain-name">
-       <authentication>
-         <login-module code="login.module1.class.name" flag="control_flag">
-           <module-option name = "option1-name">option1-value</module-option>
-           <module-option name = "option2-name">option2-value</module-option>
-           ...
-         </login-module>
-   
-         <login-module code="login.module2.class.name" flag="control_flag">
-           ...
-         </login-module>
-         ...
-       </authentication>
-      </application-policy>
-     </policy>
-    ]]></xsd:documentation>
-      <xsd:appinfo>
-         <jbxb:schemaBindings>
-            <jbxb:package name="org.jboss.security.config"/>
-            <jbxb:ignoreUnresolvedFieldOrClass>false</jbxb:ignoreUnresolvedFieldOrClass>
-         </jbxb:schemaBindings>
-      </xsd:appinfo>
-   </xsd:annotation>
-
-  <xsd:element name="policy">
-    <xsd:complexType>
-       <xsd:annotation>
-         <xsd:documentation>The policy element is the root of the security
-            configuration descriptor.</xsd:documentation>
-          <xsd:appinfo>
-             <jbxb:class impl="org.jboss.security.config.PolicyConfig"/>
-          </xsd:appinfo>
-       </xsd:annotation>
-
-      <xsd:sequence>
-        <xsd:element maxOccurs="unbounded" ref="jaas:application-policy"/>
-      </xsd:sequence>
-    </xsd:complexType>
-  </xsd:element>
-
-  <xsd:element name="application-policy">
-    <xsd:complexType>
-       <xsd:annotation>
-          <xsd:documentation>The application-policy lists configuration for a
-             named policy. This currently only consists of the authentication
-             configuration. </xsd:documentation>
-          <xsd:appinfo>
-            <jbxb:class impl="org.jboss.security.config.ApplicationPolicyContainer"/>
-            <jbxb:addMethod name="add" valueType="org.jboss.security.config.ApplicationPolicy"/>
-          </xsd:appinfo>
-       </xsd:annotation>
-
-      <xsd:sequence>
-        <xsd:element ref="jaas:authentication"/>
-      </xsd:sequence>
-      <xsd:attribute name="name" use="required" type="xsd:string"/>
-    </xsd:complexType>
-  </xsd:element>
-
-  <xsd:element name="authentication">
-    <xsd:annotation>
-      <xsd:documentation>The authentication element contains the login module
-         stack configuration. Each login module configuration is specified
-         using a login-module element.</xsd:documentation>
-       <xsd:appinfo>
-          <jbxb:skip/>
-       </xsd:appinfo>
-    </xsd:annotation>
-    <xsd:complexType>
-      <xsd:sequence>
-        <xsd:element maxOccurs="unbounded" ref="jaas:login-module"/>
-      </xsd:sequence>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:element name="login-module">
-    <xsd:complexType>
-       <xsd:annotation>
-         <xsd:documentation>The login-module element defines a JAAS login module
-            configuration entry. Each entry must have a code and flag attribute
-            along with zero or more login module options specified via the
-            module-option element. </xsd:documentation>
-          <xsd:appinfo>
-             <jbxb:class impl="org.jboss.security.auth.login.AppConfigurationEntryHolder"/>
-          </xsd:appinfo>
-       </xsd:annotation>
-      <xsd:sequence>
-        <xsd:element minOccurs="0" maxOccurs="unbounded" ref="jaas:module-option"/>
-      </xsd:sequence>
-      <xsd:attribute name="code" use="required" type="xsd:string"/>
-      <xsd:attribute name="flag" use="required">
-        <xsd:annotation>
-           <xsd:documentation>The flag attribute controls how a login module
-              participates in the overall authentication proceedure.
-              Required - The LoginModule is required to succeed. If it
-              succeeds or fails, authentication still continues to proceed
-              down the LoginModule list.
-
-              Requisite - The LoginModule is required to succeed. If it succeeds,
-              authentication continues down the LoginModule list. If it fails,
-              control immediately returns to the application (authentication does not proceed
-              down the LoginModule list).
-
-              Sufficient - The LoginModule is  not required to succeed. If it does
-              succeed, control immediately returns to the application (authentication
-              does not proceed down the LoginModule list). If it fails,
-              authentication continues down the LoginModule list.
-                  
-              Optional - The LoginModule is not required to succeed. If it succeeds or
-              fails, authentication still continues to proceed down the
-              LoginModule list.
-                  
-              The overall authentication succeeds only if
-              all required and requisite LoginModules succeed. If a
-              sufficient LoginModule is configured and succeeds, then only
-              the required and requisite LoginModules prior to that
-              sufficient LoginModule need to have succeeded for the overall
-              authentication to succeed. If no required or requisite
-              LoginModules are configured for an application, then at least
-              one sufficient or optional LoginModule must succeed.
-           </xsd:documentation>
-        </xsd:annotation>
-        <xsd:simpleType>
-          <xsd:restriction base="xsd:string">
-            <xsd:enumeration value="required" />
-            <xsd:enumeration value="requisite" />
-            <xsd:enumeration value="sufficient" />
-            <xsd:enumeration value="optional" />
-          </xsd:restriction>
-        </xsd:simpleType>
-      </xsd:attribute>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:element name="module-option">
-    <xsd:complexType mixed="true">
-       <xsd:annotation>
-            <xsd:documentation>A module option defines a name, value pair that are
-            passed to a LoginModule when it is initialized during the login proceedure.
-            The name attribute defines the option name while the element value is the
-            option value. The type of the value can be anything from a string obtained
-            from the module-option body, to arbitary objects unmarshalled based on
-            the namespace associated with the module-option child element
-            </xsd:documentation>
-          <xsd:appinfo>
-             <!-- ModuleOption declares a constructor that takes name as a parameter
-                  while the value should be set with the setter.
-                  This use-case is not supported out-of-the-box. So, we use this container. -->
-             <jbxb:class impl="org.jboss.security.auth.login.ModuleOptionContainer"/>
-          </xsd:appinfo>
-       </xsd:annotation>
-      <xsd:sequence>
-        <xsd:any minOccurs="0" maxOccurs="1" namespace="##other" />
-      </xsd:sequence>
-      <xsd:attribute name="name" use="required" type="xsd:string"/>
-    </xsd:complexType>
-  </xsd:element>
-</xsd:schema>

Deleted: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/resources/schema/security-config_5_0.xsd
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/resources/schema/security-config_5_0.xsd	2008-07-08 20:15:07 UTC (rev 75507)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/resources/schema/security-config_5_0.xsd	2008-07-08 21:21:00 UTC (rev 75508)
@@ -1,272 +0,0 @@
-<!-- $Id: security-config_5_0.xsd 64432 2007-08-02 16:07:41Z anil.saldhana at jboss.com $ -->
-<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
-            xmlns:jbsx="urn:jboss:security-config:5.0" 
-            xmlns="urn:jboss:security-config:5.0" 
-            xmlns:jbxb="http://www.jboss.org/xml/ns/jbxb" 
-            targetNamespace="urn:jboss:security-config:5.0" 
-            elementFormDefault="qualified"
-            attributeFormDefault="unqualified">
-   <xsd:annotation>
-      <xsd:appinfo>
-         <jbxb:schemaBindings>
-            <jbxb:package name="org.jboss.security.config"/>
-            <jbxb:ignoreUnresolvedFieldOrClass>
-               false</jbxb:ignoreUnresolvedFieldOrClass>
-         </jbxb:schemaBindings>
-      </xsd:appinfo>
-   </xsd:annotation>
-   <xsd:element name="policy" type="jbsx:PolicyConfig"/>
-   <xsd:complexType name="PolicyConfig">
-      <xsd:annotation>
-         <xsd:appinfo>
-            <jbxb:class impl="org.jboss.security.config.PolicyConfig"/>
-         </xsd:appinfo>
-      </xsd:annotation>
-      <xsd:sequence>
-         <xsd:element ref="jbsx:application-policy" maxOccurs="unbounded"/>
-      </xsd:sequence>
-   </xsd:complexType>
-   <xsd:element name="application-policy">
-      <xsd:complexType>
-         <xsd:annotation>
-            <xsd:appinfo>
-               <jbxb:class impl="org.jboss.security.config.ApplicationPolicyContainer"/>
-               <jbxb:addMethod name="add" valueType="org.jboss.security.config.ApplicationPolicy"/>
-            </xsd:appinfo>
-         </xsd:annotation>
-         <xsd:sequence>
-            <xsd:choice>
-               <xsd:element ref="jbsx:authentication"/>
-               <xsd:element ref="jbsx:authentication-jaspi"/>
-            </xsd:choice>
-            <xsd:element ref="jbsx:authorization" minOccurs="0"/>
-            <xsd:element ref="jbsx:rolemapping" minOccurs="0"/>
-            <xsd:element ref="jbsx:audit" minOccurs="0"/>
-            <xsd:element ref="jbsx:identity-trust" minOccurs="0"/>
-         </xsd:sequence>
-         <xsd:attribute name="name" type="xsd:string" use="required"/>
-         <xsd:attribute name="extends" type="xsd:string"/>
-      </xsd:complexType>
-   </xsd:element>
-   <xsd:element name="authentication" type="jbsx:authenticationInfo"/>
-   <xsd:element name="authentication-jaspi" type="jbsx:authenticationJaspiInfo"/>
-   <xsd:element name="authorization" type="jbsx:authorizationInfo"/>
-   <xsd:element name="rolemapping" type="jbsx:roleMappingInfo"/>
-   <xsd:element name="audit" type="jbsx:auditInfo"/>
-   <xsd:element name="identity-trust" type="jbsx:identityTrustInfo"/>
-   <xsd:complexType name="authenticationInfo">
-      <xsd:annotation>
-         <xsd:appinfo>
-            <jbxb:skip/>
-         </xsd:appinfo>
-      </xsd:annotation>
-      <xsd:sequence>
-         <xsd:element ref="jbsx:login-module" maxOccurs="unbounded"/>
-      </xsd:sequence>
-   </xsd:complexType>
-   <xsd:complexType name="authenticationJaspiInfo">
-      <xsd:annotation>
-         <xsd:appinfo>
-            <jbxb:skip/>
-         </xsd:appinfo>
-      </xsd:annotation>
-      <xsd:sequence>
-         <xsd:element ref="jbsx:login-module-stack" maxOccurs="unbounded"/>
-         <xsd:element ref="jbsx:auth-module" maxOccurs="unbounded"/>
-      </xsd:sequence>
-   </xsd:complexType>
-   <xsd:complexType name="authorizationInfo">
-      <xsd:annotation>
-         <xsd:appinfo>
-            <jbxb:skip/>
-         </xsd:appinfo>
-      </xsd:annotation>
-      <xsd:sequence>
-         <xsd:element ref="jbsx:policy-module"  maxOccurs="unbounded"/>
-      </xsd:sequence>
-   </xsd:complexType>
-   <xsd:complexType name="roleMappingInfo">
-      <xsd:annotation>
-         <xsd:appinfo>
-            <jbxb:class impl="org.jboss.security.mapping.config.RoleMappingConfigContainer"/>
-            <jbxb:addMethod name="addMappingInfo"/>
-         </xsd:appinfo>
-      </xsd:annotation>
-      <xsd:sequence>
-         <xsd:element ref="jbsx:mapping-module" maxOccurs="unbounded"/>
-      </xsd:sequence>
-   </xsd:complexType>
-   <xsd:complexType name="auditInfo">
-      <xsd:annotation>
-         <xsd:appinfo>
-            <jbxb:skip/>
-         </xsd:appinfo>
-      </xsd:annotation>
-      <xsd:sequence>
-         <xsd:element ref="jbsx:provider-module"  maxOccurs="unbounded"/>
-      </xsd:sequence>
-   </xsd:complexType>
-   <xsd:complexType name="identityTrustInfo">
-      <xsd:annotation>
-         <xsd:appinfo>
-            <jbxb:skip/>
-         </xsd:appinfo>
-      </xsd:annotation>
-      <xsd:sequence>
-         <xsd:element ref="jbsx:trust-module"  maxOccurs="unbounded"/>
-      </xsd:sequence>
-   </xsd:complexType>
-    
-   
-   <xsd:simpleType name="module-option-flag">
-      <xsd:annotation>
-           <xsd:documentation>The flag attribute controls how a login module
-              participates in the overall authentication proceedure.
-              Required - The LoginModule is required to succeed. If it
-              succeeds or fails, authentication still continues to proceed
-              down the LoginModule list.
-
-              Requisite - The LoginModule is required to succeed. If it succeeds,
-              authentication continues down the LoginModule list. If it fails,
-              control immediately returns to the application (authentication does not proceed
-              down the LoginModule list).
-
-              Sufficient - The LoginModule is  not required to succeed. If it does
-              succeed, control immediately returns to the application (authentication
-              does not proceed down the LoginModule list). If it fails,
-              authentication continues down the LoginModule list.
-                  
-              Optional - The LoginModule is not required to succeed. If it succeeds or
-              fails, authentication still continues to proceed down the
-              LoginModule list.
-                  
-              The overall authentication succeeds only if
-              all required and requisite LoginModules succeed. If a
-              sufficient LoginModule is configured and succeeds, then only
-              the required and requisite LoginModules prior to that
-              sufficient LoginModule need to have succeeded for the overall
-              authentication to succeed. If no required or requisite
-              LoginModules are configured for an application, then at least
-              one sufficient or optional LoginModule must succeed.
-           </xsd:documentation>
-        </xsd:annotation> 
-      <xsd:restriction base="xsd:string">
-         <xsd:enumeration value="required"/>
-         <xsd:enumeration value="requisite"/>
-         <xsd:enumeration value="sufficient"/>
-         <xsd:enumeration value="optional"/>
-      </xsd:restriction>
-   </xsd:simpleType>
-
-   <xsd:element name="login-module" type="jbsx:loginModuleInfo"/>
-   <xsd:complexType name="loginModuleInfo">
-      <xsd:annotation>
-         <xsd:appinfo>
-            <jbxb:class impl="org.jboss.security.auth.login.AppConfigurationEntryHolder"/>
-         </xsd:appinfo>
-      </xsd:annotation>
-      <xsd:sequence>
-         <xsd:element ref="jbsx:module-option" minOccurs="0" maxOccurs="unbounded"/>
-      </xsd:sequence>
-      <xsd:attribute name="code" type="xsd:string" use="required"/>
-      <xsd:attribute name="flag" type="jbsx:module-option-flag" use="required"/>
-   </xsd:complexType>
-   
-   <xsd:element name="module-option">
-      <xsd:complexType mixed="true">
-         <xsd:annotation>
-            <xsd:appinfo>
-               <!-- ModuleOption declares a constructor that takes name as a parameter
-                 while the value should be set with the setter.
-               
-                 This use-case is not supported out-of-the-box. So, we use this container. -->
-               <jbxb:class impl="org.jboss.security.auth.login.ModuleOptionContainer"/>
-            </xsd:appinfo>
-         </xsd:annotation>
-         <xsd:sequence>
-            <xsd:any namespace="##other" minOccurs="0"/>
-         </xsd:sequence>
-         <xsd:attribute name="name" type="xsd:string" use="required"/>
-      </xsd:complexType>
-   </xsd:element>
-   <xsd:element name="login-module-stack">
-      <xsd:complexType>
-         <xsd:annotation>
-            <xsd:appinfo>
-               <jbxb:class impl="org.jboss.security.auth.login.LoginModuleStackContainer"/>
-            </xsd:appinfo>
-         </xsd:annotation>
-         <xsd:sequence>
-            <xsd:element ref="jbsx:login-module" maxOccurs="unbounded"/>
-         </xsd:sequence>
-         <xsd:attribute name="name" type="xsd:string" use="required"/>
-      </xsd:complexType>
-   </xsd:element>
-   <xsd:element name="auth-module" type="jbsx:authModuleInfo"/>
-   <xsd:complexType name="authModuleInfo">
-      <xsd:annotation>
-         <xsd:appinfo>
-            <jbxb:class impl="org.jboss.security.auth.container.config.AuthModuleEntryHolder"/>
-         </xsd:appinfo>
-      </xsd:annotation>
-      <xsd:sequence>
-         <xsd:element ref="jbsx:module-option" minOccurs="0" maxOccurs="unbounded"/>
-      </xsd:sequence>
-      <xsd:attribute name="code" type="xsd:string" use="required"/>
-      <xsd:attribute name="login-module-stack-ref" type="xsd:string"/>
-   </xsd:complexType>
-   <xsd:element name="policy-module">
-      <xsd:complexType>
-         <xsd:annotation>
-            <xsd:appinfo>
-               <jbxb:class impl="org.jboss.security.authorization.config.AuthorizationConfigEntryHolder"/>
-            </xsd:appinfo>
-         </xsd:annotation>
-         <xsd:sequence>
-            <xsd:element ref="jbsx:module-option" minOccurs="0" maxOccurs="unbounded"/>
-         </xsd:sequence>
-         <xsd:attribute name="code" type="xsd:string" use="required"/>
-         <xsd:attribute name="flag" type="jbsx:module-option-flag" use="required"/>
-      </xsd:complexType>
-   </xsd:element>
-   <xsd:element name="mapping-module">
-      <xsd:complexType>
-         <xsd:annotation>
-            <xsd:appinfo>
-               <jbxb:class impl="org.jboss.security.mapping.config.MappingConfigEntryHolder"/>
-            </xsd:appinfo>
-         </xsd:annotation>
-         <xsd:sequence>
-            <xsd:element ref="jbsx:module-option" minOccurs="0" maxOccurs="unbounded"/>
-         </xsd:sequence>
-         <xsd:attribute name="code" type="xsd:string" use="required"/>
-      </xsd:complexType>
-   </xsd:element>
-   <xsd:element name="provider-module">
-      <xsd:complexType>
-         <xsd:annotation>
-            <xsd:appinfo>
-               <jbxb:class impl="org.jboss.security.audit.config.AuditConfigEntryHolder"/>
-            </xsd:appinfo>
-         </xsd:annotation>
-         <xsd:sequence>
-            <xsd:element ref="jbsx:module-option" minOccurs="0" maxOccurs="unbounded"/>
-         </xsd:sequence>
-         <xsd:attribute name="code" type="xsd:string" use="required"/>
-      </xsd:complexType>
-   </xsd:element>
-   <xsd:element name="trust-module">
-      <xsd:complexType>
-         <xsd:annotation>
-            <xsd:appinfo>
-               <jbxb:class impl="org.jboss.security.identitytrust.config.IdentityTrustConfigEntryHolder"/>
-            </xsd:appinfo>
-         </xsd:annotation>
-         <xsd:sequence>
-            <xsd:element ref="jbsx:module-option" minOccurs="0" maxOccurs="unbounded"/>
-         </xsd:sequence>
-         <xsd:attribute name="code" type="xsd:string" use="required"/>
-         <xsd:attribute name="flag" type="jbsx:module-option-flag" use="required"/>
-      </xsd:complexType>
-   </xsd:element>
-</xsd:schema>




More information about the jboss-cvs-commits mailing list