[jboss-cvs] JBossAS SVN: r73529 - in projects/security/security-jboss-sx/tags: 2.0.2.CR2 and 25 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue May 20 10:46:24 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-05-20 10:46:23 -0400 (Tue, 20 May 2008)
New Revision: 73529
Added:
projects/security/security-jboss-sx/tags/2.0.2.CR2/
projects/security/security-jboss-sx/tags/2.0.2.CR2/.classpath
projects/security/security-jboss-sx/tags/2.0.2.CR2/acl/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.CR2/assembly/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.CR2/identity/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx-client/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/.classpath
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SecurityActions.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleClientAuthModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleServerAuthModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfoContainer.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/ConfigUtil.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/JASPIAuthenticationInfo.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackContainer.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackHolder.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/SecurityActions.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/XMLLoginConfigImpl.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/AuthProviderRegistrationDelegate.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigProvider.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthConfig.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthContext.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthConfig.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthContext.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/AbstractServerLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/BaseCertLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/CertRolesLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseCertLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseServerLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DecodeAction.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/IdentityLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/ProxyLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/RoleMappingLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/RunAsLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/SecurityActions.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/Users.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsersLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsersRolesLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/XMLLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/AuthorizationInfoContainer.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/SecurityActions.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/cache/JBossAuthenticationCache.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/config/SecurityConfiguration.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/JBossIdentityTrustContext.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/SecurityActions.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/modules/AbstractIdentityTrustModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/config/RoleMappingConfigContainer.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/MappingProviderUtil.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/SecurityActions.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectCNMapper.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectDNMapper.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContextUtil.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/audit/SecurityActions.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/auth/SubjectActions.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/mapping/JBossMappingManager.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/mapping/SecurityActions.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/pom.xml
Removed:
projects/security/security-jboss-sx/tags/2.0.2.CR2/.classpath
projects/security/security-jboss-sx/tags/2.0.2.CR2/acl/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.CR2/assembly/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.CR2/identity/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx-client/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/.classpath
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/pom.xml
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SecurityActions.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleClientAuthModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleServerAuthModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfoContainer.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/ConfigUtil.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/JASPIAuthenticationInfo.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackContainer.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackHolder.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/SecurityActions.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/XMLLoginConfigImpl.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/AuthProviderRegistrationDelegate.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigProvider.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthConfig.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthContext.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthConfig.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthContext.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/AbstractServerLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/BaseCertLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/CertRolesLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseCertLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseServerLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DecodeAction.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/IdentityLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/ProxyLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/RoleMappingLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/RunAsLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/SecurityActions.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/Users.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsersLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsersRolesLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/XMLLoginModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/AuthorizationInfoContainer.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/SecurityActions.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/cache/JBossAuthenticationCache.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/config/SecurityConfiguration.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/JBossIdentityTrustContext.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/SecurityActions.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/modules/AbstractIdentityTrustModule.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/config/RoleMappingConfigContainer.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/MappingProviderUtil.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/SecurityActions.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectCNMapper.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectDNMapper.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContextUtil.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/audit/SecurityActions.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/auth/SubjectActions.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/mapping/JBossMappingManager.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/mapping/SecurityActions.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java
projects/security/security-jboss-sx/tags/2.0.2.CR2/pom.xml
Log:
[maven-release-plugin] copy for tag 2.0.2.CR2
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2 (from rev 73225, projects/security/security-jboss-sx/trunk)
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/.classpath
===================================================================
--- projects/security/security-jboss-sx/trunk/.classpath 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/.classpath 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,42 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
- <classpathentry kind="src" path="jbosssx/src/main"/>
- <classpathentry excluding="resources/" kind="src" path="jbosssx/src/tests"/>
- <classpathentry kind="src" path="jbosssx/src/tests/resources"/>
- <classpathentry kind="src" path="identity/src/tests"/>
- <classpathentry kind="src" path="acl/src/main/resources"/>
- <classpathentry kind="src" path="acl/src/tests/java"/>
- <classpathentry kind="src" path="jbosssx/target/generated-sources/javacc"/>
- <classpathentry kind="src" path="identity/src/main"/>
- <classpathentry kind="src" path="acl/src/main/java"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.2.GA/jboss-logging-spi-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-log4j/2.0.2.GA/jboss-logging-log4j-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jbossxb/2.0.0.CR4/jbossxb-2.0.0.CR4.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.1.GA/jboss-common-core-2.2.1.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jacc-api/1.1.0.Beta3Update1/jboss-jacc-api-1.1.0.Beta3Update1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-transaction-api/1.0.1.Beta3Update1/jboss-transaction-api-1.0.1.Beta3Update1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jaspi-api/1.0.0.Beta3Update1/jboss-jaspi-api-1.0.0.Beta3Update1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/authorization-spi/2.0.2.Beta7/authorization-spi-2.0.2.Beta7.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-spi/2.0.2.Beta7/identity-spi-2.0.2.Beta7.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/acl-spi/2.0.2.Beta7/acl-spi-2.0.2.Beta7.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi-bare/2.0.2.Beta7/jboss-security-spi-bare-2.0.2.Beta7.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.5/servlet-api-2.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate/3.2.4.sp1/hibernate-3.2.4.sp1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-annotations/3.3.0.ga/hibernate-annotations-3.3.0.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-entitymanager/3.3.1.ga/hibernate-entitymanager-3.3.1.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-acl-impl/2.0.2-SNAPSHOT/jboss-security-acl-impl-2.0.2-SNAPSHOT.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT.jar"/>
- <classpathentry kind="var" path="M2_REPO/javassist/javassist/3.4.GA/javassist-3.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-javaee/5.0.0.Beta3/jboss-javaee-5.0.0.Beta3.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-jmx/4.2.1.GA/jboss-jmx-4.2.1.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-sunxacml/2.0.2.GA/jboss-sunxacml-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-xacml/2.0.2.GA/jboss-xacml-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-xerces/xercesImpl/2.7.1/xercesImpl-2.7.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-test/1.0.4.GA/jboss-test-1.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/sun-opends/opends-core/1.0.0-BUILD04/opends-core-1.0.0-BUILD04.jar"/>
- <classpathentry kind="output" path="bin"/>
-</classpath>
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/.classpath (from rev 73229, projects/security/security-jboss-sx/trunk/.classpath)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/.classpath (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/.classpath 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="src" path="jbosssx/src/main"/>
+ <classpathentry excluding="resources/" kind="src" path="jbosssx/src/tests"/>
+ <classpathentry kind="src" path="jbosssx/src/tests/resources"/>
+ <classpathentry kind="src" path="identity/src/tests"/>
+ <classpathentry kind="src" path="acl/src/main/resources"/>
+ <classpathentry kind="src" path="acl/src/tests/java"/>
+ <classpathentry kind="src" path="jbosssx/target/generated-sources/javacc"/>
+ <classpathentry kind="src" path="identity/src/main"/>
+ <classpathentry kind="src" path="acl/src/main/java"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.2.GA/jboss-logging-spi-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-log4j/2.0.2.GA/jboss-logging-log4j-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jbossxb/2.0.0.CR4/jbossxb-2.0.0.CR4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.1.GA/jboss-common-core-2.2.1.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jacc-api/1.1.0.Beta3Update1/jboss-jacc-api-1.1.0.Beta3Update1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-transaction-api/1.0.1.Beta3Update1/jboss-transaction-api-1.0.1.Beta3Update1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jaspi-api/1.0.0.CR1/jboss-jaspi-api-1.0.0.CR1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.CR1/jboss-security-spi-2.0.2.CR1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.5/servlet-api-2.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate/3.2.4.sp1/hibernate-3.2.4.sp1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-annotations/3.3.0.ga/hibernate-annotations-3.3.0.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-entitymanager/3.3.1.ga/hibernate-entitymanager-3.3.1.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-acl-impl/2.0.2-SNAPSHOT/jboss-security-acl-impl-2.0.2-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javassist/javassist/3.4.GA/javassist-3.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-javaee/5.0.0.Beta3/jboss-javaee-5.0.0.Beta3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-jmx/4.2.1.GA/jboss-jmx-4.2.1.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-sunxacml/2.0.2.GA/jboss-sunxacml-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-xacml/2.0.2.GA/jboss-xacml-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-xerces/xercesImpl/2.7.1/xercesImpl-2.7.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-test/1.0.4.GA/jboss-test-1.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/sun-opends/opends-core/1.0.0-BUILD04/opends-core-1.0.0-BUILD04.jar"/>
+ <classpathentry kind="output" path="bin"/>
+</classpath>
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/acl/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/pom.xml 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/acl/pom.xml 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,150 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.security</groupId>
- <artifactId>jbosssx-parent</artifactId>
- <version>2.0.2-SNAPSHOT</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>jboss-security-acl-impl</artifactId>
- <packaging>jar</packaging>
- <name>JBoss Security ACL Implementation</name>
- <url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <profiles>
- <!-- mvn install -Psecurity-manager -->
- <profile>
- <id>security-manager</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <properties>
- <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
- <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
- <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} ${test.env}</surefire.jvm.args>
- </properties>
- </profile>
- <!-- mvn install -Psecurity-manager-debug -->
- <!-- Best Practice: mvn install -Psecurity-manager-debug 2>&1 > logfile2>&1 > logfile -->
- <profile>
- <id>security-manager-debug</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <properties>
- <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
- <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
- <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} -Djava.security.debug=failure,access ${test.env}</surefire.jvm.args>
- </properties>
- </profile>
- </profiles>
- <build>
- <sourceDirectory>src/main/java</sourceDirectory>
- <outputDirectory>target/classes</outputDirectory>
- <testSourceDirectory>src/tests/java</testSourceDirectory>
- <testOutputDirectory>target/test-classes</testOutputDirectory>
- <finalName>${artifactId}</finalName>
- <resources>
- <resource>
- <directory>${basedir}</directory>
- <includes>
- <include>JBossORG-EULA.txt</include>
- </includes>
- </resource>
- <resource>
- <directory>src/main/resources</directory>
- <includes>
- <include>**/*.dtd</include>
- <include>**/*.xsd</include>
- </includes>
- </resource>
- </resources>
- <testResources>
- <testResource>
- <directory>src/tests/resources/</directory>
- <includes>
- <include>**/*.xml</include>
- </includes>
- </testResource>
- </testResources>
- </build>
- <dependencies>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>acl-spi</artifactId>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>identity-spi</artifactId>
- </dependency>
- <dependency>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-common-core</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-logging-spi</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-logging-log4j</artifactId>
- <scope>runtime</scope>
- </dependency>
- <dependency>
- <groupId>org.hibernate</groupId>
- <artifactId>hibernate</artifactId>
- <version>3.2.4.sp1</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.hibernate</groupId>
- <artifactId>hibernate-annotations</artifactId>
- <version>3.3.0.ga</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.hibernate</groupId>
- <artifactId>hibernate-entitymanager</artifactId>
- <version>3.3.1.ga</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>hsqldb</groupId>
- <artifactId>hsqldb</artifactId>
- <version>1.8.0.2</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>apache-log4j</groupId>
- <artifactId>log4j</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-test</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>identity-impl</artifactId>
- <version>${project.version}</version>
- <scope>compile</scope>
- </dependency>
- </dependencies>
-</project>
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/acl/pom.xml (from rev 73528, projects/security/security-jboss-sx/trunk/acl/pom.xml)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/acl/pom.xml (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/acl/pom.xml 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,150 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx-parent</artifactId>
+ <version>2.0.2.CR2</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jboss-security-acl-impl</artifactId>
+ <packaging>jar</packaging>
+ <name>JBoss Security ACL Implementation</name>
+ <url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <profiles>
+ <!-- mvn install -Psecurity-manager -->
+ <profile>
+ <id>security-manager</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <properties>
+ <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
+ <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
+ <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} ${test.env}</surefire.jvm.args>
+ </properties>
+ </profile>
+ <!-- mvn install -Psecurity-manager-debug -->
+ <!-- Best Practice: mvn install -Psecurity-manager-debug 2>&1 > logfile2>&1 > logfile -->
+ <profile>
+ <id>security-manager-debug</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <properties>
+ <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
+ <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
+ <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} -Djava.security.debug=failure,access ${test.env}</surefire.jvm.args>
+ </properties>
+ </profile>
+ </profiles>
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <outputDirectory>target/classes</outputDirectory>
+ <testSourceDirectory>src/tests/java</testSourceDirectory>
+ <testOutputDirectory>target/test-classes</testOutputDirectory>
+ <finalName>${artifactId}</finalName>
+ <resources>
+ <resource>
+ <directory>${basedir}</directory>
+ <includes>
+ <include>JBossORG-EULA.txt</include>
+ </includes>
+ </resource>
+ <resource>
+ <directory>src/main/resources</directory>
+ <includes>
+ <include>**/*.dtd</include>
+ <include>**/*.xsd</include>
+ </includes>
+ </resource>
+ </resources>
+ <testResources>
+ <testResource>
+ <directory>src/tests/resources/</directory>
+ <includes>
+ <include>**/*.xml</include>
+ </includes>
+ </testResource>
+ </testResources>
+ </build>
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>acl-spi</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>identity-spi</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-common-core</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-logging-spi</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-logging-log4j</artifactId>
+ <scope>runtime</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate</artifactId>
+ <version>3.2.4.sp1</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-annotations</artifactId>
+ <version>3.3.0.ga</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-entitymanager</artifactId>
+ <version>3.3.1.ga</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>hsqldb</groupId>
+ <artifactId>hsqldb</artifactId>
+ <version>1.8.0.2</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>apache-log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>identity-impl</artifactId>
+ <version>${project.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ </dependencies>
+</project>
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/assembly/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/assembly/pom.xml 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/assembly/pom.xml 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,62 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.security</groupId>
- <artifactId>jbosssx-parent</artifactId>
- <version>2.0.2-SNAPSHOT</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <groupId>org.jboss.security</groupId>
- <artifactId>jbosssx</artifactId>
- <packaging>pom</packaging>
- <name>JBoss Security Implementation for the JBAS - Assembly</name>
- <url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-assembly-plugin</artifactId>
- <version>2.1</version>
- <executions>
- <execution>
- <phase>package</phase>
- <goals>
- <goal>attached</goal>
- </goals>
- </execution>
- </executions>
- <configuration>
- <archive>
- <manifestEntries>
- <Specification-Title>JBoss Security Implementation for the JBAS</Specification-Title>
- <Specification-Version>${project.version}</Specification-Version>
- <Specification-Vendor>Red Hat Middleware LLC</Specification-Vendor>
- <Implementation-Title>JBoss Security Implementation for the JBAS</Implementation-Title>
- <Implementation-Version>${project.version}</Implementation-Version>
- <Implementation-VendorId>org.jboss.security</Implementation-VendorId>
- <Implementation-Vendor>Red Hat Middleware LLC</Implementation-Vendor>
- <Implementation-URL>http://labs.jboss.org/portal/jbosssecurity/</Implementation-URL>
- </manifestEntries>
- </archive>
- <descriptors>
- <descriptor>src/assembly/bin.xml</descriptor>
- <descriptor>src/assembly/sources.xml</descriptor>
- </descriptors>
- </configuration>
- <inherited>false</inherited>
- </plugin>
- </plugins>
- </build>
-
-</project>
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/assembly/pom.xml (from rev 73528, projects/security/security-jboss-sx/trunk/assembly/pom.xml)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/assembly/pom.xml (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/assembly/pom.xml 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,62 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx-parent</artifactId>
+ <version>2.0.2.CR2</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx</artifactId>
+ <packaging>pom</packaging>
+ <name>JBoss Security Implementation for the JBAS - Assembly</name>
+ <url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <version>2.1</version>
+ <executions>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>attached</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <archive>
+ <manifestEntries>
+ <Specification-Title>JBoss Security Implementation for the JBAS</Specification-Title>
+ <Specification-Version>${project.version}</Specification-Version>
+ <Specification-Vendor>Red Hat Middleware LLC</Specification-Vendor>
+ <Implementation-Title>JBoss Security Implementation for the JBAS</Implementation-Title>
+ <Implementation-Version>${project.version}</Implementation-Version>
+ <Implementation-VendorId>org.jboss.security</Implementation-VendorId>
+ <Implementation-Vendor>Red Hat Middleware LLC</Implementation-Vendor>
+ <Implementation-URL>http://labs.jboss.org/portal/jbosssecurity/</Implementation-URL>
+ </manifestEntries>
+ </archive>
+ <descriptors>
+ <descriptor>src/assembly/bin.xml</descriptor>
+ <descriptor>src/assembly/sources.xml</descriptor>
+ </descriptors>
+ </configuration>
+ <inherited>false</inherited>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/identity/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/identity/pom.xml 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/identity/pom.xml 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,123 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.security</groupId>
- <artifactId>jbosssx-parent</artifactId>
- <version>2.0.2-SNAPSHOT</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>identity-impl</artifactId>
- <packaging>jar</packaging>
- <name>JBoss Security Identity Implementation</name>
- <url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <profiles>
- <!-- mvn install -Psecurity-manager -->
- <profile>
- <id>security-manager</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <properties>
- <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
- <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
- <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} ${test.env}</surefire.jvm.args>
- </properties>
- </profile>
- <!-- mvn install -Psecurity-manager-debug -->
- <!-- Best Practice: mvn install -Psecurity-manager-debug 2>&1 > logfile2>&1 > logfile -->
- <profile>
- <id>security-manager-debug</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <properties>
- <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
- <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
- <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} -Djava.security.debug=failure,access ${test.env}</surefire.jvm.args>
- </properties>
- </profile>
- </profiles>
- <build>
- <sourceDirectory>src/main</sourceDirectory>
- <testSourceDirectory>src/tests</testSourceDirectory>
- <testOutputDirectory>target/test-classes</testOutputDirectory>
- <finalName>${artifactId}</finalName>
- <outputDirectory>target/classes</outputDirectory>
- <resources>
- <resource>
- <directory>src/main</directory>
- <includes>
- <include>**/*.xml</include>
- </includes>
- </resource>
- <resource>
- <directory>${basedir}</directory>
- <includes>
- <include>JBossORG-EULA.txt</include>
- </includes>
- </resource>
- <resource>
- <directory>src/resources</directory>
- <includes>
- <include>**/*.dtd</include>
- <include>**/*.xsd</include>
- </includes>
- </resource>
- </resources>
- <testResources>
- <testResource>
- <directory>src/tests/resources/</directory>
- </testResource>
- <testResource>
- <directory>src/main</directory>
- </testResource>
- </testResources>
- </build>
- <dependencies>
- <dependency>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-common-core</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-logging-spi</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-logging-log4j</artifactId>
- <scope>runtime</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>identity-spi</artifactId>
- <version>2.0.2.Beta5</version>
- </dependency>
- <dependency>
- <groupId>apache-log4j</groupId>
- <artifactId>log4j</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-test</artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
-</project>
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/identity/pom.xml (from rev 73528, projects/security/security-jboss-sx/trunk/identity/pom.xml)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/identity/pom.xml (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/identity/pom.xml 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,123 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx-parent</artifactId>
+ <version>2.0.2.CR2</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>identity-impl</artifactId>
+ <packaging>jar</packaging>
+ <name>JBoss Security Identity Implementation</name>
+ <url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <profiles>
+ <!-- mvn install -Psecurity-manager -->
+ <profile>
+ <id>security-manager</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <properties>
+ <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
+ <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
+ <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} ${test.env}</surefire.jvm.args>
+ </properties>
+ </profile>
+ <!-- mvn install -Psecurity-manager-debug -->
+ <!-- Best Practice: mvn install -Psecurity-manager-debug 2>&1 > logfile2>&1 > logfile -->
+ <profile>
+ <id>security-manager-debug</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <properties>
+ <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
+ <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
+ <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} -Djava.security.debug=failure,access ${test.env}</surefire.jvm.args>
+ </properties>
+ </profile>
+ </profiles>
+ <build>
+ <sourceDirectory>src/main</sourceDirectory>
+ <testSourceDirectory>src/tests</testSourceDirectory>
+ <testOutputDirectory>target/test-classes</testOutputDirectory>
+ <finalName>${artifactId}</finalName>
+ <outputDirectory>target/classes</outputDirectory>
+ <resources>
+ <resource>
+ <directory>src/main</directory>
+ <includes>
+ <include>**/*.xml</include>
+ </includes>
+ </resource>
+ <resource>
+ <directory>${basedir}</directory>
+ <includes>
+ <include>JBossORG-EULA.txt</include>
+ </includes>
+ </resource>
+ <resource>
+ <directory>src/resources</directory>
+ <includes>
+ <include>**/*.dtd</include>
+ <include>**/*.xsd</include>
+ </includes>
+ </resource>
+ </resources>
+ <testResources>
+ <testResource>
+ <directory>src/tests/resources/</directory>
+ </testResource>
+ <testResource>
+ <directory>src/main</directory>
+ </testResource>
+ </testResources>
+ </build>
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-common-core</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-logging-spi</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-logging-log4j</artifactId>
+ <scope>runtime</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>identity-spi</artifactId>
+ <version>2.0.2.Beta5</version>
+ </dependency>
+ <dependency>
+ <groupId>apache-log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/.classpath
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/.classpath 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/.classpath 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,66 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
- <classpathentry excluding="**/*.java|src/tests/resources/" including="JBossORG-EULA.txt" kind="src" path=""/>
- <classpathentry kind="src" path="src/tests/resources"/>
- <classpathentry kind="src" path="src/main"/>
- <classpathentry excluding="**/*.java" including="**/*.dtd|**/*.xsd" kind="src" path="src/resources"/>
- <classpathentry excluding="resources/" kind="src" output="target/test-classes" path="src/tests"/>
- <classpathentry kind="src" path="target/generated-sources/javacc"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
- <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/ant/ant/1.6.5/ant-1.6.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/ant/ant-junit/1.6.5/ant-junit-1.6.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar"/>
- <classpathentry kind="var" path="M2_REPO/asm/asm/1.5.3/asm-1.5.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/asm/asm-attrs/1.5.3/asm-attrs-1.5.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/cglib/cglib/2.1_3/cglib-2.1_3.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/2.1.1/commons-collections-2.1.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-httpclient/commons-httpclient/2.0.2/commons-httpclient-2.0.2.jar"/>
- <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/oswego-concurrent/concurrent/1.3.4/concurrent-1.3.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/wutka-dtdparser/dtdparser121/1.2.1/dtdparser121-1.2.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.3/ehcache-1.2.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate/3.2.4.sp1/hibernate-3.2.4.sp1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-annotations/3.3.0.ga/hibernate-annotations-3.3.0.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-commons-annotations/3.0.0.ga/hibernate-commons-annotations-3.0.0.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-entitymanager/3.3.1.ga/hibernate-entitymanager-3.3.1.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-validator/3.0.0.ga/hibernate-validator-3.0.0.ga.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javassist/3.7.1.GA/javassist-3.7.1.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-core/2.0.4.GA/jboss-common-core-2.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.1.GA/jboss-common-core-2.2.1.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-log4j/2.0.4.GA/jboss-common-logging-log4j-2.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jacc-api/1.1.0.Beta3Update1/jboss-jacc-api-1.1.0.Beta3Update1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jaspi-api/1.0.0.CR1/jboss-jaspi-api-1.0.0.CR1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-javaee/5.0.0.Beta3/jboss-javaee-5.0.0.Beta3.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-jmx/4.2.1.GA/jboss-jmx-4.2.1.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-log4j/2.0.2.GA/jboss-logging-log4j-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.2.GA/jboss-logging-spi-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/profiler/jvmti/jboss-profiler-jvmti/1.0.0.CR5/jboss-profiler-jvmti-1.0.0.CR5.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-acl-impl/2.0.2-SNAPSHOT/jboss-security-acl-impl-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-acl-impl/2.0.2-SNAPSHOT/jboss-security-acl-impl-2.0.2-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2-SNAPSHOT/jboss-security-spi-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-spi-bare/2.0.2-SNAPSHOT/jboss-security-spi-bare-2.0.2-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-servlet-api/2.5.0.CR1/jboss-servlet-api-2.5.0.CR1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-test/1.0.4.GA/jboss-test-1.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-transaction-api/1.0.1.Beta3Update1/jboss-transaction-api-1.0.1.Beta3Update1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jbossxb/2.0.0.CR4/jbossxb-2.0.0.CR4.jar"/>
- <classpathentry kind="var" path="M2_REPO/sleepycat/je/3.2.43/je-3.2.43.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jnpserver/5.0.0.Beta3/jnpserver-5.0.0.Beta3.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/transaction/jta/1.0.1B/jta-1.0.1B.jar"/>
- <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
- <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/sun-opends/opends-core/1.0.0-BUILD04/opends-core-1.0.0-BUILD04.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.5/servlet-api-2.5.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-xacml/2.0.2.GA/jboss-xacml-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-sunxacml/2.0.2.GA/jboss-sunxacml-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-slide/webdavlib/2.0/webdavlib-2.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-xerces/xercesImpl/2.7.1/xercesImpl-2.7.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-xerces/xml-apis/2.7.1/xml-apis-2.7.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/sun-jaxb/jaxb-api/2.1.4/jaxb-api-2.1.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/sun-jaxb/jaxb-impl/2.1.4/jaxb-impl-2.1.4.jar"/>
- <classpathentry kind="output" path="target/classes"/>
-</classpath>
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/.classpath (from rev 73229, projects/security/security-jboss-sx/trunk/jbosssx/.classpath)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/.classpath (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/.classpath 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry excluding="**/*.java|src/tests/resources/" including="JBossORG-EULA.txt" kind="src" path=""/>
+ <classpathentry kind="src" path="src/tests/resources"/>
+ <classpathentry kind="src" path="src/main"/>
+ <classpathentry excluding="**/*.java" including="**/*.dtd|**/*.xsd" kind="src" path="src/resources"/>
+ <classpathentry excluding="resources/" kind="src" output="target/test-classes" path="src/tests"/>
+ <classpathentry kind="src" path="target/generated-sources/javacc"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/ant/ant/1.6.5/ant-1.6.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/ant/ant-junit/1.6.5/ant-junit-1.6.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar"/>
+ <classpathentry kind="var" path="M2_REPO/asm/asm/1.5.3/asm-1.5.3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/asm/asm-attrs/1.5.3/asm-attrs-1.5.3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/cglib/cglib/2.1_3/cglib-2.1_3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/2.1.1/commons-collections-2.1.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-httpclient/commons-httpclient/2.0.2/commons-httpclient-2.0.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/oswego-concurrent/concurrent/1.3.4/concurrent-1.3.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/wutka-dtdparser/dtdparser121/1.2.1/dtdparser121-1.2.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.3/ehcache-1.2.3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate/3.2.4.sp1/hibernate-3.2.4.sp1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-annotations/3.3.0.ga/hibernate-annotations-3.3.0.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-commons-annotations/3.0.0.ga/hibernate-commons-annotations-3.0.0.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-entitymanager/3.3.1.ga/hibernate-entitymanager-3.3.1.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-validator/3.0.0.ga/hibernate-validator-3.0.0.ga.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/identity-impl/2.0.2-SNAPSHOT/identity-impl-2.0.2-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javassist/3.7.1.GA/javassist-3.7.1.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-core/2.0.4.GA/jboss-common-core-2.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.1.GA/jboss-common-core-2.2.1.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-log4j/2.0.4.GA/jboss-common-logging-log4j-2.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jacc-api/1.1.0.Beta3Update1/jboss-jacc-api-1.1.0.Beta3Update1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jaspi-api/1.0.0.CR1/jboss-jaspi-api-1.0.0.CR1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-javaee/5.0.0.Beta3/jboss-javaee-5.0.0.Beta3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-jmx/4.2.1.GA/jboss-jmx-4.2.1.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-log4j/2.0.2.GA/jboss-logging-log4j-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.2.GA/jboss-logging-spi-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/profiler/jvmti/jboss-profiler-jvmti/1.0.0.CR5/jboss-profiler-jvmti-1.0.0.CR5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-acl-impl/2.0.2-SNAPSHOT/jboss-security-acl-impl-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-acl-impl/2.0.2-SNAPSHOT/jboss-security-acl-impl-2.0.2-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.CR1/jboss-security-spi-2.0.2.CR1.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.CR1/jboss-security-spi-2.0.2.CR1-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-servlet-api/2.5.0.CR1/jboss-servlet-api-2.5.0.CR1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-test/1.0.4.GA/jboss-test-1.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-transaction-api/1.0.1.Beta3Update1/jboss-transaction-api-1.0.1.Beta3Update1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jbossxb/2.0.0.CR4/jbossxb-2.0.0.CR4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/sleepycat/je/3.2.43/je-3.2.43.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jnpserver/5.0.0.Beta3/jnpserver-5.0.0.Beta3.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/transaction/jta/1.0.1B/jta-1.0.1B.jar"/>
+ <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/sun-opends/opends-core/1.0.0-BUILD04/opends-core-1.0.0-BUILD04.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.5/servlet-api-2.5.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-xacml/2.0.2.GA/jboss-xacml-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-sunxacml/2.0.2.GA/jboss-sunxacml-2.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-slide/webdavlib/2.0/webdavlib-2.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-xerces/xercesImpl/2.7.1/xercesImpl-2.7.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-xerces/xml-apis/2.7.1/xml-apis-2.7.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/sun-jaxb/jaxb-api/2.1.4/jaxb-api-2.1.4.jar"/>
+ <classpathentry kind="var" path="M2_REPO/sun-jaxb/jaxb-impl/2.1.4/jaxb-impl-2.1.4.jar"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/pom.xml 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/pom.xml 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,223 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.security</groupId>
- <artifactId>jbosssx-parent</artifactId>
- <version>2.0.2-SNAPSHOT</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>jbosssx-bare</artifactId>
- <packaging>jar</packaging>
- <name>JBoss Security Implementation for the JBAS</name>
- <url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <profiles>
- <!-- mvn install -Psecurity-manager -->
- <profile>
- <id>security-manager</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <properties>
- <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
- <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
- <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} ${test.env}</surefire.jvm.args>
- </properties>
- </profile>
- <!-- mvn install -Psecurity-manager-debug -->
- <!-- Best Practice: mvn install -Psecurity-manager-debug 2>&1 > logfile2>&1 > logfile -->
- <profile>
- <id>security-manager-debug</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <properties>
- <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
- <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
- <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} -Djava.security.debug=failure,access ${test.env}</surefire.jvm.args>
- </properties>
- </profile>
- </profiles>
- <build>
- <sourceDirectory>src/main</sourceDirectory>
- <testSourceDirectory>src/tests</testSourceDirectory>
- <testOutputDirectory>target/test-classes</testOutputDirectory>
- <finalName>${artifactId}</finalName>
- <outputDirectory>target/classes</outputDirectory>
- <resources>
- <resource>
- <directory>src/main</directory>
- <includes>
- <include>**/*.xml</include>
- </includes>
- </resource>
- <resource>
- <directory>${basedir}</directory>
- <includes>
- <include>JBossORG-EULA.txt</include>
- </includes>
- </resource>
- <resource>
- <directory>src/resources</directory>
- <includes>
- <include>**/*.dtd</include>
- <include>**/*.xsd</include>
- </includes>
- </resource>
- <resource>
- <directory>target/generated-sources/javacc</directory>
- <includes>
- <include>**/*.class</include>
- </includes>
- </resource>
- </resources>
- <testResources>
- <testResource>
- <directory>src/tests/resources/</directory>
- </testResource>
- <testResource>
- <directory>src/main</directory>
- </testResource>
- </testResources>
- <plugins>
- <!-- generate java files from grammar -->
- <plugin>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>javacc-maven-plugin</artifactId>
- <version>2.3-jboss-1</version>
- <configuration>
- <packageName>org/jboss/security/auth/login</packageName>
- <sourceDirectory>src/main</sourceDirectory>
- <isStatic>false</isStatic>
- </configuration>
- <executions>
- <execution>
- <goals>
- <goal>javacc</goal>
- </goals>
- <id>javacc</id>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
- <dependencies>
- <dependency>
- <groupId>org.jboss.javaee</groupId>
- <artifactId>jboss-jacc-api</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.javaee</groupId>
- <artifactId>jboss-transaction-api</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.javaee</groupId>
- <artifactId>jboss-jaspi-api</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss</groupId>
- <artifactId>jbossxb</artifactId>
- <version>2.0.0.CR4</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-security-acl-impl</artifactId>
- <version>${project.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>identity-impl</artifactId>
- <version>${project.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>javassist</groupId>
- <artifactId>javassist</artifactId>
- <version>3.4.GA</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.javaee</groupId>
- <artifactId>jboss-javaee</artifactId>
- <version>5.0.0.Beta3</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-jmx</artifactId>
- <version>4.2.1.GA</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-xacml</artifactId>
- <version>2.0.2.GA</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-sunxacml</artifactId>
- <version>2.0.2.GA</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
- <version>2.5</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>javax.mail</groupId>
- <artifactId>mail</artifactId>
- <version>1.4</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>apache-xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- <version>2.7.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss</groupId>
- <artifactId>jnpserver</artifactId>
- <version>5.0.0.Beta3</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-test</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-security-spi-bare</artifactId>
- </dependency>
- <dependency>
- <groupId>sun-opends</groupId>
- <artifactId>opends-core</artifactId>
- <version>1.0.0-BUILD04</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>sleepycat</groupId>
- <artifactId>je</artifactId>
- <version>3.2.43</version>
- <scope>test</scope>
- </dependency>
- </dependencies>
-</project>
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/pom.xml (from rev 73528, projects/security/security-jboss-sx/trunk/jbosssx/pom.xml)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/pom.xml (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/pom.xml 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,223 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx-parent</artifactId>
+ <version>2.0.2.CR2</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jbosssx-bare</artifactId>
+ <packaging>jar</packaging>
+ <name>JBoss Security Implementation for the JBAS</name>
+ <url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <profiles>
+ <!-- mvn install -Psecurity-manager -->
+ <profile>
+ <id>security-manager</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <properties>
+ <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
+ <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
+ <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} ${test.env}</surefire.jvm.args>
+ </properties>
+ </profile>
+ <!-- mvn install -Psecurity-manager-debug -->
+ <!-- Best Practice: mvn install -Psecurity-manager-debug 2>&1 > logfile2>&1 > logfile -->
+ <profile>
+ <id>security-manager-debug</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <properties>
+ <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
+ <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
+ <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} -Djava.security.debug=failure,access ${test.env}</surefire.jvm.args>
+ </properties>
+ </profile>
+ </profiles>
+ <build>
+ <sourceDirectory>src/main</sourceDirectory>
+ <testSourceDirectory>src/tests</testSourceDirectory>
+ <testOutputDirectory>target/test-classes</testOutputDirectory>
+ <finalName>${artifactId}</finalName>
+ <outputDirectory>target/classes</outputDirectory>
+ <resources>
+ <resource>
+ <directory>src/main</directory>
+ <includes>
+ <include>**/*.xml</include>
+ </includes>
+ </resource>
+ <resource>
+ <directory>${basedir}</directory>
+ <includes>
+ <include>JBossORG-EULA.txt</include>
+ </includes>
+ </resource>
+ <resource>
+ <directory>src/resources</directory>
+ <includes>
+ <include>**/*.dtd</include>
+ <include>**/*.xsd</include>
+ </includes>
+ </resource>
+ <resource>
+ <directory>target/generated-sources/javacc</directory>
+ <includes>
+ <include>**/*.class</include>
+ </includes>
+ </resource>
+ </resources>
+ <testResources>
+ <testResource>
+ <directory>src/tests/resources/</directory>
+ </testResource>
+ <testResource>
+ <directory>src/main</directory>
+ </testResource>
+ </testResources>
+ <plugins>
+ <!-- generate java files from grammar -->
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>javacc-maven-plugin</artifactId>
+ <version>2.3-jboss-1</version>
+ <configuration>
+ <packageName>org/jboss/security/auth/login</packageName>
+ <sourceDirectory>src/main</sourceDirectory>
+ <isStatic>false</isStatic>
+ </configuration>
+ <executions>
+ <execution>
+ <goals>
+ <goal>javacc</goal>
+ </goals>
+ <id>javacc</id>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.javaee</groupId>
+ <artifactId>jboss-jacc-api</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.javaee</groupId>
+ <artifactId>jboss-transaction-api</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.javaee</groupId>
+ <artifactId>jboss-jaspi-api</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jbossxb</artifactId>
+ <version>2.0.0.CR4</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-security-acl-impl</artifactId>
+ <version>${project.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>identity-impl</artifactId>
+ <version>${project.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>javassist</groupId>
+ <artifactId>javassist</artifactId>
+ <version>3.4.GA</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.javaee</groupId>
+ <artifactId>jboss-javaee</artifactId>
+ <version>5.0.0.Beta3</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-jmx</artifactId>
+ <version>4.2.1.GA</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-xacml</artifactId>
+ <version>2.0.2.GA</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-sunxacml</artifactId>
+ <version>2.0.2.GA</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>2.5</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>javax.mail</groupId>
+ <artifactId>mail</artifactId>
+ <version>1.4</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>apache-xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.7.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jnpserver</artifactId>
+ <version>5.0.0.Beta3</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-security-spi-bare</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>sun-opends</groupId>
+ <artifactId>opends-core</artifactId>
+ <version>1.0.0-BUILD04</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>sleepycat</groupId>
+ <artifactId>je</artifactId>
+ <version>3.2.43</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,150 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.container.modules;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.MessageInfo;
-import javax.security.auth.message.MessagePolicy;
-import javax.security.auth.message.module.ServerAuthModule;
-import javax.security.auth.spi.LoginModule;
-
-//$Id$
-
-/**
- * Superclass of all ServerAuthModules
- * Can be a container for common functionality and custom methods
- * <p>
- * The ServerAuthModule can delegate to a login module passed
- * via the module option "login-module-delegate"
- * </p>
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jan 9, 2006
- * @version $Revision$
- */
-public abstract class AbstractServerAuthModule implements ServerAuthModule
-{
- /**
- * Call back handler
- */
- protected CallbackHandler callbackHandler = null;
-
- protected MessagePolicy requestPolicy = null;
-
- protected MessagePolicy responsePolicy = null;
-
- protected Map options = null;
-
- protected ArrayList<Class> supportedTypes = new ArrayList<Class>();
-
- /**
- * @see ServerAuthModule#initialize(MessagePolicy, MessagePolicy, CallbackHandler, Map, boolean)
- */
- @SuppressWarnings("unchecked")
- public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
- CallbackHandler handler, Map options )
- throws AuthException
- {
- this.requestPolicy = requestPolicy;
- this.responsePolicy = responsePolicy;
- this.callbackHandler = handler;
- if(options == null)
- options = new HashMap();
- this.options = options;
- }
-
- public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException
- {
- //Clear out the principals and credentials
- subject.getPrincipals().clear();
- subject.getPublicCredentials().clear();
- subject.getPrivateCredentials().clear();
- }
-
- /**
- * This method delegates to a login module if configured in the module options.
- * The sub classes will need to validate the request
- */
- public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject,
- Subject serviceSubject)
- throws AuthException
- {
- String loginModuleName = (String) options.get("login-module-delegate");
- if(loginModuleName != null)
- {
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- try
- {
- Class clazz = tcl.loadClass(loginModuleName);
- LoginModule lm = (LoginModule) clazz.newInstance();
- lm.initialize(clientSubject, callbackHandler, new HashMap(), options);
- lm.login();
- lm.commit();
- }
- catch (Exception e)
- {
- throw new AuthException(e.getLocalizedMessage());
- }
- }
- else
- {
- return validate(clientSubject, messageInfo) ? AuthStatus.SUCCESS : AuthStatus.FAILURE;
- }
-
- return AuthStatus.SUCCESS;
- }
-
- /**
- * @see ServerAuthModule#getSupportedMessageTypes()
- */
- public Class[] getSupportedMessageTypes()
- {
- Class[] clsarr = new Class[this.supportedTypes.size()];
- supportedTypes.toArray(clsarr);
- return clsarr;
- }
-
-
- //Value Added Methods
- public CallbackHandler getCallbackHandler()
- {
- return callbackHandler;
- }
-
- public void setCallbackHandler(CallbackHandler callbackHandler)
- {
- this.callbackHandler = callbackHandler;
- }
-
- /**
- * Subclasses have to implement this method to actually validate the subject
- * @return
- * @throws AuthException
- */
- protected abstract boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException;
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,151 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.container.modules;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.module.ServerAuthModule;
+import javax.security.auth.spi.LoginModule;
+
+//$Id$
+
+/**
+ * Superclass of all ServerAuthModules
+ * Can be a container for common functionality and custom methods
+ * <p>
+ * The ServerAuthModule can delegate to a login module passed
+ * via the module option "login-module-delegate"
+ * </p>
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jan 9, 2006
+ * @version $Revision$
+ */
+ at SuppressWarnings("unchecked")
+public abstract class AbstractServerAuthModule implements ServerAuthModule
+{
+ /**
+ * Call back handler
+ */
+ protected CallbackHandler callbackHandler = null;
+
+ protected MessagePolicy requestPolicy = null;
+
+ protected MessagePolicy responsePolicy = null;
+
+ protected Map options = null;
+
+ protected ArrayList<Class> supportedTypes = new ArrayList<Class>();
+
+ /**
+ * @see ServerAuthModule#initialize(MessagePolicy, MessagePolicy, CallbackHandler, Map, boolean)
+ */
+ @SuppressWarnings("unchecked")
+ public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
+ CallbackHandler handler, Map options )
+ throws AuthException
+ {
+ this.requestPolicy = requestPolicy;
+ this.responsePolicy = responsePolicy;
+ this.callbackHandler = handler;
+ if(options == null)
+ options = new HashMap();
+ this.options = options;
+ }
+
+ public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException
+ {
+ //Clear out the principals and credentials
+ subject.getPrincipals().clear();
+ subject.getPublicCredentials().clear();
+ subject.getPrivateCredentials().clear();
+ }
+
+ /**
+ * This method delegates to a login module if configured in the module options.
+ * The sub classes will need to validate the request
+ */
+ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject,
+ Subject serviceSubject)
+ throws AuthException
+ {
+ String loginModuleName = (String) options.get("login-module-delegate");
+ if(loginModuleName != null)
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ try
+ {
+ Class clazz = tcl.loadClass(loginModuleName);
+ LoginModule lm = (LoginModule) clazz.newInstance();
+ lm.initialize(clientSubject, callbackHandler, new HashMap(), options);
+ lm.login();
+ lm.commit();
+ }
+ catch (Exception e)
+ {
+ throw new AuthException(e.getLocalizedMessage());
+ }
+ }
+ else
+ {
+ return validate(clientSubject, messageInfo) ? AuthStatus.SUCCESS : AuthStatus.FAILURE;
+ }
+
+ return AuthStatus.SUCCESS;
+ }
+
+ /**
+ * @see ServerAuthModule#getSupportedMessageTypes()
+ */
+ public Class[] getSupportedMessageTypes()
+ {
+ Class[] clsarr = new Class[this.supportedTypes.size()];
+ supportedTypes.toArray(clsarr);
+ return clsarr;
+ }
+
+
+ //Value Added Methods
+ public CallbackHandler getCallbackHandler()
+ {
+ return callbackHandler;
+ }
+
+ public void setCallbackHandler(CallbackHandler callbackHandler)
+ {
+ this.callbackHandler = callbackHandler;
+ }
+
+ /**
+ * Subclasses have to implement this method to actually validate the subject
+ * @return
+ * @throws AuthException
+ */
+ protected abstract boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException;
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,108 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.container.modules;
-
-import javax.security.auth.Subject;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.MessageInfo;
-
-//$Id$
-
-/**
- * Server Auth Module that delegates work to a login context
- * @author Anil.Saldhana at redhat.com
- * @since Jul 25, 2007
- * @version $Revision$
- */
-public class DelegatingServerAuthModule extends AbstractServerAuthModule
-{
- private LoginContext loginContext = null;
- private String loginContextName = null;
-
- public DelegatingServerAuthModule()
- {
- this.supportedTypes.add(Object.class);
- }
-
- public DelegatingServerAuthModule(String loginModuleStackHolderName)
- {
- this();
- this.loginContextName = loginModuleStackHolderName;
- }
-
- public Class[] getSupportedMessageTypes()
- {
- Class[] clarr = new Class[this.supportedTypes.size()];
- this.supportedTypes.toArray(clarr);
- return clarr;
- }
-
- public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException
- {
- if(loginContext != null)
- try
- {
- loginContext.logout();
- }
- catch (LoginException e)
- {
- throw new AuthException(e.getLocalizedMessage());
- }
- }
-
- public AuthStatus secureResponse(MessageInfo messageInfo, Subject arg1) throws AuthException
- {
- return null;
- }
-
- @Override
- protected boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException
- {
- try
- {
- loginContext = SecurityActions.createLoginContext(getSecurityDomainName(), clientSubject, this.callbackHandler);
- loginContext.login();
- return true;
- }
- catch (Exception e)
- {
- throw new AuthException(e.getLocalizedMessage());
- }
- }
-
- private String getSecurityDomainName()
- {
- if(loginContextName != null)
- return loginContextName;
-
- //Check if it is passed in the options
- String domainName = (String) options.get("javax.security.auth.login.LoginContext");
- if(domainName == null)
- {
- domainName = getClass().getName();
- }
- return domainName;
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,107 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.container.modules;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+
+/**
+ * Server Auth Module that delegates work to a login context
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 25, 2007
+ * @version $Revision$
+ */
+ at SuppressWarnings("unchecked")
+public class DelegatingServerAuthModule extends AbstractServerAuthModule
+{
+ private LoginContext loginContext = null;
+ private String loginContextName = null;
+
+ public DelegatingServerAuthModule()
+ {
+ this.supportedTypes.add(Object.class);
+ }
+
+ public DelegatingServerAuthModule(String loginModuleStackHolderName)
+ {
+ this();
+ this.loginContextName = loginModuleStackHolderName;
+ }
+
+ public Class[] getSupportedMessageTypes()
+ {
+ Class[] clarr = new Class[this.supportedTypes.size()];
+ this.supportedTypes.toArray(clarr);
+ return clarr;
+ }
+
+ public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException
+ {
+ if(loginContext != null)
+ try
+ {
+ loginContext.logout();
+ }
+ catch (LoginException e)
+ {
+ throw new AuthException(e.getLocalizedMessage());
+ }
+ }
+
+ public AuthStatus secureResponse(MessageInfo messageInfo, Subject arg1) throws AuthException
+ {
+ return null;
+ }
+
+ @Override
+ protected boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException
+ {
+ try
+ {
+ loginContext = SecurityActions.createLoginContext(getSecurityDomainName(), clientSubject, this.callbackHandler);
+ loginContext.login();
+ return true;
+ }
+ catch (Exception e)
+ {
+ throw new AuthException(e.getLocalizedMessage());
+ }
+ }
+
+ private String getSecurityDomainName()
+ {
+ if(loginContextName != null)
+ return loginContextName;
+
+ //Check if it is passed in the options
+ String domainName = (String) options.get("javax.security.auth.login.LoginContext");
+ if(domainName == null)
+ {
+ domainName = getClass().getName();
+ }
+ return domainName;
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/SecurityActions.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SecurityActions.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,67 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.container.modules;
-
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-
-//$Id$
-
-/**
- * Privileged Blocks
- * @author Anil.Saldhana at redhat.com
- * @since Jul 26, 2007
- * @version $Revision$
- */
-class SecurityActions
-{
- static ClassLoader getContextClassLoader()
- {
- return (ClassLoader) AccessController.doPrivileged(new PrivilegedAction()
- {
- public Object run()
- {
- return Thread.currentThread().getContextClassLoader();
- }
- });
- }
-
- static LoginContext createLoginContext(final String configName,
- final Subject subject, final CallbackHandler cbh) throws PrivilegedActionException
- {
- return (LoginContext) AccessController.doPrivileged(new PrivilegedExceptionAction()
- {
- public Object run() throws LoginException
- {
- return new LoginContext(configName, subject, cbh);
- }
- });
- }
-
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SecurityActions.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/SecurityActions.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SecurityActions.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SecurityActions.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,65 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.container.modules;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 26, 2007
+ * @version $Revision$
+ */
+class SecurityActions
+{
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+
+ static LoginContext createLoginContext(final String configName,
+ final Subject subject, final CallbackHandler cbh) throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<LoginContext>()
+ {
+ public LoginContext run() throws LoginException
+ {
+ return new LoginContext(configName, subject, cbh);
+ }
+ });
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleClientAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleClientAuthModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleClientAuthModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,116 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.container.modules;
-
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.ClientAuth;
-import javax.security.auth.message.MessageInfo;
-import javax.security.auth.message.MessagePolicy;
-import javax.security.auth.message.module.ClientAuthModule;
-
-import org.jboss.security.SimplePrincipal;
-
-/**
- * A simple implementation of an username/password based
- * client auth module
- * @author <mailto:Anil.Saldhana at jboss.org>Anil Saldhana
- * @since Dec 5, 2005
- */
-public class SimpleClientAuthModule implements ClientAuthModule
-{
- private Class[] supportedTypes = null;
- private SimplePrincipal principal = null;
- private Object credential = null;
-
- private MessagePolicy requestPolicy = null;
- private MessagePolicy responsePolicy = null;
- private CallbackHandler handler = null;
- private Map options = null;
-
- public SimpleClientAuthModule(Class[] supportedTypes)
- {
- this.supportedTypes = supportedTypes;
- }
-
- /**
- * @see ClientAuthModule#initialize(MessagePolicy, MessagePolicy, CallbackHandler, Map, boolean)
- */
- public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
- CallbackHandler handler, Map options)
- throws AuthException
- {
- this.requestPolicy = requestPolicy;
- this.responsePolicy = responsePolicy;
- this.handler = handler;
- this.options = options;
- }
-
- /**
- * @see ClientAuthModule#secureRequest(AuthParam, Subject, Map)
- */
- public AuthStatus secureRequest(MessageInfo param, Subject source)
- throws AuthException
- {
- source.getPrincipals().add(this.principal);
- source.getPublicCredentials().add(this.credential);
- return AuthStatus.SUCCESS;
- }
-
- /**
- * @see ClientAuthModule#validateResponse(AuthParam, Subject, Subject, Map)
- */
- public AuthStatus validateResponse(MessageInfo messageInfo, Subject source, Subject recipient) throws AuthException
- {
- //Custom check: Check that the source of the response and the recipient
- // of the response have identical credentials
- Set sourceSet = source.getPrincipals(SimplePrincipal.class);
- Set recipientSet = recipient.getPrincipals(SimplePrincipal.class);
- if(sourceSet == null && recipientSet == null)
- throw new AuthException("Principals are null");
- if(sourceSet.size() != recipientSet.size())
- throw new AuthException("Principals size are different");
- return AuthStatus.SUCCESS;
- }
-
- /**
- * @see ClientAuthModule#getSupportedMessageTypes()
- */
- public Class[] getSupportedMessageTypes()
- {
- return this.supportedTypes;
- }
-
- /**
- * @see ClientAuth#cleanSubject(Subject, Map)
- */
- public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException
- {
- subject.getPrincipals().remove(principal);
- subject.getPublicCredentials().remove(credential);
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleClientAuthModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleClientAuthModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleClientAuthModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleClientAuthModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,121 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.container.modules;
+
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.ClientAuth;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.module.ClientAuthModule;
+
+import org.jboss.security.SimplePrincipal;
+
+/**
+ * A simple implementation of an username/password based
+ * client auth module
+ * @author <mailto:Anil.Saldhana at jboss.org>Anil Saldhana
+ * @since Dec 5, 2005
+ */
+ at SuppressWarnings("unchecked")
+public class SimpleClientAuthModule implements ClientAuthModule
+{
+ private Class[] supportedTypes = null;
+ private SimplePrincipal principal = null;
+ private Object credential = null;
+
+ @SuppressWarnings("unused")
+ private MessagePolicy requestPolicy = null;
+ @SuppressWarnings("unused")
+ private MessagePolicy responsePolicy = null;
+ @SuppressWarnings("unused")
+ private CallbackHandler handler = null;
+ @SuppressWarnings("unused")
+ private Map options = null;
+
+ public SimpleClientAuthModule(Class[] supportedTypes)
+ {
+ this.supportedTypes = supportedTypes;
+ }
+
+ /**
+ * @see ClientAuthModule#initialize(MessagePolicy, MessagePolicy, CallbackHandler, Map, boolean)
+ */
+ public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
+ CallbackHandler handler, Map options)
+ throws AuthException
+ {
+ this.requestPolicy = requestPolicy;
+ this.responsePolicy = responsePolicy;
+ this.handler = handler;
+ this.options = options;
+ }
+
+ /**
+ * @see ClientAuthModule#secureRequest(AuthParam, Subject, Map)
+ */
+ public AuthStatus secureRequest(MessageInfo param, Subject source)
+ throws AuthException
+ {
+ source.getPrincipals().add(this.principal);
+ source.getPublicCredentials().add(this.credential);
+ return AuthStatus.SUCCESS;
+ }
+
+ /**
+ * @see ClientAuthModule#validateResponse(AuthParam, Subject, Subject, Map)
+ */
+ public AuthStatus validateResponse(MessageInfo messageInfo, Subject source, Subject recipient) throws AuthException
+ {
+ //Custom check: Check that the source of the response and the recipient
+ // of the response have identical credentials
+ Set sourceSet = source.getPrincipals(SimplePrincipal.class);
+ Set recipientSet = recipient.getPrincipals(SimplePrincipal.class);
+ if(sourceSet == null && recipientSet == null)
+ throw new AuthException("Principals are null");
+ if(sourceSet.size() != recipientSet.size())
+ throw new AuthException("Principals size are different");
+ return AuthStatus.SUCCESS;
+ }
+
+ /**
+ * @see ClientAuthModule#getSupportedMessageTypes()
+ */
+ public Class[] getSupportedMessageTypes()
+ {
+ return this.supportedTypes;
+ }
+
+ /**
+ * @see ClientAuth#cleanSubject(Subject, Map)
+ */
+ public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException
+ {
+ subject.getPrincipals().remove(principal);
+ subject.getPublicCredentials().remove(credential);
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleServerAuthModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleServerAuthModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,94 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.container.modules;
-
-import java.util.Arrays;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.MessageInfo;
-import javax.security.auth.message.module.ServerAuthModule;
-
-/**
- * A simple implementation of an username/password based
- * server auth module. The principal name and password are
- * passed as options to the module.
- * @author <mailto:Anil.Saldhana at jboss.org>Anil Saldhana
- * @since Dec 6, 2005
- */
-public class SimpleServerAuthModule extends AbstractServerAuthModule
-{
-
- public SimpleServerAuthModule()
- {
- supportedTypes.add(Object.class);
- supportedTypes.add(Object.class);
- }
-
- public SimpleServerAuthModule(Class[] supTypes)
- {
- super();
- this.supportedTypes.addAll(Arrays.asList(supTypes));
- }
-
-
- /**
- * @see ServerAuthModule#secureResponse(AuthParam, Subject, Map)
- */
- public AuthStatus secureResponse(MessageInfo param, Subject source) throws AuthException
- {
- return AuthStatus.SUCCESS;
- }
-
-
- @Override
- protected boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException
- {
- //Construct Callbacks
- NameCallback nc = new NameCallback("Dummy");
- PasswordCallback pc = new PasswordCallback("B" , true);
- try
- {
- this.callbackHandler.handle(new Callback[]{nc,pc});
- String userName = nc.getName();
- String pwd = new String(pc.getPassword());
-
- //Check the options
- if(!(userName.equals(options.get("principal"))
- && (pwd.equals(options.get("pass")))))
- {
- return false;
- }
-
- }
- catch (Exception e)
- {
- throw new AuthException(e.getLocalizedMessage());
- }
- return true;
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleServerAuthModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleServerAuthModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleServerAuthModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleServerAuthModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,93 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.container.modules;
+
+import java.util.Arrays;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.module.ServerAuthModule;
+
+/**
+ * A simple implementation of an username/password based
+ * server auth module. The principal name and password are
+ * passed as options to the module.
+ * @author <mailto:Anil.Saldhana at jboss.org>Anil Saldhana
+ * @since Dec 6, 2005
+ */
+public class SimpleServerAuthModule extends AbstractServerAuthModule
+{
+ public SimpleServerAuthModule()
+ {
+ supportedTypes.add(Object.class);
+ supportedTypes.add(Object.class);
+ }
+
+ public SimpleServerAuthModule(Class<?>[] supTypes)
+ {
+ super();
+ this.supportedTypes.addAll(Arrays.asList(supTypes));
+ }
+
+
+ /**
+ * @see ServerAuthModule#secureResponse(AuthParam, Subject, Map)
+ */
+ public AuthStatus secureResponse(MessageInfo param, Subject source) throws AuthException
+ {
+ return AuthStatus.SUCCESS;
+ }
+
+
+ @Override
+ protected boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException
+ {
+ //Construct Callbacks
+ NameCallback nc = new NameCallback("Dummy");
+ PasswordCallback pc = new PasswordCallback("B" , true);
+ try
+ {
+ this.callbackHandler.handle(new Callback[]{nc,pc});
+ String userName = nc.getName();
+ String pwd = new String(pc.getPassword());
+
+ //Check the options
+ if(!(userName.equals(options.get("principal"))
+ && (pwd.equals(options.get("pass")))))
+ {
+ return false;
+ }
+
+ }
+ catch (Exception e)
+ {
+ throw new AuthException(e.getLocalizedMessage());
+ }
+ return true;
+ }
+}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login (from rev 73389, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login)
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfoContainer.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfoContainer.java 2008-05-14 07:35:45 UTC (rev 73389)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfoContainer.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,112 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.login;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.security.auth.login.AppConfigurationEntry;
-import javax.xml.namespace.QName;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.auth.container.config.AuthModuleEntry;
-import org.jboss.xb.binding.GenericValueContainer;
-
-/**
- * A container for creating AuthenticationInfo during jbxb parse.
- *
- * @author Scott.Stark at jboss.org
- * @author <a href="mailto:anil.saldhana at jboss.org>anil.saldhana at jboss.org</a>
- * @version $Revision$
- */
-public class AuthenticationInfoContainer
- implements GenericValueContainer
-{
- private static Logger log = Logger.getLogger(AuthenticationInfoContainer.class);
-
- BaseAuthenticationInfo info = null;
-
- String authName = null;
-
- List moduleEntries = new ArrayList();
-
- Map loginModuleStackMap = new HashMap();
-
- boolean isJASPIAuthentication = false;
-
- public void addChild(QName name, Object value)
- {
- log.debug("addChild::" + name + ":" + value);
- if("name".equals(name.getLocalPart()))
- {
- authName = (String)value;
- }
- else if( value instanceof AppConfigurationEntryHolder )
- {
- AppConfigurationEntryHolder ace = (AppConfigurationEntryHolder) value;
- moduleEntries.add(ace.getEntry());
- }
- else if( value instanceof AppConfigurationEntry )
- {
- AppConfigurationEntry ace = (AppConfigurationEntry) value;
- moduleEntries.add(ace);
- }
- else if( value instanceof AuthModuleEntry )
- {
- AuthModuleEntry ame = (AuthModuleEntry)value;
- //Check if the authmodule needs a reference to a loginmodulestack
- String lmshName = ame.getLoginModuleStackHolderName();
- if( lmshName != null )
- ame.setLoginModuleStackHolder((LoginModuleStackHolder)loginModuleStackMap.get(lmshName));
- moduleEntries.add(ame);
- this.isJASPIAuthentication = true;
- }
- else if( value instanceof LoginModuleStackHolder )
- {
- LoginModuleStackHolder lmsh = (LoginModuleStackHolder)value;
- loginModuleStackMap.put( lmsh.getName(), lmsh );
- }
- }
-
- public Object instantiate()
- {
- if(isJASPIAuthentication == false)
- {
- info = new AuthenticationInfo(authName);
- }
- else
- {
- info = new JASPIAuthenticationInfo(authName);
- }
-
- info.add(moduleEntries);
- return info;
- }
-
- public Class getTargetClass()
- {
- return BaseAuthenticationInfo.class;
- }
-
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfoContainer.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfoContainer.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfoContainer.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfoContainer.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,116 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.login;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.xml.namespace.QName;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.auth.container.config.AuthModuleEntry;
+import org.jboss.xb.binding.GenericValueContainer;
+
+/**
+ * A container for creating AuthenticationInfo during jbxb parse.
+ *
+ * @author Scott.Stark at jboss.org
+ * @author <a href="mailto:anil.saldhana at jboss.org>anil.saldhana at jboss.org</a>
+ * @version $Revision$
+ */
+public class AuthenticationInfoContainer
+ implements GenericValueContainer
+{
+ private static Logger log = Logger.getLogger(AuthenticationInfoContainer.class);
+
+ BaseAuthenticationInfo info = null;
+
+ String authName = null;
+
+ @SuppressWarnings("unchecked")
+ List moduleEntries = new ArrayList();
+
+ @SuppressWarnings("unchecked")
+ Map loginModuleStackMap = new HashMap();
+
+ boolean isJASPIAuthentication = false;
+
+ @SuppressWarnings("unchecked")
+ public void addChild(QName name, Object value)
+ {
+ log.debug("addChild::" + name + ":" + value);
+ if("name".equals(name.getLocalPart()))
+ {
+ authName = (String)value;
+ }
+ else if( value instanceof AppConfigurationEntryHolder )
+ {
+ AppConfigurationEntryHolder ace = (AppConfigurationEntryHolder) value;
+ moduleEntries.add(ace.getEntry());
+ }
+ else if( value instanceof AppConfigurationEntry )
+ {
+ AppConfigurationEntry ace = (AppConfigurationEntry) value;
+ moduleEntries.add(ace);
+ }
+ else if( value instanceof AuthModuleEntry )
+ {
+ AuthModuleEntry ame = (AuthModuleEntry)value;
+ //Check if the authmodule needs a reference to a loginmodulestack
+ String lmshName = ame.getLoginModuleStackHolderName();
+ if( lmshName != null )
+ ame.setLoginModuleStackHolder((LoginModuleStackHolder)loginModuleStackMap.get(lmshName));
+ moduleEntries.add(ame);
+ this.isJASPIAuthentication = true;
+ }
+ else if( value instanceof LoginModuleStackHolder )
+ {
+ LoginModuleStackHolder lmsh = (LoginModuleStackHolder)value;
+ loginModuleStackMap.put( lmsh.getName(), lmsh );
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ public Object instantiate()
+ {
+ if(isJASPIAuthentication == false)
+ {
+ info = new AuthenticationInfo(authName);
+ }
+ else
+ {
+ info = new JASPIAuthenticationInfo(authName);
+ }
+
+ info.add(moduleEntries);
+ return info;
+ }
+
+ public Class<?> getTargetClass()
+ {
+ return BaseAuthenticationInfo.class;
+ }
+
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/ConfigUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/ConfigUtil.java 2008-05-14 07:35:45 UTC (rev 73389)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/ConfigUtil.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,103 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.login;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-
-import javax.security.auth.login.AppConfigurationEntry;
-
-import org.jboss.util.xml.DOMUtils;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-
-/** Utility methods for parsing the XMlLoginConfig elements into
- * AuthenticationInfo instances.
- *
- * @author Scott.Stark at jboss.org
- * @version $Revision$
- */
-public class ConfigUtil
-{
- /** Parse the application-policy/authentication element
- @param policy , the application-policy/authentication element
- @return the AuthenticationInfo object for the xml policy fragment
- */
- static public AuthenticationInfo parseAuthentication(Element policy)
- throws Exception
- {
- // Parse the permissions
- NodeList authentication = policy.getElementsByTagName("authentication");
- if (authentication.getLength() == 0)
- {
- return null;
- }
-
- Element auth = (Element) authentication.item(0);
- NodeList modules = auth.getElementsByTagName("login-module");
- ArrayList tmp = new ArrayList();
- for (int n = 0; n < modules.getLength(); n++)
- {
- Element module = (Element) modules.item(n);
- parseModule(module, tmp);
- }
- AppConfigurationEntry[] entries = new AppConfigurationEntry[tmp.size()];
- tmp.toArray(entries);
- AuthenticationInfo info = new AuthenticationInfo();
- info.setAppConfigurationEntry(entries);
- return info;
- }
-
- static void parseModule(Element module, ArrayList entries)
- throws Exception
- {
- AppConfigurationEntry.LoginModuleControlFlag controlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
- String className = DOMUtils.getAttributeValue(module, "code");
- String flag = DOMUtils.getAttributeValue(module, "flag");
- if (flag != null)
- {
- // Lower case is what is used by the jdk1.4.1 implementation
- flag = flag.toLowerCase();
- if (AppConfigurationEntry.LoginModuleControlFlag.REQUIRED.toString().indexOf(flag) > 0)
- controlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
- else if (AppConfigurationEntry.LoginModuleControlFlag.REQUISITE.toString().indexOf(flag) > 0)
- controlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUISITE;
- else if (AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT.toString().indexOf(flag) > 0)
- controlFlag = AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT;
- else if (AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL.toString().indexOf(flag) > 0)
- controlFlag = AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL;
- }
- NodeList opts = module.getElementsByTagName("module-option");
- HashMap options = new HashMap();
- for (int n = 0; n < opts.getLength(); n++)
- {
- Element opt = (Element) opts.item(n);
- String name = opt.getAttribute("name");
- String value = DOMUtils.getTextContent(opt);
- if( value == null )
- value = "";
- options.put(name, value);
- }
- AppConfigurationEntry entry = new AppConfigurationEntry(className, controlFlag, options);
- entries.add(entry);
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/ConfigUtil.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/ConfigUtil.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/ConfigUtil.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/ConfigUtil.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,105 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.login;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+
+import javax.security.auth.login.AppConfigurationEntry;
+
+import org.jboss.util.xml.DOMUtils;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+/** Utility methods for parsing the XMlLoginConfig elements into
+ * AuthenticationInfo instances.
+ *
+ * @author Scott.Stark at jboss.org
+ * @version $Revision$
+ */
+public class ConfigUtil
+{
+ /** Parse the application-policy/authentication element
+ @param policy , the application-policy/authentication element
+ @return the AuthenticationInfo object for the xml policy fragment
+ */
+ @SuppressWarnings("unchecked")
+ static public AuthenticationInfo parseAuthentication(Element policy)
+ throws Exception
+ {
+ // Parse the permissions
+ NodeList authentication = policy.getElementsByTagName("authentication");
+ if (authentication.getLength() == 0)
+ {
+ return null;
+ }
+
+ Element auth = (Element) authentication.item(0);
+ NodeList modules = auth.getElementsByTagName("login-module");
+ ArrayList tmp = new ArrayList();
+ for (int n = 0; n < modules.getLength(); n++)
+ {
+ Element module = (Element) modules.item(n);
+ parseModule(module, tmp);
+ }
+ AppConfigurationEntry[] entries = new AppConfigurationEntry[tmp.size()];
+ tmp.toArray(entries);
+ AuthenticationInfo info = new AuthenticationInfo();
+ info.setAppConfigurationEntry(entries);
+ return info;
+ }
+
+ @SuppressWarnings("unchecked")
+ static void parseModule(Element module, ArrayList entries)
+ throws Exception
+ {
+ AppConfigurationEntry.LoginModuleControlFlag controlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
+ String className = DOMUtils.getAttributeValue(module, "code");
+ String flag = DOMUtils.getAttributeValue(module, "flag");
+ if (flag != null)
+ {
+ // Lower case is what is used by the jdk1.4.1 implementation
+ flag = flag.toLowerCase();
+ if (AppConfigurationEntry.LoginModuleControlFlag.REQUIRED.toString().indexOf(flag) > 0)
+ controlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
+ else if (AppConfigurationEntry.LoginModuleControlFlag.REQUISITE.toString().indexOf(flag) > 0)
+ controlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUISITE;
+ else if (AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT.toString().indexOf(flag) > 0)
+ controlFlag = AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT;
+ else if (AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL.toString().indexOf(flag) > 0)
+ controlFlag = AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL;
+ }
+ NodeList opts = module.getElementsByTagName("module-option");
+ HashMap options = new HashMap();
+ for (int n = 0; n < opts.getLength(); n++)
+ {
+ Element opt = (Element) opts.item(n);
+ String name = opt.getAttribute("name");
+ String value = DOMUtils.getTextContent(opt);
+ if( value == null )
+ value = "";
+ options.put(name, value);
+ }
+ AppConfigurationEntry entry = new AppConfigurationEntry(className, controlFlag, options);
+ entries.add(entry);
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/JASPIAuthenticationInfo.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/JASPIAuthenticationInfo.java 2008-05-14 07:35:45 UTC (rev 73389)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/JASPIAuthenticationInfo.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,119 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.login;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Map.Entry;
-
-import org.jboss.security.auth.container.config.AuthModuleEntry;
-
-//$Id$
-
-/**
- * AuthenticationInfo based on JSR-196
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Dec 21, 2005
- */
-public class JASPIAuthenticationInfo extends BaseAuthenticationInfo
-{
- Map loginModuleStack = Collections.synchronizedMap(new HashMap());
-
- public JASPIAuthenticationInfo()
- {
- super();
- }
-
- public JASPIAuthenticationInfo(String name)
- {
- super(name);
- }
-
- public void add(LoginModuleStackHolder lmsHolder)
- {
- loginModuleStack.put(lmsHolder.getName(),lmsHolder );
- }
-
- public void add(AuthModuleEntry ame)
- {
- moduleEntries.add(ame);
- }
-
- public AuthModuleEntry[] getAuthModuleEntry()
- {
- AuthModuleEntry[] entries = new AuthModuleEntry[moduleEntries.size()];
- moduleEntries.toArray(entries);
- return entries;
- }
-
- public LoginModuleStackHolder getLoginModuleStackHolder(String name)
- {
- LoginModuleStackHolder info = (LoginModuleStackHolder) loginModuleStack.get(name);
- return info;
- }
-
- public LoginModuleStackHolder[] getLoginModuleStackHolder()
- {
- ArrayList alist = new ArrayList(this.loginModuleStack.values());
- LoginModuleStackHolder[] lmshArr = new LoginModuleStackHolder[alist.size()];
- alist.toArray(lmshArr);
- return lmshArr;
- }
-
-
- public LoginModuleStackHolder removeLoginModuleStackHolder(String name)
- {
- LoginModuleStackHolder info = (LoginModuleStackHolder) loginModuleStack.remove(name);
- return info;
- }
-
- public void copy(JASPIAuthenticationInfo pc)
- {
- loginModuleStack.putAll(pc.loginModuleStack);
- moduleEntries.addAll(pc.moduleEntries);
- }
-
- public String toString()
- {
- StringBuffer buffer = new StringBuffer("AuthModuleEntry[]:\n");
- for(int i = 0; i < moduleEntries.size(); i ++)
- {
- AuthModuleEntry entry = (AuthModuleEntry) moduleEntries.get(i);
- buffer.append("["+i+"]");
- buffer.append("\nAuthModule Class: "+entry.getAuthModuleName());
- buffer.append("\nOptions:");
- Map options = entry.getOptions();
- Iterator iter = options.entrySet().iterator();
- while( iter.hasNext() )
- {
- Entry e = (Entry) iter.next();
- buffer.append("name="+e.getKey());
- buffer.append(", value="+e.getValue());
- buffer.append("\n");
- }
- }
- return buffer.toString();
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/JASPIAuthenticationInfo.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/JASPIAuthenticationInfo.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/JASPIAuthenticationInfo.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/JASPIAuthenticationInfo.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,120 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.login;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.jboss.security.auth.container.config.AuthModuleEntry;
+
+//$Id$
+
+/**
+ * AuthenticationInfo based on JSR-196
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Dec 21, 2005
+ */
+ at SuppressWarnings("unchecked")
+public class JASPIAuthenticationInfo extends BaseAuthenticationInfo
+{
+ Map loginModuleStack = Collections.synchronizedMap(new HashMap());
+
+ public JASPIAuthenticationInfo()
+ {
+ super();
+ }
+
+ public JASPIAuthenticationInfo(String name)
+ {
+ super(name);
+ }
+
+ public void add(LoginModuleStackHolder lmsHolder)
+ {
+ loginModuleStack.put(lmsHolder.getName(),lmsHolder );
+ }
+
+ public void add(AuthModuleEntry ame)
+ {
+ moduleEntries.add(ame);
+ }
+
+ public AuthModuleEntry[] getAuthModuleEntry()
+ {
+ AuthModuleEntry[] entries = new AuthModuleEntry[moduleEntries.size()];
+ moduleEntries.toArray(entries);
+ return entries;
+ }
+
+ public LoginModuleStackHolder getLoginModuleStackHolder(String name)
+ {
+ LoginModuleStackHolder info = (LoginModuleStackHolder) loginModuleStack.get(name);
+ return info;
+ }
+
+ public LoginModuleStackHolder[] getLoginModuleStackHolder()
+ {
+ ArrayList alist = new ArrayList(this.loginModuleStack.values());
+ LoginModuleStackHolder[] lmshArr = new LoginModuleStackHolder[alist.size()];
+ alist.toArray(lmshArr);
+ return lmshArr;
+ }
+
+
+ public LoginModuleStackHolder removeLoginModuleStackHolder(String name)
+ {
+ LoginModuleStackHolder info = (LoginModuleStackHolder) loginModuleStack.remove(name);
+ return info;
+ }
+
+ public void copy(JASPIAuthenticationInfo pc)
+ {
+ loginModuleStack.putAll(pc.loginModuleStack);
+ moduleEntries.addAll(pc.moduleEntries);
+ }
+
+ public String toString()
+ {
+ StringBuffer buffer = new StringBuffer("AuthModuleEntry[]:\n");
+ for(int i = 0; i < moduleEntries.size(); i ++)
+ {
+ AuthModuleEntry entry = (AuthModuleEntry) moduleEntries.get(i);
+ buffer.append("["+i+"]");
+ buffer.append("\nAuthModule Class: "+entry.getAuthModuleName());
+ buffer.append("\nOptions:");
+ Map options = entry.getOptions();
+ Iterator iter = options.entrySet().iterator();
+ while( iter.hasNext() )
+ {
+ Entry e = (Entry) iter.next();
+ buffer.append("name="+e.getKey());
+ buffer.append(", value="+e.getValue());
+ buffer.append("\n");
+ }
+ }
+ return buffer.toString();
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackContainer.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackContainer.java 2008-05-14 07:35:45 UTC (rev 73389)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackContainer.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,65 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.login;
-
-import java.util.ArrayList;
-
-import javax.security.auth.login.AppConfigurationEntry;
-import javax.xml.namespace.QName;
-
-import org.jboss.xb.binding.GenericValueContainer;
-
-//$Id$
-
-/**
- * A container for creating LoginModuleStack during jbxb parse.
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Dec 24, 2005
- * @version $Revision$
- */
-public class LoginModuleStackContainer implements GenericValueContainer
-{
- String lmsName = null;
-
- private ArrayList appEntries = new ArrayList();
-
- public void addChild(QName name, Object value)
- {
- if("name".equals(name.getLocalPart()))
- {
- lmsName = (String)value;
- }
- if( value instanceof AppConfigurationEntry)
- appEntries.add(value);
- }
-
- public Object instantiate()
- {
- return new LoginModuleStackHolder(lmsName, appEntries);
- }
-
- public Class getTargetClass()
- {
- return LoginModuleStackHolder.class;
- }
-
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackContainer.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackContainer.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackContainer.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackContainer.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,66 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.login;
+
+import java.util.ArrayList;
+
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.xml.namespace.QName;
+
+import org.jboss.xb.binding.GenericValueContainer;
+
+//$Id$
+
+/**
+ * A container for creating LoginModuleStack during jbxb parse.
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Dec 24, 2005
+ * @version $Revision$
+ */
+ at SuppressWarnings("unchecked")
+public class LoginModuleStackContainer implements GenericValueContainer
+{
+ String lmsName = null;
+
+ private ArrayList appEntries = new ArrayList();
+
+ public void addChild(QName name, Object value)
+ {
+ if("name".equals(name.getLocalPart()))
+ {
+ lmsName = (String)value;
+ }
+ if( value instanceof AppConfigurationEntry)
+ appEntries.add(value);
+ }
+
+ public Object instantiate()
+ {
+ return new LoginModuleStackHolder(lmsName, appEntries);
+ }
+
+ public Class getTargetClass()
+ {
+ return LoginModuleStackHolder.class;
+ }
+
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackHolder.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackHolder.java 2008-05-14 07:35:45 UTC (rev 73389)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackHolder.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,87 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.login;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.security.auth.AuthPermission;
-import javax.security.auth.login.AppConfigurationEntry;
-
-//$Id$
-
-/**
- * Holder for the login module stack element in login-config
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Dec 21, 2005
- */
-public class LoginModuleStackHolder
-{
- public static final AuthPermission GET_CONFIG_ENTRY_PERM = new AuthPermission("getLoginConfiguration");
- public static final AuthPermission SET_CONFIG_ENTRY_PERM = new AuthPermission("setLoginConfiguration");
-
- private String name = "";
-
- private ArrayList appEntries;
-
- public LoginModuleStackHolder(String name, List entries)
- {
- this.name = name;
- if(entries != null)
- {
- this.appEntries = new ArrayList();
- this.appEntries.addAll(entries);
- }
- }
-
- public String getName()
- {
- return this.name;
- }
-
- public void addAppConfigurationEntry(AppConfigurationEntry entry)
- {
- if(appEntries == null)
- this.appEntries = new ArrayList();
- this.appEntries.add(entry);
- }
-
- public AppConfigurationEntry[] getAppConfigurationEntry()
- {
- SecurityManager sm = System.getSecurityManager();
- if( sm != null )
- sm.checkPermission(GET_CONFIG_ENTRY_PERM);
- AppConfigurationEntry[] entries = new AppConfigurationEntry[appEntries.size()];
- appEntries.toArray(entries);
- return entries;
- }
-
- public void setAppConfigurationEntry(List entries)
- {
- if(entries == null)
- throw new IllegalArgumentException("Illegal Null Argument: entries");
- if(appEntries == null)
- this.appEntries = new ArrayList();
- this.appEntries.addAll(entries);
- }
-
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackHolder.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackHolder.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackHolder.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackHolder.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,88 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.login;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.security.auth.AuthPermission;
+import javax.security.auth.login.AppConfigurationEntry;
+
+//$Id$
+
+/**
+ * Holder for the login module stack element in login-config
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Dec 21, 2005
+ */
+ at SuppressWarnings("unchecked")
+public class LoginModuleStackHolder
+{
+ public static final AuthPermission GET_CONFIG_ENTRY_PERM = new AuthPermission("getLoginConfiguration");
+ public static final AuthPermission SET_CONFIG_ENTRY_PERM = new AuthPermission("setLoginConfiguration");
+
+ private String name = "";
+
+ private ArrayList appEntries;
+
+ public LoginModuleStackHolder(String name, List entries)
+ {
+ this.name = name;
+ if(entries != null)
+ {
+ this.appEntries = new ArrayList();
+ this.appEntries.addAll(entries);
+ }
+ }
+
+ public String getName()
+ {
+ return this.name;
+ }
+
+ public void addAppConfigurationEntry(AppConfigurationEntry entry)
+ {
+ if(appEntries == null)
+ this.appEntries = new ArrayList();
+ this.appEntries.add(entry);
+ }
+
+ public AppConfigurationEntry[] getAppConfigurationEntry()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission(GET_CONFIG_ENTRY_PERM);
+ AppConfigurationEntry[] entries = new AppConfigurationEntry[appEntries.size()];
+ appEntries.toArray(entries);
+ return entries;
+ }
+
+ public void setAppConfigurationEntry(List entries)
+ {
+ if(entries == null)
+ throw new IllegalArgumentException("Illegal Null Argument: entries");
+ if(appEntries == null)
+ this.appEntries = new ArrayList();
+ this.appEntries.addAll(entries);
+ }
+
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/SecurityActions.java 2008-05-14 07:35:45 UTC (rev 73389)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/SecurityActions.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,47 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.login;
-
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-
-//$Id$
-
-/**
- * Privileged Blocks
- * @author Anil.Saldhana at redhat.com
- * @since Jul 26, 2007
- * @version $Revision$
- */
-class SecurityActions
-{
- static ClassLoader getContextClassLoader()
- {
- return (ClassLoader) AccessController.doPrivileged(new PrivilegedAction()
- {
- public Object run()
- {
- return Thread.currentThread().getContextClassLoader();
- }
- });
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/SecurityActions.java (from rev 73390, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/SecurityActions.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/SecurityActions.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/SecurityActions.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,46 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.login;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 26, 2007
+ * @version $Revision$
+ */
+class SecurityActions
+{
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/XMLLoginConfigImpl.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/XMLLoginConfigImpl.java 2008-05-14 07:35:45 UTC (rev 73389)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/XMLLoginConfigImpl.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,469 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.login;
-
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.Serializable;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.util.ArrayList;
-import java.util.Set;
-
-import javax.security.auth.AuthPermission;
-import javax.security.auth.login.AppConfigurationEntry;
-import javax.security.auth.login.Configuration;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.auth.spi.UsersObjectModelFactory;
-import org.jboss.security.authorization.config.SecurityConfigObjectModelFactory;
-import org.jboss.security.config.ApplicationPolicy;
-import org.jboss.security.config.ApplicationPolicyRegistration;
-import org.jboss.security.config.PolicyConfig;
-import org.jboss.security.config.SecurityConfiguration;
-import org.jboss.xb.binding.JBossXBException;
-import org.jboss.xb.binding.Unmarshaller;
-import org.jboss.xb.binding.UnmarshallerFactory;
-
-/**
- * An concrete implementation of the javax.security.auth.login.Configuration class that parses an xml configuration of
- * the form:
- *
- * <policy> <application-policy name = "test-domain"> <authentication> <login-module code =
- * "org.jboss.security.plugins.samples.IdentityLoginModule" flag = "required"> <module-option name = "principal">starksm</module-option>
- * </login-module> </authentication> </application-policy> </policy>
- *
- * @see javax.security.auth.login.Configuration
- *
- * @author Scott.Stark at jboss.org
- * @author Anil.Saldhana at jboss.org
- * @version $Revision: 57482 $
- */
-public class XMLLoginConfigImpl extends Configuration implements Serializable, ApplicationPolicyRegistration
-{
- /** The serialVersionUID */
- private static final long serialVersionUID = -8965860493224188277L;
-
- private static final String DEFAULT_APP_CONFIG_NAME = "other";
-
- private static final AuthPermission REFRESH_PERM = new AuthPermission("refreshLoginConfiguration");
-
- private static Logger log = Logger.getLogger(XMLLoginConfigImpl.class);
-
- PolicyConfig appConfigs = new PolicyConfig();
-
- /** The URL to the XML or Sun login configuration */
- protected URL loginConfigURL;
-
- /** The inherited configuration we delegate to */
- protected Configuration parentConfig;
-
- /** A flag indicating if XML configs should be validated */
- private boolean validateDTD = true;
-
- private static final XMLLoginConfigImpl instance = new XMLLoginConfigImpl();
-
- /**
- * <p>
- * Private constructor to implement the singleton pattern.
- * </p>
- */
- private XMLLoginConfigImpl()
- {
- }
-
- /**
- * <p>
- * Obtains a reference to the singleton.
- * </p>
- *
- * @return a reference to the singleton {@code XMLLoginConfigImpl} instance.
- */
- public static XMLLoginConfigImpl getInstance()
- {
- return instance;
- }
-
- // --- Begin Configuration method overrrides
- @Override
- public void refresh()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(REFRESH_PERM);
- if (log.isTraceEnabled())
- log.trace("Begin refresh");
- appConfigs.clear();
- loadConfig();
- if (log.isTraceEnabled())
- log.trace("End refresh");
- }
-
- @Override
- public AppConfigurationEntry[] getAppConfigurationEntry(String appName)
- {
- if (log.isTraceEnabled())
- log.trace("Begin getAppConfigurationEntry(" + appName + "), size=" + appConfigs.size());
-
- // Load the config if PolicyConfig is empty
- if (this.appConfigs.size() == 0)
- this.loadConfig();
-
- AppConfigurationEntry[] entry = null;
- ApplicationPolicy aPolicy = this.getApplicationPolicy(appName);
- AuthenticationInfo authInfo = null;
- if (aPolicy != null)
- {
- BaseAuthenticationInfo bai = aPolicy.getAuthenticationInfo();
- if (bai instanceof AuthenticationInfo)
- authInfo = (AuthenticationInfo) bai;
- }
-
- if (authInfo == null)
- {
- if (log.isTraceEnabled())
- log.trace("getAppConfigurationEntry(" + appName + "), no entry in appConfigs, tyring parentCont: "
- + parentConfig);
- if (parentConfig != null)
- entry = parentConfig.getAppConfigurationEntry(appName);
- if (entry == null)
- {
- if (log.isTraceEnabled())
- log.trace("getAppConfigurationEntry(" + appName + "), no entry in parentConfig, trying: "
- + DEFAULT_APP_CONFIG_NAME);
- }
- ApplicationPolicy defPolicy = appConfigs.get(DEFAULT_APP_CONFIG_NAME);
- authInfo = defPolicy != null ? (AuthenticationInfo) defPolicy.getAuthenticationInfo() : null;
- }
-
- if (authInfo != null)
- {
- if (log.isTraceEnabled())
- log.trace("End getAppConfigurationEntry(" + appName + "), authInfo=" + authInfo);
- // Make a copy of the authInfo object
- final AuthenticationInfo theAuthInfo = authInfo;
- PrivilegedAction action = new PrivilegedAction()
- {
- public Object run()
- {
- return theAuthInfo.copyAppConfigurationEntry();
- }
- };
- entry = (AppConfigurationEntry[]) AccessController.doPrivileged(action);
- }
- else
- {
- if (log.isTraceEnabled())
- log.trace("End getAppConfigurationEntry(" + appName + "), failed to find entry");
- }
-
- return entry;
- }
-
- // --- End Configuration method overrrides
-
- /**
- * Set the URL of the XML login configuration file that should be loaded by this mbean on startup.
- */
- public URL getConfigURL()
- {
- return loginConfigURL;
- }
-
- /**
- * Set the URL of the XML login configuration file that should be loaded by this mbean on startup.
- */
- public void setConfigURL(URL loginConfigURL)
- {
- this.loginConfigURL = loginConfigURL;
- }
-
- public void setConfigResource(String resourceName) throws IOException
- {
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- loginConfigURL = tcl.getResource(resourceName);
- if (loginConfigURL == null)
- throw new IOException("Failed to find resource: " + resourceName);
- }
-
- public void setParentConfig(Configuration parentConfig)
- {
- this.parentConfig = parentConfig;
- }
-
- /**
- * Get whether the login config xml document is validated againsts its DTD
- */
- public boolean getValidateDTD()
- {
- return this.validateDTD;
- }
-
- /**
- * Set whether the login config xml document is validated againsts its DTD
- */
- public void setValidateDTD(boolean flag)
- {
- this.validateDTD = flag;
- }
-
- /**
- * @see ApplicationPolicyRegistration#addApplicationPolicy(String, ApplicationPolicy)
- */
- public void addApplicationPolicy(String appName, ApplicationPolicy aPolicy)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(REFRESH_PERM);
- appConfigs.add(aPolicy);
- handleJASPIDelegation(aPolicy);
- SecurityConfiguration.addApplicationPolicy(aPolicy);
- }
-
- /**
- * Add an application configuration
- */
- public void addAppConfig(String appName, AppConfigurationEntry[] entries)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(REFRESH_PERM);
- AuthenticationInfo authInfo = new AuthenticationInfo(appName);
- authInfo.setAppConfigurationEntry(entries);
- if (log.isTraceEnabled())
- log.trace("addAppConfig(" + appName + "), authInfo=" + authInfo);
- ApplicationPolicy aPolicy = new ApplicationPolicy(appName, authInfo);
- appConfigs.add(aPolicy);
- SecurityConfiguration.addApplicationPolicy(aPolicy);
- }
-
- /**
- * @deprecated
- * @see #removeApplicationPolicy(String)
- * @param appName
- */
- @Deprecated
- public void removeAppConfig(String appName)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(REFRESH_PERM);
- if (log.isTraceEnabled())
- log.trace("removeAppConfig, appName=" + appName);
- appConfigs.remove(appName);
- }
-
- /**
- * @see ApplicationPolicyRegistration#getApplicationPolicy(String)
- */
- public ApplicationPolicy getApplicationPolicy(String domainName)
- {
- if (appConfigs == null || appConfigs.size() == 0)
- loadConfig();
- ApplicationPolicy aPolicy = appConfigs.get(domainName);
- if (aPolicy != null)
- SecurityConfiguration.addApplicationPolicy(aPolicy);
- return aPolicy;
- }
-
- /**
- * @see ApplicationPolicyRegistration#removeApplicationPolicy(String)
- */
- public boolean removeApplicationPolicy(String appName)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(REFRESH_PERM);
- if (log.isTraceEnabled())
- log.trace("removeAppConfig, appName=" + appName);
- appConfigs.remove(appName);
- return true;
- }
-
- /**
- * Method that returns the parsed AuthenticationInfo needed by the JASPI framework until a seperate Configuration
- * mechanism for JASPI is established
- *
- * @return the parsed AuthenticationInfo object
- */
- public BaseAuthenticationInfo getAuthenticationInfo(String domainName)
- {
- ApplicationPolicy aPolicy = getApplicationPolicy(domainName);
- return aPolicy != null ? aPolicy.getAuthenticationInfo() : null;
- }
-
- public void clear()
- {
-
- }
-
- /**
- * Called to try to load the config from the java.security.auth.login.config property value when there is no
- * loginConfigURL.
- */
- public void loadConfig()
- {
- // Try to load the java.security.auth.login.config property
- String loginConfig = System.getProperty("java.security.auth.login.config");
- if (loginConfig == null)
- loginConfig = "login-config.xml";
-
- // If there is no loginConfigURL build it from the loginConfig
- if (loginConfigURL == null)
- {
- try
- {
- // Try as a URL
- loginConfigURL = new URL(loginConfig);
- }
- catch (MalformedURLException e)
- {
- // Try as a resource
- try
- {
- setConfigResource(loginConfig);
- }
- catch (IOException ignore)
- {
- // Try as a file
- File configFile = new File(loginConfig);
- try
- {
- setConfigURL(configFile.toURL());
- }
- catch (MalformedURLException ignore2)
- {
- }
- }
- }
- }
-
- if (loginConfigURL == null)
- {
- log.warn("Failed to find config: " + loginConfig);
- return;
- }
-
- if (log.isTraceEnabled())
- log.trace("Begin loadConfig, loginConfigURL=" + loginConfigURL);
- // Try to load the config if found
- try
- {
- loadConfig(loginConfigURL);
- if (log.isTraceEnabled())
- log.trace("End loadConfig, loginConfigURL=" + loginConfigURL);
- }
- catch (Exception e)
- {
- log.warn("End loadConfig, failed to load config: " + loginConfigURL, e);
- }
- }
-
- protected String[] loadConfig(URL config) throws Exception
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(REFRESH_PERM);
-
- ArrayList configNames = new ArrayList();
- log.debug("Try loading config as XML, url=" + config);
- try
- {
- loadXMLConfig(config, configNames);
- }
- catch (Throwable e)
- {
- log.debug("Failed to load config as XML", e);
- log.debug("Try loading config as Sun format, url=" + config);
- loadSunConfig(config, configNames);
- }
- String[] names = new String[configNames.size()];
- configNames.toArray(names);
- return names;
- }
-
- /**
- * Handle the case when JASPI Info may have login module stack holder which delegates to a login module stack
- *
- * @param aPolicy
- */
- private void handleJASPIDelegation(ApplicationPolicy aPolicy)
- {
- BaseAuthenticationInfo bai = aPolicy.getAuthenticationInfo();
- if (bai instanceof JASPIAuthenticationInfo)
- {
- JASPIAuthenticationInfo jai = (JASPIAuthenticationInfo) bai;
- LoginModuleStackHolder[] lmsharr = jai.getLoginModuleStackHolder();
- for (LoginModuleStackHolder lmsh : lmsharr)
- {
- this.addAppConfig(lmsh.getName(), lmsh.getAppConfigurationEntry());
- }
- }
- }
-
- private void loadSunConfig(URL sunConfig, ArrayList configNames) throws Exception
- {
- InputStream is = sunConfig.openStream();
- if (is == null)
- throw new IOException("InputStream is null for: " + sunConfig);
-
- InputStreamReader configFile = new InputStreamReader(is);
- boolean trace = log.isTraceEnabled();
- SunConfigParser.doParse(configFile, this, trace);
- }
-
- private void loadXMLConfig(URL loginConfigURL, ArrayList configNames) throws IOException, JBossXBException
- {
- LoginConfigObjectModelFactory lcomf = new SecurityConfigObjectModelFactory();
- UsersObjectModelFactory uomf = new UsersObjectModelFactory();
-
- InputStreamReader xmlReader = loadURL(loginConfigURL);
- Unmarshaller unmarshaller = UnmarshallerFactory.newInstance().newUnmarshaller();
- unmarshaller.mapFactoryToNamespace(uomf, "http://www.jboss.org/j2ee/schemas/XMLLoginModule");
- Object root = null;
- PolicyConfig config = (PolicyConfig) unmarshaller.unmarshal(xmlReader, lcomf, root);
- Set<String> cnames = config.getConfigNames();
- configNames.addAll(cnames);
- appConfigs.copy(config);
- // Add the config to SecurityConfiguration
- for (String cname : cnames)
- {
- ApplicationPolicy ap = config.get(cname);
- SecurityConfiguration.addApplicationPolicy(ap);
- handleJASPIDelegation(ap);
- }
- }
-
- private InputStreamReader loadURL(URL configURL) throws IOException
- {
- InputStream is = configURL.openStream();
- if (is == null)
- throw new IOException("Failed to obtain InputStream from url: " + configURL);
- InputStreamReader xmlReader = new InputStreamReader(is);
- return xmlReader;
- }
-
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/XMLLoginConfigImpl.java (from rev 73390, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/XMLLoginConfigImpl.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/XMLLoginConfigImpl.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/login/XMLLoginConfigImpl.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,474 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.login;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.Serializable;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.util.ArrayList;
+import java.util.Set;
+
+import javax.security.auth.AuthPermission;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.auth.spi.UsersObjectModelFactory;
+import org.jboss.security.authorization.config.SecurityConfigObjectModelFactory;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.ApplicationPolicyRegistration;
+import org.jboss.security.config.PolicyConfig;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.xb.binding.JBossXBException;
+import org.jboss.xb.binding.Unmarshaller;
+import org.jboss.xb.binding.UnmarshallerFactory;
+
+/**
+ * An concrete implementation of the javax.security.auth.login.Configuration class that parses an xml configuration of
+ * the form:
+ *
+ * <policy> <application-policy name = "test-domain"> <authentication> <login-module code =
+ * "org.jboss.security.plugins.samples.IdentityLoginModule" flag = "required"> <module-option name = "principal">starksm</module-option>
+ * </login-module> </authentication> </application-policy> </policy>
+ *
+ * @see javax.security.auth.login.Configuration
+ *
+ * @author Scott.Stark at jboss.org
+ * @author Anil.Saldhana at jboss.org
+ * @version $Revision: 57482 $
+ */
+public class XMLLoginConfigImpl extends Configuration implements Serializable, ApplicationPolicyRegistration
+{
+ /** The serialVersionUID */
+ private static final long serialVersionUID = -8965860493224188277L;
+
+ private static final String DEFAULT_APP_CONFIG_NAME = "other";
+
+ private static final AuthPermission REFRESH_PERM = new AuthPermission("refreshLoginConfiguration");
+
+ private static Logger log = Logger.getLogger(XMLLoginConfigImpl.class);
+
+ PolicyConfig appConfigs = new PolicyConfig();
+
+ /** The URL to the XML or Sun login configuration */
+ protected URL loginConfigURL;
+
+ /** The inherited configuration we delegate to */
+ protected Configuration parentConfig;
+
+ /** A flag indicating if XML configs should be validated */
+ private boolean validateDTD = true;
+
+ private static final XMLLoginConfigImpl instance = new XMLLoginConfigImpl();
+
+ /**
+ * <p>
+ * Private constructor to implement the singleton pattern.
+ * </p>
+ */
+ private XMLLoginConfigImpl()
+ {
+ }
+
+ /**
+ * <p>
+ * Obtains a reference to the singleton.
+ * </p>
+ *
+ * @return a reference to the singleton {@code XMLLoginConfigImpl} instance.
+ */
+ public static XMLLoginConfigImpl getInstance()
+ {
+ return instance;
+ }
+
+ // --- Begin Configuration method overrrides
+ @Override
+ public void refresh()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(REFRESH_PERM);
+ if (log.isTraceEnabled())
+ log.trace("Begin refresh");
+ appConfigs.clear();
+ loadConfig();
+ if (log.isTraceEnabled())
+ log.trace("End refresh");
+ }
+
+ @Override
+ public AppConfigurationEntry[] getAppConfigurationEntry(String appName)
+ {
+ if (log.isTraceEnabled())
+ log.trace("Begin getAppConfigurationEntry(" + appName + "), size=" + appConfigs.size());
+
+ // Load the config if PolicyConfig is empty
+ if (this.appConfigs.size() == 0)
+ this.loadConfig();
+
+ AppConfigurationEntry[] entry = null;
+ ApplicationPolicy aPolicy = this.getApplicationPolicy(appName);
+ AuthenticationInfo authInfo = null;
+ if (aPolicy != null)
+ {
+ BaseAuthenticationInfo bai = aPolicy.getAuthenticationInfo();
+ if (bai instanceof AuthenticationInfo)
+ authInfo = (AuthenticationInfo) bai;
+ }
+
+ if (authInfo == null)
+ {
+ if (log.isTraceEnabled())
+ log.trace("getAppConfigurationEntry(" + appName + "), no entry in appConfigs, tyring parentCont: "
+ + parentConfig);
+ if (parentConfig != null)
+ entry = parentConfig.getAppConfigurationEntry(appName);
+ if (entry == null)
+ {
+ if (log.isTraceEnabled())
+ log.trace("getAppConfigurationEntry(" + appName + "), no entry in parentConfig, trying: "
+ + DEFAULT_APP_CONFIG_NAME);
+ }
+ ApplicationPolicy defPolicy = appConfigs.get(DEFAULT_APP_CONFIG_NAME);
+ authInfo = defPolicy != null ? (AuthenticationInfo) defPolicy.getAuthenticationInfo() : null;
+ }
+
+ if (authInfo != null)
+ {
+ if (log.isTraceEnabled())
+ log.trace("End getAppConfigurationEntry(" + appName + "), authInfo=" + authInfo);
+ // Make a copy of the authInfo object
+ final AuthenticationInfo theAuthInfo = authInfo;
+ PrivilegedAction<AppConfigurationEntry[]> action = new PrivilegedAction<AppConfigurationEntry[]>()
+ {
+ public AppConfigurationEntry[] run()
+ {
+ return theAuthInfo.copyAppConfigurationEntry();
+ }
+ };
+ entry = (AppConfigurationEntry[]) AccessController.doPrivileged(action);
+ }
+ else
+ {
+ if (log.isTraceEnabled())
+ log.trace("End getAppConfigurationEntry(" + appName + "), failed to find entry");
+ }
+
+ return entry;
+ }
+
+ // --- End Configuration method overrrides
+
+ /**
+ * Set the URL of the XML login configuration file that should be loaded by this mbean on startup.
+ */
+ public URL getConfigURL()
+ {
+ return loginConfigURL;
+ }
+
+ /**
+ * Set the URL of the XML login configuration file that should be loaded by this mbean on startup.
+ */
+ public void setConfigURL(URL loginConfigURL)
+ {
+ this.loginConfigURL = loginConfigURL;
+ }
+
+ public void setConfigResource(String resourceName) throws IOException
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ loginConfigURL = tcl.getResource(resourceName);
+ if (loginConfigURL == null)
+ throw new IOException("Failed to find resource: " + resourceName);
+ }
+
+ public void setParentConfig(Configuration parentConfig)
+ {
+ this.parentConfig = parentConfig;
+ }
+
+ /**
+ * Get whether the login config xml document is validated againsts its DTD
+ */
+ public boolean getValidateDTD()
+ {
+ return this.validateDTD;
+ }
+
+ /**
+ * Set whether the login config xml document is validated againsts its DTD
+ */
+ public void setValidateDTD(boolean flag)
+ {
+ this.validateDTD = flag;
+ }
+
+ /**
+ * @see ApplicationPolicyRegistration#addApplicationPolicy(String, ApplicationPolicy)
+ */
+ public void addApplicationPolicy(String appName, ApplicationPolicy aPolicy)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(REFRESH_PERM);
+ appConfigs.add(aPolicy);
+ handleJASPIDelegation(aPolicy);
+ SecurityConfiguration.addApplicationPolicy(aPolicy);
+ }
+
+ /**
+ * Add an application configuration
+ */
+ public void addAppConfig(String appName, AppConfigurationEntry[] entries)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(REFRESH_PERM);
+ AuthenticationInfo authInfo = new AuthenticationInfo(appName);
+ authInfo.setAppConfigurationEntry(entries);
+ if (log.isTraceEnabled())
+ log.trace("addAppConfig(" + appName + "), authInfo=" + authInfo);
+ ApplicationPolicy aPolicy = new ApplicationPolicy(appName, authInfo);
+ appConfigs.add(aPolicy);
+ SecurityConfiguration.addApplicationPolicy(aPolicy);
+ }
+
+ /**
+ * @deprecated
+ * @see #removeApplicationPolicy(String)
+ * @param appName
+ */
+ @Deprecated
+ public void removeAppConfig(String appName)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(REFRESH_PERM);
+ if (log.isTraceEnabled())
+ log.trace("removeAppConfig, appName=" + appName);
+ appConfigs.remove(appName);
+ SecurityConfiguration.removeApplicationPolicy(appName);
+ }
+
+ /**
+ * @see ApplicationPolicyRegistration#getApplicationPolicy(String)
+ */
+ public ApplicationPolicy getApplicationPolicy(String domainName)
+ {
+ if (appConfigs == null || appConfigs.size() == 0)
+ loadConfig();
+ ApplicationPolicy aPolicy = appConfigs.get(domainName);
+ if (aPolicy != null)
+ SecurityConfiguration.addApplicationPolicy(aPolicy);
+ return aPolicy;
+ }
+
+ /**
+ * @see ApplicationPolicyRegistration#removeApplicationPolicy(String)
+ */
+ public boolean removeApplicationPolicy(String appName)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(REFRESH_PERM);
+ if (log.isTraceEnabled())
+ log.trace("removeAppConfig, appName=" + appName);
+ appConfigs.remove(appName);
+ SecurityConfiguration.removeApplicationPolicy(appName);
+ return true;
+ }
+
+ /**
+ * Method that returns the parsed AuthenticationInfo needed by the JASPI framework until a seperate Configuration
+ * mechanism for JASPI is established
+ *
+ * @return the parsed AuthenticationInfo object
+ */
+ public BaseAuthenticationInfo getAuthenticationInfo(String domainName)
+ {
+ ApplicationPolicy aPolicy = getApplicationPolicy(domainName);
+ return aPolicy != null ? aPolicy.getAuthenticationInfo() : null;
+ }
+
+ public void clear()
+ {
+
+ }
+
+ /**
+ * Called to try to load the config from the java.security.auth.login.config property value when there is no
+ * loginConfigURL.
+ */
+ public void loadConfig()
+ {
+ // Try to load the java.security.auth.login.config property
+ String loginConfig = System.getProperty("java.security.auth.login.config");
+ if (loginConfig == null)
+ loginConfig = "login-config.xml";
+
+ // If there is no loginConfigURL build it from the loginConfig
+ if (loginConfigURL == null)
+ {
+ try
+ {
+ // Try as a URL
+ loginConfigURL = new URL(loginConfig);
+ }
+ catch (MalformedURLException e)
+ {
+ // Try as a resource
+ try
+ {
+ setConfigResource(loginConfig);
+ }
+ catch (IOException ignore)
+ {
+ // Try as a file
+ File configFile = new File(loginConfig);
+ try
+ {
+ setConfigURL(configFile.toURL());
+ }
+ catch (MalformedURLException ignore2)
+ {
+ }
+ }
+ }
+ }
+
+ if (loginConfigURL == null)
+ {
+ log.warn("Failed to find config: " + loginConfig);
+ return;
+ }
+
+ if (log.isTraceEnabled())
+ log.trace("Begin loadConfig, loginConfigURL=" + loginConfigURL);
+ // Try to load the config if found
+ try
+ {
+ loadConfig(loginConfigURL);
+ if (log.isTraceEnabled())
+ log.trace("End loadConfig, loginConfigURL=" + loginConfigURL);
+ }
+ catch (Exception e)
+ {
+ log.warn("End loadConfig, failed to load config: " + loginConfigURL, e);
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ protected String[] loadConfig(URL config) throws Exception
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(REFRESH_PERM);
+
+ ArrayList configNames = new ArrayList();
+ log.debug("Try loading config as XML, url=" + config);
+ try
+ {
+ loadXMLConfig(config, configNames);
+ }
+ catch (Throwable e)
+ {
+ log.debug("Failed to load config as XML", e);
+ log.debug("Try loading config as Sun format, url=" + config);
+ loadSunConfig(config, configNames);
+ }
+ String[] names = new String[configNames.size()];
+ configNames.toArray(names);
+ return names;
+ }
+
+ /**
+ * Handle the case when JASPI Info may have login module stack holder which delegates to a login module stack
+ *
+ * @param aPolicy
+ */
+ private void handleJASPIDelegation(ApplicationPolicy aPolicy)
+ {
+ BaseAuthenticationInfo bai = aPolicy.getAuthenticationInfo();
+ if (bai instanceof JASPIAuthenticationInfo)
+ {
+ JASPIAuthenticationInfo jai = (JASPIAuthenticationInfo) bai;
+ LoginModuleStackHolder[] lmsharr = jai.getLoginModuleStackHolder();
+ for (LoginModuleStackHolder lmsh : lmsharr)
+ {
+ this.addAppConfig(lmsh.getName(), lmsh.getAppConfigurationEntry());
+ }
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ private void loadSunConfig(URL sunConfig, ArrayList configNames) throws Exception
+ {
+ InputStream is = sunConfig.openStream();
+ if (is == null)
+ throw new IOException("InputStream is null for: " + sunConfig);
+
+ InputStreamReader configFile = new InputStreamReader(is);
+ boolean trace = log.isTraceEnabled();
+ SunConfigParser.doParse(configFile, this, trace);
+ }
+
+ @SuppressWarnings("unchecked")
+ private void loadXMLConfig(URL loginConfigURL, ArrayList configNames) throws IOException, JBossXBException
+ {
+ LoginConfigObjectModelFactory lcomf = new SecurityConfigObjectModelFactory();
+ UsersObjectModelFactory uomf = new UsersObjectModelFactory();
+
+ InputStreamReader xmlReader = loadURL(loginConfigURL);
+ Unmarshaller unmarshaller = UnmarshallerFactory.newInstance().newUnmarshaller();
+ unmarshaller.mapFactoryToNamespace(uomf, "http://www.jboss.org/j2ee/schemas/XMLLoginModule");
+ Object root = null;
+ PolicyConfig config = (PolicyConfig) unmarshaller.unmarshal(xmlReader, lcomf, root);
+ Set<String> cnames = config.getConfigNames();
+ configNames.addAll(cnames);
+ appConfigs.copy(config);
+ // Add the config to SecurityConfiguration
+ for (String cname : cnames)
+ {
+ ApplicationPolicy ap = config.get(cname);
+ SecurityConfiguration.addApplicationPolicy(ap);
+ handleJASPIDelegation(ap);
+ }
+ }
+
+ private InputStreamReader loadURL(URL configURL) throws IOException
+ {
+ InputStream is = configURL.openStream();
+ if (is == null)
+ throw new IOException("Failed to obtain InputStream from url: " + configURL);
+ InputStreamReader xmlReader = new InputStreamReader(is);
+ return xmlReader;
+ }
+
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/AuthProviderRegistrationDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/AuthProviderRegistrationDelegate.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/AuthProviderRegistrationDelegate.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,299 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.message.config;
-
-import java.lang.reflect.Constructor;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.StringTokenizer;
-import java.util.UUID;
-
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.config.AuthConfigFactory;
-import javax.security.auth.message.config.AuthConfigProvider;
-import javax.security.auth.message.config.RegistrationListener;
-import javax.security.auth.message.config.AuthConfigFactory.RegistrationContext;
-
-import org.jboss.logging.Logger;
-
-//$Id$
-
-/**
- * Delegate that handles the AuthProvider registration for a
- * layer and an Application Context
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since May 15, 2006
- * @version $Revision$
- */
-public class AuthProviderRegistrationDelegate
-{
- private static Logger log = Logger.getLogger(AuthProviderRegistrationDelegate.class);
-
- //TODO: Improve the data structures
-
- /**
- * Map of String key to provider
- */
- private Map keyProviderMap = new HashMap();
-
- /**
- * Map of key to listener
- */
- private Map keyListenerMap = new HashMap();
-
- /**
- * Map of registration id to description
- */
- private Map idToDescriptionMap = new HashMap();
-
- /**
- * Map of registration id to key
- */
- private Map idKeyMap = new HashMap();
-
- /**
- * Map of provider to a list of registration ids
- */
- private Map providerToIDListMap = new HashMap();
-
-
- public AuthProviderRegistrationDelegate()
- {
- }
-
- /**
- * @see AuthConfigFactory#detachListener(RegistrationListener, String, String)
- */
- public String[] detachListener(RegistrationListener listener, String layer,
- String appContext)
- {
- if(listener == null)
- throw new IllegalArgumentException("listener is null");
- String[] arr = new String[0];
- String input = (layer + "_" + appContext).toUpperCase();
- String allLayer = ("NULL" + "_" + appContext).toUpperCase();
- String allContext = (layer + "_" + "NULL").toUpperCase();
- String general = "NULL" + "_" + "NULL";
-
- RegistrationListener origListener = null;
- String key = null;
- for(int i = 0 ; i < 4 && origListener == null; i++)
- {
- if(i == 0) key = input;
- if(i == 1) key = allLayer;
- if(i == 2) key = allContext;
- if(i == 3) key = general;
- origListener = (RegistrationListener)keyListenerMap.get(key);
- }
-
- if(origListener == listener)
- {
- keyListenerMap.remove(key);
- //Get the ID List
- AuthConfigProvider provider = (AuthConfigProvider)keyProviderMap.get(key);
- if(provider != null)
- {
- List list = (List)providerToIDListMap.get(provider);
- arr = new String[list.size()];
- list.toArray(arr);
- }
- }
- return arr;
- }
-
- /**
- * @see AuthConfigFactory#getConfigProvider(String, String, RegistrationListener)
- */
- public AuthConfigProvider getConfigProvider(String layer, String appContext,
- RegistrationListener listener)
- {
- if(appContext == null)
- appContext = " ";
- String input = (layer + "_" + appContext).toUpperCase();
- String allLayer = ("NULL" + "_" + appContext).toUpperCase();
- String allContext = (layer + "_" + "NULL").toUpperCase();
- String general = "NULL" + "_" + "NULL";
- String blank = (layer + "_" + " ").toUpperCase();
-
- AuthConfigProvider acp = null;
- String key = null;
- for(int i = 0 ; i < 5 && acp == null; i++)
- {
- if(i == 0) key = input;
- if(i == 1) key = allLayer;
- if(i == 2) key = allContext;
- if(i == 3) key = general;
- if(i == 4) key = blank;
- acp = (AuthConfigProvider)keyProviderMap.get(key);
- }
- if(acp != null && listener != null)
- this.keyListenerMap.put(key,listener);
-
- return acp;
- }
-
- /**
- * @see AuthConfigFactory#getRegistrationContext(String)
- */
- public RegistrationContext getRegistrationContext(String registrationID)
- {
- final String description = (String)idToDescriptionMap.get(registrationID);
- String key = (String)idKeyMap.get(registrationID);
- StringTokenizer st = new StringTokenizer(key, "_");
- if(st.countTokens() < 2)
- throw new IllegalStateException("Invalid key obtained="+key);
- final String layer = st.nextToken();
- final String appCtx = st.nextToken();
-
- return new RegistrationContext()
- {
- public String getAppContext()
- {
- return appCtx.equals("NULL") ? null : appCtx;
- }
-
- public String getDescription()
- {
- return description;
- }
-
- public String getMessageLayer()
- {
- return layer.equals("NULL")? null : layer;
- }
-
- public boolean isPersistent()
- {
- return false;
- }
- };
- }
-
- /**
- * @see AuthConfigFactory#getRegistrationIDs(AuthConfigProvider)
- */
- public String[] getRegistrationIDs(AuthConfigProvider provider)
- {
- List al = new ArrayList();
- if(provider == null)
- {
- al.addAll(idToDescriptionMap.keySet());
- }
- else
- {
- List list = (List)this.providerToIDListMap.get(provider);
- if(list != null)
- al.addAll(list);
- }
- String[] sarr = new String[al.size()];
- al.toArray(sarr);
- return sarr;
- }
-
- /**
- * @see AuthConfigFactory#registerConfigProvider(String, Map, String, String, String)
- */
- public String registerConfigProvider(String className, Map properties,
- String layer, String appContext, String description)
- throws AuthException, SecurityException
- {
- if(className == null || className.length() == 0)
- throw new IllegalArgumentException("className is null or zero length");
-
- //Instantiate the provider
- AuthConfigProvider acp = null;
- try
- {
- Class provClass = SecurityActions.getContextClassLoader().loadClass(className);
- Constructor ctr = provClass.getConstructor(new Class[] {Map.class});
- acp = (AuthConfigProvider)ctr.newInstance(new Object[] {properties});
- }
- catch(Exception e)
- {
- log.error("Cannot register provider:"+className+":",e);
- throw new AuthException("Cannot register Provider "+ className + ":reason="+e);
- }
-
- return this.registerConfigProvider(acp, layer, appContext, description);
- }
-
- public String registerConfigProvider(AuthConfigProvider provider,
- String layer, String appContext, String description)
- {
- if(provider == null)
- throw new IllegalArgumentException("provider is null");
-
- StringBuilder key = new StringBuilder();
- key.append(layer == null ? "NULL" : layer.toUpperCase());
- key.append("_");
- key.append(appContext == null ? "NULL" : appContext.toUpperCase());
-
- String keystr = key.toString();
- keyProviderMap.put(keystr,provider);
-
- //Generate a GUID
- UUID guid = UUID.randomUUID();
- String providerID = guid.toString();
- this.idKeyMap.put(providerID, keystr);
- List list = (List)this.providerToIDListMap.get(provider);
- if(list == null)
- {
- list = new ArrayList();
- }
- list.add(providerID);
- this.providerToIDListMap.put(provider,list);
- if(description != null)
- this.idToDescriptionMap.put(providerID, description);
-
- //Check if their is a pre-existing listener
- RegistrationListener listener = (RegistrationListener)keyListenerMap.get(keystr);
- if(listener != null)
- listener.notify(layer,appContext);
-
- return providerID;
- }
-
- /**
- * @see AuthConfigFactory#removeRegistration(String)
- */
- public boolean removeRegistration(String registrationID)
- {
- if(registrationID == null)
- throw new IllegalArgumentException("registrationID is null");
-
- String key = (String)idKeyMap.get(registrationID);
- if(key != null)
- {
- RegistrationListener listener = (RegistrationListener)this.keyListenerMap.get(key);
- RegistrationContext rc = this.getRegistrationContext(registrationID);
-
- this.keyProviderMap.remove(key);
- //Notify the listener of the change
- if(listener != null)
- listener.notify(rc.getMessageLayer(),rc.getAppContext());
- return true;
- }
- return false;
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/AuthProviderRegistrationDelegate.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/AuthProviderRegistrationDelegate.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/AuthProviderRegistrationDelegate.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/AuthProviderRegistrationDelegate.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,305 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.message.config;
+
+import java.lang.reflect.Constructor;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.StringTokenizer;
+import java.util.UUID;
+
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.config.AuthConfigFactory;
+import javax.security.auth.message.config.AuthConfigProvider;
+import javax.security.auth.message.config.RegistrationListener;
+import javax.security.auth.message.config.AuthConfigFactory.RegistrationContext;
+
+import org.jboss.logging.Logger;
+
+//$Id$
+
+/**
+ * Delegate that handles the AuthProvider registration for a
+ * layer and an Application Context
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since May 15, 2006
+ * @version $Revision$
+ */
+public class AuthProviderRegistrationDelegate
+{
+ private static Logger log = Logger.getLogger(AuthProviderRegistrationDelegate.class);
+
+ //TODO: Improve the data structures
+
+ /**
+ * Map of String key to provider
+ */
+ private Map<String,AuthConfigProvider> keyProviderMap = new HashMap<String,AuthConfigProvider>();
+
+ /**
+ * Map of key to listener
+ */
+ private Map<String,RegistrationListener> keyListenerMap = new HashMap<String,RegistrationListener>();
+
+ /**
+ * Map of registration id to description
+ */
+ private Map<String,String> idToDescriptionMap = new HashMap<String,String>();
+
+ /**
+ * Map of registration id to key
+ */
+ private Map<String,String> idKeyMap = new HashMap<String,String>();
+
+ /**
+ * Map of provider to a list of registration ids
+ */
+ private Map<AuthConfigProvider,List<String>> providerToIDListMap =
+ new HashMap<AuthConfigProvider,List<String>>();
+
+
+ public AuthProviderRegistrationDelegate()
+ {
+ }
+
+ /**
+ * @see AuthConfigFactory#detachListener(RegistrationListener, String, String)
+ */
+ @SuppressWarnings("unchecked")
+ public String[] detachListener(RegistrationListener listener, String layer,
+ String appContext)
+ {
+ if(listener == null)
+ throw new IllegalArgumentException("listener is null");
+ String[] arr = new String[0];
+ String input = (layer + "_" + appContext).toUpperCase();
+ String allLayer = ("NULL" + "_" + appContext).toUpperCase();
+ String allContext = (layer + "_" + "NULL").toUpperCase();
+ String general = "NULL" + "_" + "NULL";
+
+ RegistrationListener origListener = null;
+ String key = null;
+ for(int i = 0 ; i < 4 && origListener == null; i++)
+ {
+ if(i == 0) key = input;
+ if(i == 1) key = allLayer;
+ if(i == 2) key = allContext;
+ if(i == 3) key = general;
+ origListener = (RegistrationListener)keyListenerMap.get(key);
+ }
+
+ if(origListener == listener)
+ {
+ keyListenerMap.remove(key);
+ //Get the ID List
+ AuthConfigProvider provider = (AuthConfigProvider)keyProviderMap.get(key);
+ if(provider != null)
+ {
+ List list = (List)providerToIDListMap.get(provider);
+ arr = new String[list.size()];
+ list.toArray(arr);
+ }
+ }
+ return arr;
+ }
+
+ /**
+ * @see AuthConfigFactory#getConfigProvider(String, String, RegistrationListener)
+ */
+ @SuppressWarnings("unchecked")
+ public AuthConfigProvider getConfigProvider(String layer, String appContext,
+ RegistrationListener listener)
+ {
+ if(appContext == null)
+ appContext = " ";
+ String input = (layer + "_" + appContext).toUpperCase();
+ String allLayer = ("NULL" + "_" + appContext).toUpperCase();
+ String allContext = (layer + "_" + "NULL").toUpperCase();
+ String general = "NULL" + "_" + "NULL";
+ String blank = (layer + "_" + " ").toUpperCase();
+
+ AuthConfigProvider acp = null;
+ String key = null;
+ for(int i = 0 ; i < 5 && acp == null; i++)
+ {
+ if(i == 0) key = input;
+ if(i == 1) key = allLayer;
+ if(i == 2) key = allContext;
+ if(i == 3) key = general;
+ if(i == 4) key = blank;
+ acp = (AuthConfigProvider)keyProviderMap.get(key);
+ }
+ if(acp != null && listener != null)
+ this.keyListenerMap.put(key,listener);
+
+ return acp;
+ }
+
+ /**
+ * @see AuthConfigFactory#getRegistrationContext(String)
+ */
+ public RegistrationContext getRegistrationContext(String registrationID)
+ {
+ final String description = (String)idToDescriptionMap.get(registrationID);
+ String key = (String)idKeyMap.get(registrationID);
+ StringTokenizer st = new StringTokenizer(key, "_");
+ if(st.countTokens() < 2)
+ throw new IllegalStateException("Invalid key obtained="+key);
+ final String layer = st.nextToken();
+ final String appCtx = st.nextToken();
+
+ return new RegistrationContext()
+ {
+ public String getAppContext()
+ {
+ return appCtx.equals("NULL") ? null : appCtx;
+ }
+
+ public String getDescription()
+ {
+ return description;
+ }
+
+ public String getMessageLayer()
+ {
+ return layer.equals("NULL")? null : layer;
+ }
+
+ public boolean isPersistent()
+ {
+ return false;
+ }
+ };
+ }
+
+ /**
+ * @see AuthConfigFactory#getRegistrationIDs(AuthConfigProvider)
+ */
+ @SuppressWarnings("unchecked")
+ public String[] getRegistrationIDs(AuthConfigProvider provider)
+ {
+ List al = new ArrayList();
+ if(provider == null)
+ {
+ al.addAll(idToDescriptionMap.keySet());
+ }
+ else
+ {
+ List list = (List)this.providerToIDListMap.get(provider);
+ if(list != null)
+ al.addAll(list);
+ }
+ String[] sarr = new String[al.size()];
+ al.toArray(sarr);
+ return sarr;
+ }
+
+ /**
+ * @see AuthConfigFactory#registerConfigProvider(String, Map, String, String, String)
+ */
+ @SuppressWarnings("unchecked")
+ public String registerConfigProvider(String className, Map properties,
+ String layer, String appContext, String description)
+ throws AuthException, SecurityException
+ {
+ if(className == null || className.length() == 0)
+ throw new IllegalArgumentException("className is null or zero length");
+
+ //Instantiate the provider
+ AuthConfigProvider acp = null;
+ try
+ {
+ Class provClass = SecurityActions.getContextClassLoader().loadClass(className);
+ Constructor ctr = provClass.getConstructor(new Class[] {Map.class});
+ acp = (AuthConfigProvider)ctr.newInstance(new Object[] {properties});
+ }
+ catch(Exception e)
+ {
+ log.error("Cannot register provider:"+className+":",e);
+ throw new AuthException("Cannot register Provider "+ className + ":reason="+e);
+ }
+
+ return this.registerConfigProvider(acp, layer, appContext, description);
+ }
+
+ @SuppressWarnings("unchecked")
+ public String registerConfigProvider(AuthConfigProvider provider,
+ String layer, String appContext, String description)
+ {
+ if(provider == null)
+ throw new IllegalArgumentException("provider is null");
+
+ StringBuilder key = new StringBuilder();
+ key.append(layer == null ? "NULL" : layer.toUpperCase());
+ key.append("_");
+ key.append(appContext == null ? "NULL" : appContext.toUpperCase());
+
+ String keystr = key.toString();
+ keyProviderMap.put(keystr,provider);
+
+ //Generate a GUID
+ UUID guid = UUID.randomUUID();
+ String providerID = guid.toString();
+ this.idKeyMap.put(providerID, keystr);
+ List list = (List)this.providerToIDListMap.get(provider);
+ if(list == null)
+ {
+ list = new ArrayList();
+ }
+ list.add(providerID);
+ this.providerToIDListMap.put(provider,list);
+ if(description != null)
+ this.idToDescriptionMap.put(providerID, description);
+
+ //Check if their is a pre-existing listener
+ RegistrationListener listener = (RegistrationListener)keyListenerMap.get(keystr);
+ if(listener != null)
+ listener.notify(layer,appContext);
+
+ return providerID;
+ }
+
+ /**
+ * @see AuthConfigFactory#removeRegistration(String)
+ */
+ public boolean removeRegistration(String registrationID)
+ {
+ if(registrationID == null)
+ throw new IllegalArgumentException("registrationID is null");
+
+ String key = (String)idKeyMap.get(registrationID);
+ if(key != null)
+ {
+ RegistrationListener listener = (RegistrationListener)this.keyListenerMap.get(key);
+ RegistrationContext rc = this.getRegistrationContext(registrationID);
+
+ this.keyProviderMap.remove(key);
+ //Notify the listener of the change
+ if(listener != null)
+ listener.notify(rc.getMessageLayer(),rc.getAppContext());
+ return true;
+ }
+ return false;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,120 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.message.config;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.config.AuthConfigFactory;
-import javax.security.auth.message.config.AuthConfigProvider;
-import javax.security.auth.message.config.RegistrationListener;
-
-//$Id$
-
-/**
- * Default Authentication Configuration Factory
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since May 15, 2006
- * @version $Revision$
- */
-public class JBossAuthConfigFactory extends AuthConfigFactory
-{
- private AuthProviderRegistrationDelegate delegate = null;
-
- public JBossAuthConfigFactory()
- {
- delegate = new AuthProviderRegistrationDelegate();
- Map props = new HashMap();
- JBossAuthConfigProvider provider = new JBossAuthConfigProvider(props);
- //register a few default providers for the layers
- delegate.registerConfigProvider(provider, "HTTP", " ", "Default Provider");
- delegate.registerConfigProvider(provider, "HttpServlet", " ", "Default Provider");
- }
-
- /**
- * @see AuthConfigFactory#detachListener(RegistrationListener, String, String)
- */
- public String[] detachListener(RegistrationListener listener, String layer,
- String appContext)
- {
- return delegate.detachListener(listener,layer,appContext);
- }
-
- /**
- * @see AuthConfigFactory#getConfigProvider(String, String, RegistrationListener)
- */
- public AuthConfigProvider getConfigProvider(String layer, String appContext,
- RegistrationListener listener)
- {
- return delegate.getConfigProvider(layer, appContext, listener);
- }
-
- /**
- * @see AuthConfigFactory#getRegistrationContext(String)
- */
- public RegistrationContext getRegistrationContext(String registrationID)
- {
- return delegate.getRegistrationContext(registrationID);
- }
-
- /**
- * @see AuthConfigFactory#getRegistrationIDs(AuthConfigProvider)
- */
- public String[] getRegistrationIDs(AuthConfigProvider provider)
- {
- return delegate.getRegistrationIDs(provider);
- }
-
- /**
- * @see AuthConfigFactory#refresh()
- */
- public void refresh() throws AuthException, SecurityException
- {
- }
-
- /**
- * @see AuthConfigFactory#registerConfigProvider(String, Map, String, String, String)
- */
- public String registerConfigProvider(String className, Map properties,
- String layer, String appContext, String description)
- throws AuthException, SecurityException
- {
- return delegate.registerConfigProvider(className, properties,
- layer, appContext, description);
- }
-
- /**
- * @see AuthConfigFactory#removeRegistration(String)
- */
- public boolean removeRegistration(String registrationID)
- {
- return delegate.removeRegistration(registrationID);
- }
-
- @Override
- public String registerConfigProvider(AuthConfigProvider provider,
- String layer, String appContext, String description)
- {
- return delegate.registerConfigProvider(provider, layer, appContext, description);
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,121 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.message.config;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.config.AuthConfigFactory;
+import javax.security.auth.message.config.AuthConfigProvider;
+import javax.security.auth.message.config.RegistrationListener;
+
+//$Id$
+
+/**
+ * Default Authentication Configuration Factory
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since May 15, 2006
+ * @version $Revision$
+ */
+public class JBossAuthConfigFactory extends AuthConfigFactory
+{
+ private AuthProviderRegistrationDelegate delegate = null;
+
+ public JBossAuthConfigFactory()
+ {
+ delegate = new AuthProviderRegistrationDelegate();
+ Map<String,Object> props = new HashMap<String,Object>();
+ JBossAuthConfigProvider provider = new JBossAuthConfigProvider(props);
+ //register a few default providers for the layers
+ delegate.registerConfigProvider(provider, "HTTP", " ", "Default Provider");
+ delegate.registerConfigProvider(provider, "HttpServlet", " ", "Default Provider");
+ }
+
+ /**
+ * @see AuthConfigFactory#detachListener(RegistrationListener, String, String)
+ */
+ public String[] detachListener(RegistrationListener listener, String layer,
+ String appContext)
+ {
+ return delegate.detachListener(listener,layer,appContext);
+ }
+
+ /**
+ * @see AuthConfigFactory#getConfigProvider(String, String, RegistrationListener)
+ */
+ public AuthConfigProvider getConfigProvider(String layer, String appContext,
+ RegistrationListener listener)
+ {
+ return delegate.getConfigProvider(layer, appContext, listener);
+ }
+
+ /**
+ * @see AuthConfigFactory#getRegistrationContext(String)
+ */
+ public RegistrationContext getRegistrationContext(String registrationID)
+ {
+ return delegate.getRegistrationContext(registrationID);
+ }
+
+ /**
+ * @see AuthConfigFactory#getRegistrationIDs(AuthConfigProvider)
+ */
+ public String[] getRegistrationIDs(AuthConfigProvider provider)
+ {
+ return delegate.getRegistrationIDs(provider);
+ }
+
+ /**
+ * @see AuthConfigFactory#refresh()
+ */
+ public void refresh() throws AuthException, SecurityException
+ {
+ }
+
+ /**
+ * @see AuthConfigFactory#registerConfigProvider(String, Map, String, String, String)
+ */
+ @SuppressWarnings("unchecked")
+ public String registerConfigProvider(String className, Map properties,
+ String layer, String appContext, String description)
+ throws AuthException, SecurityException
+ {
+ return delegate.registerConfigProvider(className, properties,
+ layer, appContext, description);
+ }
+
+ /**
+ * @see AuthConfigFactory#removeRegistration(String)
+ */
+ public boolean removeRegistration(String registrationID)
+ {
+ return delegate.removeRegistration(registrationID);
+ }
+
+ @Override
+ public String registerConfigProvider(AuthConfigProvider provider,
+ String layer, String appContext, String description)
+ {
+ return delegate.registerConfigProvider(provider, layer, appContext, description);
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigProvider.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigProvider.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigProvider.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,122 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.message.config;
-
-import java.util.Map;
-
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.config.AuthConfigProvider;
-import javax.security.auth.message.config.ClientAuthConfig;
-import javax.security.auth.message.config.ServerAuthConfig;
-
-import org.jboss.logging.Logger;
-
-//$Id$
-
-/**
- * Default Auth Config Provider
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since May 15, 2006
- * @version $Revision$
- */
-public class JBossAuthConfigProvider implements AuthConfigProvider
-{
- private static Logger log = Logger.getLogger(JBossAuthConfigProvider.class);
- private Map contextProperties = null;
- private String cbhProperty = "authconfigprovider.client.callbackhandler";
-
- /**
- * Create a new JBossAuthConfigProvider.
- *
- * @param props Context Properties
- */
- public JBossAuthConfigProvider(Map props)
- {
- this.contextProperties = props;
- }
- /**
- * @see AuthConfigProvider#getClientAuthConfig(String, String, CallbackHandler)
- */
- public ClientAuthConfig getClientAuthConfig(String layer, String appContext,
- CallbackHandler handler) throws AuthException
- {
- //TODO: Throw SecurityException if user has no perms
- if(handler == null)
- {
- try
- {
- handler = this.instantiateCallbackHandler();
- }
- catch(Exception e)
- {
- log.error("Exception in instantiating callback handler:",e);
- throw new AuthException(e.getMessage());
- }
- }
-
-
- return new JBossClientAuthConfig(layer,appContext, handler, contextProperties);
- }
-
- /**
- * @see AuthConfigProvider#getServerAuthConfig(String, String, CallbackHandler)
- */
- public ServerAuthConfig getServerAuthConfig(String layer, String appContext,
- CallbackHandler handler) throws AuthException
- {
- //TODO: Throw SecurityException if user has no perms
- if(handler == null)
- {
- try
- {
- handler = this.instantiateCallbackHandler();
- }
- catch(Exception e)
- {
- log.error("Exception in instantiating callback handler:",e);
- throw new AuthException(e.getMessage());
- }
- }
- return new JBossServerAuthConfig(layer,appContext, handler, contextProperties);
- }
-
- /**
- * @see AuthConfigProvider#refresh()
- */
- public void refresh() throws AuthException, SecurityException
- {
- }
-
- //Private Methods
- private CallbackHandler instantiateCallbackHandler() throws Exception
- {
- String cbhClass = System.getProperty(cbhProperty);
- if(cbhClass == null)
- throw new IllegalStateException("CallbackHandler not defined by system property "+
- cbhProperty);
- ClassLoader cl = SecurityActions.getContextClassLoader();
- Class cls = cl.loadClass(cbhClass);
-
- return (CallbackHandler)cls.newInstance();
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigProvider.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigProvider.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigProvider.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigProvider.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,122 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.message.config;
+
+import java.util.Map;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.config.AuthConfigProvider;
+import javax.security.auth.message.config.ClientAuthConfig;
+import javax.security.auth.message.config.ServerAuthConfig;
+
+import org.jboss.logging.Logger;
+
+//$Id$
+
+/**
+ * Default Auth Config Provider
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since May 15, 2006
+ * @version $Revision$
+ */
+public class JBossAuthConfigProvider implements AuthConfigProvider
+{
+ private static Logger log = Logger.getLogger(JBossAuthConfigProvider.class);
+ private Map<String,Object> contextProperties = null;
+ private String cbhProperty = "authconfigprovider.client.callbackhandler";
+
+ /**
+ * Create a new JBossAuthConfigProvider.
+ *
+ * @param props Context Properties
+ */
+ public JBossAuthConfigProvider(Map<String,Object> props)
+ {
+ this.contextProperties = props;
+ }
+ /**
+ * @see AuthConfigProvider#getClientAuthConfig(String, String, CallbackHandler)
+ */
+ public ClientAuthConfig getClientAuthConfig(String layer, String appContext,
+ CallbackHandler handler) throws AuthException
+ {
+ //TODO: Throw SecurityException if user has no perms
+ if(handler == null)
+ {
+ try
+ {
+ handler = this.instantiateCallbackHandler();
+ }
+ catch(Exception e)
+ {
+ log.error("Exception in instantiating callback handler:",e);
+ throw new AuthException(e.getMessage());
+ }
+ }
+
+
+ return new JBossClientAuthConfig(layer,appContext, handler, contextProperties);
+ }
+
+ /**
+ * @see AuthConfigProvider#getServerAuthConfig(String, String, CallbackHandler)
+ */
+ public ServerAuthConfig getServerAuthConfig(String layer, String appContext,
+ CallbackHandler handler) throws AuthException
+ {
+ //TODO: Throw SecurityException if user has no perms
+ if(handler == null)
+ {
+ try
+ {
+ handler = this.instantiateCallbackHandler();
+ }
+ catch(Exception e)
+ {
+ log.error("Exception in instantiating callback handler:",e);
+ throw new AuthException(e.getMessage());
+ }
+ }
+ return new JBossServerAuthConfig(layer,appContext, handler, contextProperties);
+ }
+
+ /**
+ * @see AuthConfigProvider#refresh()
+ */
+ public void refresh() throws AuthException, SecurityException
+ {
+ }
+
+ //Private Methods
+ private CallbackHandler instantiateCallbackHandler() throws Exception
+ {
+ String cbhClass = System.getProperty(cbhProperty);
+ if(cbhClass == null)
+ throw new IllegalStateException("CallbackHandler not defined by system property "+
+ cbhProperty);
+ ClassLoader cl = SecurityActions.getContextClassLoader();
+ Class<?> cls = cl.loadClass(cbhClass);
+
+ return (CallbackHandler)cls.newInstance();
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthConfig.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthConfig.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthConfig.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,123 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.message.config;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.MessageInfo;
-import javax.security.auth.message.config.AuthConfig;
-import javax.security.auth.message.config.ClientAuthConfig;
-import javax.security.auth.message.config.ClientAuthContext;
-
-//$Id$
-
-/**
- * Default Client Authentication Configuration
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since May 15, 2006
- * @version $Revision$
- */
-public class JBossClientAuthConfig implements ClientAuthConfig
-{
- private String layer = null;
- private String contextId = null;
- private CallbackHandler callbackHandler = null;
- private List modules = new ArrayList();
- private Map contextProperties;
-
- /**
- * Create a new JBossClientAuthConfig.
- *
- * @param layer Message Layer
- * @param appContext Application Context
- * @param handler Callback Handler to be passed to auth modules
- * @param properties Contextual properties
- */
- public JBossClientAuthConfig(String layer, String appContext,
- CallbackHandler handler, Map properties)
- {
- this.layer = layer;
- this.contextId = appContext;
- this.callbackHandler = handler;
- this.contextProperties = properties;
- }
-
- /**
- * @see ClientAuthConfig#getAuthContext(String, Map)
- */
- public ClientAuthContext getAuthContext(String authContextID,
- Subject clientSubject, Map properties)
- throws AuthException
- {
- return new JBossClientAuthContext(this);
- }
-
- /**
- * @see AuthConfig#getMessageLayer()
- */
- public String getMessageLayer()
- {
- return this.layer;
- }
-
- /**
- * @see AuthConfig#getOperation(AuthParam)
- */
- public String getOperation(MessageInfo messageInfo)
- {
- throw new IllegalStateException("Not Implemented");
- }
-
- /**
- * @see AuthConfig#refresh()
- */
- public void refresh() throws AuthException, SecurityException
- {
- }
-
- //Custom Methods
- public List getClientAuthModules()
- {
- return modules ;
- }
-
-
- public String getAppContext()
- {
- return this.contextId;
- }
-
- public String getAuthContextID(MessageInfo messageInfo)
- {
- throw new RuntimeException("Not Implemented");
- }
-
- public boolean isProtected()
- {
- throw new RuntimeException("Not Implemented");
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthConfig.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthConfig.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthConfig.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthConfig.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,129 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.message.config;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.AuthConfig;
+import javax.security.auth.message.config.ClientAuthConfig;
+import javax.security.auth.message.config.ClientAuthContext;
+
+//$Id$
+
+/**
+ * Default Client Authentication Configuration
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since May 15, 2006
+ * @version $Revision$
+ */
+public class JBossClientAuthConfig implements ClientAuthConfig
+{
+ private String layer = null;
+ private String contextId = null;
+ @SuppressWarnings("unused")
+ private CallbackHandler callbackHandler = null;
+ @SuppressWarnings("unchecked")
+ private List modules = new ArrayList();
+ @SuppressWarnings({"unchecked", "unused"})
+ private Map contextProperties;
+
+ /**
+ * Create a new JBossClientAuthConfig.
+ *
+ * @param layer Message Layer
+ * @param appContext Application Context
+ * @param handler Callback Handler to be passed to auth modules
+ * @param properties Contextual properties
+ */
+ @SuppressWarnings("unchecked")
+ public JBossClientAuthConfig(String layer, String appContext,
+ CallbackHandler handler, Map properties)
+ {
+ this.layer = layer;
+ this.contextId = appContext;
+ this.callbackHandler = handler;
+ this.contextProperties = properties;
+ }
+
+ /**
+ * @see ClientAuthConfig#getAuthContext(String, Map)
+ */
+ @SuppressWarnings("unchecked")
+ public ClientAuthContext getAuthContext(String authContextID,
+ Subject clientSubject, Map properties)
+ throws AuthException
+ {
+ return new JBossClientAuthContext(this);
+ }
+
+ /**
+ * @see AuthConfig#getMessageLayer()
+ */
+ public String getMessageLayer()
+ {
+ return this.layer;
+ }
+
+ /**
+ * @see AuthConfig#getOperation(AuthParam)
+ */
+ public String getOperation(MessageInfo messageInfo)
+ {
+ throw new IllegalStateException("Not Implemented");
+ }
+
+ /**
+ * @see AuthConfig#refresh()
+ */
+ public void refresh() throws AuthException, SecurityException
+ {
+ }
+
+ //Custom Methods
+ @SuppressWarnings("unchecked")
+ public List getClientAuthModules()
+ {
+ return modules ;
+ }
+
+
+ public String getAppContext()
+ {
+ return this.contextId;
+ }
+
+ public String getAuthContextID(MessageInfo messageInfo)
+ {
+ throw new RuntimeException("Not Implemented");
+ }
+
+ public boolean isProtected()
+ {
+ throw new RuntimeException("Not Implemented");
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthContext.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthContext.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthContext.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,106 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.message.config;
-
-import java.util.Iterator;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.ClientAuth;
-import javax.security.auth.message.MessageInfo;
-import javax.security.auth.message.config.ClientAuthContext;
-import javax.security.auth.message.module.ClientAuthModule;
-
-//$Id$
-
-/**
- * Default Client Authentication Context
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since May 17, 2006
- * @version $Revision$
- */
-public class JBossClientAuthContext implements ClientAuthContext
-{
- private JBossClientAuthConfig config;
-
- /**
- * Create a new JBossClientAuthContext.
- *
- * @param config Client Auth Config
- */
- public JBossClientAuthContext(JBossClientAuthConfig config)
- {
- if(config == null)
- throw new IllegalArgumentException("config is null");
- this.config = config;
- }
-
- /**
- * @see ClientAuth#cleanSubject(Subject, Map)
- */
- public void cleanSubject(MessageInfo messageInfo, Subject subject)
- throws AuthException
- {
- AuthStatus status = null;
- Iterator iter = config.getClientAuthModules().iterator();
- while(iter.hasNext())
- {
- ((ClientAuthModule)iter.next()).cleanSubject(messageInfo,subject);
- }
- }
-
- /**
- * @see ClientAuth#secureRequest(AuthParam, Subject, Map)
- */
- public AuthStatus secureRequest(MessageInfo messageInfo, Subject clientSubject) throws AuthException
- {
- Iterator iter = config.getClientAuthModules().iterator();
- AuthStatus status = null;
- while(iter.hasNext())
- {
- status = ((ClientAuthModule)iter.next()).secureRequest(messageInfo,clientSubject);
- if(status == AuthStatus.FAILURE)
- break;
- }
- return status;
- }
-
- /**
- * @see ClientAuth#validateResponse(AuthParam, Subject, Subject, Map)
- */
- public AuthStatus validateResponse(MessageInfo messageInfo, Subject clientSubject,
- Subject serviceSubject) throws AuthException
- {
- Iterator iter = config.getClientAuthModules().iterator();
- AuthStatus status = null;
- while(iter.hasNext())
- {
- status = ((ClientAuthModule)iter.next()).validateResponse(messageInfo,clientSubject,
- serviceSubject);
- if(status == AuthStatus.FAILURE)
- break;
- }
- return status;
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthContext.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthContext.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthContext.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthContext.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,108 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.message.config;
+
+import java.util.Iterator;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.ClientAuth;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.ClientAuthContext;
+import javax.security.auth.message.module.ClientAuthModule;
+
+//$Id$
+
+/**
+ * Default Client Authentication Context
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since May 17, 2006
+ * @version $Revision$
+ */
+public class JBossClientAuthContext implements ClientAuthContext
+{
+ private JBossClientAuthConfig config;
+
+ /**
+ * Create a new JBossClientAuthContext.
+ *
+ * @param config Client Auth Config
+ */
+ public JBossClientAuthContext(JBossClientAuthConfig config)
+ {
+ if(config == null)
+ throw new IllegalArgumentException("config is null");
+ this.config = config;
+ }
+
+ /**
+ * @see ClientAuth#cleanSubject(Subject, Map)
+ */
+ @SuppressWarnings("unchecked")
+ public void cleanSubject(MessageInfo messageInfo, Subject subject)
+ throws AuthException
+ {
+ Iterator iter = config.getClientAuthModules().iterator();
+ while(iter.hasNext())
+ {
+ ((ClientAuthModule)iter.next()).cleanSubject(messageInfo,subject);
+ }
+ }
+
+ /**
+ * @see ClientAuth#secureRequest(AuthParam, Subject, Map)
+ */
+ @SuppressWarnings("unchecked")
+ public AuthStatus secureRequest(MessageInfo messageInfo, Subject clientSubject) throws AuthException
+ {
+ Iterator iter = config.getClientAuthModules().iterator();
+ AuthStatus status = null;
+ while(iter.hasNext())
+ {
+ status = ((ClientAuthModule)iter.next()).secureRequest(messageInfo,clientSubject);
+ if(status == AuthStatus.FAILURE)
+ break;
+ }
+ return status;
+ }
+
+ /**
+ * @see ClientAuth#validateResponse(AuthParam, Subject, Subject, Map)
+ */
+ @SuppressWarnings("unchecked")
+ public AuthStatus validateResponse(MessageInfo messageInfo, Subject clientSubject,
+ Subject serviceSubject) throws AuthException
+ {
+ Iterator iter = config.getClientAuthModules().iterator();
+ AuthStatus status = null;
+ while(iter.hasNext())
+ {
+ status = ((ClientAuthModule)iter.next()).validateResponse(messageInfo,clientSubject,
+ serviceSubject);
+ if(status == AuthStatus.FAILURE)
+ break;
+ }
+ return status;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthConfig.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthConfig.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthConfig.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,212 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.message.config;
-
-import java.lang.reflect.Constructor;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.MessageInfo;
-import javax.security.auth.message.config.AuthConfig;
-import javax.security.auth.message.config.ServerAuthConfig;
-import javax.security.auth.message.config.ServerAuthContext;
-import javax.security.auth.message.module.ServerAuthModule;
-
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.auth.callback.SecurityAssociationHandler;
-import org.jboss.security.auth.container.config.AuthModuleEntry;
-import org.jboss.security.auth.container.modules.DelegatingServerAuthModule;
-import org.jboss.security.auth.login.AuthenticationInfo;
-import org.jboss.security.auth.login.BaseAuthenticationInfo;
-import org.jboss.security.auth.login.JASPIAuthenticationInfo;
-import org.jboss.security.config.ApplicationPolicy;
-import org.jboss.security.config.SecurityConfiguration;
-
-//$Id$
-
-/**
- * Provides configuration for the server side
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since May 15, 2006
- * @version $Revision$
- */
-public class JBossServerAuthConfig implements ServerAuthConfig
-{
- private String layer;
- private String contextId;
- private CallbackHandler callbackHandler;
- private List modules = new ArrayList();
- private Map contextProperties;
-
- /**
- * Create a new JBossServerAuthConfig.
- *
- * @param layer Message Layer
- * @param appContext Application Context
- * @param handler Callback Handler that will be passed to the modules
- * @param properties Context Properties
- */
- public JBossServerAuthConfig(String layer, String appContext,
- CallbackHandler handler, Map properties)
- {
- this.layer = layer;
- this.contextId = appContext;
- this.callbackHandler = handler;
- this.contextProperties = properties;
- }
-
- /**
- * @see ServerAuthConfig#getAuthContext(String, Map)
- */
- public ServerAuthContext getAuthContext(String authContextID,
- Subject serviceSubject, Map properties)
- throws AuthException
- {
- Map<String,Map> mapOptionsByName = new HashMap<String,Map>();
- SecurityContext securityContext = SecurityActions.getSecurityContext();
- if(securityContext == null)
- throw new IllegalStateException("Security Context is null");
- String secDomain = securityContext.getSecurityDomain();
-
- String defaultAppDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
- //Get the modules from the SecurityConfiguration
- ApplicationPolicy ap = SecurityConfiguration.getApplicationPolicy(secDomain);
- if(ap == null)
- {
- ap = SecurityConfiguration.getApplicationPolicy(defaultAppDomain);
- }
- if(ap == null)
- throw new IllegalStateException("No Application Policy found");
- BaseAuthenticationInfo bai = ap.getAuthenticationInfo();
- if(bai == null)
- throw new IllegalStateException("Authentication Info not set in security domain="+ secDomain
- + " or "+ defaultAppDomain);
-
- if(bai instanceof AuthenticationInfo)
- {
- //Need to get a wrapper
- ServerAuthModule sam = new DelegatingServerAuthModule();
- Map options = new HashMap();
- options.put("javax.security.auth.login.LoginContext", secDomain); //Name of sec domain
- sam.initialize(null, null, new SecurityAssociationHandler(), options);
- modules.add(sam);
- }
- else
- {
- JASPIAuthenticationInfo jai = (JASPIAuthenticationInfo)bai;
- AuthModuleEntry[] amearr = jai.getAuthModuleEntry();
- for(AuthModuleEntry ame: amearr)
- {
- if(ame.getLoginModuleStackHolderName() != null)
- {
- try
- {
- mapOptionsByName.put(ame.getAuthModuleName(), ame.getOptions());
-
- modules.add(this.createSAM(ame.getAuthModuleName(),
- ame.getLoginModuleStackHolderName()));
- }
- catch (Exception e)
- {
- throw new AuthException(e.getLocalizedMessage());
- }
- }
- else
- {
- try
- {
- mapOptionsByName.put(ame.getAuthModuleName(), ame.getOptions());
- modules.add(this.createSAM(ame.getAuthModuleName()));
- }
- catch (Exception e)
- {
- throw new AuthException(e.getLocalizedMessage());
- }
- }
- }
- }
-
- return new JBossServerAuthContext(modules, mapOptionsByName, this.callbackHandler);
- }
-
- /**
- * @see AuthConfig#getContextID()
- */
- public String getAppContext()
- {
- return this.contextId;
- }
-
- /**
- * @see AuthConfig#getMessageLayer()
- */
- public String getMessageLayer()
- {
- return this.layer;
- }
-
-
- /**
- * @see AuthConfig#refresh()
- */
- public void refresh() throws AuthException, SecurityException
- {
- }
-
- //Custom Methods
- public List getServerAuthModules()
- {
- return this.modules ;
- }
-
- public String getAuthContextID(MessageInfo messageInfo)
- {
- return this.contextId;
- }
-
- public boolean isProtected()
- {
- throw new RuntimeException("Not Implemented");
- }
-
- private ServerAuthModule createSAM(String name )
- throws Exception
- {
- Class clazz = SecurityActions.getContextClassLoader().loadClass(name);
- Constructor ctr = clazz.getConstructor(new Class[0]);
- return (ServerAuthModule) ctr.newInstance(new Object[0]);
- }
-
- private ServerAuthModule createSAM(String name, String lmshName )
- throws Exception
- {
- Class clazz = SecurityActions.getContextClassLoader().loadClass(name);
- Constructor ctr = clazz.getConstructor(new Class[]{String.class});
- return (ServerAuthModule) ctr.newInstance(new Object[]{lmshName});
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthConfig.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthConfig.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthConfig.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthConfig.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,219 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.message.config;
+
+import java.lang.reflect.Constructor;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.AuthConfig;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.config.ServerAuthContext;
+import javax.security.auth.message.module.ServerAuthModule;
+
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.auth.callback.SecurityAssociationHandler;
+import org.jboss.security.auth.container.config.AuthModuleEntry;
+import org.jboss.security.auth.container.modules.DelegatingServerAuthModule;
+import org.jboss.security.auth.login.AuthenticationInfo;
+import org.jboss.security.auth.login.BaseAuthenticationInfo;
+import org.jboss.security.auth.login.JASPIAuthenticationInfo;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.SecurityConfiguration;
+
+//$Id$
+
+/**
+ * Provides configuration for the server side
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since May 15, 2006
+ * @version $Revision$
+ */
+public class JBossServerAuthConfig implements ServerAuthConfig
+{
+ private String layer;
+ private String contextId;
+ private CallbackHandler callbackHandler;
+ @SuppressWarnings("unchecked")
+ private List modules = new ArrayList();
+ @SuppressWarnings({"unused", "unchecked"})
+ private Map contextProperties;
+
+ /**
+ * Create a new JBossServerAuthConfig.
+ *
+ * @param layer Message Layer
+ * @param appContext Application Context
+ * @param handler Callback Handler that will be passed to the modules
+ * @param properties Context Properties
+ */
+ @SuppressWarnings("unchecked")
+ public JBossServerAuthConfig(String layer, String appContext,
+ CallbackHandler handler, Map properties)
+ {
+ this.layer = layer;
+ this.contextId = appContext;
+ this.callbackHandler = handler;
+ this.contextProperties = properties;
+ }
+
+ /**
+ * @see ServerAuthConfig#getAuthContext(String, Map)
+ */
+ @SuppressWarnings("unchecked")
+ public ServerAuthContext getAuthContext(String authContextID,
+ Subject serviceSubject, Map properties)
+ throws AuthException
+ {
+ Map<String,Map> mapOptionsByName = new HashMap<String,Map>();
+ SecurityContext securityContext = SecurityActions.getSecurityContext();
+ if(securityContext == null)
+ throw new IllegalStateException("Security Context is null");
+ String secDomain = securityContext.getSecurityDomain();
+
+ String defaultAppDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
+ //Get the modules from the SecurityConfiguration
+ ApplicationPolicy ap = SecurityConfiguration.getApplicationPolicy(secDomain);
+ if(ap == null)
+ {
+ ap = SecurityConfiguration.getApplicationPolicy(defaultAppDomain);
+ }
+ if(ap == null)
+ throw new IllegalStateException("No Application Policy found");
+ BaseAuthenticationInfo bai = ap.getAuthenticationInfo();
+ if(bai == null)
+ throw new IllegalStateException("Authentication Info not set in security domain="+ secDomain
+ + " or "+ defaultAppDomain);
+
+ if(bai instanceof AuthenticationInfo)
+ {
+ //Need to get a wrapper
+ ServerAuthModule sam = new DelegatingServerAuthModule();
+ Map options = new HashMap();
+ options.put("javax.security.auth.login.LoginContext", secDomain); //Name of sec domain
+ sam.initialize(null, null, new SecurityAssociationHandler(), options);
+ modules.add(sam);
+ }
+ else
+ {
+ JASPIAuthenticationInfo jai = (JASPIAuthenticationInfo)bai;
+ AuthModuleEntry[] amearr = jai.getAuthModuleEntry();
+ for(AuthModuleEntry ame: amearr)
+ {
+ if(ame.getLoginModuleStackHolderName() != null)
+ {
+ try
+ {
+ mapOptionsByName.put(ame.getAuthModuleName(), ame.getOptions());
+
+ modules.add(this.createSAM(ame.getAuthModuleName(),
+ ame.getLoginModuleStackHolderName()));
+ }
+ catch (Exception e)
+ {
+ throw new AuthException(e.getLocalizedMessage());
+ }
+ }
+ else
+ {
+ try
+ {
+ mapOptionsByName.put(ame.getAuthModuleName(), ame.getOptions());
+ modules.add(this.createSAM(ame.getAuthModuleName()));
+ }
+ catch (Exception e)
+ {
+ throw new AuthException(e.getLocalizedMessage());
+ }
+ }
+ }
+ }
+
+ return new JBossServerAuthContext(modules, mapOptionsByName, this.callbackHandler);
+ }
+
+ /**
+ * @see AuthConfig#getContextID()
+ */
+ public String getAppContext()
+ {
+ return this.contextId;
+ }
+
+ /**
+ * @see AuthConfig#getMessageLayer()
+ */
+ public String getMessageLayer()
+ {
+ return this.layer;
+ }
+
+
+ /**
+ * @see AuthConfig#refresh()
+ */
+ public void refresh() throws AuthException, SecurityException
+ {
+ }
+
+ //Custom Methods
+ @SuppressWarnings("unchecked")
+ public List getServerAuthModules()
+ {
+ return this.modules ;
+ }
+
+ public String getAuthContextID(MessageInfo messageInfo)
+ {
+ return this.contextId;
+ }
+
+ public boolean isProtected()
+ {
+ throw new RuntimeException("Not Implemented");
+ }
+
+ @SuppressWarnings("unchecked")
+ private ServerAuthModule createSAM(String name )
+ throws Exception
+ {
+ Class clazz = SecurityActions.getContextClassLoader().loadClass(name);
+ Constructor ctr = clazz.getConstructor(new Class[0]);
+ return (ServerAuthModule) ctr.newInstance(new Object[0]);
+ }
+
+ @SuppressWarnings("unchecked")
+ private ServerAuthModule createSAM(String name, String lmshName )
+ throws Exception
+ {
+ Class clazz = SecurityActions.getContextClassLoader().loadClass(name);
+ Constructor ctr = clazz.getConstructor(new Class[]{String.class});
+ return (ServerAuthModule) ctr.newInstance(new Object[]{lmshName});
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthContext.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthContext.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthContext.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,130 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.message.config;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.MessageInfo;
-import javax.security.auth.message.ServerAuth;
-import javax.security.auth.message.config.ServerAuthContext;
-import javax.security.auth.message.module.ServerAuthModule;
-
-//$Id$
-
-/**
- * Default Server Authentication Context
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since May 17, 2006
- * @version $Revision$
- */
-public class JBossServerAuthContext implements ServerAuthContext
-{
- private List<ServerAuthModule> modules = new ArrayList<ServerAuthModule>();
-
- private Map<String,Map> moduleOptionsByName = new HashMap<String,Map>();
-
- public JBossServerAuthContext(List<ServerAuthModule> modules,
- Map<String,Map> moduleNameToOptions, CallbackHandler cbh) throws AuthException
- {
- this.modules = modules;
- this.moduleOptionsByName = moduleNameToOptions;
- for(ServerAuthModule sam:modules)
- {
- sam.initialize(null, null, cbh,
- moduleOptionsByName.get(sam.getClass().getName()));
- }
- }
-
-
- /**
- * @see ServerAuth#cleanSubject(Subject, Map)
- */
- public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException
- {
- for(ServerAuthModule sam:modules)
- {
- sam.cleanSubject(messageInfo, subject);
- }
- }
-
- /**
- * @see ServerAuth#secureResponse(AuthParam, Subject, Map)
- */
- public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException
- {
- AuthStatus status = null;
- for(ServerAuthModule sam:modules)
- {
- status = sam.secureResponse(messageInfo, serviceSubject);
- }
- return status;
- }
-
- /**
- * @see ServerAuth#validateRequest(AuthParam, Subject, Subject, Map)
- */
- public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject,
- Subject serviceSubject) throws AuthException
- {
- List<ServerAuthModule> supportingModules = new ArrayList<ServerAuthModule>();
-
- Class requestType = messageInfo.getRequestMessage().getClass();
- Class[] requestInterfaces = requestType.getInterfaces();
-
- List<Class> intfaee = Arrays.asList(requestInterfaces);
- AuthStatus status = null;
- for(ServerAuthModule sam:modules)
- {
- List<Class> supportedTypes = Arrays.asList(sam.getSupportedMessageTypes());
-
- //Check the interfaces
- for(Class clazz:intfaee)
- {
- if(supportedTypes.contains(clazz) && !supportingModules.contains(sam))
- supportingModules.add(sam);
- }
-
- //Check the class type also
- if((supportedTypes.contains(Object.class) || supportedTypes.contains(requestType))
- && !supportingModules.contains(sam))
- supportingModules.add(sam);
- }
- if(supportingModules.size() == 0)
- throw new RuntimeException("No ServerAuthModule configured to support type:"+requestType);
-
- for(ServerAuthModule sam:supportingModules)
- {
- status = sam.validateRequest(messageInfo, clientSubject, serviceSubject);
- if(status == AuthStatus.FAILURE)
- break;
- }
- return status;
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthContext.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthContext.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthContext.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthContext.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,133 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.message.config;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.ServerAuth;
+import javax.security.auth.message.config.ServerAuthContext;
+import javax.security.auth.message.module.ServerAuthModule;
+
+//$Id$
+
+/**
+ * Default Server Authentication Context
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since May 17, 2006
+ * @version $Revision$
+ */
+public class JBossServerAuthContext implements ServerAuthContext
+{
+ private List<ServerAuthModule> modules = new ArrayList<ServerAuthModule>();
+
+ @SuppressWarnings("unchecked")
+ private Map<String,Map> moduleOptionsByName = new HashMap<String,Map>();
+
+ @SuppressWarnings("unchecked")
+ public JBossServerAuthContext(List<ServerAuthModule> modules,
+ Map<String,Map> moduleNameToOptions, CallbackHandler cbh) throws AuthException
+ {
+ this.modules = modules;
+ this.moduleOptionsByName = moduleNameToOptions;
+ for(ServerAuthModule sam:modules)
+ {
+ sam.initialize(null, null, cbh,
+ moduleOptionsByName.get(sam.getClass().getName()));
+ }
+ }
+
+
+ /**
+ * @see ServerAuth#cleanSubject(Subject, Map)
+ */
+ public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException
+ {
+ for(ServerAuthModule sam:modules)
+ {
+ sam.cleanSubject(messageInfo, subject);
+ }
+ }
+
+ /**
+ * @see ServerAuth#secureResponse(AuthParam, Subject, Map)
+ */
+ public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException
+ {
+ AuthStatus status = null;
+ for(ServerAuthModule sam:modules)
+ {
+ status = sam.secureResponse(messageInfo, serviceSubject);
+ }
+ return status;
+ }
+
+ /**
+ * @see ServerAuth#validateRequest(AuthParam, Subject, Subject, Map)
+ */
+ @SuppressWarnings("unchecked")
+ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject,
+ Subject serviceSubject) throws AuthException
+ {
+ List<ServerAuthModule> supportingModules = new ArrayList<ServerAuthModule>();
+
+ Class requestType = messageInfo.getRequestMessage().getClass();
+ Class[] requestInterfaces = requestType.getInterfaces();
+
+ List<Class> intfaee = Arrays.asList(requestInterfaces);
+ AuthStatus status = null;
+ for(ServerAuthModule sam:modules)
+ {
+ List<Class> supportedTypes = Arrays.asList(sam.getSupportedMessageTypes());
+
+ //Check the interfaces
+ for(Class clazz:intfaee)
+ {
+ if(supportedTypes.contains(clazz) && !supportingModules.contains(sam))
+ supportingModules.add(sam);
+ }
+
+ //Check the class type also
+ if((supportedTypes.contains(Object.class) || supportedTypes.contains(requestType))
+ && !supportingModules.contains(sam))
+ supportingModules.add(sam);
+ }
+ if(supportingModules.size() == 0)
+ throw new RuntimeException("No ServerAuthModule configured to support type:"+requestType);
+
+ for(ServerAuthModule sam:supportingModules)
+ {
+ status = sam.validateRequest(messageInfo, clientSubject, serviceSubject);
+ if(status == AuthStatus.FAILURE)
+ break;
+ }
+ return status;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/AbstractServerLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/AbstractServerLoginModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/AbstractServerLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,339 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.spi;
-
-
-import java.lang.reflect.Constructor;
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Enumeration;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.spi.LoginModule;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.NestableGroup;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.SimpleGroup;
-import org.jboss.security.SimplePrincipal;
-
-/**
- * This class implements the common functionality required for a JAAS
- * server side LoginModule and implements the JBossSX standard Subject usage
- * pattern of storing identities and roles. Subclass this module to create your
- * own custom LoginModule and override the login(), getRoleSets() and getIdentity()
- * methods.
- * <p>
- * You may also wish to override
- * <pre>
- * public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
- * </pre>
- * In which case the first line of your initialize() method should be:
- * <pre>
- * super.initialize(subject, callbackHandler, sharedState, options);
- * </pre>
- * <p>
- * You may also wish to override
- * <pre>
- * public boolean login() throws LoginException
- * </pre>
- * In which case the last line of your login() method should be
- * <pre>
- * return super.login();
- * </pre>
- *
- *@author <a href="edward.kenworthy at crispgroup.co.uk">Edward Kenworthy</a>, 12th Dec 2000
- *@author Scott.Stark at jboss.org
- *@version $Revision$
- */
-public abstract class AbstractServerLoginModule implements LoginModule
-{
- protected Subject subject;
- protected CallbackHandler callbackHandler;
- protected Map sharedState;
- protected Map options;
- protected Logger log;
- /** Flag indicating if the shared credential should be used */
- protected boolean useFirstPass;
- /** Flag indicating if the login phase succeeded. Subclasses that override
- the login method must set this to true on successful completion of login
- */
- protected boolean loginOk;
- /** An optional custom Principal class implementation */
- protected String principalClassName;
- /** the principal to use when a null username and password are seen */
- protected Principal unauthenticatedIdentity;
-
-//--- Begin LoginModule interface methods
- /** Initialize the login module. This stores the subject, callbackHandler
- * and sharedState and options for the login session. Subclasses should override
- * if they need to process their own options. A call to super.initialize(...)
- * must be made in the case of an override.
- * <p>
- * @option password-stacking: If this is set to "useFirstPass", the login
- * identity will be taken from the <code>javax.security.auth.login.name</code>
- * value of the sharedState map, and the proof of identity from the
- * <code>javax.security.auth.login.password</code> value of the sharedState
- * map.
- * @option principalClass: A Principal implementation that support a ctor
- * taking a String argument for the princpal name.
- * @option unauthenticatedIdentity: the name of the principal to asssign
- * and authenticate when a null username and password are seen.
- *
- * @param subject the Subject to update after a successful login.
- * @param callbackHandler the CallbackHandler that will be used to obtain the
- * the user identity and credentials.
- * @param sharedState a Map shared between all configured login module instances
- * @param options the parameters passed to the login module.
- */
- public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map sharedState, Map options)
- {
- this.subject = subject;
- this.callbackHandler = callbackHandler;
- this.sharedState = sharedState;
- this.options = options;
- log = Logger.getLogger(getClass());
- log.trace("initialize");
-
- //log securityDomain, if set.
- log.trace("Security domain: " +
- (String)options.get(SecurityConstants.SECURITY_DOMAIN_OPTION));
-
- /* Check for password sharing options. Any non-null value for
- password_stacking sets useFirstPass as this module has no way to
- validate any shared password.
- */
- String passwordStacking = (String) options.get("password-stacking");
- if( passwordStacking != null && passwordStacking.equalsIgnoreCase("useFirstPass") )
- useFirstPass = true;
-
- // Check for a custom Principal implementation
- principalClassName = (String) options.get("principalClass");
-
- // Check for unauthenticatedIdentity option.
- String name = (String) options.get("unauthenticatedIdentity");
- if( name != null )
- {
- try
- {
- unauthenticatedIdentity = createIdentity(name);
- log.trace("Saw unauthenticatedIdentity="+name);
- }
- catch(Exception e)
- {
- log.warn("Failed to create custom unauthenticatedIdentity", e);
- }
- }
- }
-
- /** Looks for javax.security.auth.login.name and javax.security.auth.login.password
- values in the sharedState map if the useFirstPass option was true and returns
- true if they exist. If they do not or are null this method returns false.
-
- Note that subclasses that override the login method must set the loginOk
- ivar to true if the login succeeds in order for the commit phase to
- populate the Subject. This implementation sets loginOk to true if the
- login() method returns true, otherwise, it sets loginOk to false.
- */
- public boolean login() throws LoginException
- {
- log.trace("login");
- loginOk = false;
- // If useFirstPass is true, look for the shared password
- if( useFirstPass == true )
- {
- try
- {
- Object identity = sharedState.get("javax.security.auth.login.name");
- Object credential = sharedState.get("javax.security.auth.login.password");
- if( identity != null && credential != null )
- {
- loginOk = true;
- return true;
- }
- // Else, fall through and perform the login
- }
- catch(Exception e)
- { // Dump the exception and continue
- log.error("login failed", e);
- }
- }
- return false;
- }
-
- /** Method to commit the authentication process (phase 2). If the login
- method completed successfully as indicated by loginOk == true, this
- method adds the getIdentity() value to the subject getPrincipals() Set.
- It also adds the members of each Group returned by getRoleSets()
- to the subject getPrincipals() Set.
-
- @see javax.security.auth.Subject;
- @see java.security.acl.Group;
- @return true always.
- */
- public boolean commit() throws LoginException
- {
- log.trace("commit, loginOk="+loginOk);
- if( loginOk == false )
- return false;
-
- Set principals = subject.getPrincipals();
- Principal identity = getIdentity();
- principals.add(identity);
- Group[] roleSets = getRoleSets();
- for(int g = 0; g < roleSets.length; g ++)
- {
- Group group = roleSets[g];
- String name = group.getName();
- Group subjectGroup = createGroup(name, principals);
- if( subjectGroup instanceof NestableGroup )
- {
- /* A NestableGroup only allows Groups to be added to it so we
- need to add a SimpleGroup to subjectRoles to contain the roles
- */
- SimpleGroup tmp = new SimpleGroup("Roles");
- subjectGroup.addMember(tmp);
- subjectGroup = tmp;
- }
- // Copy the group members to the Subject group
- Enumeration members = group.members();
- while( members.hasMoreElements() )
- {
- Principal role = (Principal) members.nextElement();
- subjectGroup.addMember(role);
- }
- }
- return true;
- }
-
- /** Method to abort the authentication process (phase 2).
- @return true alaways
- */
- public boolean abort() throws LoginException
- {
- log.trace("abort");
- return true;
- }
-
- /** Remove the user identity and roles added to the Subject during commit.
- @return true always.
- */
- public boolean logout() throws LoginException
- {
- log.trace("logout");
- // Remove the user identity
- Principal identity = getIdentity();
- Set principals = subject.getPrincipals();
- principals.remove(identity);
- // Remove any added Groups...
- return true;
- }
- //--- End LoginModule interface methods
-
- // --- Protected methods
-
- /** Overriden by subclasses to return the Principal that corresponds to
- the user primary identity.
- */
- abstract protected Principal getIdentity();
- /** Overriden by subclasses to return the Groups that correspond to the
- to the role sets assigned to the user. Subclasses should create at
- least a Group named "Roles" that contains the roles assigned to the user.
- A second common group is "CallerPrincipal" that provides the application
- identity of the user rather than the security domain identity.
- @return Group[] containing the sets of roles
- */
- abstract protected Group[] getRoleSets() throws LoginException;
-
- protected boolean getUseFirstPass()
- {
- return useFirstPass;
- }
- protected Principal getUnauthenticatedIdentity()
- {
- return unauthenticatedIdentity;
- }
-
- /** Find or create a Group with the given name. Subclasses should use this
- method to locate the 'Roles' group or create additional types of groups.
- @return A named Group from the principals set.
- */
- protected Group createGroup(String name, Set principals)
- {
- Group roles = null;
- Iterator iter = principals.iterator();
- while( iter.hasNext() )
- {
- Object next = iter.next();
- if( (next instanceof Group) == false )
- continue;
- Group grp = (Group) next;
- if( grp.getName().equals(name) )
- {
- roles = grp;
- break;
- }
- }
- // If we did not find a group create one
- if( roles == null )
- {
- roles = new SimpleGroup(name);
- principals.add(roles);
- }
- return roles;
- }
-
- /** Utility method to create a Principal for the given username. This
- * creates an instance of the principalClassName type if this option was
- * specified using the class constructor matching: ctor(String). If
- * principalClassName was not specified, a SimplePrincipal is created.
- *
- * @param username the name of the principal
- * @return the principal instance
- * @throws java.lang.Exception thrown if the custom principal type cannot be created.
- */
- protected Principal createIdentity(String username)
- throws Exception
- {
- Principal p = null;
- if( principalClassName == null )
- {
- p = new SimplePrincipal(username);
- }
- else
- {
- ClassLoader loader = SecurityActions.getContextClassLoader();
- Class clazz = loader.loadClass(principalClassName);
- Class[] ctorSig = {String.class};
- Constructor ctor = clazz.getConstructor(ctorSig);
- Object[] ctorArgs = {username};
- p = (Principal) ctor.newInstance(ctorArgs);
- }
- return p;
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/AbstractServerLoginModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/AbstractServerLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/AbstractServerLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/AbstractServerLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,342 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.spi;
+
+
+import java.lang.reflect.Constructor;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.NestableGroup;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SimpleGroup;
+import org.jboss.security.SimplePrincipal;
+
+/**
+ * This class implements the common functionality required for a JAAS
+ * server side LoginModule and implements the JBossSX standard Subject usage
+ * pattern of storing identities and roles. Subclass this module to create your
+ * own custom LoginModule and override the login(), getRoleSets() and getIdentity()
+ * methods.
+ * <p>
+ * You may also wish to override
+ * <pre>
+ * public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
+ * </pre>
+ * In which case the first line of your initialize() method should be:
+ * <pre>
+ * super.initialize(subject, callbackHandler, sharedState, options);
+ * </pre>
+ * <p>
+ * You may also wish to override
+ * <pre>
+ * public boolean login() throws LoginException
+ * </pre>
+ * In which case the last line of your login() method should be
+ * <pre>
+ * return super.login();
+ * </pre>
+ *
+ *@author <a href="edward.kenworthy at crispgroup.co.uk">Edward Kenworthy</a>, 12th Dec 2000
+ *@author Scott.Stark at jboss.org
+ *@version $Revision$
+ */
+public abstract class AbstractServerLoginModule implements LoginModule
+{
+ protected Subject subject;
+ protected CallbackHandler callbackHandler;
+ @SuppressWarnings("unchecked")
+ protected Map sharedState;
+ @SuppressWarnings("unchecked")
+ protected Map options;
+ protected Logger log;
+ /** Flag indicating if the shared credential should be used */
+ protected boolean useFirstPass;
+ /** Flag indicating if the login phase succeeded. Subclasses that override
+ the login method must set this to true on successful completion of login
+ */
+ protected boolean loginOk;
+ /** An optional custom Principal class implementation */
+ protected String principalClassName;
+ /** the principal to use when a null username and password are seen */
+ protected Principal unauthenticatedIdentity;
+
+//--- Begin LoginModule interface methods
+ /** Initialize the login module. This stores the subject, callbackHandler
+ * and sharedState and options for the login session. Subclasses should override
+ * if they need to process their own options. A call to super.initialize(...)
+ * must be made in the case of an override.
+ * <p>
+ * @option password-stacking: If this is set to "useFirstPass", the login
+ * identity will be taken from the <code>javax.security.auth.login.name</code>
+ * value of the sharedState map, and the proof of identity from the
+ * <code>javax.security.auth.login.password</code> value of the sharedState
+ * map.
+ * @option principalClass: A Principal implementation that support a ctor
+ * taking a String argument for the princpal name.
+ * @option unauthenticatedIdentity: the name of the principal to asssign
+ * and authenticate when a null username and password are seen.
+ *
+ * @param subject the Subject to update after a successful login.
+ * @param callbackHandler the CallbackHandler that will be used to obtain the
+ * the user identity and credentials.
+ * @param sharedState a Map shared between all configured login module instances
+ * @param options the parameters passed to the login module.
+ */
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map<String,?> sharedState, Map<String,?> options)
+ {
+ this.subject = subject;
+ this.callbackHandler = callbackHandler;
+ this.sharedState = sharedState;
+ this.options = options;
+ log = Logger.getLogger(getClass());
+ log.trace("initialize");
+
+ //log securityDomain, if set.
+ log.trace("Security domain: " +
+ (String)options.get(SecurityConstants.SECURITY_DOMAIN_OPTION));
+
+ /* Check for password sharing options. Any non-null value for
+ password_stacking sets useFirstPass as this module has no way to
+ validate any shared password.
+ */
+ String passwordStacking = (String) options.get("password-stacking");
+ if( passwordStacking != null && passwordStacking.equalsIgnoreCase("useFirstPass") )
+ useFirstPass = true;
+
+ // Check for a custom Principal implementation
+ principalClassName = (String) options.get("principalClass");
+
+ // Check for unauthenticatedIdentity option.
+ String name = (String) options.get("unauthenticatedIdentity");
+ if( name != null )
+ {
+ try
+ {
+ unauthenticatedIdentity = createIdentity(name);
+ log.trace("Saw unauthenticatedIdentity="+name);
+ }
+ catch(Exception e)
+ {
+ log.warn("Failed to create custom unauthenticatedIdentity", e);
+ }
+ }
+ }
+
+ /** Looks for javax.security.auth.login.name and javax.security.auth.login.password
+ values in the sharedState map if the useFirstPass option was true and returns
+ true if they exist. If they do not or are null this method returns false.
+
+ Note that subclasses that override the login method must set the loginOk
+ ivar to true if the login succeeds in order for the commit phase to
+ populate the Subject. This implementation sets loginOk to true if the
+ login() method returns true, otherwise, it sets loginOk to false.
+ */
+ public boolean login() throws LoginException
+ {
+ log.trace("login");
+ loginOk = false;
+ // If useFirstPass is true, look for the shared password
+ if( useFirstPass == true )
+ {
+ try
+ {
+ Object identity = sharedState.get("javax.security.auth.login.name");
+ Object credential = sharedState.get("javax.security.auth.login.password");
+ if( identity != null && credential != null )
+ {
+ loginOk = true;
+ return true;
+ }
+ // Else, fall through and perform the login
+ }
+ catch(Exception e)
+ { // Dump the exception and continue
+ log.error("login failed", e);
+ }
+ }
+ return false;
+ }
+
+ /** Method to commit the authentication process (phase 2). If the login
+ method completed successfully as indicated by loginOk == true, this
+ method adds the getIdentity() value to the subject getPrincipals() Set.
+ It also adds the members of each Group returned by getRoleSets()
+ to the subject getPrincipals() Set.
+
+ @see javax.security.auth.Subject;
+ @see java.security.acl.Group;
+ @return true always.
+ */
+ public boolean commit() throws LoginException
+ {
+ log.trace("commit, loginOk="+loginOk);
+ if( loginOk == false )
+ return false;
+
+ Set<Principal> principals = subject.getPrincipals();
+ Principal identity = getIdentity();
+ principals.add(identity);
+ Group[] roleSets = getRoleSets();
+ for(int g = 0; g < roleSets.length; g ++)
+ {
+ Group group = roleSets[g];
+ String name = group.getName();
+ Group subjectGroup = createGroup(name, principals);
+ if( subjectGroup instanceof NestableGroup )
+ {
+ /* A NestableGroup only allows Groups to be added to it so we
+ need to add a SimpleGroup to subjectRoles to contain the roles
+ */
+ SimpleGroup tmp = new SimpleGroup("Roles");
+ subjectGroup.addMember(tmp);
+ subjectGroup = tmp;
+ }
+ // Copy the group members to the Subject group
+ Enumeration<? extends Principal> members = group.members();
+ while( members.hasMoreElements() )
+ {
+ Principal role = (Principal) members.nextElement();
+ subjectGroup.addMember(role);
+ }
+ }
+ return true;
+ }
+
+ /** Method to abort the authentication process (phase 2).
+ @return true alaways
+ */
+ public boolean abort() throws LoginException
+ {
+ log.trace("abort");
+ return true;
+ }
+
+ /** Remove the user identity and roles added to the Subject during commit.
+ @return true always.
+ */
+ public boolean logout() throws LoginException
+ {
+ log.trace("logout");
+ // Remove the user identity
+ Principal identity = getIdentity();
+ Set<Principal> principals = subject.getPrincipals();
+ principals.remove(identity);
+ // Remove any added Groups...
+ return true;
+ }
+ //--- End LoginModule interface methods
+
+ // --- Protected methods
+
+ /** Overriden by subclasses to return the Principal that corresponds to
+ the user primary identity.
+ */
+ abstract protected Principal getIdentity();
+ /** Overriden by subclasses to return the Groups that correspond to the
+ to the role sets assigned to the user. Subclasses should create at
+ least a Group named "Roles" that contains the roles assigned to the user.
+ A second common group is "CallerPrincipal" that provides the application
+ identity of the user rather than the security domain identity.
+ @return Group[] containing the sets of roles
+ */
+ abstract protected Group[] getRoleSets() throws LoginException;
+
+ protected boolean getUseFirstPass()
+ {
+ return useFirstPass;
+ }
+ protected Principal getUnauthenticatedIdentity()
+ {
+ return unauthenticatedIdentity;
+ }
+
+ /** Find or create a Group with the given name. Subclasses should use this
+ method to locate the 'Roles' group or create additional types of groups.
+ @return A named Group from the principals set.
+ */
+ protected Group createGroup(String name, Set<Principal> principals)
+ {
+ Group roles = null;
+ Iterator<Principal> iter = principals.iterator();
+ while( iter.hasNext() )
+ {
+ Object next = iter.next();
+ if( (next instanceof Group) == false )
+ continue;
+ Group grp = (Group) next;
+ if( grp.getName().equals(name) )
+ {
+ roles = grp;
+ break;
+ }
+ }
+ // If we did not find a group create one
+ if( roles == null )
+ {
+ roles = new SimpleGroup(name);
+ principals.add(roles);
+ }
+ return roles;
+ }
+
+ /** Utility method to create a Principal for the given username. This
+ * creates an instance of the principalClassName type if this option was
+ * specified using the class constructor matching: ctor(String). If
+ * principalClassName was not specified, a SimplePrincipal is created.
+ *
+ * @param username the name of the principal
+ * @return the principal instance
+ * @throws java.lang.Exception thrown if the custom principal type cannot be created.
+ */
+ @SuppressWarnings("unchecked")
+ protected Principal createIdentity(String username)
+ throws Exception
+ {
+ Principal p = null;
+ if( principalClassName == null )
+ {
+ p = new SimplePrincipal(username);
+ }
+ else
+ {
+ ClassLoader loader = SecurityActions.getContextClassLoader();
+ Class clazz = loader.loadClass(principalClassName);
+ Class[] ctorSig = {String.class};
+ Constructor ctor = clazz.getConstructor(ctorSig);
+ Object[] ctorArgs = {username};
+ p = (Principal) ctor.newInstance(ctorArgs);
+ }
+ return p;
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/BaseCertLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/BaseCertLoginModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/BaseCertLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,428 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.spi;
-
-import java.io.IOException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.Principal;
-import java.security.acl.Group;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.Map;
-
-import javax.naming.InitialContext;
-import javax.naming.NamingException;
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.FailedLoginException;
-import javax.security.auth.login.LoginException;
-
-import org.jboss.security.SecurityDomain;
-import org.jboss.security.auth.callback.ObjectCallback;
-import org.jboss.security.auth.certs.X509CertificateVerifier;
-
-/**
- * Base Login Module that uses X509Certificates as credentials for
- * authentication.
- *
- * This login module uses X509Certificates as a
- * credential. It takes the cert as an object and checks to see if the alias in
- * the truststore/keystore contains the same certificate. Subclasses of this
- * module should implement the getRoleSets() method defined by
- * AbstractServerLoginModule. Much of this module was patterned after the
- * UserNamePasswordLoginModule.
- *
- * @author <a href="mailto:jasone at greenrivercomputing.com">Jason Essington</a>
- * @author Scott.Stark at jboss.org
- * @version $Revision$
- */
-public class BaseCertLoginModule extends AbstractServerLoginModule
-{
- /** A principal derived from the certificate alias */
- private Principal identity;
- /** The client certificate */
- private X509Certificate credential;
- /** The SecurityDomain to obtain the KeyStore/TrustStore from */
- private SecurityDomain domain = null;
- /** An option certificate verifier */
- private X509CertificateVerifier verifier;
- /** The trace level log flag */
- private boolean trace;
-
- /** Override the super version to pickup the following options after first
- * calling the super method.
- *
- * option: securityDomain - the name of the SecurityDomain to obtain the
- * trust and keystore from.
- * option: verifier - the class name of the X509CertificateVerifier to use
- * for verification of the login certificate
- *
- * @see SecurityDomain
- * @see X509CertificateVerifier
- *
- * @param subject the Subject to update after a successful login.
- * @param callbackHandler the CallbackHandler that will be used to obtain the
- * the user identity and credentials.
- * @param sharedState a Map shared between all configured login module instances
- * @param options the parameters passed to the login module.
- */
- public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map sharedState, Map options)
- {
- super.initialize(subject, callbackHandler, sharedState, options);
- trace = log.isTraceEnabled();
-
- // Get the security domain and default to "other"
- String sd = (String) options.get("securityDomain");
- if (sd == null)
- sd = "java:/jaas/other";
-
- if( trace )
- log.trace("securityDomain=" + sd);
-
- try
- {
- Object tempDomain = new InitialContext().lookup(sd);
- if (tempDomain instanceof SecurityDomain)
- {
- domain = (SecurityDomain) tempDomain;
- if( trace )
- {
- if (domain != null)
- log.trace("found domain: " + domain.getClass().getName());
- else
- log.trace("the domain " + sd + " is null!");
- }
- }
- else
- {
- log.error("The domain " + sd + " is not a SecurityDomain. All authentication using this module will fail!");
- }
- }
- catch (NamingException e)
- {
- log.error("Unable to find the securityDomain named: " + sd, e);
- }
-
- String option = (String) options.get("verifier");
- if( option != null )
- {
- try
- {
- ClassLoader loader = SecurityActions.getContextClassLoader();
- Class verifierClass = loader.loadClass(option);
- verifier = (X509CertificateVerifier) verifierClass.newInstance();
- }
- catch(Throwable e)
- {
- if( trace )
- log.trace("Failed to create X509CertificateVerifier", e);
- IllegalArgumentException ex = new IllegalArgumentException("Invalid verifier: "+option);
- ex.initCause(e);
- }
- }
-
- if( trace )
- log.trace("exit: initialize(Subject, CallbackHandler, Map, Map)");
- }
-
- /**
- * Perform the authentication of the username and password.
- */
- public boolean login() throws LoginException
- {
- if( trace )
- log.trace("enter: login()");
- // See if shared credentials exist
- if (super.login() == true)
- {
- // Setup our view of the user
- Object username = sharedState.get("javax.security.auth.login.name");
- if( username instanceof Principal )
- identity = (Principal) username;
- else
- {
- String name = username.toString();
- try
- {
- identity = createIdentity(name);
- }
- catch(Exception e)
- {
- log.debug("Failed to create principal", e);
- throw new LoginException("Failed to create principal: "+ e.getMessage());
- }
- }
-
- Object password = sharedState.get("javax.security.auth.login.password");
- if (password instanceof X509Certificate)
- credential = (X509Certificate) password;
- else if (password != null)
- {
- log.debug("javax.security.auth.login.password is not X509Certificate");
- super.loginOk = false;
- return false;
- }
- return true;
- }
-
- super.loginOk = false;
- Object[] info = getAliasAndCert();
- String alias = (String) info[0];
- credential = (X509Certificate) info[1];
-
- if (alias == null && credential == null)
- {
- identity = unauthenticatedIdentity;
- super.log.trace("Authenticating as unauthenticatedIdentity=" + identity);
- }
-
- if (identity == null)
- {
- try
- {
- identity = createIdentity(alias);
- }
- catch(Exception e)
- {
- log.debug("Failed to create identity for alias:"+alias, e);
- }
-
- if (!validateCredential(alias, credential))
- {
- log.debug("Bad credential for alias=" + alias);
- throw new FailedLoginException("Supplied Credential did not match existing credential for " + alias);
- }
- }
-
- if (getUseFirstPass() == true)
- {
- // Add authentication info to shared state map
- sharedState.put("javax.security.auth.login.name", alias);
- sharedState.put("javax.security.auth.login.password", credential);
- }
- super.loginOk = true;
- if( trace )
- {
- log.trace("User '" + identity + "' authenticated, loginOk=" + loginOk);
- log.debug("exit: login()");
- }
- return true;
- }
-
- /** Override to add the X509Certificate to the public credentials
- * @return
- * @throws LoginException
- */
- public boolean commit() throws LoginException
- {
- boolean ok = super.commit();
- if( ok == true )
- {
- // Add the cert to the public credentials
- if (credential != null)
- {
- subject.getPublicCredentials().add(credential);
- }
- }
- return ok;
- }
-
- /** Subclasses need to override this to provide the roles for authorization
- * @return
- * @throws LoginException
- */
- protected Group[] getRoleSets() throws LoginException
- {
- return new Group[0];
- }
-
- protected Principal getIdentity()
- {
- return identity;
- }
- protected Object getCredentials()
- {
- return credential;
- }
- protected String getUsername()
- {
- String username = null;
- if (getIdentity() != null)
- username = getIdentity().getName();
- return username;
- }
-
- protected Object[] getAliasAndCert() throws LoginException
- {
- if( trace )
- log.trace("enter: getAliasAndCert()");
- Object[] info = { null, null };
- // prompt for a username and password
- if (callbackHandler == null)
- {
- throw new LoginException("Error: no CallbackHandler available to collect authentication information");
- }
- NameCallback nc = new NameCallback("Alias: ");
- ObjectCallback oc = new ObjectCallback("Certificate: ");
- Callback[] callbacks = { nc, oc };
- String alias = null;
- X509Certificate cert = null;
- X509Certificate[] certChain;
- try
- {
- callbackHandler.handle(callbacks);
- alias = nc.getName();
- Object tmpCert = oc.getCredential();
- if (tmpCert != null)
- {
- if (tmpCert instanceof X509Certificate)
- {
- cert = (X509Certificate) tmpCert;
- if( trace )
- log.trace("found cert " + cert.getSerialNumber().toString(16) + ":" + cert.getSubjectDN().getName());
- }
- else if( tmpCert instanceof X509Certificate[] )
- {
- certChain = (X509Certificate[]) tmpCert;
- if( certChain.length > 0 )
- cert = certChain[0];
- }
- else
- {
- String msg = "Don't know how to obtain X509Certificate from: "
- +tmpCert.getClass();
- log.warn(msg);
- throw new LoginException(msg);
- }
- }
- else
- {
- log.warn("CallbackHandler did not provide a certificate");
- }
- }
- catch (IOException e)
- {
- log.debug("Failed to invoke callback", e);
- throw new LoginException("Failed to invoke callback: "+e.toString());
- }
- catch (UnsupportedCallbackException uce)
- {
- throw new LoginException("CallbackHandler does not support: "
- + uce.getCallback());
- }
-
- info[0] = alias;
- info[1] = cert;
- if( trace )
- log.trace("exit: getAliasAndCert()");
- return info;
- }
-
- protected boolean validateCredential(String alias, X509Certificate cert)
- {
- if( trace )
- log.trace("enter: validateCredentail(String, X509Certificate)");
- boolean isValid = false;
-
- // if we don't have a trust store, we'll just use the key store.
- KeyStore keyStore = null;
- KeyStore trustStore = null;
- if( domain != null )
- {
- keyStore = domain.getKeyStore();
- trustStore = domain.getTrustStore();
- }
- if( trustStore == null )
- trustStore = keyStore;
-
- if( verifier != null )
- {
- // Have the verifier validate the cert
- if( trace )
- log.trace("Validating cert using: "+verifier);
- isValid = verifier.verify(cert, alias, keyStore, trustStore);
- }
- else if (keyStore != null && cert != null)
- {
- // Look for the cert in the keystore using the alias
- X509Certificate storeCert = null;
- try
- {
- storeCert = (X509Certificate) keyStore.getCertificate(alias);
- if( trace )
- {
- StringBuffer buf = new StringBuffer("\n\tSupplied Credential: ");
- buf.append(cert.getSerialNumber().toString(16));
- buf.append("\n\t\t");
- buf.append(cert.getSubjectDN().getName());
- buf.append("\n\n\tExisting Credential: ");
- if( storeCert != null )
- {
- buf.append(storeCert.getSerialNumber().toString(16));
- buf.append("\n\t\t");
- buf.append(storeCert.getSubjectDN().getName());
- buf.append("\n");
- }
- else
- {
- ArrayList aliases = new ArrayList();
- Enumeration en = keyStore.aliases();
- while (en.hasMoreElements())
- {
- aliases.add(en.nextElement());
- }
- buf.append("No match for alias: "+alias+", we have aliases " + aliases);
- }
- log.trace(buf.toString());
- }
- }
- catch (KeyStoreException e)
- {
- log.warn("failed to find the certificate for " + alias, e);
- }
- // Ensure that the two certs are equal
- if (cert.equals(storeCert))
- isValid = true;
- }
- else
- {
- log.warn("Domain, KeyStore, or cert is null. Unable to validate the certificate.");
- }
-
- if( trace )
- {
- log.trace("The supplied certificate "
- + (isValid ? "matched" : "DID NOT match")
- + " the certificate in the keystore.");
-
- log.trace("exit: validateCredentail(String, X509Certificate)");
- }
- return isValid;
- }
-
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/BaseCertLoginModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/BaseCertLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/BaseCertLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/BaseCertLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,429 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.spi;
+
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.Map;
+
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.security.SecurityDomain;
+import org.jboss.security.auth.callback.ObjectCallback;
+import org.jboss.security.auth.certs.X509CertificateVerifier;
+
+/**
+ * Base Login Module that uses X509Certificates as credentials for
+ * authentication.
+ *
+ * This login module uses X509Certificates as a
+ * credential. It takes the cert as an object and checks to see if the alias in
+ * the truststore/keystore contains the same certificate. Subclasses of this
+ * module should implement the getRoleSets() method defined by
+ * AbstractServerLoginModule. Much of this module was patterned after the
+ * UserNamePasswordLoginModule.
+ *
+ * @author <a href="mailto:jasone at greenrivercomputing.com">Jason Essington</a>
+ * @author Scott.Stark at jboss.org
+ * @version $Revision$
+ */
+public class BaseCertLoginModule extends AbstractServerLoginModule
+{
+ /** A principal derived from the certificate alias */
+ private Principal identity;
+ /** The client certificate */
+ private X509Certificate credential;
+ /** The SecurityDomain to obtain the KeyStore/TrustStore from */
+ private SecurityDomain domain = null;
+ /** An option certificate verifier */
+ private X509CertificateVerifier verifier;
+ /** The trace level log flag */
+ private boolean trace;
+
+ /** Override the super version to pickup the following options after first
+ * calling the super method.
+ *
+ * option: securityDomain - the name of the SecurityDomain to obtain the
+ * trust and keystore from.
+ * option: verifier - the class name of the X509CertificateVerifier to use
+ * for verification of the login certificate
+ *
+ * @see SecurityDomain
+ * @see X509CertificateVerifier
+ *
+ * @param subject the Subject to update after a successful login.
+ * @param callbackHandler the CallbackHandler that will be used to obtain the
+ * the user identity and credentials.
+ * @param sharedState a Map shared between all configured login module instances
+ * @param options the parameters passed to the login module.
+ */
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map<String,?> sharedState, Map<String,?> options)
+ {
+ super.initialize(subject, callbackHandler, sharedState, options);
+ trace = log.isTraceEnabled();
+
+ // Get the security domain and default to "other"
+ String sd = (String) options.get("securityDomain");
+ if (sd == null)
+ sd = "java:/jaas/other";
+
+ if( trace )
+ log.trace("securityDomain=" + sd);
+
+ try
+ {
+ Object tempDomain = new InitialContext().lookup(sd);
+ if (tempDomain instanceof SecurityDomain)
+ {
+ domain = (SecurityDomain) tempDomain;
+ if( trace )
+ {
+ if (domain != null)
+ log.trace("found domain: " + domain.getClass().getName());
+ else
+ log.trace("the domain " + sd + " is null!");
+ }
+ }
+ else
+ {
+ log.error("The domain " + sd + " is not a SecurityDomain. All authentication using this module will fail!");
+ }
+ }
+ catch (NamingException e)
+ {
+ log.error("Unable to find the securityDomain named: " + sd, e);
+ }
+
+ String option = (String) options.get("verifier");
+ if( option != null )
+ {
+ try
+ {
+ ClassLoader loader = SecurityActions.getContextClassLoader();
+ Class<?> verifierClass = loader.loadClass(option);
+ verifier = (X509CertificateVerifier) verifierClass.newInstance();
+ }
+ catch(Throwable e)
+ {
+ if( trace )
+ log.trace("Failed to create X509CertificateVerifier", e);
+ IllegalArgumentException ex = new IllegalArgumentException("Invalid verifier: "+option);
+ ex.initCause(e);
+ }
+ }
+
+ if( trace )
+ log.trace("exit: initialize(Subject, CallbackHandler, Map, Map)");
+ }
+
+ /**
+ * Perform the authentication of the username and password.
+ */
+ @SuppressWarnings("unchecked")
+ public boolean login() throws LoginException
+ {
+ if( trace )
+ log.trace("enter: login()");
+ // See if shared credentials exist
+ if (super.login() == true)
+ {
+ // Setup our view of the user
+ Object username = sharedState.get("javax.security.auth.login.name");
+ if( username instanceof Principal )
+ identity = (Principal) username;
+ else
+ {
+ String name = username.toString();
+ try
+ {
+ identity = createIdentity(name);
+ }
+ catch(Exception e)
+ {
+ log.debug("Failed to create principal", e);
+ throw new LoginException("Failed to create principal: "+ e.getMessage());
+ }
+ }
+
+ Object password = sharedState.get("javax.security.auth.login.password");
+ if (password instanceof X509Certificate)
+ credential = (X509Certificate) password;
+ else if (password != null)
+ {
+ log.debug("javax.security.auth.login.password is not X509Certificate");
+ super.loginOk = false;
+ return false;
+ }
+ return true;
+ }
+
+ super.loginOk = false;
+ Object[] info = getAliasAndCert();
+ String alias = (String) info[0];
+ credential = (X509Certificate) info[1];
+
+ if (alias == null && credential == null)
+ {
+ identity = unauthenticatedIdentity;
+ super.log.trace("Authenticating as unauthenticatedIdentity=" + identity);
+ }
+
+ if (identity == null)
+ {
+ try
+ {
+ identity = createIdentity(alias);
+ }
+ catch(Exception e)
+ {
+ log.debug("Failed to create identity for alias:"+alias, e);
+ }
+
+ if (!validateCredential(alias, credential))
+ {
+ log.debug("Bad credential for alias=" + alias);
+ throw new FailedLoginException("Supplied Credential did not match existing credential for " + alias);
+ }
+ }
+
+ if (getUseFirstPass() == true)
+ {
+ // Add authentication info to shared state map
+ sharedState.put("javax.security.auth.login.name", alias);
+ sharedState.put("javax.security.auth.login.password", credential);
+ }
+ super.loginOk = true;
+ if( trace )
+ {
+ log.trace("User '" + identity + "' authenticated, loginOk=" + loginOk);
+ log.debug("exit: login()");
+ }
+ return true;
+ }
+
+ /** Override to add the X509Certificate to the public credentials
+ * @return
+ * @throws LoginException
+ */
+ public boolean commit() throws LoginException
+ {
+ boolean ok = super.commit();
+ if( ok == true )
+ {
+ // Add the cert to the public credentials
+ if (credential != null)
+ {
+ subject.getPublicCredentials().add(credential);
+ }
+ }
+ return ok;
+ }
+
+ /** Subclasses need to override this to provide the roles for authorization
+ * @return
+ * @throws LoginException
+ */
+ protected Group[] getRoleSets() throws LoginException
+ {
+ return new Group[0];
+ }
+
+ protected Principal getIdentity()
+ {
+ return identity;
+ }
+ protected Object getCredentials()
+ {
+ return credential;
+ }
+ protected String getUsername()
+ {
+ String username = null;
+ if (getIdentity() != null)
+ username = getIdentity().getName();
+ return username;
+ }
+
+ protected Object[] getAliasAndCert() throws LoginException
+ {
+ if( trace )
+ log.trace("enter: getAliasAndCert()");
+ Object[] info = { null, null };
+ // prompt for a username and password
+ if (callbackHandler == null)
+ {
+ throw new LoginException("Error: no CallbackHandler available to collect authentication information");
+ }
+ NameCallback nc = new NameCallback("Alias: ");
+ ObjectCallback oc = new ObjectCallback("Certificate: ");
+ Callback[] callbacks = { nc, oc };
+ String alias = null;
+ X509Certificate cert = null;
+ X509Certificate[] certChain;
+ try
+ {
+ callbackHandler.handle(callbacks);
+ alias = nc.getName();
+ Object tmpCert = oc.getCredential();
+ if (tmpCert != null)
+ {
+ if (tmpCert instanceof X509Certificate)
+ {
+ cert = (X509Certificate) tmpCert;
+ if( trace )
+ log.trace("found cert " + cert.getSerialNumber().toString(16) + ":" + cert.getSubjectDN().getName());
+ }
+ else if( tmpCert instanceof X509Certificate[] )
+ {
+ certChain = (X509Certificate[]) tmpCert;
+ if( certChain.length > 0 )
+ cert = certChain[0];
+ }
+ else
+ {
+ String msg = "Don't know how to obtain X509Certificate from: "
+ +tmpCert.getClass();
+ log.warn(msg);
+ throw new LoginException(msg);
+ }
+ }
+ else
+ {
+ log.warn("CallbackHandler did not provide a certificate");
+ }
+ }
+ catch (IOException e)
+ {
+ log.debug("Failed to invoke callback", e);
+ throw new LoginException("Failed to invoke callback: "+e.toString());
+ }
+ catch (UnsupportedCallbackException uce)
+ {
+ throw new LoginException("CallbackHandler does not support: "
+ + uce.getCallback());
+ }
+
+ info[0] = alias;
+ info[1] = cert;
+ if( trace )
+ log.trace("exit: getAliasAndCert()");
+ return info;
+ }
+
+ protected boolean validateCredential(String alias, X509Certificate cert)
+ {
+ if( trace )
+ log.trace("enter: validateCredentail(String, X509Certificate)");
+ boolean isValid = false;
+
+ // if we don't have a trust store, we'll just use the key store.
+ KeyStore keyStore = null;
+ KeyStore trustStore = null;
+ if( domain != null )
+ {
+ keyStore = domain.getKeyStore();
+ trustStore = domain.getTrustStore();
+ }
+ if( trustStore == null )
+ trustStore = keyStore;
+
+ if( verifier != null )
+ {
+ // Have the verifier validate the cert
+ if( trace )
+ log.trace("Validating cert using: "+verifier);
+ isValid = verifier.verify(cert, alias, keyStore, trustStore);
+ }
+ else if (keyStore != null && cert != null)
+ {
+ // Look for the cert in the keystore using the alias
+ X509Certificate storeCert = null;
+ try
+ {
+ storeCert = (X509Certificate) keyStore.getCertificate(alias);
+ if( trace )
+ {
+ StringBuffer buf = new StringBuffer("\n\tSupplied Credential: ");
+ buf.append(cert.getSerialNumber().toString(16));
+ buf.append("\n\t\t");
+ buf.append(cert.getSubjectDN().getName());
+ buf.append("\n\n\tExisting Credential: ");
+ if( storeCert != null )
+ {
+ buf.append(storeCert.getSerialNumber().toString(16));
+ buf.append("\n\t\t");
+ buf.append(storeCert.getSubjectDN().getName());
+ buf.append("\n");
+ }
+ else
+ {
+ ArrayList<String> aliases = new ArrayList<String>();
+ Enumeration<String> en = keyStore.aliases();
+ while (en.hasMoreElements())
+ {
+ aliases.add(en.nextElement());
+ }
+ buf.append("No match for alias: "+alias+", we have aliases " + aliases);
+ }
+ log.trace(buf.toString());
+ }
+ }
+ catch (KeyStoreException e)
+ {
+ log.warn("failed to find the certificate for " + alias, e);
+ }
+ // Ensure that the two certs are equal
+ if (cert.equals(storeCert))
+ isValid = true;
+ }
+ else
+ {
+ log.warn("Domain, KeyStore, or cert is null. Unable to validate the certificate.");
+ }
+
+ if( trace )
+ {
+ log.trace("The supplied certificate "
+ + (isValid ? "matched" : "DID NOT match")
+ + " the certificate in the keystore.");
+
+ log.trace("exit: validateCredentail(String, X509Certificate)");
+ }
+ return isValid;
+ }
+
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/CertRolesLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/CertRolesLoginModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/CertRolesLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,145 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.spi;
-
-import java.io.IOException;
-import java.security.acl.Group;
-import java.util.Map;
-import java.util.Properties;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
-
-/**
- * Certificate Login Module that uses a properties file to store role information.
- * This works just like the UsersRolesLoginModule, only without the users.properties
- * file. In fact, all the role handling code was borrowed directly from that
- * class.
- *
- * @author <a href="mailto:jasone at greenrivercomputing.com">Jason Essington</a>
- * @author Scott.Stark at jboss.org
- * @version $Revision$
- * @see org.jboss.security.auth.spi.BaseCertLoginModule
- */
-public class CertRolesLoginModule extends BaseCertLoginModule
-{
- /** The name of the default properties resource containing user/roles */
- private String defaultRolesRsrcName = "defaultRoles.properties";
- /**
- * The name of the properties resource containing user/roles
- */
- private String rolesRsrcName = "roles.properties";
- /**
- * The roles.properties mappings
- */
- private Properties roles;
- /** The character used to seperate the role group name from the username
- * e.g., '.' in jduke.CallerPrincipal=...
- */
- private char roleGroupSeperator = '.';
- /** Logging trace flag */
- private boolean trace;
-
- /**
- * Initialize this LoginModule.
- *
- * @param options - the login module option map. Supported options include:
- rolesProperties: The name of the properties resource containing user/roles
- the default is "roles.properties".
- roleGroupSeperator: The character used to seperate the role group name from
- the username e.g., '.' in jduke.CallerPrincipal=... . The default = '.'.
-
- defaultRolesProperties=string: The name of the properties resource containing
- the username to roles mappings that will be used as the defaults
- Properties passed to the usersProperties Properties. This defaults to
- defaultRoles.properties.
- */
- public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map sharedState, Map options)
- {
- super.initialize(subject, callbackHandler, sharedState, options);
- trace = log.isTraceEnabled();
- if( trace )
- log.trace("enter: initialize(Subject, CallbackHandler, Map, Map)");
-
- try
- {
- String option = (String) options.get("rolesProperties");
- if (option != null)
- rolesRsrcName = option;
- option = (String) options.get("defaultRolesProperties");
- if (option != null)
- defaultRolesRsrcName = option;
- option = (String) options.get("roleGroupSeperator");
- if( option != null )
- roleGroupSeperator = option.charAt(0);
- // Load the properties file that contains the list of users and passwords
- loadRoles();
- }
- catch (Exception e)
- {
- // Note that although this exception isn't passed on, users or roles will be null
- // so that any call to login will throw a LoginException.
- super.log.error("Failed to load users/passwords/role files", e);
- }
-
- if( trace )
- log.trace("exit: initialize(Subject, CallbackHandler, Map, Map)");
- }
-
- public boolean login() throws LoginException
- {
- if( trace )
- log.trace("enter: login()");
-
- if (roles == null)
- throw new LoginException("Missing roles.properties file.");
- boolean wasSuccessful = super.login();
-
- if( trace )
- log.trace("exit: login()");
-
- return wasSuccessful;
- }
-
- /**
- * This method is pretty much straight from the UsersRolesLoginModule.
- * @see org.jboss.security.auth.spi.UsersRolesLoginModule#getRoleSets
- */
- protected Group[] getRoleSets() throws LoginException
- {
- if( trace )
- log.trace("enter: getRoleSets()");
- String targetUser = getUsername();
- Group[] roleSets = Util.getRoleSets(targetUser, roles, roleGroupSeperator, this);
- if( trace )
- log.trace("exit: getRoleSets()");
- return roleSets;
- }
-
- private void loadRoles() throws IOException
- {
- roles = Util.loadProperties(defaultRolesRsrcName, rolesRsrcName, log);
- }
-
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/CertRolesLoginModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/CertRolesLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/CertRolesLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/CertRolesLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,145 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.spi;
+
+import java.io.IOException;
+import java.security.acl.Group;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+/**
+ * Certificate Login Module that uses a properties file to store role information.
+ * This works just like the UsersRolesLoginModule, only without the users.properties
+ * file. In fact, all the role handling code was borrowed directly from that
+ * class.
+ *
+ * @author <a href="mailto:jasone at greenrivercomputing.com">Jason Essington</a>
+ * @author Scott.Stark at jboss.org
+ * @version $Revision$
+ * @see org.jboss.security.auth.spi.BaseCertLoginModule
+ */
+public class CertRolesLoginModule extends BaseCertLoginModule
+{
+ /** The name of the default properties resource containing user/roles */
+ private String defaultRolesRsrcName = "defaultRoles.properties";
+ /**
+ * The name of the properties resource containing user/roles
+ */
+ private String rolesRsrcName = "roles.properties";
+ /**
+ * The roles.properties mappings
+ */
+ private Properties roles;
+ /** The character used to seperate the role group name from the username
+ * e.g., '.' in jduke.CallerPrincipal=...
+ */
+ private char roleGroupSeperator = '.';
+ /** Logging trace flag */
+ private boolean trace;
+
+ /**
+ * Initialize this LoginModule.
+ *
+ * @param options - the login module option map. Supported options include:
+ rolesProperties: The name of the properties resource containing user/roles
+ the default is "roles.properties".
+ roleGroupSeperator: The character used to seperate the role group name from
+ the username e.g., '.' in jduke.CallerPrincipal=... . The default = '.'.
+
+ defaultRolesProperties=string: The name of the properties resource containing
+ the username to roles mappings that will be used as the defaults
+ Properties passed to the usersProperties Properties. This defaults to
+ defaultRoles.properties.
+ */
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map<String,?> sharedState, Map<String,?> options)
+ {
+ super.initialize(subject, callbackHandler, sharedState, options);
+ trace = log.isTraceEnabled();
+ if( trace )
+ log.trace("enter: initialize(Subject, CallbackHandler, Map, Map)");
+
+ try
+ {
+ String option = (String) options.get("rolesProperties");
+ if (option != null)
+ rolesRsrcName = option;
+ option = (String) options.get("defaultRolesProperties");
+ if (option != null)
+ defaultRolesRsrcName = option;
+ option = (String) options.get("roleGroupSeperator");
+ if( option != null )
+ roleGroupSeperator = option.charAt(0);
+ // Load the properties file that contains the list of users and passwords
+ loadRoles();
+ }
+ catch (Exception e)
+ {
+ // Note that although this exception isn't passed on, users or roles will be null
+ // so that any call to login will throw a LoginException.
+ super.log.error("Failed to load users/passwords/role files", e);
+ }
+
+ if( trace )
+ log.trace("exit: initialize(Subject, CallbackHandler, Map, Map)");
+ }
+
+ public boolean login() throws LoginException
+ {
+ if( trace )
+ log.trace("enter: login()");
+
+ if (roles == null)
+ throw new LoginException("Missing roles.properties file.");
+ boolean wasSuccessful = super.login();
+
+ if( trace )
+ log.trace("exit: login()");
+
+ return wasSuccessful;
+ }
+
+ /**
+ * This method is pretty much straight from the UsersRolesLoginModule.
+ * @see org.jboss.security.auth.spi.UsersRolesLoginModule#getRoleSets
+ */
+ protected Group[] getRoleSets() throws LoginException
+ {
+ if( trace )
+ log.trace("enter: getRoleSets()");
+ String targetUser = getUsername();
+ Group[] roleSets = Util.getRoleSets(targetUser, roles, roleGroupSeperator, this);
+ if( trace )
+ log.trace("exit: getRoleSets()");
+ return roleSets;
+ }
+
+ private void loadRoles() throws IOException
+ {
+ roles = Util.loadProperties(defaultRolesRsrcName, rolesRsrcName, log);
+ }
+
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseCertLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseCertLoginModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseCertLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,93 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.spi;
-
-import java.security.acl.Group;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
-
-/**
- * A Certificate Login Module that gets its role information from a database.
- *
- * This module is the functional equivelant of the
- * {@link org.jboss.security.auth.spi.DatabaseServerLoginModule} minus the
- * usersQuery.
- * @see org.jboss.security.auth.spi.DatabaseServerLoginModule
- *
- * @author <a href="mailto:jasone at greenrivercomputing.com">Jason Essington</a>
- * @author Scott.Stark at jboss.org
- * @version $Revision$
- */
-public class DatabaseCertLoginModule extends BaseCertLoginModule
-{
- /** The JNDI name of the DataSource to use */
- private String dsJndiName;
- /** The sql query to obtain the user roles */
- private String rolesQuery = "select Role, RoleGroup from Roles where PrincipalID=?";
- /** Whether to suspend resume transactions during database operations */
- protected boolean suspendResume = true;
-
- /**
- * @param options -
- * dsJndiName: The name of the DataSource of the database containing the
- * Principals, Roles tables
- * rolesQuery: The prepared statement query, equivalent to:
- * "select Role, RoleGroup from Roles where PrincipalID=?"
- */
- public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map sharedState, Map options)
- {
- super.initialize(subject, callbackHandler, sharedState, options);
- dsJndiName = (String) options.get("dsJndiName");
- if( dsJndiName == null )
- dsJndiName = "java:/DefaultDS";
-
- Object tmp = options.get("rolesQuery");
- if( tmp != null )
- rolesQuery = tmp.toString();
-
- tmp = options.get("suspendResume");
- if( tmp != null )
- suspendResume = Boolean.valueOf(tmp.toString()).booleanValue();
-
- if (log.isTraceEnabled())
- {
- log.trace("DatabaseServerLoginModule, dsJndiName="+dsJndiName);
- log.trace("rolesQuery="+rolesQuery);
- log.trace("suspendResume="+suspendResume);
- }
- }
-
- /**
- * @see org.jboss.security.auth.spi.DatabaseServerLoginModule#getRoleSets
- */
- protected Group[] getRoleSets() throws LoginException
- {
- String username = getUsername();
- Group[] roleSets = Util.getRoleSets(username, dsJndiName, rolesQuery, this, suspendResume);
- return roleSets;
- }
-
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseCertLoginModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseCertLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseCertLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseCertLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,93 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.spi;
+
+import java.security.acl.Group;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+/**
+ * A Certificate Login Module that gets its role information from a database.
+ *
+ * This module is the functional equivelant of the
+ * {@link org.jboss.security.auth.spi.DatabaseServerLoginModule} minus the
+ * usersQuery.
+ * @see org.jboss.security.auth.spi.DatabaseServerLoginModule
+ *
+ * @author <a href="mailto:jasone at greenrivercomputing.com">Jason Essington</a>
+ * @author Scott.Stark at jboss.org
+ * @version $Revision$
+ */
+public class DatabaseCertLoginModule extends BaseCertLoginModule
+{
+ /** The JNDI name of the DataSource to use */
+ private String dsJndiName;
+ /** The sql query to obtain the user roles */
+ private String rolesQuery = "select Role, RoleGroup from Roles where PrincipalID=?";
+ /** Whether to suspend resume transactions during database operations */
+ protected boolean suspendResume = true;
+
+ /**
+ * @param options -
+ * dsJndiName: The name of the DataSource of the database containing the
+ * Principals, Roles tables
+ * rolesQuery: The prepared statement query, equivalent to:
+ * "select Role, RoleGroup from Roles where PrincipalID=?"
+ */
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map<String,?> sharedState, Map<String,?> options)
+ {
+ super.initialize(subject, callbackHandler, sharedState, options);
+ dsJndiName = (String) options.get("dsJndiName");
+ if( dsJndiName == null )
+ dsJndiName = "java:/DefaultDS";
+
+ Object tmp = options.get("rolesQuery");
+ if( tmp != null )
+ rolesQuery = tmp.toString();
+
+ tmp = options.get("suspendResume");
+ if( tmp != null )
+ suspendResume = Boolean.valueOf(tmp.toString()).booleanValue();
+
+ if (log.isTraceEnabled())
+ {
+ log.trace("DatabaseServerLoginModule, dsJndiName="+dsJndiName);
+ log.trace("rolesQuery="+rolesQuery);
+ log.trace("suspendResume="+suspendResume);
+ }
+ }
+
+ /**
+ * @see org.jboss.security.auth.spi.DatabaseServerLoginModule#getRoleSets
+ */
+ protected Group[] getRoleSets() throws LoginException
+ {
+ String username = getUsername();
+ Group[] roleSets = Util.getRoleSets(username, dsJndiName, rolesQuery, this, suspendResume);
+ return roleSets;
+ }
+
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseServerLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseServerLoginModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseServerLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,283 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.spi;
-
-import java.security.acl.Group;
-import java.sql.Connection;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.util.Map;
-
-import javax.naming.InitialContext;
-import javax.naming.NamingException;
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.FailedLoginException;
-import javax.security.auth.login.LoginException;
-import javax.sql.DataSource;
-import javax.transaction.SystemException;
-import javax.transaction.Transaction;
-import javax.transaction.TransactionManager;
-
-import org.jboss.security.plugins.TransactionManagerLocator;
-
-//import org.jboss.tm.TransactionDemarcationSupport;
-
-/**
- * A JDBC based login module that supports authentication and role mapping.
- * It is based on two logical tables:
- * <ul>
- * <li>Principals(PrincipalID text, Password text)
- * <li>Roles(PrincipalID text, Role text, RoleGroup text)
- * </ul>
- * <p>
- * LoginModule options:
- * <ul>
- * <li><em>dsJndiName</em>: The name of the DataSource of the database
- * containing the Principals, Roles tables
- * <li><em>principalsQuery</em>: The prepared statement query, equivalent to:
- * <pre>
- * "select Password from Principals where PrincipalID=?"
- * </pre>
- * <li><em>rolesQuery</em>: The prepared statement query, equivalent to:
- * <pre>
- * "select Role, RoleGroup from Roles where PrincipalID=?"
- * </pre>
- * </ul>
- *
- * @author <a href="mailto:on at ibis.odessa.ua">Oleg Nitz</a>
- * @author Scott.Stark at jboss.org
- * @version $Revision$
- */
-public class DatabaseServerLoginModule extends UsernamePasswordLoginModule
-{
- /** The JNDI name of the DataSource to use */
- protected String dsJndiName;
- /** The sql query to obtain the user password */
- protected String principalsQuery = "select Password from Principals where PrincipalID=?";
- /** The sql query to obtain the user roles */
- protected String rolesQuery = "select Role, RoleGroup from Roles where PrincipalID=?";
- /** Whether to suspend resume transactions during database operations */
- protected boolean suspendResume = true;
-
- protected String TX_MGR_JNDI_NAME = "java:/TransactionManager";
-
- protected TransactionManager tm = null;
-
- /**
- * Initialize this LoginModule.
- *
- * @param options -
- * dsJndiName: The name of the DataSource of the database containing the
- * Principals, Roles tables
- * principalsQuery: The prepared statement query, equivalent to:
- * "select Password from Principals where PrincipalID=?"
- * rolesQuery: The prepared statement query, equivalent to:
- * "select Role, RoleGroup from Roles where PrincipalID=?"
- */
- public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map sharedState, Map options)
- {
- super.initialize(subject, callbackHandler, sharedState, options);
- dsJndiName = (String) options.get("dsJndiName");
- if( dsJndiName == null )
- dsJndiName = "java:/DefaultDS";
- Object tmp = options.get("principalsQuery");
- if( tmp != null )
- principalsQuery = tmp.toString();
- tmp = options.get("rolesQuery");
- if( tmp != null )
- rolesQuery = tmp.toString();
- tmp = options.get("suspendResume");
- if( tmp != null )
- suspendResume = Boolean.valueOf(tmp.toString()).booleanValue();
- if (log.isTraceEnabled())
- {
- log.trace("DatabaseServerLoginModule, dsJndiName="+dsJndiName);
- log.trace("principalsQuery="+principalsQuery);
- log.trace("rolesQuery="+rolesQuery);
- log.trace("suspendResume="+suspendResume);
- }
- //Get the Transaction Manager JNDI Name
- String jname = (String) options.get("transactionManagerJndiName");
- if(jname != null)
- this.TX_MGR_JNDI_NAME = jname;
-
- try
- {
- if(this.suspendResume)
- tm = this.getTransactionManager();
- }
- catch (NamingException e)
- {
- throw new RuntimeException("Unable to get Transaction Manager", e);
- }
- }
-
- /** Get the expected password for the current username available via
- * the getUsername() method. This is called from within the login()
- * method after the CallbackHandler has returned the username and
- * candidate password.
- * @return the valid password String
- */
- protected String getUsersPassword() throws LoginException
- {
- boolean trace = log.isTraceEnabled();
- String username = getUsername();
- String password = null;
- Connection conn = null;
- PreparedStatement ps = null;
- ResultSet rs = null;
-
- Transaction tx = null;
- if (suspendResume)
- {
- //tx = TransactionDemarcationSupport.suspendAnyTransaction();
- try
- {
- if(tm == null)
- throw new IllegalStateException("Transaction Manager is null");
- tx = tm.suspend();
- }
- catch (SystemException e)
- {
- throw new RuntimeException(e);
- }
- if (trace)
- log.trace("suspendAnyTransaction");
- }
-
- try
- {
- InitialContext ctx = new InitialContext();
- DataSource ds = (DataSource) ctx.lookup(dsJndiName);
- conn = ds.getConnection();
- // Get the password
- if (trace)
- log.trace("Excuting query: "+principalsQuery+", with username: "+username);
- ps = conn.prepareStatement(principalsQuery);
- ps.setString(1, username);
- rs = ps.executeQuery();
- if( rs.next() == false )
- {
- if(trace)
- log.trace("Query returned no matches from db");
- throw new FailedLoginException("No matching username found in Principals");
- }
-
- password = rs.getString(1);
- password = convertRawPassword(password);
- if(trace)
- log.trace("Obtained user password");
- }
- catch(NamingException ex)
- {
- LoginException le = new LoginException("Error looking up DataSource from: "+dsJndiName);
- le.initCause(ex);
- throw le;
- }
- catch(SQLException ex)
- {
- LoginException le = new LoginException("Query failed");
- le.initCause(ex);
- throw le;
- }
- finally
- {
- if (rs != null)
- {
- try
- {
- rs.close();
- }
- catch(SQLException e)
- {}
- }
- if( ps != null )
- {
- try
- {
- ps.close();
- }
- catch(SQLException e)
- {}
- }
- if( conn != null )
- {
- try
- {
- conn.close();
- }
- catch (SQLException ex)
- {}
- }
- if (suspendResume)
- {
- //TransactionDemarcationSupport.resumeAnyTransaction(tx);
- try
- {
- tm.resume(tx);
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- if (log.isTraceEnabled())
- log.trace("resumeAnyTransaction");
- }
- }
- return password;
- }
-
- /** Execute the rolesQuery against the dsJndiName to obtain the roles for
- the authenticated user.
-
- @return Group[] containing the sets of roles
- */
- protected Group[] getRoleSets() throws LoginException
- {
- String username = getUsername();
- if (log.isTraceEnabled())
- log.trace("getRoleSets using rolesQuery: "+rolesQuery+", username: "+username);
- Group[] roleSets = Util.getRoleSets(username, dsJndiName, rolesQuery, this,
- suspendResume);
- return roleSets;
- }
-
- /** A hook to allow subclasses to convert a password from the database
- into a plain text string or whatever form is used for matching against
- the user input. It is called from within the getUsersPassword() method.
- @param rawPassword - the password as obtained from the database
- @return the argument rawPassword
- */
- protected String convertRawPassword(String rawPassword)
- {
- return rawPassword;
- }
-
- protected TransactionManager getTransactionManager() throws NamingException
- {
- TransactionManagerLocator tml = new TransactionManagerLocator();
- return tml.getTM(this.TX_MGR_JNDI_NAME);
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseServerLoginModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseServerLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseServerLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseServerLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,282 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.spi;
+
+import java.security.acl.Group;
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.Map;
+
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginException;
+import javax.sql.DataSource;
+import javax.transaction.SystemException;
+import javax.transaction.Transaction;
+import javax.transaction.TransactionManager;
+
+import org.jboss.security.plugins.TransactionManagerLocator;
+
+
+/**
+ * A JDBC based login module that supports authentication and role mapping.
+ * It is based on two logical tables:
+ * <ul>
+ * <li>Principals(PrincipalID text, Password text)
+ * <li>Roles(PrincipalID text, Role text, RoleGroup text)
+ * </ul>
+ * <p>
+ * LoginModule options:
+ * <ul>
+ * <li><em>dsJndiName</em>: The name of the DataSource of the database
+ * containing the Principals, Roles tables
+ * <li><em>principalsQuery</em>: The prepared statement query, equivalent to:
+ * <pre>
+ * "select Password from Principals where PrincipalID=?"
+ * </pre>
+ * <li><em>rolesQuery</em>: The prepared statement query, equivalent to:
+ * <pre>
+ * "select Role, RoleGroup from Roles where PrincipalID=?"
+ * </pre>
+ * </ul>
+ *
+ * @author <a href="mailto:on at ibis.odessa.ua">Oleg Nitz</a>
+ * @author Scott.Stark at jboss.org
+ * @version $Revision$
+ */
+public class DatabaseServerLoginModule extends UsernamePasswordLoginModule
+{
+ /** The JNDI name of the DataSource to use */
+ protected String dsJndiName;
+ /** The sql query to obtain the user password */
+ protected String principalsQuery = "select Password from Principals where PrincipalID=?";
+ /** The sql query to obtain the user roles */
+ protected String rolesQuery = "select Role, RoleGroup from Roles where PrincipalID=?";
+ /** Whether to suspend resume transactions during database operations */
+ protected boolean suspendResume = true;
+
+ protected String TX_MGR_JNDI_NAME = "java:/TransactionManager";
+
+ protected TransactionManager tm = null;
+
+ /**
+ * Initialize this LoginModule.
+ *
+ * @param options -
+ * dsJndiName: The name of the DataSource of the database containing the
+ * Principals, Roles tables
+ * principalsQuery: The prepared statement query, equivalent to:
+ * "select Password from Principals where PrincipalID=?"
+ * rolesQuery: The prepared statement query, equivalent to:
+ * "select Role, RoleGroup from Roles where PrincipalID=?"
+ */
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map<String,?> sharedState, Map<String,?> options)
+ {
+ super.initialize(subject, callbackHandler, sharedState, options);
+ dsJndiName = (String) options.get("dsJndiName");
+ if( dsJndiName == null )
+ dsJndiName = "java:/DefaultDS";
+ Object tmp = options.get("principalsQuery");
+ if( tmp != null )
+ principalsQuery = tmp.toString();
+ tmp = options.get("rolesQuery");
+ if( tmp != null )
+ rolesQuery = tmp.toString();
+ tmp = options.get("suspendResume");
+ if( tmp != null )
+ suspendResume = Boolean.valueOf(tmp.toString()).booleanValue();
+ if (log.isTraceEnabled())
+ {
+ log.trace("DatabaseServerLoginModule, dsJndiName="+dsJndiName);
+ log.trace("principalsQuery="+principalsQuery);
+ log.trace("rolesQuery="+rolesQuery);
+ log.trace("suspendResume="+suspendResume);
+ }
+ //Get the Transaction Manager JNDI Name
+ String jname = (String) options.get("transactionManagerJndiName");
+ if(jname != null)
+ this.TX_MGR_JNDI_NAME = jname;
+
+ try
+ {
+ if(this.suspendResume)
+ tm = this.getTransactionManager();
+ }
+ catch (NamingException e)
+ {
+ throw new RuntimeException("Unable to get Transaction Manager", e);
+ }
+ }
+
+ /** Get the expected password for the current username available via
+ * the getUsername() method. This is called from within the login()
+ * method after the CallbackHandler has returned the username and
+ * candidate password.
+ * @return the valid password String
+ */
+ protected String getUsersPassword() throws LoginException
+ {
+ boolean trace = log.isTraceEnabled();
+ String username = getUsername();
+ String password = null;
+ Connection conn = null;
+ PreparedStatement ps = null;
+ ResultSet rs = null;
+
+ Transaction tx = null;
+ if (suspendResume)
+ {
+ //tx = TransactionDemarcationSupport.suspendAnyTransaction();
+ try
+ {
+ if(tm == null)
+ throw new IllegalStateException("Transaction Manager is null");
+ tx = tm.suspend();
+ }
+ catch (SystemException e)
+ {
+ throw new RuntimeException(e);
+ }
+ if (trace)
+ log.trace("suspendAnyTransaction");
+ }
+
+ try
+ {
+ InitialContext ctx = new InitialContext();
+ DataSource ds = (DataSource) ctx.lookup(dsJndiName);
+ conn = ds.getConnection();
+ // Get the password
+ if (trace)
+ log.trace("Excuting query: "+principalsQuery+", with username: "+username);
+ ps = conn.prepareStatement(principalsQuery);
+ ps.setString(1, username);
+ rs = ps.executeQuery();
+ if( rs.next() == false )
+ {
+ if(trace)
+ log.trace("Query returned no matches from db");
+ throw new FailedLoginException("No matching username found in Principals");
+ }
+
+ password = rs.getString(1);
+ password = convertRawPassword(password);
+ if(trace)
+ log.trace("Obtained user password");
+ }
+ catch(NamingException ex)
+ {
+ LoginException le = new LoginException("Error looking up DataSource from: "+dsJndiName);
+ le.initCause(ex);
+ throw le;
+ }
+ catch(SQLException ex)
+ {
+ LoginException le = new LoginException("Query failed");
+ le.initCause(ex);
+ throw le;
+ }
+ finally
+ {
+ if (rs != null)
+ {
+ try
+ {
+ rs.close();
+ }
+ catch(SQLException e)
+ {}
+ }
+ if( ps != null )
+ {
+ try
+ {
+ ps.close();
+ }
+ catch(SQLException e)
+ {}
+ }
+ if( conn != null )
+ {
+ try
+ {
+ conn.close();
+ }
+ catch (SQLException ex)
+ {}
+ }
+ if (suspendResume)
+ {
+ //TransactionDemarcationSupport.resumeAnyTransaction(tx);
+ try
+ {
+ tm.resume(tx);
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ if (log.isTraceEnabled())
+ log.trace("resumeAnyTransaction");
+ }
+ }
+ return password;
+ }
+
+ /** Execute the rolesQuery against the dsJndiName to obtain the roles for
+ the authenticated user.
+
+ @return Group[] containing the sets of roles
+ */
+ protected Group[] getRoleSets() throws LoginException
+ {
+ String username = getUsername();
+ if (log.isTraceEnabled())
+ log.trace("getRoleSets using rolesQuery: "+rolesQuery+", username: "+username);
+ Group[] roleSets = Util.getRoleSets(username, dsJndiName, rolesQuery, this,
+ suspendResume);
+ return roleSets;
+ }
+
+ /** A hook to allow subclasses to convert a password from the database
+ into a plain text string or whatever form is used for matching against
+ the user input. It is called from within the getUsersPassword() method.
+ @param rawPassword - the password as obtained from the database
+ @return the argument rawPassword
+ */
+ protected String convertRawPassword(String rawPassword)
+ {
+ return rawPassword;
+ }
+
+ protected TransactionManager getTransactionManager() throws NamingException
+ {
+ TransactionManagerLocator tml = new TransactionManagerLocator();
+ return tml.getTM(this.TX_MGR_JNDI_NAME);
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DecodeAction.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/DecodeAction.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DecodeAction.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,110 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.spi;
-
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-
-import javax.crypto.Cipher;
-import javax.management.ObjectName;
-
-import org.jboss.security.config.SecurityConfiguration;
-
-/**
- * PriviledgedActions used by login modules for decoding passwords
- *
- * @author Scott.Stark at jboss.org
- * @version $Revision$
- */
-class DecodeAction implements PrivilegedExceptionAction
-{
- /** The permission required to access decode, decode64 */
- private static final RuntimePermission decodePermission =
- new RuntimePermission("org.jboss.security.auth.spi.DecodeAction.decode");
-
- String password;
- ObjectName serviceName;
-
- DecodeAction(String password, ObjectName serviceName)
- {
- this.password = password;
- this.serviceName = serviceName;
- }
-
- /**
- *
- * @return
- * @throws Exception
- */
- public Object run() throws Exception
- {
- // Invoke the decodeb64 op
- byte[] secret = decode64(password);
- // Convert to UTF-8 base char array
- String secretPassword = new String(secret, "UTF-8");
- return secretPassword.toCharArray();
- }
-
- private byte[] decode64(String secret)
- throws Exception
- {
- byte[] encoding = Util.fromb64(secret);
- byte[] decode = decode(encoding);
- return decode;
- }
-
- /** Decrypt the secret using the cipherKey.
- *
- * @param secret - the encrypted secret to decrypt.
- * @return the decrypted secret
- * @throws Exception
- */
- private byte[] decode(byte[] secret)
- throws Exception
- {
- SecurityManager sm = System.getSecurityManager();
- if( sm != null )
- sm.checkPermission(decodePermission);
-
- Cipher cipher = Cipher.getInstance(SecurityConfiguration.getCipherAlgorithm());
- cipher.init(Cipher.DECRYPT_MODE, SecurityConfiguration.getCipherKey(),
- SecurityConfiguration.getCipherSpec());
- byte[] decode = cipher.doFinal(secret);
- return decode;
- }
-
- static char[] decode(String password, ObjectName serviceName)
- throws Exception
- {
- DecodeAction action = new DecodeAction(password, serviceName);
- try
- {
- char[] decode = (char[]) AccessController.doPrivileged(action);
- return decode;
- }
- catch(PrivilegedActionException e)
- {
- throw e.getException();
- }
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DecodeAction.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/DecodeAction.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DecodeAction.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/DecodeAction.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,110 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.spi;
+
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import javax.crypto.Cipher;
+import javax.management.ObjectName;
+
+import org.jboss.security.config.SecurityConfiguration;
+
+/**
+ * PriviledgedActions used by login modules for decoding passwords
+ *
+ * @author Scott.Stark at jboss.org
+ * @version $Revision$
+ */
+class DecodeAction implements PrivilegedExceptionAction<Object>
+{
+ /** The permission required to access decode, decode64 */
+ private static final RuntimePermission decodePermission =
+ new RuntimePermission("org.jboss.security.auth.spi.DecodeAction.decode");
+
+ String password;
+ ObjectName serviceName;
+
+ DecodeAction(String password, ObjectName serviceName)
+ {
+ this.password = password;
+ this.serviceName = serviceName;
+ }
+
+ /**
+ *
+ * @return
+ * @throws Exception
+ */
+ public Object run() throws Exception
+ {
+ // Invoke the decodeb64 op
+ byte[] secret = decode64(password);
+ // Convert to UTF-8 base char array
+ String secretPassword = new String(secret, "UTF-8");
+ return secretPassword.toCharArray();
+ }
+
+ private byte[] decode64(String secret)
+ throws Exception
+ {
+ byte[] encoding = Util.fromb64(secret);
+ byte[] decode = decode(encoding);
+ return decode;
+ }
+
+ /** Decrypt the secret using the cipherKey.
+ *
+ * @param secret - the encrypted secret to decrypt.
+ * @return the decrypted secret
+ * @throws Exception
+ */
+ private byte[] decode(byte[] secret)
+ throws Exception
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission(decodePermission);
+
+ Cipher cipher = Cipher.getInstance(SecurityConfiguration.getCipherAlgorithm());
+ cipher.init(Cipher.DECRYPT_MODE, SecurityConfiguration.getCipherKey(),
+ SecurityConfiguration.getCipherSpec());
+ byte[] decode = cipher.doFinal(secret);
+ return decode;
+ }
+
+ static char[] decode(String password, ObjectName serviceName)
+ throws Exception
+ {
+ DecodeAction action = new DecodeAction(password, serviceName);
+ try
+ {
+ char[] decode = (char[]) AccessController.doPrivileged(action);
+ return decode;
+ }
+ catch(PrivilegedActionException e)
+ {
+ throw e.getException();
+ }
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/IdentityLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/IdentityLoginModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/IdentityLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,103 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.spi;
-
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Map;
-import java.util.StringTokenizer;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
-
-import org.jboss.security.SimpleGroup;
-import org.jboss.security.SimplePrincipal;
-
-/**
- * A simple login module that simply associates the principal specified
- * in the module options with any subject authenticated against the module.
- * The type of Principal class used is
- * <code>org.jboss.security.SimplePrincipal.</code>
- * <p>
- * If no principal option is specified a principal with the name of 'guest'
- * is used.
- *
- * @see org.jboss.security.SimpleGroup
- * @see org.jboss.security.SimplePrincipal
- *
- * @author Scott.Stark at jboss.org
- * @version $Revision$
- */
-public class IdentityLoginModule extends AbstractServerLoginModule
-{
- private String principalName;
- private String roleNames;
-
- public IdentityLoginModule()
- {
- }
-
- public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
- {
- super.initialize(subject, handler, sharedState, options);
- principalName = (String) options.get("principal");
- if( principalName == null )
- principalName = "guest";
- roleNames = (String) options.get("roles");
- }
-
- public boolean login() throws LoginException
- {
- if( super.login() == true )
- return true;
-
- Principal principal = new SimplePrincipal(principalName);
- subject.getPrincipals().add(principal);
- // Put the principal name into the sharedState map
- sharedState.put("javax.security.auth.login.name", principalName);
- super.loginOk = true;
- return true;
- }
-
- protected Principal getIdentity()
- {
- Principal principal = new SimplePrincipal(principalName);
- return principal;
- }
-
- protected Group[] getRoleSets() throws LoginException
- {
- SimpleGroup roles = new SimpleGroup("Roles");
- Group[] roleSets = {roles};
- if( roleNames != null )
- {
- StringTokenizer tokenizer = new StringTokenizer(roleNames, ",");
- while( tokenizer.hasMoreTokens() )
- {
- String roleName = tokenizer.nextToken();
- roles.addMember(new SimplePrincipal(roleName));
- }
- }
- return roleSets;
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/IdentityLoginModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/IdentityLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/IdentityLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/IdentityLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,105 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.spi;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Map;
+import java.util.StringTokenizer;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.security.SimpleGroup;
+import org.jboss.security.SimplePrincipal;
+
+/**
+ * A simple login module that simply associates the principal specified
+ * in the module options with any subject authenticated against the module.
+ * The type of Principal class used is
+ * <code>org.jboss.security.SimplePrincipal.</code>
+ * <p>
+ * If no principal option is specified a principal with the name of 'guest'
+ * is used.
+ *
+ * @see org.jboss.security.SimpleGroup
+ * @see org.jboss.security.SimplePrincipal
+ *
+ * @author Scott.Stark at jboss.org
+ * @version $Revision$
+ */
+public class IdentityLoginModule extends AbstractServerLoginModule
+{
+ private String principalName;
+ private String roleNames;
+
+ public IdentityLoginModule()
+ {
+ }
+
+ public void initialize(Subject subject, CallbackHandler handler,
+ Map<String,?> sharedState, Map<String,?> options)
+ {
+ super.initialize(subject, handler, sharedState, options);
+ principalName = (String) options.get("principal");
+ if( principalName == null )
+ principalName = "guest";
+ roleNames = (String) options.get("roles");
+ }
+
+ @SuppressWarnings("unchecked")
+ public boolean login() throws LoginException
+ {
+ if( super.login() == true )
+ return true;
+
+ Principal principal = new SimplePrincipal(principalName);
+ subject.getPrincipals().add(principal);
+ // Put the principal name into the sharedState map
+ sharedState.put("javax.security.auth.login.name", principalName);
+ super.loginOk = true;
+ return true;
+ }
+
+ protected Principal getIdentity()
+ {
+ Principal principal = new SimplePrincipal(principalName);
+ return principal;
+ }
+
+ protected Group[] getRoleSets() throws LoginException
+ {
+ SimpleGroup roles = new SimpleGroup("Roles");
+ Group[] roleSets = {roles};
+ if( roleNames != null )
+ {
+ StringTokenizer tokenizer = new StringTokenizer(roleNames, ",");
+ while( tokenizer.hasMoreTokens() )
+ {
+ String roleName = tokenizer.nextToken();
+ roles.addMember(new SimplePrincipal(roleName));
+ }
+ }
+ return roleSets;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,573 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2006, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.spi;
-
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Iterator;
-import java.util.Properties;
-import java.util.Map.Entry;
-
-import javax.management.ObjectName;
-import javax.naming.Context;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.SearchControls;
-import javax.naming.directory.SearchResult;
-import javax.naming.ldap.InitialLdapContext;
-import javax.security.auth.login.LoginException;
-
-import org.jboss.security.SimpleGroup;
-
-/**
- The org.jboss.security.auth.spi.LdapExtLoginModule, added in jboss-4.0.3, is an
- alternate ldap login module implementation that uses searches for locating both
- the user to bind as for authentication as well as the associated roles. The
- roles query will recursively follow distinguished names (DNs) to navigate a
- hierarchical role structure.
-
- The LoginModule options include whatever options your LDAP JNDI provider
- supports. Examples of standard property names are:
-
- * Context.INITIAL_CONTEXT_FACTORY = "java.naming.factory.initial"
- * Context.SECURITY_PROTOCOL = "java.naming.security.protocol"
- * Context.PROVIDER_URL = "java.naming.provider.url"
- * Context.SECURITY_AUTHENTICATION = "java.naming.security.authentication"
-
- The authentication happens in 2 steps:
- # An initial bind to the ldap server is done using the __bindDN__ and
- __bindCredential__ options. The __bindDN__ is some user with the ability to
- search both the __baseDN__ and __rolesCtxDN__ trees for the user and roles. The
- user DN to authenticate against is queried using the filter specified by the
- __baseFilter__ attribute (see the __baseFilter__ option description for its
- syntax).
- # The resulting user DN is then authenticated by binding to ldap server using
- the user DN as the InitialLdapContext environment Context.SECURITY_PRINCIPAL.
-
- The Context.SECURITY_CREDENTIALS property is either set to the String password
- obtained by the callback handler.
-
- If this is successful, the associated user roles are queried using the
- __rolesCtxDN__, __roleAttributeID__, __roleAttributeIsDN__,
- __roleNameAttributeID__, and __roleFilter__ options.
-
- The full odule properties include:
- * __baseCtxDN__ : The fixed DN of the context to start the user search from.
- * __bindDN__ : The DN used to bind against the ldap server for the user and
- roles queries. This is some DN with read/search permissions on the baseCtxDN and
- rolesCtxDN values.
- * __bindCredential__ : The password for the bindDN. This can be encrypted if the
- jaasSecurityDomain is specified.
- * __jaasSecurityDomain__ : The JMX ObjectName of the JaasSecurityDomain to use
- to decrypt the java.naming.security.principal. The encrypted form of the
- password is that returned by the JaasSecurityDomain#encrypt64(byte[]) method.
- The org.jboss.security.plugins.PBEUtils can also be used to generate the
- encrypted form.
- * __baseFilter__ : A search filter used to locate the context of the user to
- authenticate. The input username/userDN as obtained from the login module
- callback will be substituted into the filter anywhere a "{0}" expression is
- seen. This substituion behavior comes from the standard
- __DirContext.search(Name, String, Object[], SearchControls cons)__ method. An
- common example search filter is "(uid={0})".
- * __rolesCtxDN__ : The fixed DN of the context to search for user roles.
- Consider that this is not the Distinguished Name of where the actual roles are;
- rather, this is the DN of where the objects containing the user roles are (e.g.
- for active directory, this is the DN where the user account is)
- * __roleFilter__ : A search filter used to locate the roles associated with the
- authenticated user. The input username/userDN as obtained from the login module
- callback will be substituted into the filter anywhere a "{0}" expression is
- seen. The authenticated userDN will be substituted into the filter anywhere a
- "{1}" is seen. An example search filter that matches on the input username is:
- "(member={0})". An alternative that matches on the authenticated userDN is:
- "(member={1})".
- * __roleAttributeIsDN__ : A flag indicating whether the user's role attribute
- contains the fully distinguished name of a role object, or the users's role
- attribute contains the role name. If false, the role name is taken from the
- value of the user's role attribute. If true, the role attribute represents the
- distinguished name of a role object. The role name is taken from the value of
- the roleNameAttributeId` attribute of the corresponding object. In certain
- directory schemas (e.g., Microsoft Active Directory), role (group)attributes in
- the user object are stored as DNs to role objects instead of as simple names, in
- which case, this property should be set to true. The default value of this
- property is false.
- * __roleNameAttributeID__ : The name of the attribute of the role object which
- corresponds to the name of the role. If the __roleAttributeIsDN__ property is
- set to true, this property is used to find the role object's name attribute. If
- the __roleAttributeIsDN__ property is set to false, this property is ignored.
- * __roleRecursion__ : How deep the role search will go below a given matching
- context. Disable with 0, which is the default.
- * __searchTimeLimit__ : The timeout in milliseconds for the user/role searches.
- Defaults to 10000 (10 seconds).
- * __searchScope__ : Sets the search scope to one of the strings. The default is
- SUBTREE_SCOPE.
- ** OBJECT_SCOPE : only search the named roles context.
- ** ONELEVEL_SCOPE : search directly under the named roles context.
- ** SUBTREE_SCOPE : If the roles context is not a DirContext, search only the
- object. If the roles context is a DirContext, search the subtree rooted at the
- named object, including the named object itself
- * __allowEmptyPasswords__ : A flag indicating if empty(length==0) passwords
- should be passed to the ldap server. An empty password is treated as an
- anonymous login by some ldap servers and this may not be a desirable feature.
- Set this to false to reject empty passwords, true to have the ldap server
- validate the empty password. The default is true.
-
- @author Andy Oliver
- @author Scott.Stark at jboss.org
- @version $Revision$ */
-public class LdapExtLoginModule extends UsernamePasswordLoginModule
-{
- private static final String ROLES_CTX_DN_OPT = "rolesCtxDN";
- private static final String ROLE_ATTRIBUTE_ID_OPT = "roleAttributeID";
- private static final String ROLE_ATTRIBUTE_IS_DN_OPT = "roleAttributeIsDN";
- private static final String ROLE_NAME_ATTRIBUTE_ID_OPT = "roleNameAttributeID";
-
- private static final String BIND_DN = "bindDN";
- private static final String BIND_CREDENTIAL = "bindCredential";
- private static final String BASE_CTX_DN = "baseCtxDN";
- private static final String BASE_FILTER_OPT = "baseFilter";
- private static final String ROLE_FILTER_OPT = "roleFilter";
- private static final String ROLE_RECURSION = "roleRecursion";
- private static final String DEFAULT_ROLE = "defaultRole";
- private static final String SEARCH_TIME_LIMIT_OPT = "searchTimeLimit";
- private static final String SEARCH_SCOPE_OPT = "searchScope";
- private static final String SECURITY_DOMAIN_OPT = "jaasSecurityDomain";
-
- protected String bindDN;
- protected String bindCredential;
- protected String baseDN;
- protected String baseFilter;
- protected String rolesCtxDN;
- protected String roleFilter;
- protected String roleAttributeID;
- protected String roleNameAttributeID;
- protected boolean roleAttributeIsDN;
- protected int recursion = 0;
- protected int searchTimeLimit = 10000;
- protected int searchScope = SearchControls.SUBTREE_SCOPE;
- protected boolean trace;
-
- public LdapExtLoginModule()
- {
- }
-
- private transient SimpleGroup userRoles = new SimpleGroup("Roles");
-
- /**
- Overriden to return an empty password string as typically one cannot obtain a
- user's password. We also override the validatePassword so this is ok.
- @return and empty password String
- */
- protected String getUsersPassword() throws LoginException
- {
- return "";
- }
-
- /**
- Overriden by subclasses to return the Groups that correspond to the to the
- role sets assigned to the user. Subclasses should create at least a Group
- named "Roles" that contains the roles assigned to the user. A second common
- group is "CallerPrincipal" that provides the application identity of the user
- rather than the security domain identity.
- @return Group[] containing the sets of roles
- */
- protected Group[] getRoleSets() throws LoginException
- {
- Group[] roleSets = {userRoles};
- return roleSets;
- }
-
- /**
- Validate the inputPassword by creating a ldap InitialContext with the
- SECURITY_CREDENTIALS set to the password.
- @param inputPassword the password to validate.
- @param expectedPassword ignored
- */
- protected boolean validatePassword(String inputPassword, String expectedPassword)
- {
- boolean isValid = false;
- if (inputPassword != null)
- {
- // See if this is an empty password that should be disallowed
- if (inputPassword.length() == 0)
- {
- // Check for an allowEmptyPasswords option
- boolean allowEmptyPasswords = true;
- String flag = (String) options.get("allowEmptyPasswords");
- if (flag != null)
- allowEmptyPasswords = Boolean.valueOf(flag).booleanValue();
- if (allowEmptyPasswords == false)
- {
- log.trace("Rejecting empty password due to allowEmptyPasswords");
- return false;
- }
- }
-
- try
- {
- // Validate the password by trying to create an initial context
- String username = getUsername();
- isValid = createLdapInitContext(username, inputPassword);
- defaultRole();
- isValid = true;
- }
- catch (Throwable e)
- {
- super.setValidateError(e);
- }
- }
- return isValid;
- }
-
- /**
- @todo move to a generic role mapping function at the base login module
- */
- private void defaultRole()
- {
- try
- {
- String defaultRole = (String) options.get(DEFAULT_ROLE);
- if (defaultRole == null || defaultRole.equals(""))
- {
- return;
- }
- Principal p = super.createIdentity(defaultRole);
- log.trace("Assign user to role " + defaultRole);
- userRoles.addMember(p);
- }
- catch (Exception e)
- {
- super.log.debug("could not add default role to user", e);
- }
- }
-
- /**
- Bind to the ldap server for authentication.
-
- @param username
- @param credential
- @return true if the bind for authentication succeeded
- @throws NamingException
- */
- private boolean createLdapInitContext(String username, Object credential)
- throws Exception
- {
- bindDN = (String) options.get(BIND_DN);
- bindCredential = (String) options.get(BIND_CREDENTIAL);
- String securityDomain = (String) options.get(SECURITY_DOMAIN_OPT);
- if (securityDomain != null)
- {
- ObjectName serviceName = new ObjectName(securityDomain);
- char[] tmp = DecodeAction.decode(bindCredential, serviceName);
- bindCredential = new String(tmp);
- }
-
- baseDN = (String) options.get(BASE_CTX_DN);
- baseFilter = (String) options.get(BASE_FILTER_OPT);
- roleFilter = (String) options.get(ROLE_FILTER_OPT);
- roleAttributeID = (String) options.get(ROLE_ATTRIBUTE_ID_OPT);
- if (roleAttributeID == null)
- roleAttributeID = "role";
- // Is user's role attribute a DN or the role name
- String roleAttributeIsDNOption = (String) options.get(ROLE_ATTRIBUTE_IS_DN_OPT);
- roleAttributeIsDN = Boolean.valueOf(roleAttributeIsDNOption).booleanValue();
- roleNameAttributeID = (String) options.get(ROLE_NAME_ATTRIBUTE_ID_OPT);
- if (roleNameAttributeID == null)
- roleNameAttributeID = "name";
- rolesCtxDN = (String) options.get(ROLES_CTX_DN_OPT);
- String strRecursion = (String) options.get(ROLE_RECURSION);
- try
- {
- recursion = Integer.parseInt(strRecursion);
- }
- catch (Exception e)
- {
- if (trace)
- log.trace("Failed to parse: " + strRecursion + ", disabling recursion");
- // its okay for this to be 0 as this just disables recursion
- recursion = 0;
- }
- String timeLimit = (String) options.get(SEARCH_TIME_LIMIT_OPT);
- if (timeLimit != null)
- {
- try
- {
- searchTimeLimit = Integer.parseInt(timeLimit);
- }
- catch (NumberFormatException e)
- {
- if (trace)
- log.trace("Failed to parse: " + timeLimit + ", using searchTimeLimit=" + searchTimeLimit);
- }
- }
- String scope = (String) options.get(SEARCH_SCOPE_OPT);
- if ("OBJECT_SCOPE".equalsIgnoreCase(scope))
- searchScope = SearchControls.OBJECT_SCOPE;
- else if ("ONELEVEL_SCOPE".equalsIgnoreCase(scope))
- searchScope = SearchControls.ONELEVEL_SCOPE;
- if ("SUBTREE_SCOPE".equalsIgnoreCase(scope))
- searchScope = SearchControls.SUBTREE_SCOPE;
-
- // Get the admin context for searching
- InitialLdapContext ctx = null;
- try
- {
- ctx = constructInitialLdapContext(bindDN, bindCredential);
- // Validate the user by binding against the userDN
- String userDN = bindDNAuthentication(ctx, username, credential, baseDN, baseFilter);
-
- // Query for roles matching the role filter
- SearchControls constraints = new SearchControls();
- constraints.setSearchScope(searchScope);
- constraints.setReturningAttributes(new String[0]);
- constraints.setTimeLimit(searchTimeLimit);
- rolesSearch(ctx, constraints, username, userDN, recursion, 0);
- }
- finally
- {
- if( ctx != null )
- ctx.close();
- }
- return true;
- }
-
- /**
- @param ctx - the context to search from
- @param user - the input username
- @param credential - the bind credential
- @param baseDN - base DN to search the ctx from
- @param filter - the search filter string
- @return the userDN string for the successful authentication
- @throws NamingException
- */
- protected String bindDNAuthentication(InitialLdapContext ctx,
- String user, Object credential, String baseDN, String filter)
- throws NamingException
- {
- SearchControls constraints = new SearchControls();
- constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
- constraints.setReturningAttributes(new String[0]);
- constraints.setTimeLimit(searchTimeLimit);
-
- NamingEnumeration results = null;
-
-
- Object[] filterArgs = {user};
- results = ctx.search(baseDN, filter, filterArgs, constraints);
- if (results.hasMore() == false)
- {
- results.close();
- throw new NamingException("Search of baseDN(" + baseDN + ") found no matches");
- }
-
- SearchResult sr = (SearchResult) results.next();
- String name = sr.getName();
- String userDN = null;
- if (sr.isRelative() == true)
- userDN = name + "," + baseDN;
- else
- throw new NamingException("Can't follow referal for authentication: " + name);
-
- results.close();
- results = null;
- // Bind as the user dn to authenticate the user
- InitialLdapContext userCtx = constructInitialLdapContext(userDN, credential);
- userCtx.close();
-
- return userDN;
- }
-
- /**
- @param ctx
- @param constraints
- @param user
- @param userDN
- @param recursionMax
- @param nesting
- @throws NamingException
- */
- protected void rolesSearch(InitialLdapContext ctx, SearchControls constraints,
- String user, String userDN, int recursionMax, int nesting)
- throws NamingException
- {
- Object[] filterArgs = {user, userDN};
- NamingEnumeration results = ctx.search(rolesCtxDN, roleFilter, filterArgs, constraints);
- try
- {
- while (results.hasMore())
- {
- SearchResult sr = (SearchResult) results.next();
- String dn = canonicalize(sr.getName());
- if( nesting == 0 && roleAttributeIsDN && roleNameAttributeID != null )
- {
- // Check the top context for role names
- String[] attrNames = {roleNameAttributeID};
- Attributes result2 = ctx.getAttributes(dn, attrNames);
- Attribute roles2 = result2.get(roleNameAttributeID);
- if( roles2 != null )
- {
- for(int m = 0; m < roles2.size(); m ++)
- {
- String roleName = (String) roles2.get(m);
- addRole(roleName);
- }
- }
- }
-
- // Query the context for the roleDN values
- String[] attrNames = {roleAttributeID};
- Attributes result = ctx.getAttributes(dn, attrNames);
- if( result != null && result.size() > 0 )
- {
- Attribute roles = result.get(roleAttributeID);
- for (int n = 0; n < roles.size(); n ++)
- {
- String roleName = (String) roles.get(n);
- if (roleAttributeIsDN)
- {
- // Query the roleDN location for the value of roleNameAttributeID
- String roleDN = roleName;
- String[] returnAttribute = {roleNameAttributeID};
- log.trace("Using roleDN: " + roleDN);
- try
- {
- Attributes result2 = ctx.getAttributes(roleDN, returnAttribute);
- Attribute roles2 = result2.get(roleNameAttributeID);
- if( roles2 != null )
- {
- for(int m = 0; m < roles2.size(); m ++)
- {
- roleName = (String) roles2.get(m);
- addRole(roleName);
- }
- }
- }
- catch (NamingException e)
- {
- log.trace("Failed to query roleNameAttrName", e);
- }
- }
- else
- {
- // The role attribute value is the role name
- addRole(roleName);
- }
- }
- }
-
- if (nesting < recursionMax)
- {
- rolesSearch(ctx, constraints, user, dn,
- recursionMax, nesting + 1);
- }
- }
- }
- finally
- {
- if( results != null )
- results.close();
- }
-
- }
-
- private InitialLdapContext constructInitialLdapContext(String dn, Object credential) throws NamingException
- {
- Properties env = new Properties();
- Iterator iter = options.entrySet().iterator();
- while (iter.hasNext())
- {
- Entry entry = (Entry) iter.next();
- env.put(entry.getKey(), entry.getValue());
- }
-
- // Set defaults for key values if they are missing
- String factoryName = env.getProperty(Context.INITIAL_CONTEXT_FACTORY);
- if (factoryName == null)
- {
- factoryName = "com.sun.jndi.ldap.LdapCtxFactory";
- env.setProperty(Context.INITIAL_CONTEXT_FACTORY, factoryName);
- }
- String authType = env.getProperty(Context.SECURITY_AUTHENTICATION);
- if (authType == null)
- env.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
- String protocol = env.getProperty(Context.SECURITY_PROTOCOL);
- String providerURL = (String) options.get(Context.PROVIDER_URL);
- if (providerURL == null)
- providerURL = "ldap://localhost:" + ((protocol != null && protocol.equals("ssl")) ? "636" : "389");
-
- env.setProperty(Context.PROVIDER_URL, providerURL);
- // JBAS-3555, allow anonymous login with no bindDN and bindCredential
- if (dn != null)
- env.setProperty(Context.SECURITY_PRINCIPAL, dn);
- if (credential != null)
- env.put(Context.SECURITY_CREDENTIALS, credential);
- traceLdapEnv(env);
- return new InitialLdapContext(env, null);
- }
-
- private void traceLdapEnv(Properties env)
- {
- if(trace)
- {
- Properties tmp = new Properties();
- tmp.putAll(env);
- tmp.setProperty(Context.SECURITY_CREDENTIALS, "***");
- log.trace("Logging into LDAP server, env=" + tmp.toString());
- }
- }
-
- //JBAS-3438 : Handle "/" correctly
- private String canonicalize(String searchResult)
- {
- String result = searchResult;
- int len = searchResult.length();
-
- if (searchResult.endsWith("\""))
- {
- result = searchResult.substring(0,len - 1)
- + "," + rolesCtxDN + "\"";
- }
- else
- {
- result = searchResult + "," + rolesCtxDN;
- }
- return result;
- }
-
- private void addRole(String roleName)
- {
- if (roleName != null)
- {
- try
- {
- Principal p = super.createIdentity(roleName);
- log.trace("Assign user to role " + roleName);
- userRoles.addMember(p);
- }
- catch (Exception e)
- {
- log.debug("Failed to create principal: " + roleName, e);
- }
- }
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,575 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.spi;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Iterator;
+import java.util.Properties;
+import java.util.Map.Entry;
+
+import javax.management.ObjectName;
+import javax.naming.Context;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+import javax.naming.ldap.InitialLdapContext;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.security.SimpleGroup;
+
+/**
+ The org.jboss.security.auth.spi.LdapExtLoginModule, added in jboss-4.0.3, is an
+ alternate ldap login module implementation that uses searches for locating both
+ the user to bind as for authentication as well as the associated roles. The
+ roles query will recursively follow distinguished names (DNs) to navigate a
+ hierarchical role structure.
+
+ The LoginModule options include whatever options your LDAP JNDI provider
+ supports. Examples of standard property names are:
+
+ * Context.INITIAL_CONTEXT_FACTORY = "java.naming.factory.initial"
+ * Context.SECURITY_PROTOCOL = "java.naming.security.protocol"
+ * Context.PROVIDER_URL = "java.naming.provider.url"
+ * Context.SECURITY_AUTHENTICATION = "java.naming.security.authentication"
+
+ The authentication happens in 2 steps:
+ # An initial bind to the ldap server is done using the __bindDN__ and
+ __bindCredential__ options. The __bindDN__ is some user with the ability to
+ search both the __baseDN__ and __rolesCtxDN__ trees for the user and roles. The
+ user DN to authenticate against is queried using the filter specified by the
+ __baseFilter__ attribute (see the __baseFilter__ option description for its
+ syntax).
+ # The resulting user DN is then authenticated by binding to ldap server using
+ the user DN as the InitialLdapContext environment Context.SECURITY_PRINCIPAL.
+
+ The Context.SECURITY_CREDENTIALS property is either set to the String password
+ obtained by the callback handler.
+
+ If this is successful, the associated user roles are queried using the
+ __rolesCtxDN__, __roleAttributeID__, __roleAttributeIsDN__,
+ __roleNameAttributeID__, and __roleFilter__ options.
+
+ The full odule properties include:
+ * __baseCtxDN__ : The fixed DN of the context to start the user search from.
+ * __bindDN__ : The DN used to bind against the ldap server for the user and
+ roles queries. This is some DN with read/search permissions on the baseCtxDN and
+ rolesCtxDN values.
+ * __bindCredential__ : The password for the bindDN. This can be encrypted if the
+ jaasSecurityDomain is specified.
+ * __jaasSecurityDomain__ : The JMX ObjectName of the JaasSecurityDomain to use
+ to decrypt the java.naming.security.principal. The encrypted form of the
+ password is that returned by the JaasSecurityDomain#encrypt64(byte[]) method.
+ The org.jboss.security.plugins.PBEUtils can also be used to generate the
+ encrypted form.
+ * __baseFilter__ : A search filter used to locate the context of the user to
+ authenticate. The input username/userDN as obtained from the login module
+ callback will be substituted into the filter anywhere a "{0}" expression is
+ seen. This substituion behavior comes from the standard
+ __DirContext.search(Name, String, Object[], SearchControls cons)__ method. An
+ common example search filter is "(uid={0})".
+ * __rolesCtxDN__ : The fixed DN of the context to search for user roles.
+ Consider that this is not the Distinguished Name of where the actual roles are;
+ rather, this is the DN of where the objects containing the user roles are (e.g.
+ for active directory, this is the DN where the user account is)
+ * __roleFilter__ : A search filter used to locate the roles associated with the
+ authenticated user. The input username/userDN as obtained from the login module
+ callback will be substituted into the filter anywhere a "{0}" expression is
+ seen. The authenticated userDN will be substituted into the filter anywhere a
+ "{1}" is seen. An example search filter that matches on the input username is:
+ "(member={0})". An alternative that matches on the authenticated userDN is:
+ "(member={1})".
+ * __roleAttributeIsDN__ : A flag indicating whether the user's role attribute
+ contains the fully distinguished name of a role object, or the users's role
+ attribute contains the role name. If false, the role name is taken from the
+ value of the user's role attribute. If true, the role attribute represents the
+ distinguished name of a role object. The role name is taken from the value of
+ the roleNameAttributeId` attribute of the corresponding object. In certain
+ directory schemas (e.g., Microsoft Active Directory), role (group)attributes in
+ the user object are stored as DNs to role objects instead of as simple names, in
+ which case, this property should be set to true. The default value of this
+ property is false.
+ * __roleNameAttributeID__ : The name of the attribute of the role object which
+ corresponds to the name of the role. If the __roleAttributeIsDN__ property is
+ set to true, this property is used to find the role object's name attribute. If
+ the __roleAttributeIsDN__ property is set to false, this property is ignored.
+ * __roleRecursion__ : How deep the role search will go below a given matching
+ context. Disable with 0, which is the default.
+ * __searchTimeLimit__ : The timeout in milliseconds for the user/role searches.
+ Defaults to 10000 (10 seconds).
+ * __searchScope__ : Sets the search scope to one of the strings. The default is
+ SUBTREE_SCOPE.
+ ** OBJECT_SCOPE : only search the named roles context.
+ ** ONELEVEL_SCOPE : search directly under the named roles context.
+ ** SUBTREE_SCOPE : If the roles context is not a DirContext, search only the
+ object. If the roles context is a DirContext, search the subtree rooted at the
+ named object, including the named object itself
+ * __allowEmptyPasswords__ : A flag indicating if empty(length==0) passwords
+ should be passed to the ldap server. An empty password is treated as an
+ anonymous login by some ldap servers and this may not be a desirable feature.
+ Set this to false to reject empty passwords, true to have the ldap server
+ validate the empty password. The default is true.
+
+ @author Andy Oliver
+ @author Scott.Stark at jboss.org
+ @version $Revision$ */
+public class LdapExtLoginModule extends UsernamePasswordLoginModule
+{
+ private static final String ROLES_CTX_DN_OPT = "rolesCtxDN";
+ private static final String ROLE_ATTRIBUTE_ID_OPT = "roleAttributeID";
+ private static final String ROLE_ATTRIBUTE_IS_DN_OPT = "roleAttributeIsDN";
+ private static final String ROLE_NAME_ATTRIBUTE_ID_OPT = "roleNameAttributeID";
+
+ private static final String BIND_DN = "bindDN";
+ private static final String BIND_CREDENTIAL = "bindCredential";
+ private static final String BASE_CTX_DN = "baseCtxDN";
+ private static final String BASE_FILTER_OPT = "baseFilter";
+ private static final String ROLE_FILTER_OPT = "roleFilter";
+ private static final String ROLE_RECURSION = "roleRecursion";
+ private static final String DEFAULT_ROLE = "defaultRole";
+ private static final String SEARCH_TIME_LIMIT_OPT = "searchTimeLimit";
+ private static final String SEARCH_SCOPE_OPT = "searchScope";
+ private static final String SECURITY_DOMAIN_OPT = "jaasSecurityDomain";
+
+ protected String bindDN;
+ protected String bindCredential;
+ protected String baseDN;
+ protected String baseFilter;
+ protected String rolesCtxDN;
+ protected String roleFilter;
+ protected String roleAttributeID;
+ protected String roleNameAttributeID;
+ protected boolean roleAttributeIsDN;
+ protected int recursion = 0;
+ protected int searchTimeLimit = 10000;
+ protected int searchScope = SearchControls.SUBTREE_SCOPE;
+ protected boolean trace;
+
+ public LdapExtLoginModule()
+ {
+ }
+
+ private transient SimpleGroup userRoles = new SimpleGroup("Roles");
+
+ /**
+ Overriden to return an empty password string as typically one cannot obtain a
+ user's password. We also override the validatePassword so this is ok.
+ @return and empty password String
+ */
+ protected String getUsersPassword() throws LoginException
+ {
+ return "";
+ }
+
+ /**
+ Overriden by subclasses to return the Groups that correspond to the to the
+ role sets assigned to the user. Subclasses should create at least a Group
+ named "Roles" that contains the roles assigned to the user. A second common
+ group is "CallerPrincipal" that provides the application identity of the user
+ rather than the security domain identity.
+ @return Group[] containing the sets of roles
+ */
+ protected Group[] getRoleSets() throws LoginException
+ {
+ Group[] roleSets = {userRoles};
+ return roleSets;
+ }
+
+ /**
+ Validate the inputPassword by creating a ldap InitialContext with the
+ SECURITY_CREDENTIALS set to the password.
+ @param inputPassword the password to validate.
+ @param expectedPassword ignored
+ */
+ protected boolean validatePassword(String inputPassword, String expectedPassword)
+ {
+ boolean isValid = false;
+ if (inputPassword != null)
+ {
+ // See if this is an empty password that should be disallowed
+ if (inputPassword.length() == 0)
+ {
+ // Check for an allowEmptyPasswords option
+ boolean allowEmptyPasswords = true;
+ String flag = (String) options.get("allowEmptyPasswords");
+ if (flag != null)
+ allowEmptyPasswords = Boolean.valueOf(flag).booleanValue();
+ if (allowEmptyPasswords == false)
+ {
+ log.trace("Rejecting empty password due to allowEmptyPasswords");
+ return false;
+ }
+ }
+
+ try
+ {
+ // Validate the password by trying to create an initial context
+ String username = getUsername();
+ isValid = createLdapInitContext(username, inputPassword);
+ defaultRole();
+ isValid = true;
+ }
+ catch (Throwable e)
+ {
+ super.setValidateError(e);
+ }
+ }
+ return isValid;
+ }
+
+ /**
+ @todo move to a generic role mapping function at the base login module
+ */
+ private void defaultRole()
+ {
+ try
+ {
+ String defaultRole = (String) options.get(DEFAULT_ROLE);
+ if (defaultRole == null || defaultRole.equals(""))
+ {
+ return;
+ }
+ Principal p = super.createIdentity(defaultRole);
+ log.trace("Assign user to role " + defaultRole);
+ userRoles.addMember(p);
+ }
+ catch (Exception e)
+ {
+ super.log.debug("could not add default role to user", e);
+ }
+ }
+
+ /**
+ Bind to the ldap server for authentication.
+
+ @param username
+ @param credential
+ @return true if the bind for authentication succeeded
+ @throws NamingException
+ */
+ private boolean createLdapInitContext(String username, Object credential)
+ throws Exception
+ {
+ bindDN = (String) options.get(BIND_DN);
+ bindCredential = (String) options.get(BIND_CREDENTIAL);
+ String securityDomain = (String) options.get(SECURITY_DOMAIN_OPT);
+ if (securityDomain != null)
+ {
+ ObjectName serviceName = new ObjectName(securityDomain);
+ char[] tmp = DecodeAction.decode(bindCredential, serviceName);
+ bindCredential = new String(tmp);
+ }
+
+ baseDN = (String) options.get(BASE_CTX_DN);
+ baseFilter = (String) options.get(BASE_FILTER_OPT);
+ roleFilter = (String) options.get(ROLE_FILTER_OPT);
+ roleAttributeID = (String) options.get(ROLE_ATTRIBUTE_ID_OPT);
+ if (roleAttributeID == null)
+ roleAttributeID = "role";
+ // Is user's role attribute a DN or the role name
+ String roleAttributeIsDNOption = (String) options.get(ROLE_ATTRIBUTE_IS_DN_OPT);
+ roleAttributeIsDN = Boolean.valueOf(roleAttributeIsDNOption).booleanValue();
+ roleNameAttributeID = (String) options.get(ROLE_NAME_ATTRIBUTE_ID_OPT);
+ if (roleNameAttributeID == null)
+ roleNameAttributeID = "name";
+ rolesCtxDN = (String) options.get(ROLES_CTX_DN_OPT);
+ String strRecursion = (String) options.get(ROLE_RECURSION);
+ try
+ {
+ recursion = Integer.parseInt(strRecursion);
+ }
+ catch (Exception e)
+ {
+ if (trace)
+ log.trace("Failed to parse: " + strRecursion + ", disabling recursion");
+ // its okay for this to be 0 as this just disables recursion
+ recursion = 0;
+ }
+ String timeLimit = (String) options.get(SEARCH_TIME_LIMIT_OPT);
+ if (timeLimit != null)
+ {
+ try
+ {
+ searchTimeLimit = Integer.parseInt(timeLimit);
+ }
+ catch (NumberFormatException e)
+ {
+ if (trace)
+ log.trace("Failed to parse: " + timeLimit + ", using searchTimeLimit=" + searchTimeLimit);
+ }
+ }
+ String scope = (String) options.get(SEARCH_SCOPE_OPT);
+ if ("OBJECT_SCOPE".equalsIgnoreCase(scope))
+ searchScope = SearchControls.OBJECT_SCOPE;
+ else if ("ONELEVEL_SCOPE".equalsIgnoreCase(scope))
+ searchScope = SearchControls.ONELEVEL_SCOPE;
+ if ("SUBTREE_SCOPE".equalsIgnoreCase(scope))
+ searchScope = SearchControls.SUBTREE_SCOPE;
+
+ // Get the admin context for searching
+ InitialLdapContext ctx = null;
+ try
+ {
+ ctx = constructInitialLdapContext(bindDN, bindCredential);
+ // Validate the user by binding against the userDN
+ String userDN = bindDNAuthentication(ctx, username, credential, baseDN, baseFilter);
+
+ // Query for roles matching the role filter
+ SearchControls constraints = new SearchControls();
+ constraints.setSearchScope(searchScope);
+ constraints.setReturningAttributes(new String[0]);
+ constraints.setTimeLimit(searchTimeLimit);
+ rolesSearch(ctx, constraints, username, userDN, recursion, 0);
+ }
+ finally
+ {
+ if( ctx != null )
+ ctx.close();
+ }
+ return true;
+ }
+
+ /**
+ @param ctx - the context to search from
+ @param user - the input username
+ @param credential - the bind credential
+ @param baseDN - base DN to search the ctx from
+ @param filter - the search filter string
+ @return the userDN string for the successful authentication
+ @throws NamingException
+ */
+ @SuppressWarnings("unchecked")
+ protected String bindDNAuthentication(InitialLdapContext ctx,
+ String user, Object credential, String baseDN, String filter)
+ throws NamingException
+ {
+ SearchControls constraints = new SearchControls();
+ constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
+ constraints.setReturningAttributes(new String[0]);
+ constraints.setTimeLimit(searchTimeLimit);
+
+ NamingEnumeration results = null;
+
+ Object[] filterArgs = {user};
+ results = ctx.search(baseDN, filter, filterArgs, constraints);
+ if (results.hasMore() == false)
+ {
+ results.close();
+ throw new NamingException("Search of baseDN(" + baseDN + ") found no matches");
+ }
+
+ SearchResult sr = (SearchResult) results.next();
+ String name = sr.getName();
+ String userDN = null;
+ if (sr.isRelative() == true)
+ userDN = name + "," + baseDN;
+ else
+ throw new NamingException("Can't follow referal for authentication: " + name);
+
+ results.close();
+ results = null;
+ // Bind as the user dn to authenticate the user
+ InitialLdapContext userCtx = constructInitialLdapContext(userDN, credential);
+ userCtx.close();
+
+ return userDN;
+ }
+
+ /**
+ @param ctx
+ @param constraints
+ @param user
+ @param userDN
+ @param recursionMax
+ @param nesting
+ @throws NamingException
+ */
+ @SuppressWarnings("unchecked")
+ protected void rolesSearch(InitialLdapContext ctx, SearchControls constraints,
+ String user, String userDN, int recursionMax, int nesting)
+ throws NamingException
+ {
+ Object[] filterArgs = {user, userDN};
+ NamingEnumeration results = ctx.search(rolesCtxDN, roleFilter, filterArgs, constraints);
+ try
+ {
+ while (results.hasMore())
+ {
+ SearchResult sr = (SearchResult) results.next();
+ String dn = canonicalize(sr.getName());
+ if( nesting == 0 && roleAttributeIsDN && roleNameAttributeID != null )
+ {
+ // Check the top context for role names
+ String[] attrNames = {roleNameAttributeID};
+ Attributes result2 = ctx.getAttributes(dn, attrNames);
+ Attribute roles2 = result2.get(roleNameAttributeID);
+ if( roles2 != null )
+ {
+ for(int m = 0; m < roles2.size(); m ++)
+ {
+ String roleName = (String) roles2.get(m);
+ addRole(roleName);
+ }
+ }
+ }
+
+ // Query the context for the roleDN values
+ String[] attrNames = {roleAttributeID};
+ Attributes result = ctx.getAttributes(dn, attrNames);
+ if( result != null && result.size() > 0 )
+ {
+ Attribute roles = result.get(roleAttributeID);
+ for (int n = 0; n < roles.size(); n ++)
+ {
+ String roleName = (String) roles.get(n);
+ if (roleAttributeIsDN)
+ {
+ // Query the roleDN location for the value of roleNameAttributeID
+ String roleDN = roleName;
+ String[] returnAttribute = {roleNameAttributeID};
+ log.trace("Using roleDN: " + roleDN);
+ try
+ {
+ Attributes result2 = ctx.getAttributes(roleDN, returnAttribute);
+ Attribute roles2 = result2.get(roleNameAttributeID);
+ if( roles2 != null )
+ {
+ for(int m = 0; m < roles2.size(); m ++)
+ {
+ roleName = (String) roles2.get(m);
+ addRole(roleName);
+ }
+ }
+ }
+ catch (NamingException e)
+ {
+ log.trace("Failed to query roleNameAttrName", e);
+ }
+ }
+ else
+ {
+ // The role attribute value is the role name
+ addRole(roleName);
+ }
+ }
+ }
+
+ if (nesting < recursionMax)
+ {
+ rolesSearch(ctx, constraints, user, dn,
+ recursionMax, nesting + 1);
+ }
+ }
+ }
+ finally
+ {
+ if( results != null )
+ results.close();
+ }
+
+ }
+
+ @SuppressWarnings("unchecked")
+ private InitialLdapContext constructInitialLdapContext(String dn, Object credential) throws NamingException
+ {
+ Properties env = new Properties();
+ Iterator iter = options.entrySet().iterator();
+ while (iter.hasNext())
+ {
+ Entry entry = (Entry) iter.next();
+ env.put(entry.getKey(), entry.getValue());
+ }
+
+ // Set defaults for key values if they are missing
+ String factoryName = env.getProperty(Context.INITIAL_CONTEXT_FACTORY);
+ if (factoryName == null)
+ {
+ factoryName = "com.sun.jndi.ldap.LdapCtxFactory";
+ env.setProperty(Context.INITIAL_CONTEXT_FACTORY, factoryName);
+ }
+ String authType = env.getProperty(Context.SECURITY_AUTHENTICATION);
+ if (authType == null)
+ env.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
+ String protocol = env.getProperty(Context.SECURITY_PROTOCOL);
+ String providerURL = (String) options.get(Context.PROVIDER_URL);
+ if (providerURL == null)
+ providerURL = "ldap://localhost:" + ((protocol != null && protocol.equals("ssl")) ? "636" : "389");
+
+ env.setProperty(Context.PROVIDER_URL, providerURL);
+ // JBAS-3555, allow anonymous login with no bindDN and bindCredential
+ if (dn != null)
+ env.setProperty(Context.SECURITY_PRINCIPAL, dn);
+ if (credential != null)
+ env.put(Context.SECURITY_CREDENTIALS, credential);
+ traceLdapEnv(env);
+ return new InitialLdapContext(env, null);
+ }
+
+ private void traceLdapEnv(Properties env)
+ {
+ if(trace)
+ {
+ Properties tmp = new Properties();
+ tmp.putAll(env);
+ tmp.setProperty(Context.SECURITY_CREDENTIALS, "***");
+ log.trace("Logging into LDAP server, env=" + tmp.toString());
+ }
+ }
+
+ //JBAS-3438 : Handle "/" correctly
+ private String canonicalize(String searchResult)
+ {
+ String result = searchResult;
+ int len = searchResult.length();
+
+ if (searchResult.endsWith("\""))
+ {
+ result = searchResult.substring(0,len - 1)
+ + "," + rolesCtxDN + "\"";
+ }
+ else
+ {
+ result = searchResult + "," + rolesCtxDN;
+ }
+ return result;
+ }
+
+ private void addRole(String roleName)
+ {
+ if (roleName != null)
+ {
+ try
+ {
+ Principal p = super.createIdentity(roleName);
+ log.trace("Assign user to role " + roleName);
+ userRoles.addMember(p);
+ }
+ catch (Exception e)
+ {
+ log.debug("Failed to create principal: " + roleName, e);
+ }
+ }
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,486 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.spi;
-
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Iterator;
-import java.util.Properties;
-import java.util.Map.Entry;
-
-import javax.management.ObjectName;
-import javax.naming.Context;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.SearchControls;
-import javax.naming.directory.SearchResult;
-import javax.naming.ldap.InitialLdapContext;
-import javax.security.auth.login.LoginException;
-
-import org.jboss.security.SimpleGroup;
-
-/**
- * An implementation of LoginModule that authenticates against an LDAP server
- * using JNDI, based on the configuration properties.
- * <p>
- * The LoginModule options include whatever options your LDAP JNDI provider
- * supports. Examples of standard property names are:
- * <ul>
- * <li><code>Context.INITIAL_CONTEXT_FACTORY = "java.naming.factory.initial"</code>
- * <li><code>Context.SECURITY_PROTOCOL = "java.naming.security.protocol"</code>
- * <li><code>Context.PROVIDER_URL = "java.naming.provider.url"</code>
- * <li><code>Context.SECURITY_AUTHENTICATION = "java.naming.security.authentication"</code>
- * </ul>
- * <p>
- * The Context.SECURITY_PRINCIPAL is set to the distinguished name of the user
- * as obtained by the callback handler and the Context.SECURITY_CREDENTIALS
- * property is either set to the String password or Object credential depending
- * on the useObjectCredential option.
- * <p>
- * Additional module properties include:
- * <ul>
- * <li>principalDNPrefix, principalDNSuffix : A prefix and suffix to add to the
- * username when forming the user distiguished name. This is useful if you
- * prompt a user for a username and you don't want them to have to enter the
- * fully distinguished name. Using this property and principalDNSuffix the
- * userDN will be formed as:
- * <pre>
- * String userDN = principalDNPrefix + username + principalDNSuffix;
- * </pre>
- * <li>useObjectCredential : indicates that the credential should be obtained as
- * an opaque Object using the <code>org.jboss.security.plugins.ObjectCallback</code> type
- * of Callback rather than as a char[] password using a JAAS PasswordCallback.
- * <li>rolesCtxDN : The fixed distinguished name to the context to search for user roles.
- * <li>userRolesCtxDNAttributeName : The name of an attribute in the user
- * object that contains the distinguished name to the context to search for
- * user roles. This differs from rolesCtxDN in that the context to search for a
- * user's roles can be unique for each user.
- * <li>uidAttributeID : The name of the attribute that in the object containing
- * the user roles that corresponds to the userid. This is used to locate the
- * user roles.
- * <li>matchOnUserDN : A flag indicating if the search for user roles should match
- * on the user's fully distinguished name. If false just the username is used
- * as the match value. If true, the userDN is used as the match value.
- * <li>allowEmptyPasswords : A flag indicating if empty(length==0) passwords
- * should be passed to the ldap server. An empty password is treated as an
- * anonymous login by some ldap servers and this may not be a desirable
- * feature. Set this to false to reject empty passwords, true to have the ldap
- * server validate the empty password. The default is true.
- *
- * <li>roleAttributeIsDN : A flag indicating whether the user's role attribute
- * contains the fully distinguished name of a role object, or the users's role
- * attribute contains the role name. If false, the role name is taken from the
- * value of the user's role attribute. If true, the role attribute represents
- * the distinguished name of a role object. The role name is taken from the
- * value of the `roleNameAttributeId` attribute of the corresponding object. In
- * certain directory schemas (e.g., Microsoft Active Directory), role (group)
- * attributes in the user object are stored as DNs to role objects instead of
- * as simple names, in which case, this property should be set to true.
- * The default value of this property is false.
- * <li>roleNameAttributeID : The name of the attribute of the role object which
- * corresponds to the name of the role. If the `roleAttributeIsDN` property is
- * set to true, this property is used to find the role object's name attribute.
- * If the `roleAttributeIsDN` property is set to false, this property is ignored.
- * <li>java.naming.security.principal (4.0.3+): This standard JNDI property if
- * specified in the login configuration, it is used to rebind to the ldap server
- * after user authentication for the role searches. This may be necessar if the
- * user does not have permission to perform these queres. If specified, the
- * java.naming.security.credentials provides the rebind credentials.
- * </li>
- * <li>java.naming.security.credentials (4.0.3+): This standard JNDI property
- * if specified in the login configuration, it is used to rebind to the ldap
- * server after user authentication for the role searches along with the
- * java.naming.security.principal value. This can be encrypted using the
- * jaasSecurityDomain.
- * <li>jaasSecurityDomain (4.0.3+): The JMX ObjectName of the JaasSecurityDomain
- * to use to decrypt the java.naming.security.principal. The encrypted form
- * of the password is that returned by the JaasSecurityDomain#encrypt64(byte[])
- * method. The org.jboss.security.plugins.PBEUtils can also be used to generate
- * the encrypted form.
- * </ul>
- * A sample login config:
- * <p>
- <pre>
- testLdap {
- org.jboss.security.auth.spi.LdapLoginModule required
- java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
- java.naming.provider.url="ldap://ldaphost.jboss.org:1389/"
- java.naming.security.authentication=simple
- principalDNPrefix=uid=
- uidAttributeID=userid
- roleAttributeID=roleName
- principalDNSuffix=,ou=People,o=jboss.org
- rolesCtxDN=cn=JBossSX Tests,ou=Roles,o=jboss.org
- };
-
- testLdap2 {
- org.jboss.security.auth.spi.LdapLoginModule required
- java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
- java.naming.provider.url="ldap://ldaphost.jboss.org:1389/"
- java.naming.security.authentication=simple
- principalDNPrefix=uid=
- uidAttributeID=userid
- roleAttributeID=roleName
- principalDNSuffix=,ou=People,o=jboss.org
- userRolesCtxDNAttributeName=ou=Roles,dc=user1,dc=com
- };
-
- testLdapToActiveDirectory {
- org.jboss.security.auth.spi.LdapLoginModule required
- java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
- java.naming.provider.url="ldap://ldaphost.jboss.org:1389/"
- java.naming.security.authentication=simple
- rolesCtxDN=cn=Users,dc=ldaphost,dc=jboss,dc=org
- uidAttributeID=userPrincipalName
- roleAttributeID=memberOf
- roleAttributeIsDN=true
- roleNameAttributeID=name
- };
- </pre>
- *
- * @author Scott.Stark at jboss.org
- * @version $Revision$
- */
-public class LdapLoginModule extends UsernamePasswordLoginModule
-{
- private static final String PRINCIPAL_DN_PREFIX_OPT = "principalDNPrefix";
- private static final String PRINCIPAL_DN_SUFFIX_OPT = "principalDNSuffix";
- private static final String ROLES_CTX_DN_OPT = "rolesCtxDN";
- private static final String USER_ROLES_CTX_DN_ATTRIBUTE_ID_OPT =
- "userRolesCtxDNAttributeName";
- private static final String UID_ATTRIBUTE_ID_OPT = "uidAttributeID";
- private static final String ROLE_ATTRIBUTE_ID_OPT = "roleAttributeID";
- private static final String MATCH_ON_USER_DN_OPT = "matchOnUserDN";
- private static final String ROLE_ATTRIBUTE_IS_DN_OPT = "roleAttributeIsDN";
- private static final String ROLE_NAME_ATTRIBUTE_ID_OPT = "roleNameAttributeID";
- private static final String SEARCH_TIME_LIMIT_OPT = "searchTimeLimit";
- private static final String SEARCH_SCOPE_OPT = "searchScope";
- private static final String SECURITY_DOMAIN_OPT = "jaasSecurityDomain";
-
- public LdapLoginModule()
- {
- }
-
- private transient SimpleGroup userRoles = new SimpleGroup("Roles");
-
- /** Overriden to return an empty password string as typically one cannot
- obtain a user's password. We also override the validatePassword so
- this is ok.
- @return and empty password String
- */
- protected String getUsersPassword() throws LoginException
- {
- return "";
- }
-
- /** Overriden by subclasses to return the Groups that correspond to the
- to the role sets assigned to the user. Subclasses should create at
- least a Group named "Roles" that contains the roles assigned to the user.
- A second common group is "CallerPrincipal" that provides the application
- identity of the user rather than the security domain identity.
- @return Group[] containing the sets of roles
- */
- protected Group[] getRoleSets() throws LoginException
- {
- Group[] roleSets = {userRoles};
- return roleSets;
- }
-
- /** Validate the inputPassword by creating a ldap InitialContext with the
- SECURITY_CREDENTIALS set to the password.
-
- @param inputPassword the password to validate.
- @param expectedPassword ignored
- */
- protected boolean validatePassword(String inputPassword, String expectedPassword)
- {
- boolean isValid = false;
- if (inputPassword != null)
- {
- // See if this is an empty password that should be disallowed
- if (inputPassword.length() == 0)
- {
- // Check for an allowEmptyPasswords option
- boolean allowEmptyPasswords = true;
- String flag = (String) options.get("allowEmptyPasswords");
- if (flag != null)
- allowEmptyPasswords = Boolean.valueOf(flag).booleanValue();
- if (allowEmptyPasswords == false)
- {
- super.log.trace("Rejecting empty password due to allowEmptyPasswords");
- return false;
- }
- }
-
- try
- {
- // Validate the password by trying to create an initial context
- String username = getUsername();
- createLdapInitContext(username, inputPassword);
- isValid = true;
- }
- catch (Throwable e)
- {
- super.setValidateError(e);
- }
- }
- return isValid;
- }
-
- private void createLdapInitContext(String username, Object credential)
- throws Exception
- {
- boolean trace = log.isTraceEnabled();
- Properties env = new Properties();
- // Map all option into the JNDI InitialLdapContext env
- Iterator iter = options.entrySet().iterator();
- while (iter.hasNext())
- {
- Entry entry = (Entry) iter.next();
- env.put(entry.getKey(), entry.getValue());
- }
-
- // Set defaults for key values if they are missing
- String factoryName = env.getProperty(Context.INITIAL_CONTEXT_FACTORY);
- if (factoryName == null)
- {
- factoryName = "com.sun.jndi.ldap.LdapCtxFactory";
- env.setProperty(Context.INITIAL_CONTEXT_FACTORY, factoryName);
- }
- String authType = env.getProperty(Context.SECURITY_AUTHENTICATION);
- if (authType == null)
- env.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
- String protocol = env.getProperty(Context.SECURITY_PROTOCOL);
- String providerURL = (String) options.get(Context.PROVIDER_URL);
- if (providerURL == null)
- providerURL = "ldap://localhost:" + ((protocol != null && protocol.equals("ssl")) ? "636" : "389");
-
- String bindDN = (String) options.get(Context.SECURITY_PRINCIPAL);
- String bindCredential = (String) options.get(Context.SECURITY_CREDENTIALS);
- String securityDomain = (String) options.get(SECURITY_DOMAIN_OPT);
- if( securityDomain != null )
- {
- ObjectName serviceName = new ObjectName(securityDomain);
- char[] tmp = DecodeAction.decode(bindCredential, serviceName);
- bindCredential = new String(tmp);
- }
-
- String principalDNPrefix = (String) options.get(PRINCIPAL_DN_PREFIX_OPT);
- if (principalDNPrefix == null)
- principalDNPrefix = "";
- String principalDNSuffix = (String) options.get(PRINCIPAL_DN_SUFFIX_OPT);
- if (principalDNSuffix == null)
- principalDNSuffix = "";
- String matchType = (String) options.get(MATCH_ON_USER_DN_OPT);
- boolean matchOnUserDN = Boolean.valueOf(matchType).booleanValue();
- String userDN = principalDNPrefix + username + principalDNSuffix;
- env.setProperty(Context.PROVIDER_URL, providerURL);
- env.setProperty(Context.SECURITY_PRINCIPAL, userDN);
- env.put(Context.SECURITY_CREDENTIALS, credential);
- if( trace )
- {
- Properties tmp = new Properties();
- tmp.putAll(env);
- tmp.setProperty(Context.SECURITY_CREDENTIALS, "***");
- log.trace("Logging into LDAP server, env=" + tmp.toString());
- }
- InitialLdapContext ctx = new InitialLdapContext(env, null);
- if( trace )
- log.trace("Logged into LDAP server, " + ctx);
-
- if( bindDN != null )
- {
- // Rebind the ctx to the bind dn/credentials for the roles searches
- if( trace )
- log.trace("Rebind SECURITY_PRINCIPAL to: "+bindDN);
- env.setProperty(Context.SECURITY_PRINCIPAL, bindDN);
- env.put(Context.SECURITY_CREDENTIALS, bindCredential);
- ctx = new InitialLdapContext(env, null);
- }
-
- /* If a userRolesCtxDNAttributeName was speocified, see if there is a
- user specific roles DN. If there is not, the default rolesCtxDN will
- be used.
- */
- String rolesCtxDN = (String) options.get(ROLES_CTX_DN_OPT);
- String userRolesCtxDNAttributeName = (String) options.get(USER_ROLES_CTX_DN_ATTRIBUTE_ID_OPT);
- if (userRolesCtxDNAttributeName != null)
- {
- // Query the indicated attribute for the roles ctx DN to use
- String[] returnAttribute = {userRolesCtxDNAttributeName};
- try
- {
- Attributes result = ctx.getAttributes(userDN, returnAttribute);
- if (result.get(userRolesCtxDNAttributeName) != null)
- {
- rolesCtxDN = result.get(userRolesCtxDNAttributeName).get().toString();
- super.log.trace("Found user roles context DN: " + rolesCtxDN);
- }
- }
- catch (NamingException e)
- {
- super.log.debug("Failed to query userRolesCtxDNAttributeName", e);
- }
- }
-
- // Search for any roles associated with the user
- if (rolesCtxDN != null)
- {
- String uidAttrName = (String) options.get(UID_ATTRIBUTE_ID_OPT);
- if (uidAttrName == null)
- uidAttrName = "uid";
- String roleAttrName = (String) options.get(ROLE_ATTRIBUTE_ID_OPT);
- if (roleAttrName == null)
- roleAttrName = "roles";
- StringBuffer roleFilter = new StringBuffer("(");
- roleFilter.append(uidAttrName);
- roleFilter.append("={0})");
- String userToMatch = username;
- if (matchOnUserDN == true)
- userToMatch = userDN;
-
- String[] roleAttr = {roleAttrName};
- // Is user's role attribute a DN or the role name
- String roleAttributeIsDNOption = (String) options.get(ROLE_ATTRIBUTE_IS_DN_OPT);
- boolean roleAttributeIsDN = Boolean.valueOf(roleAttributeIsDNOption).booleanValue();
-
- // If user's role attribute is a DN, what is the role's name attribute
- // Default to 'name' (Group name attribute in Active Directory)
- String roleNameAttributeID = (String) options.get(ROLE_NAME_ATTRIBUTE_ID_OPT);
- if (roleNameAttributeID == null)
- roleNameAttributeID = "name";
-
- int searchScope = SearchControls.SUBTREE_SCOPE;
- int searchTimeLimit = 10000;
- String timeLimit = (String) options.get(SEARCH_TIME_LIMIT_OPT);
- if( timeLimit != null )
- {
- try
- {
- searchTimeLimit = Integer.parseInt(timeLimit);
- }
- catch(NumberFormatException e)
- {
- log.trace("Failed to parse: "+timeLimit+", using searchTimeLimit="+searchTimeLimit);
- }
- }
- String scope = (String) options.get(SEARCH_SCOPE_OPT);
- if( "OBJECT_SCOPE".equalsIgnoreCase(scope) )
- searchScope = SearchControls.OBJECT_SCOPE;
- else if( "ONELEVEL_SCOPE".equalsIgnoreCase(scope) )
- searchScope = SearchControls.ONELEVEL_SCOPE;
- if( "SUBTREE_SCOPE".equalsIgnoreCase(scope) )
- searchScope = SearchControls.SUBTREE_SCOPE;
-
- try
- {
- SearchControls controls = new SearchControls();
- controls.setSearchScope(searchScope);
- controls.setReturningAttributes(roleAttr);
- controls.setTimeLimit(searchTimeLimit);
- Object[] filterArgs = {userToMatch};
- if( trace )
- {
- log.trace("searching rolesCtxDN="+rolesCtxDN+", roleFilter="+roleFilter
- +", filterArgs="+userToMatch+", roleAttr="+roleAttr
- +", searchScope="+searchScope+", searchTimeLimit="+searchTimeLimit
- );
- }
- NamingEnumeration answer = ctx.search(rolesCtxDN, roleFilter.toString(),
- filterArgs, controls);
- while (answer.hasMore())
- {
- SearchResult sr = (SearchResult) answer.next();
- if( trace )
- {
- log.trace("Checking answer: "+sr.getName());
- }
- Attributes attrs = sr.getAttributes();
- Attribute roles = attrs.get(roleAttrName);
- for (int r = 0; r < roles.size(); r++)
- {
- Object value = roles.get(r);
- String roleName = null;
- if (roleAttributeIsDN == true)
- {
- // Query the roleDN location for the value of roleNameAttributeID
- String roleDN = value.toString();
- String[] returnAttribute = {roleNameAttributeID};
- if( trace )
- log.trace("Following roleDN: " + roleDN);
- try
- {
- Attributes result2 = ctx.getAttributes(roleDN, returnAttribute);
- Attribute roles2 = result2.get(roleNameAttributeID);
- if( roles2 != null )
- {
- for(int m = 0; m < roles2.size(); m ++)
- {
- roleName = (String) roles2.get(m);
- addRole(roleName);
- }
- }
- }
- catch (NamingException e)
- {
- log.trace("Failed to query roleNameAttrName", e);
- }
- }
- else
- {
- // The role attribute value is the role name
- roleName = value.toString();
- addRole(roleName);
- }
- }
- }
- answer.close();
- }
- catch (NamingException e)
- {
- if( trace )
- log.trace("Failed to locate roles", e);
- }
- }
- // Close the context to release the connection
- ctx.close();
- }
-
- private void addRole(String roleName)
- {
- if (roleName != null)
- {
- try
- {
- Principal p = super.createIdentity(roleName);
- log.trace("Assign user to role " + roleName);
- userRoles.addMember(p);
- }
- catch (Exception e)
- {
- log.debug("Failed to create principal: " + roleName, e);
- }
- }
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,487 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.spi;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Iterator;
+import java.util.Properties;
+import java.util.Map.Entry;
+
+import javax.management.ObjectName;
+import javax.naming.Context;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+import javax.naming.ldap.InitialLdapContext;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.security.SimpleGroup;
+
+/**
+ * An implementation of LoginModule that authenticates against an LDAP server
+ * using JNDI, based on the configuration properties.
+ * <p>
+ * The LoginModule options include whatever options your LDAP JNDI provider
+ * supports. Examples of standard property names are:
+ * <ul>
+ * <li><code>Context.INITIAL_CONTEXT_FACTORY = "java.naming.factory.initial"</code>
+ * <li><code>Context.SECURITY_PROTOCOL = "java.naming.security.protocol"</code>
+ * <li><code>Context.PROVIDER_URL = "java.naming.provider.url"</code>
+ * <li><code>Context.SECURITY_AUTHENTICATION = "java.naming.security.authentication"</code>
+ * </ul>
+ * <p>
+ * The Context.SECURITY_PRINCIPAL is set to the distinguished name of the user
+ * as obtained by the callback handler and the Context.SECURITY_CREDENTIALS
+ * property is either set to the String password or Object credential depending
+ * on the useObjectCredential option.
+ * <p>
+ * Additional module properties include:
+ * <ul>
+ * <li>principalDNPrefix, principalDNSuffix : A prefix and suffix to add to the
+ * username when forming the user distiguished name. This is useful if you
+ * prompt a user for a username and you don't want them to have to enter the
+ * fully distinguished name. Using this property and principalDNSuffix the
+ * userDN will be formed as:
+ * <pre>
+ * String userDN = principalDNPrefix + username + principalDNSuffix;
+ * </pre>
+ * <li>useObjectCredential : indicates that the credential should be obtained as
+ * an opaque Object using the <code>org.jboss.security.plugins.ObjectCallback</code> type
+ * of Callback rather than as a char[] password using a JAAS PasswordCallback.
+ * <li>rolesCtxDN : The fixed distinguished name to the context to search for user roles.
+ * <li>userRolesCtxDNAttributeName : The name of an attribute in the user
+ * object that contains the distinguished name to the context to search for
+ * user roles. This differs from rolesCtxDN in that the context to search for a
+ * user's roles can be unique for each user.
+ * <li>uidAttributeID : The name of the attribute that in the object containing
+ * the user roles that corresponds to the userid. This is used to locate the
+ * user roles.
+ * <li>matchOnUserDN : A flag indicating if the search for user roles should match
+ * on the user's fully distinguished name. If false just the username is used
+ * as the match value. If true, the userDN is used as the match value.
+ * <li>allowEmptyPasswords : A flag indicating if empty(length==0) passwords
+ * should be passed to the ldap server. An empty password is treated as an
+ * anonymous login by some ldap servers and this may not be a desirable
+ * feature. Set this to false to reject empty passwords, true to have the ldap
+ * server validate the empty password. The default is true.
+ *
+ * <li>roleAttributeIsDN : A flag indicating whether the user's role attribute
+ * contains the fully distinguished name of a role object, or the users's role
+ * attribute contains the role name. If false, the role name is taken from the
+ * value of the user's role attribute. If true, the role attribute represents
+ * the distinguished name of a role object. The role name is taken from the
+ * value of the `roleNameAttributeId` attribute of the corresponding object. In
+ * certain directory schemas (e.g., Microsoft Active Directory), role (group)
+ * attributes in the user object are stored as DNs to role objects instead of
+ * as simple names, in which case, this property should be set to true.
+ * The default value of this property is false.
+ * <li>roleNameAttributeID : The name of the attribute of the role object which
+ * corresponds to the name of the role. If the `roleAttributeIsDN` property is
+ * set to true, this property is used to find the role object's name attribute.
+ * If the `roleAttributeIsDN` property is set to false, this property is ignored.
+ * <li>java.naming.security.principal (4.0.3+): This standard JNDI property if
+ * specified in the login configuration, it is used to rebind to the ldap server
+ * after user authentication for the role searches. This may be necessar if the
+ * user does not have permission to perform these queres. If specified, the
+ * java.naming.security.credentials provides the rebind credentials.
+ * </li>
+ * <li>java.naming.security.credentials (4.0.3+): This standard JNDI property
+ * if specified in the login configuration, it is used to rebind to the ldap
+ * server after user authentication for the role searches along with the
+ * java.naming.security.principal value. This can be encrypted using the
+ * jaasSecurityDomain.
+ * <li>jaasSecurityDomain (4.0.3+): The JMX ObjectName of the JaasSecurityDomain
+ * to use to decrypt the java.naming.security.principal. The encrypted form
+ * of the password is that returned by the JaasSecurityDomain#encrypt64(byte[])
+ * method. The org.jboss.security.plugins.PBEUtils can also be used to generate
+ * the encrypted form.
+ * </ul>
+ * A sample login config:
+ * <p>
+ <pre>
+ testLdap {
+ org.jboss.security.auth.spi.LdapLoginModule required
+ java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
+ java.naming.provider.url="ldap://ldaphost.jboss.org:1389/"
+ java.naming.security.authentication=simple
+ principalDNPrefix=uid=
+ uidAttributeID=userid
+ roleAttributeID=roleName
+ principalDNSuffix=,ou=People,o=jboss.org
+ rolesCtxDN=cn=JBossSX Tests,ou=Roles,o=jboss.org
+ };
+
+ testLdap2 {
+ org.jboss.security.auth.spi.LdapLoginModule required
+ java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
+ java.naming.provider.url="ldap://ldaphost.jboss.org:1389/"
+ java.naming.security.authentication=simple
+ principalDNPrefix=uid=
+ uidAttributeID=userid
+ roleAttributeID=roleName
+ principalDNSuffix=,ou=People,o=jboss.org
+ userRolesCtxDNAttributeName=ou=Roles,dc=user1,dc=com
+ };
+
+ testLdapToActiveDirectory {
+ org.jboss.security.auth.spi.LdapLoginModule required
+ java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
+ java.naming.provider.url="ldap://ldaphost.jboss.org:1389/"
+ java.naming.security.authentication=simple
+ rolesCtxDN=cn=Users,dc=ldaphost,dc=jboss,dc=org
+ uidAttributeID=userPrincipalName
+ roleAttributeID=memberOf
+ roleAttributeIsDN=true
+ roleNameAttributeID=name
+ };
+ </pre>
+ *
+ * @author Scott.Stark at jboss.org
+ * @version $Revision$
+ */
+public class LdapLoginModule extends UsernamePasswordLoginModule
+{
+ private static final String PRINCIPAL_DN_PREFIX_OPT = "principalDNPrefix";
+ private static final String PRINCIPAL_DN_SUFFIX_OPT = "principalDNSuffix";
+ private static final String ROLES_CTX_DN_OPT = "rolesCtxDN";
+ private static final String USER_ROLES_CTX_DN_ATTRIBUTE_ID_OPT =
+ "userRolesCtxDNAttributeName";
+ private static final String UID_ATTRIBUTE_ID_OPT = "uidAttributeID";
+ private static final String ROLE_ATTRIBUTE_ID_OPT = "roleAttributeID";
+ private static final String MATCH_ON_USER_DN_OPT = "matchOnUserDN";
+ private static final String ROLE_ATTRIBUTE_IS_DN_OPT = "roleAttributeIsDN";
+ private static final String ROLE_NAME_ATTRIBUTE_ID_OPT = "roleNameAttributeID";
+ private static final String SEARCH_TIME_LIMIT_OPT = "searchTimeLimit";
+ private static final String SEARCH_SCOPE_OPT = "searchScope";
+ private static final String SECURITY_DOMAIN_OPT = "jaasSecurityDomain";
+
+ public LdapLoginModule()
+ {
+ }
+
+ private transient SimpleGroup userRoles = new SimpleGroup("Roles");
+
+ /** Overriden to return an empty password string as typically one cannot
+ obtain a user's password. We also override the validatePassword so
+ this is ok.
+ @return and empty password String
+ */
+ protected String getUsersPassword() throws LoginException
+ {
+ return "";
+ }
+
+ /** Overriden by subclasses to return the Groups that correspond to the
+ to the role sets assigned to the user. Subclasses should create at
+ least a Group named "Roles" that contains the roles assigned to the user.
+ A second common group is "CallerPrincipal" that provides the application
+ identity of the user rather than the security domain identity.
+ @return Group[] containing the sets of roles
+ */
+ protected Group[] getRoleSets() throws LoginException
+ {
+ Group[] roleSets = {userRoles};
+ return roleSets;
+ }
+
+ /** Validate the inputPassword by creating a ldap InitialContext with the
+ SECURITY_CREDENTIALS set to the password.
+
+ @param inputPassword the password to validate.
+ @param expectedPassword ignored
+ */
+ protected boolean validatePassword(String inputPassword, String expectedPassword)
+ {
+ boolean isValid = false;
+ if (inputPassword != null)
+ {
+ // See if this is an empty password that should be disallowed
+ if (inputPassword.length() == 0)
+ {
+ // Check for an allowEmptyPasswords option
+ boolean allowEmptyPasswords = true;
+ String flag = (String) options.get("allowEmptyPasswords");
+ if (flag != null)
+ allowEmptyPasswords = Boolean.valueOf(flag).booleanValue();
+ if (allowEmptyPasswords == false)
+ {
+ super.log.trace("Rejecting empty password due to allowEmptyPasswords");
+ return false;
+ }
+ }
+
+ try
+ {
+ // Validate the password by trying to create an initial context
+ String username = getUsername();
+ createLdapInitContext(username, inputPassword);
+ isValid = true;
+ }
+ catch (Throwable e)
+ {
+ super.setValidateError(e);
+ }
+ }
+ return isValid;
+ }
+
+ @SuppressWarnings("unchecked")
+ private void createLdapInitContext(String username, Object credential)
+ throws Exception
+ {
+ boolean trace = log.isTraceEnabled();
+ Properties env = new Properties();
+ // Map all option into the JNDI InitialLdapContext env
+ Iterator iter = options.entrySet().iterator();
+ while (iter.hasNext())
+ {
+ Entry entry = (Entry) iter.next();
+ env.put(entry.getKey(), entry.getValue());
+ }
+
+ // Set defaults for key values if they are missing
+ String factoryName = env.getProperty(Context.INITIAL_CONTEXT_FACTORY);
+ if (factoryName == null)
+ {
+ factoryName = "com.sun.jndi.ldap.LdapCtxFactory";
+ env.setProperty(Context.INITIAL_CONTEXT_FACTORY, factoryName);
+ }
+ String authType = env.getProperty(Context.SECURITY_AUTHENTICATION);
+ if (authType == null)
+ env.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
+ String protocol = env.getProperty(Context.SECURITY_PROTOCOL);
+ String providerURL = (String) options.get(Context.PROVIDER_URL);
+ if (providerURL == null)
+ providerURL = "ldap://localhost:" + ((protocol != null && protocol.equals("ssl")) ? "636" : "389");
+
+ String bindDN = (String) options.get(Context.SECURITY_PRINCIPAL);
+ String bindCredential = (String) options.get(Context.SECURITY_CREDENTIALS);
+ String securityDomain = (String) options.get(SECURITY_DOMAIN_OPT);
+ if( securityDomain != null )
+ {
+ ObjectName serviceName = new ObjectName(securityDomain);
+ char[] tmp = DecodeAction.decode(bindCredential, serviceName);
+ bindCredential = new String(tmp);
+ }
+
+ String principalDNPrefix = (String) options.get(PRINCIPAL_DN_PREFIX_OPT);
+ if (principalDNPrefix == null)
+ principalDNPrefix = "";
+ String principalDNSuffix = (String) options.get(PRINCIPAL_DN_SUFFIX_OPT);
+ if (principalDNSuffix == null)
+ principalDNSuffix = "";
+ String matchType = (String) options.get(MATCH_ON_USER_DN_OPT);
+ boolean matchOnUserDN = Boolean.valueOf(matchType).booleanValue();
+ String userDN = principalDNPrefix + username + principalDNSuffix;
+ env.setProperty(Context.PROVIDER_URL, providerURL);
+ env.setProperty(Context.SECURITY_PRINCIPAL, userDN);
+ env.put(Context.SECURITY_CREDENTIALS, credential);
+ if( trace )
+ {
+ Properties tmp = new Properties();
+ tmp.putAll(env);
+ tmp.setProperty(Context.SECURITY_CREDENTIALS, "***");
+ log.trace("Logging into LDAP server, env=" + tmp.toString());
+ }
+ InitialLdapContext ctx = new InitialLdapContext(env, null);
+ if( trace )
+ log.trace("Logged into LDAP server, " + ctx);
+
+ if( bindDN != null )
+ {
+ // Rebind the ctx to the bind dn/credentials for the roles searches
+ if( trace )
+ log.trace("Rebind SECURITY_PRINCIPAL to: "+bindDN);
+ env.setProperty(Context.SECURITY_PRINCIPAL, bindDN);
+ env.put(Context.SECURITY_CREDENTIALS, bindCredential);
+ ctx = new InitialLdapContext(env, null);
+ }
+
+ /* If a userRolesCtxDNAttributeName was speocified, see if there is a
+ user specific roles DN. If there is not, the default rolesCtxDN will
+ be used.
+ */
+ String rolesCtxDN = (String) options.get(ROLES_CTX_DN_OPT);
+ String userRolesCtxDNAttributeName = (String) options.get(USER_ROLES_CTX_DN_ATTRIBUTE_ID_OPT);
+ if (userRolesCtxDNAttributeName != null)
+ {
+ // Query the indicated attribute for the roles ctx DN to use
+ String[] returnAttribute = {userRolesCtxDNAttributeName};
+ try
+ {
+ Attributes result = ctx.getAttributes(userDN, returnAttribute);
+ if (result.get(userRolesCtxDNAttributeName) != null)
+ {
+ rolesCtxDN = result.get(userRolesCtxDNAttributeName).get().toString();
+ super.log.trace("Found user roles context DN: " + rolesCtxDN);
+ }
+ }
+ catch (NamingException e)
+ {
+ super.log.debug("Failed to query userRolesCtxDNAttributeName", e);
+ }
+ }
+
+ // Search for any roles associated with the user
+ if (rolesCtxDN != null)
+ {
+ String uidAttrName = (String) options.get(UID_ATTRIBUTE_ID_OPT);
+ if (uidAttrName == null)
+ uidAttrName = "uid";
+ String roleAttrName = (String) options.get(ROLE_ATTRIBUTE_ID_OPT);
+ if (roleAttrName == null)
+ roleAttrName = "roles";
+ StringBuffer roleFilter = new StringBuffer("(");
+ roleFilter.append(uidAttrName);
+ roleFilter.append("={0})");
+ String userToMatch = username;
+ if (matchOnUserDN == true)
+ userToMatch = userDN;
+
+ String[] roleAttr = {roleAttrName};
+ // Is user's role attribute a DN or the role name
+ String roleAttributeIsDNOption = (String) options.get(ROLE_ATTRIBUTE_IS_DN_OPT);
+ boolean roleAttributeIsDN = Boolean.valueOf(roleAttributeIsDNOption).booleanValue();
+
+ // If user's role attribute is a DN, what is the role's name attribute
+ // Default to 'name' (Group name attribute in Active Directory)
+ String roleNameAttributeID = (String) options.get(ROLE_NAME_ATTRIBUTE_ID_OPT);
+ if (roleNameAttributeID == null)
+ roleNameAttributeID = "name";
+
+ int searchScope = SearchControls.SUBTREE_SCOPE;
+ int searchTimeLimit = 10000;
+ String timeLimit = (String) options.get(SEARCH_TIME_LIMIT_OPT);
+ if( timeLimit != null )
+ {
+ try
+ {
+ searchTimeLimit = Integer.parseInt(timeLimit);
+ }
+ catch(NumberFormatException e)
+ {
+ log.trace("Failed to parse: "+timeLimit+", using searchTimeLimit="+searchTimeLimit);
+ }
+ }
+ String scope = (String) options.get(SEARCH_SCOPE_OPT);
+ if( "OBJECT_SCOPE".equalsIgnoreCase(scope) )
+ searchScope = SearchControls.OBJECT_SCOPE;
+ else if( "ONELEVEL_SCOPE".equalsIgnoreCase(scope) )
+ searchScope = SearchControls.ONELEVEL_SCOPE;
+ if( "SUBTREE_SCOPE".equalsIgnoreCase(scope) )
+ searchScope = SearchControls.SUBTREE_SCOPE;
+
+ try
+ {
+ SearchControls controls = new SearchControls();
+ controls.setSearchScope(searchScope);
+ controls.setReturningAttributes(roleAttr);
+ controls.setTimeLimit(searchTimeLimit);
+ Object[] filterArgs = {userToMatch};
+ if( trace )
+ {
+ log.trace("searching rolesCtxDN="+rolesCtxDN+", roleFilter="+roleFilter
+ +", filterArgs="+userToMatch+", roleAttr="+roleAttr
+ +", searchScope="+searchScope+", searchTimeLimit="+searchTimeLimit
+ );
+ }
+ NamingEnumeration answer = ctx.search(rolesCtxDN, roleFilter.toString(),
+ filterArgs, controls);
+ while (answer.hasMore())
+ {
+ SearchResult sr = (SearchResult) answer.next();
+ if( trace )
+ {
+ log.trace("Checking answer: "+sr.getName());
+ }
+ Attributes attrs = sr.getAttributes();
+ Attribute roles = attrs.get(roleAttrName);
+ for (int r = 0; r < roles.size(); r++)
+ {
+ Object value = roles.get(r);
+ String roleName = null;
+ if (roleAttributeIsDN == true)
+ {
+ // Query the roleDN location for the value of roleNameAttributeID
+ String roleDN = value.toString();
+ String[] returnAttribute = {roleNameAttributeID};
+ if( trace )
+ log.trace("Following roleDN: " + roleDN);
+ try
+ {
+ Attributes result2 = ctx.getAttributes(roleDN, returnAttribute);
+ Attribute roles2 = result2.get(roleNameAttributeID);
+ if( roles2 != null )
+ {
+ for(int m = 0; m < roles2.size(); m ++)
+ {
+ roleName = (String) roles2.get(m);
+ addRole(roleName);
+ }
+ }
+ }
+ catch (NamingException e)
+ {
+ log.trace("Failed to query roleNameAttrName", e);
+ }
+ }
+ else
+ {
+ // The role attribute value is the role name
+ roleName = value.toString();
+ addRole(roleName);
+ }
+ }
+ }
+ answer.close();
+ }
+ catch (NamingException e)
+ {
+ if( trace )
+ log.trace("Failed to locate roles", e);
+ }
+ }
+ // Close the context to release the connection
+ ctx.close();
+ }
+
+ private void addRole(String roleName)
+ {
+ if (roleName != null)
+ {
+ try
+ {
+ Principal p = super.createIdentity(roleName);
+ log.trace("Assign user to role " + roleName);
+ userRoles.addMember(p);
+ }
+ catch (Exception e)
+ {
+ log.debug("Failed to create principal: " + roleName, e);
+ }
+ }
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,81 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.spi;
-
-import java.io.IOException;
-import java.util.Map;
-import java.util.Properties;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-
-/**
- * A subclass of UsersRolesLoginModule that uses a singleton instance and
- * memory based users/roles Properties maps to manage user/password and
- * user/role mappings. These maps need to be specified via the login module
- * options.
- *
- * @author Scott.Stark at jboss.org
- * @version $Revision$
- */
-public class MemoryUsersRolesLoginModule extends UsersRolesLoginModule
-{
- private Properties users;
- private Properties roles;
-
- /**
- * Override the UsersRolesLoginModule initialize to look for a users
- * and roles options specifying the
- *
- * @param subject
- * @param callbackHandler
- * @param sharedState
- * @param options
- */
- public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map sharedState, Map options)
- {
- // First extract the users/roles Properties from the options
- this.users = (Properties) options.get("users");
- this.roles = (Properties) options.get("roles");
- // Now initialize the superclass which will invoke createUsers/createRoles
- super.initialize(subject, callbackHandler, sharedState, options);
- }
-
- /**
- * Provide the users map obtained during initialize
- * @return the users login module option value
- */
- protected Properties createUsers(Map options)
- {
- return users;
- }
-
- /**
- * Provide the users map obtained during initialize
- * @return the users login module option value
- */
- protected Properties createRoles(Map options) throws IOException
- {
- return roles;
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,81 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.spi;
+
+import java.io.IOException;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+
+/**
+ * A subclass of UsersRolesLoginModule that uses a singleton instance and
+ * memory based users/roles Properties maps to manage user/password and
+ * user/role mappings. These maps need to be specified via the login module
+ * options.
+ *
+ * @author Scott.Stark at jboss.org
+ * @version $Revision$
+ */
+public class MemoryUsersRolesLoginModule extends UsersRolesLoginModule
+{
+ private Properties users;
+ private Properties roles;
+
+ /**
+ * Override the UsersRolesLoginModule initialize to look for a users
+ * and roles options specifying the
+ *
+ * @param subject
+ * @param callbackHandler
+ * @param sharedState
+ * @param options
+ */
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map<String,?> sharedState, Map<String,?> options)
+ {
+ // First extract the users/roles Properties from the options
+ this.users = (Properties) options.get("users");
+ this.roles = (Properties) options.get("roles");
+ // Now initialize the superclass which will invoke createUsers/createRoles
+ super.initialize(subject, callbackHandler, sharedState, options);
+ }
+
+ /**
+ * Provide the users map obtained during initialize
+ * @return the users login module option value
+ */
+ protected Properties createUsers(Map<String,?> options)
+ {
+ return users;
+ }
+
+ /**
+ * Provide the users map obtained during initialize
+ * @return the users login module option value
+ */
+ protected Properties createRoles(Map<String,?> options) throws IOException
+ {
+ return roles;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/ProxyLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/ProxyLoginModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/ProxyLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,128 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.spi;
-
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.spi.LoginModule;
-
-/** A proxy LoginModule that loads a delegate LoginModule using
-the current thread context class loader. The purpose of this
-module is to work around the current JAAS class loader limitation
-that requires LoginModules to be on the classpath. Some LoginModules
-use core JBoss classes that would have to be moved into the jboss-jaas.jar
-and packaging becomes a mess. Instead, these LoginModules are left
-in the jbosssx.jar and the ProxyLoginModule is used to bootstrap
-the non-classpath LoginModule.
-
- at author Scott.Stark at jboss.org
- at version $Revision$
-*/
-public class ProxyLoginModule implements LoginModule
-{
- private String moduleName;
- private LoginModule delegate;
-
- public ProxyLoginModule()
- {
- }
-
-// --- Begin LoginModule interface methods
- /** Initialize this LoginModule. This method loads the LoginModule
- specified by the moduleName option using the current thread
- context class loader and then delegates the initialize call
- to it.
-
- @param options, include:
- moduleName: the classname of the module that this proxy module
- delegates all calls to.
- */
- public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
- {
- moduleName = (String) options.get("moduleName");
- if( moduleName == null )
- {
- System.out.println("Required moduleName option not given");
- return;
- }
-
- // Load the delegate module using the thread class loader
- ClassLoader loader = SecurityActions.getContextClassLoader();
- try
- {
- Class clazz = loader.loadClass(moduleName);
- delegate = (LoginModule) clazz.newInstance();
- }
- catch(Throwable t)
- {
- System.out.println("ProxyLoginModule failed to load: "+moduleName);
- t.printStackTrace();
- return;
- }
-
- delegate.initialize(subject, callbackHandler, sharedState, options);
- }
-
- /** Perform the login. If either the moduleName option was not
- specified or the module could not be loaded in initalize(),
- this method throws a LoginException.
- @exception LoginException, throw in the delegate login module failed.
- */
- public boolean login() throws LoginException
- {
- if( moduleName == null )
- throw new LoginException("Required moduleName option not given");
- if( delegate == null )
- throw new LoginException("Failed to load LoginModule: "+moduleName);
-
- return delegate.login();
- }
-
- public boolean commit() throws LoginException
- {
- boolean ok = false;
- if( delegate != null )
- ok = delegate.commit();
- return ok;
- }
-
- public boolean abort() throws LoginException
- {
- boolean ok = true;
- if( delegate != null )
- ok = delegate.abort();
- return ok;
- }
-
- public boolean logout() throws LoginException
- {
- boolean ok = true;
- if( delegate != null )
- ok = delegate.logout();
- return ok;
- }
-// --- End LoginModule interface methods
-
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/ProxyLoginModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/ProxyLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/ProxyLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/ProxyLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,129 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.spi;
+
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+/** A proxy LoginModule that loads a delegate LoginModule using
+the current thread context class loader. The purpose of this
+module is to work around the current JAAS class loader limitation
+that requires LoginModules to be on the classpath. Some LoginModules
+use core JBoss classes that would have to be moved into the jboss-jaas.jar
+and packaging becomes a mess. Instead, these LoginModules are left
+in the jbosssx.jar and the ProxyLoginModule is used to bootstrap
+the non-classpath LoginModule.
+
+ at author Scott.Stark at jboss.org
+ at version $Revision$
+*/
+public class ProxyLoginModule implements LoginModule
+{
+ private String moduleName;
+ private LoginModule delegate;
+
+ public ProxyLoginModule()
+ {
+ }
+
+// --- Begin LoginModule interface methods
+ /** Initialize this LoginModule. This method loads the LoginModule
+ specified by the moduleName option using the current thread
+ context class loader and then delegates the initialize call
+ to it.
+
+ @param options, include:
+ moduleName: the classname of the module that this proxy module
+ delegates all calls to.
+ */
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map<String,?> sharedState, Map<String,?> options)
+ {
+ moduleName = (String) options.get("moduleName");
+ if( moduleName == null )
+ {
+ System.out.println("Required moduleName option not given");
+ return;
+ }
+
+ // Load the delegate module using the thread class loader
+ ClassLoader loader = SecurityActions.getContextClassLoader();
+ try
+ {
+ Class<?> clazz = loader.loadClass(moduleName);
+ delegate = (LoginModule) clazz.newInstance();
+ }
+ catch(Throwable t)
+ {
+ System.out.println("ProxyLoginModule failed to load: "+moduleName);
+ t.printStackTrace();
+ return;
+ }
+
+ delegate.initialize(subject, callbackHandler, sharedState, options);
+ }
+
+ /** Perform the login. If either the moduleName option was not
+ specified or the module could not be loaded in initalize(),
+ this method throws a LoginException.
+ @exception LoginException, throw in the delegate login module failed.
+ */
+ public boolean login() throws LoginException
+ {
+ if( moduleName == null )
+ throw new LoginException("Required moduleName option not given");
+ if( delegate == null )
+ throw new LoginException("Failed to load LoginModule: "+moduleName);
+
+ return delegate.login();
+ }
+
+ public boolean commit() throws LoginException
+ {
+ boolean ok = false;
+ if( delegate != null )
+ ok = delegate.commit();
+ return ok;
+ }
+
+ public boolean abort() throws LoginException
+ {
+ boolean ok = true;
+ if( delegate != null )
+ ok = delegate.abort();
+ return ok;
+ }
+
+ public boolean logout() throws LoginException
+ {
+ boolean ok = true;
+ if( delegate != null )
+ ok = delegate.logout();
+ return ok;
+ }
+// --- End LoginModule interface methods
+
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/RoleMappingLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/RoleMappingLoginModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/RoleMappingLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,187 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.spi;
-
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Enumeration;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Properties;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.spi.LoginModule;
-
-import org.jboss.logging.Logger;
-import org.jboss.util.StringPropertyReplacer;
-
-//$Id$
-
-/**
- * JBAS-3323: Role Mapping Login Module that maps application role to
- * declarative role
- * - You will need to provide a properties file name with the option "rolesProperties"
- * which has the role to be replaced as the key and a comma-separated role names
- * as replacements.
- * - This module should be used with the "optional" mode, as it just adds
- * onto the authenticated subject
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jun 22, 2006
- * @version $Revision$
- */
-public class RoleMappingLoginModule extends AbstractServerLoginModule
-{
- private static Logger log = Logger.getLogger(RoleMappingLoginModule.class);
- private boolean trace = log.isTraceEnabled();
-
- /**
- * Should the matching role be replaced
- */
- protected boolean REPLACE_ROLE = false;
-
- /**
- * @see LoginModule#initialize(javax.security.auth.Subject,
- * javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)
- */
- public void initialize(Subject subject, CallbackHandler handler,
- Map sharedState, Map options)
- {
- super.initialize(subject, handler, sharedState, options);
- }
-
- /**
- * @see LoginModule#login()
- */
- public boolean login() throws LoginException
- {
- if( super.login() == true )
- return true;
-
- super.loginOk = true;
- return true;
- }
-
- /**
- * @see AbstractServerLoginModule#getIdentity()
- */
- protected Principal getIdentity()
- {
- //We have an authenticated subject
- Iterator iter = subject.getPrincipals().iterator();
- while(iter.hasNext())
- {
- Principal p = (Principal)iter.next();
- if(p instanceof Group == false)
- return p;
- }
- return null;
- }
-
- /**
- * @see AbstractServerLoginModule#getRoleSets()
- */
- protected Group[] getRoleSets() throws LoginException
- {
- String rep = (String)options.get("replaceRole");
- if("true".equalsIgnoreCase(rep))
- this.REPLACE_ROLE = true;
-
- //Get the properties file name from the options
- String propFileName = (String)options.get("rolesProperties");
- if(propFileName == null)
- throw new IllegalStateException("rolesProperties option needs to be provided");
- // Replace any system property references like ${x}
- propFileName = StringPropertyReplacer.replaceProperties(propFileName);
- Group group = getExistingRolesFromSubject();
- if(propFileName != null)
- {
- Properties props = new Properties();
- try
- {
- props = Util.loadProperties(propFileName,log);
- }
- catch( Exception e)
- {
- if(trace)
- log.trace("Could not load properties file:" + propFileName, e);
- }
- if(props != null)
- {
- try
- {
- processRoles(group, props);
- }
- catch (Exception e)
- {
- if(trace)
- log.trace("Could not process roles:", e);
- }
- }
- }
-
- return new Group[] {group};
- }
-
- /**
- * Get the Group called as "Roles" from the authenticated subject
- *
- * @return Group representing Roles
- */
- private Group getExistingRolesFromSubject()
- {
- Iterator iter = subject.getPrincipals().iterator();
- while(iter.hasNext())
- {
- Principal p = (Principal)iter.next();
- if(p instanceof Group)
- {
- Group g = (Group) p;
- if("Roles".equals(g.getName()))
- return g;
- }
- }
- return null;
- }
-
- /**
- * Process the group with the roles that are mapped in the
- * properies file
- * @param group Group that needs to be processed
- * @param props Properties file
- */
- private void processRoles(Group group,Properties props) throws Exception
- {
- Enumeration enumer = props.propertyNames();
- while(enumer.hasMoreElements())
- {
- String roleKey = (String)enumer.nextElement();
- String comma_separated_roles = props.getProperty(roleKey);
- Principal pIdentity = createIdentity(roleKey);
- if(group.isMember(pIdentity))
- Util.parseGroupMembers(group,comma_separated_roles,this);
- if(REPLACE_ROLE)
- group.removeMember(pIdentity);
- }
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/RoleMappingLoginModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/RoleMappingLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/RoleMappingLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/RoleMappingLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,174 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.spi;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.Properties;
+
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.jboss.logging.Logger;
+import org.jboss.util.StringPropertyReplacer;
+
+//$Id$
+
+/**
+ * JBAS-3323: Role Mapping Login Module that maps application role to
+ * declarative role
+ * - You will need to provide a properties file name with the option "rolesProperties"
+ * which has the role to be replaced as the key and a comma-separated role names
+ * as replacements.
+ * - This module should be used with the "optional" mode, as it just adds
+ * onto the authenticated subject
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jun 22, 2006
+ * @version $Revision$
+ */
+public class RoleMappingLoginModule extends AbstractServerLoginModule
+{
+ private static Logger log = Logger.getLogger(RoleMappingLoginModule.class);
+ private boolean trace = log.isTraceEnabled();
+
+ /**
+ * Should the matching role be replaced
+ */
+ protected boolean REPLACE_ROLE = false;
+
+ /**
+ * @see LoginModule#login()
+ */
+ public boolean login() throws LoginException
+ {
+ if( super.login() == true )
+ return true;
+
+ super.loginOk = true;
+ return true;
+ }
+
+ /**
+ * @see AbstractServerLoginModule#getIdentity()
+ */
+ protected Principal getIdentity()
+ {
+ //We have an authenticated subject
+ Iterator<? extends Principal> iter = subject.getPrincipals().iterator();
+ while(iter.hasNext())
+ {
+ Principal p = iter.next();
+ if(p instanceof Group == false)
+ return p;
+ }
+ return null;
+ }
+
+ /**
+ * @see AbstractServerLoginModule#getRoleSets()
+ */
+ protected Group[] getRoleSets() throws LoginException
+ {
+ String rep = (String)options.get("replaceRole");
+ if("true".equalsIgnoreCase(rep))
+ this.REPLACE_ROLE = true;
+
+ //Get the properties file name from the options
+ String propFileName = (String)options.get("rolesProperties");
+ if(propFileName == null)
+ throw new IllegalStateException("rolesProperties option needs to be provided");
+ // Replace any system property references like ${x}
+ propFileName = StringPropertyReplacer.replaceProperties(propFileName);
+ Group group = getExistingRolesFromSubject();
+ if(propFileName != null)
+ {
+ Properties props = new Properties();
+ try
+ {
+ props = Util.loadProperties(propFileName,log);
+ }
+ catch( Exception e)
+ {
+ if(trace)
+ log.trace("Could not load properties file:" + propFileName, e);
+ }
+ if(props != null)
+ {
+ try
+ {
+ processRoles(group, props);
+ }
+ catch (Exception e)
+ {
+ if(trace)
+ log.trace("Could not process roles:", e);
+ }
+ }
+ }
+
+ return new Group[] {group};
+ }
+
+ /**
+ * Get the Group called as "Roles" from the authenticated subject
+ *
+ * @return Group representing Roles
+ */
+ private Group getExistingRolesFromSubject()
+ {
+ Iterator<? extends Principal> iter = subject.getPrincipals().iterator();
+ while(iter.hasNext())
+ {
+ Principal p = (Principal)iter.next();
+ if(p instanceof Group)
+ {
+ Group g = (Group) p;
+ if("Roles".equals(g.getName()))
+ return g;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Process the group with the roles that are mapped in the
+ * properies file
+ * @param group Group that needs to be processed
+ * @param props Properties file
+ */
+ private void processRoles(Group group,Properties props) throws Exception
+ {
+ Enumeration<?> enumer = props.propertyNames();
+ while(enumer.hasMoreElements())
+ {
+ String roleKey = (String)enumer.nextElement();
+ String comma_separated_roles = props.getProperty(roleKey);
+ Principal pIdentity = createIdentity(roleKey);
+ if(group.isMember(pIdentity))
+ Util.parseGroupMembers(group,comma_separated_roles,this);
+ if(REPLACE_ROLE)
+ group.removeMember(pIdentity);
+ }
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/RunAsLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/RunAsLoginModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/RunAsLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,95 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.spi;
-
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.spi.LoginModule;
-
-import org.jboss.security.RunAsIdentity;
-import org.jboss.security.SecurityAssociation;
-
-/** A login module that establishes a run-as role for the duration of the login
- * phase of authentication. It can be used to allow another login module
- * interact with a secured EJB that provides authentication services.
- *
- * @author Scott.Stark at jboss.org
- * @version $Revision$
- */
-public class RunAsLoginModule implements LoginModule
-{
- private String roleName;
- private String principalName;
- private boolean pushedRole;
-
- /** Look for the roleName option that specifies the role to use as the
- * run-as role. If not specified a default role name of nobody is used.
- */
- public void initialize(Subject subject, CallbackHandler handler,
- Map sharedState, Map options)
- {
- roleName = (String) options.get("roleName");
- if( roleName == null )
- roleName = "nobody";
-
- principalName = (String) options.get("principalName");
- if( principalName == null )
- principalName = "nobody";
- }
-
- /** Push the run as role using the SecurityAssociation.pushRunAsIdentity method
- *@see SecurityAssociation#pushRunAsIdentity(RunAsIdentity)
- */
- public boolean login()
- {
- RunAsIdentity runAsRole = new RunAsIdentity(roleName, principalName);
- SecurityAssociation.pushRunAsIdentity(runAsRole);
- pushedRole = true;
- return true;
- }
-
- /** Calls abort to pop the run-as role
- */
- public boolean commit()
- {
- return abort();
- }
-
- /** Pop the run as role using the SecurityAssociation.popRunAsIdentity method
- *@see SecurityAssociation#popRunAsIdentity()
- */
- public boolean abort()
- {
- if( pushedRole == false )
- return false;
-
- SecurityAssociation.popRunAsIdentity();
- return true;
- }
-
- public boolean logout()
- {
- return true;
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/RunAsLoginModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/RunAsLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/RunAsLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/RunAsLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,95 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.spi;
+
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.spi.LoginModule;
+
+import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SecurityAssociation;
+
+/** A login module that establishes a run-as role for the duration of the login
+ * phase of authentication. It can be used to allow another login module
+ * interact with a secured EJB that provides authentication services.
+ *
+ * @author Scott.Stark at jboss.org
+ * @version $Revision$
+ */
+public class RunAsLoginModule implements LoginModule
+{
+ private String roleName;
+ private String principalName;
+ private boolean pushedRole;
+
+ /** Look for the roleName option that specifies the role to use as the
+ * run-as role. If not specified a default role name of nobody is used.
+ */
+ public void initialize(Subject subject, CallbackHandler handler,
+ Map<String,?> sharedState, Map<String,?> options)
+ {
+ roleName = (String) options.get("roleName");
+ if( roleName == null )
+ roleName = "nobody";
+
+ principalName = (String) options.get("principalName");
+ if( principalName == null )
+ principalName = "nobody";
+ }
+
+ /** Push the run as role using the SecurityAssociation.pushRunAsIdentity method
+ *@see SecurityAssociation#pushRunAsIdentity(RunAsIdentity)
+ */
+ public boolean login()
+ {
+ RunAsIdentity runAsRole = new RunAsIdentity(roleName, principalName);
+ SecurityAssociation.pushRunAsIdentity(runAsRole);
+ pushedRole = true;
+ return true;
+ }
+
+ /** Calls abort to pop the run-as role
+ */
+ public boolean commit()
+ {
+ return abort();
+ }
+
+ /** Pop the run as role using the SecurityAssociation.popRunAsIdentity method
+ *@see SecurityAssociation#popRunAsIdentity()
+ */
+ public boolean abort()
+ {
+ if( pushedRole == false )
+ return false;
+
+ SecurityAssociation.popRunAsIdentity();
+ return true;
+ }
+
+ public boolean logout()
+ {
+ return true;
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/SecurityActions.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/SecurityActions.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,75 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.spi;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.net.URLClassLoader;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-
-//$Id$
-
-/**
- * Privileged Blocks
- * @author Anil.Saldhana at redhat.com
- * @since Sep 26, 2007
- * @version $Revision$
- */
-class SecurityActions
-{
- static ClassLoader getContextClassLoader()
- {
- return (ClassLoader) AccessController.doPrivileged(new PrivilegedAction()
- {
- public Object run()
- {
- return Thread.currentThread().getContextClassLoader();
- }
- });
- }
-
- static URL findResource(final URLClassLoader cl, final String name)
- {
- return (URL) AccessController.doPrivileged(new PrivilegedAction()
- {
- public Object run()
- {
- return cl.findResource(name);
- }
- });
- }
-
- static InputStream openStream(final URL url) throws PrivilegedActionException
- {
- return (InputStream) AccessController.doPrivileged(new PrivilegedExceptionAction()
- {
- public Object run() throws IOException
- {
- return url.openStream();
- }
- });
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/SecurityActions.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/SecurityActions.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/SecurityActions.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/SecurityActions.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,74 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.spi;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.net.URLClassLoader;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Sep 26, 2007
+ * @version $Revision$
+ */
+class SecurityActions
+{
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+
+ static URL findResource(final URLClassLoader cl, final String name)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<URL>()
+ {
+ public URL run()
+ {
+ return cl.findResource(name);
+ }
+ });
+ }
+
+ static InputStream openStream(final URL url) throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<InputStream>()
+ {
+ public InputStream run() throws IOException
+ {
+ return url.openStream();
+ }
+ });
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,465 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.spi;
-
-import java.io.IOException;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.security.Principal;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.FailedLoginException;
-import javax.security.auth.login.LoginException;
-
-import org.jboss.crypto.digest.DigestCallback;
-
-
-/** An abstract subclass of AbstractServerLoginModule that imposes
- * an identity == String username, credentials == String password view on
- * the login process.
- * <p>
- * Subclasses override the <code>getUsersPassword()</code>
- * and <code>getRoleSets()</code> methods to return the expected password and roles
- * for the user.
- *
- * @see #getUsername()
- * @see #getUsersPassword()
- * @see #getRoleSets()
- * @see #createIdentity(String)
-
- @author Scott.Stark at jboss.org
- @version $Revision$
- */
-public abstract class UsernamePasswordLoginModule extends AbstractServerLoginModule
-{
- /** The login identity */
- private Principal identity;
- /** The proof of login identity */
- private char[] credential;
- /** the message digest algorithm used to hash passwords. If null then
- plain passwords will be used. */
- private String hashAlgorithm = null;
- /** the name of the charset/encoding to use when converting the password
- String to a byte array. Default is the platform's default encoding.
- */
- private String hashCharset = null;
- /** the string encoding format to use. Defaults to base64. */
- private String hashEncoding = null;
- /** A flag indicating if the password comparison should ignore case */
- private boolean ignorePasswordCase;
- /** A flag indicating if the store password should be hashed using the hashAlgorithm */
- private boolean hashStorePassword;
-
- /** A flag indicating if the user inputted password should be hashed using the hashAlgorithm */
- private boolean hashUserPassword = true;
- /** A flag that restores the ability to override the createPasswordHash(String,String) */
- private boolean legacyCreatePasswordHash;
- /** */
- private Throwable validateError;
-
- /** Override the superclass method to look for the following options after
- first invoking the super version.
- @param options :
- option: hashAlgorithm - the message digest algorithm used to hash passwords.
- If null then plain passwords will be used.
- option: hashCharset - the name of the charset/encoding to use when converting
- the password String to a byte array. Default is the platform's default
- encoding.
- option: hashEncoding - the string encoding format to use. Defaults to base64.
- option: ignorePasswordCase: A flag indicating if the password comparison
- should ignore case.
- option: digestCallback - The class name of the DigestCallback {@link org.jboss.crypto.digest.DigestCallback}
- implementation that includes pre/post digest content like salts for hashing
- the input password. Only used if hashAlgorithm has been specified.
- option: hashStorePassword - A flag indicating if the store password returned
- from #getUsersPassword() should be hashed .
- option: hashUserPassword - A flag indicating if the user entered password should be hashed.
- option: storeDigestCallback - The class name of the DigestCallback {@link org.jboss.crypto.digest.DigestCallback}
- implementation that includes pre/post digest content like salts for hashing
- the store/expected password. Only used if hashStorePassword or hashUserPassword is true and
- hashAlgorithm has been specified.
- */
- public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map sharedState, Map options)
- {
- super.initialize(subject, callbackHandler, sharedState, options);
-
- // Check to see if password hashing has been enabled.
- // If an algorithm is set, check for a format and charset.
- hashAlgorithm = (String) options.get("hashAlgorithm");
- if( hashAlgorithm != null )
- {
- hashEncoding = (String) options.get("hashEncoding");
- if( hashEncoding == null )
- hashEncoding = Util.BASE64_ENCODING;
- hashCharset = (String) options.get("hashCharset");
- if( log.isTraceEnabled() )
- {
- log.trace("Password hashing activated: algorithm = " + hashAlgorithm
- + ", encoding = " + hashEncoding
- + ", charset = " + (hashCharset == null ? "{default}" : hashCharset)
- + ", callback = " + options.get("digestCallback")
- + ", storeCallback = " + options.get("storeDigestCallback")
- );
- }
- }
- String flag = (String) options.get("ignorePasswordCase");
- ignorePasswordCase = Boolean.valueOf(flag).booleanValue();
- flag = (String) options.get("hashStorePassword");
- hashStorePassword = Boolean.valueOf(flag).booleanValue();
- flag = (String) options.get("hashUserPassword");
- if( flag != null )
- hashUserPassword = Boolean.valueOf(flag).booleanValue();
- flag = (String) options.get("legacyCreatePasswordHash");
- if( flag != null )
- legacyCreatePasswordHash = Boolean.valueOf(flag).booleanValue();
- }
-
- /** Perform the authentication of the username and password.
- */
- public boolean login() throws LoginException
- {
- // See if shared credentials exist
- if( super.login() == true )
- {
- // Setup our view of the user
- Object username = sharedState.get("javax.security.auth.login.name");
- if( username instanceof Principal )
- identity = (Principal) username;
- else
- {
- String name = username.toString();
- try
- {
- identity = createIdentity(name);
- }
- catch(Exception e)
- {
- log.debug("Failed to create principal", e);
- throw new LoginException("Failed to create principal: "+ e.getMessage());
- }
- }
- Object password = sharedState.get("javax.security.auth.login.password");
- if( password instanceof char[] )
- credential = (char[]) password;
- else if( password != null )
- {
- String tmp = password.toString();
- credential = tmp.toCharArray();
- }
- return true;
- }
-
- super.loginOk = false;
- String[] info = getUsernameAndPassword();
- String username = info[0];
- String password = info[1];
- if( username == null && password == null )
- {
- identity = unauthenticatedIdentity;
- super.log.trace("Authenticating as unauthenticatedIdentity="+identity);
- }
-
- if( identity == null )
- {
- try
- {
- identity = createIdentity(username);
- }
- catch(Exception e)
- {
- log.debug("Failed to create principal", e);
- throw new LoginException("Failed to create principal: "+ e.getMessage());
- }
-
- // Hash the user entered password if password hashing is in use
- if( hashAlgorithm != null && hashUserPassword == true )
- password = createPasswordHash(username, password, "digestCallback");
- // Validate the password supplied by the subclass
- String expectedPassword = getUsersPassword();
- // Allow the storeDigestCallback to hash the expected password
- if( hashAlgorithm != null && hashStorePassword == true )
- expectedPassword = createPasswordHash(username, expectedPassword, "storeDigestCallback");
- if( validatePassword(password, expectedPassword) == false )
- {
- Throwable ex = getValidateError();
- FailedLoginException fle = new FailedLoginException("Password Incorrect/Password Required");
- if( ex != null )
- {
- log.debug("Bad password for username="+username, ex);
- fle.initCause(ex);
- }
- else
- {
- log.debug("Bad password for username="+username);
- }
- throw fle;
- }
- }
-
- if( getUseFirstPass() == true )
- { // Add the username and password to the shared state map
- sharedState.put("javax.security.auth.login.name", username);
- sharedState.put("javax.security.auth.login.password", credential);
- }
- super.loginOk = true;
- super.log.trace("User '" + identity + "' authenticated, loginOk="+loginOk);
- return true;
- }
-
- protected Principal getIdentity()
- {
- return identity;
- }
- protected Principal getUnauthenticatedIdentity()
- {
- return unauthenticatedIdentity;
- }
-
- protected Object getCredentials()
- {
- return credential;
- }
- protected String getUsername()
- {
- String username = null;
- if( getIdentity() != null )
- username = getIdentity().getName();
- return username;
- }
-
- /** Called by login() to acquire the username and password strings for
- authentication. This method does no validation of either.
- @return String[], [0] = username, [1] = password
- @exception LoginException thrown if CallbackHandler is not set or fails.
- */
- protected String[] getUsernameAndPassword() throws LoginException
- {
- String[] info = {null, null};
- // prompt for a username and password
- if( callbackHandler == null )
- {
- throw new LoginException("Error: no CallbackHandler available " +
- "to collect authentication information");
- }
-
- NameCallback nc = new NameCallback("User name: ", "guest");
- PasswordCallback pc = new PasswordCallback("Password: ", false);
- Callback[] callbacks = {nc, pc};
- String username = null;
- String password = null;
- try
- {
- callbackHandler.handle(callbacks);
- username = nc.getName();
- char[] tmpPassword = pc.getPassword();
- if( tmpPassword != null )
- {
- credential = new char[tmpPassword.length];
- System.arraycopy(tmpPassword, 0, credential, 0, tmpPassword.length);
- pc.clearPassword();
- password = new String(credential);
- }
- }
- catch(IOException e)
- {
- LoginException le = new LoginException("Failed to get username/password");
- le.initCause(e);
- throw le;
- }
- catch(UnsupportedCallbackException e)
- {
- LoginException le = new LoginException("CallbackHandler does not support: " + e.getCallback());
- le.initCause(e);
- throw le;
- }
- info[0] = username;
- info[1] = password;
- return info;
- }
-
- /**
- * If hashing is enabled, this method is called from <code>login()</code>
- * prior to password validation.
- * <p>
- * Subclasses may override it to provide customized password hashing,
- * for example by adding user-specific information or salting. If the
- * legacyCreatePasswordHash option is set, this method tries to delegate
- * to the legacy createPasswordHash(String, String) method via reflection
- * and this is the value returned.
- * <p>
- * The default version calculates the hash based on the following options:
- * <ul>
- * <li><em>hashAlgorithm</em>: The digest algorithm to use.
- * <li><em>hashEncoding</em>: The format used to store the hashes (base64 or hex)
- * <li><em>hashCharset</em>: The encoding used to convert the password to bytes
- * for hashing.
- * <li><em>digestCallback</em>: The class name of the
- * org.jboss.security.auth.spi.DigestCallback implementation that includes
- * pre/post digest content like salts.
- * </ul>
- * It will return null if the hash fails for any reason, which will in turn
- * cause <code>validatePassword()</code> to fail.
- *
- * @param username ignored in default version
- * @param password the password string to be hashed
- * @param digestOption - the login module option name of the DigestCallback
- * @throws SecurityException - thrown if there is a failure to load the
- * digestOption DigestCallback
- */
- protected String createPasswordHash(String username, String password,
- String digestOption)
- throws LoginException
- {
- // Support for 4.0.2 createPasswordHash(String, String) override
- if( legacyCreatePasswordHash )
- {
- try
- {
- // Try to invoke the subclass createPasswordHash(String, String)
- Class[] sig = {String.class, String.class};
- Method createPasswordHash = getClass().getMethod("createPasswordHash", sig);
- Object[] args = {username, password};
- String passwordHash = (String) createPasswordHash.invoke(this, args);
- return passwordHash;
- }
- catch (InvocationTargetException e)
- {
- LoginException le = new LoginException("Failed to delegate createPasswordHash");
- le.initCause(e.getTargetException());
- throw le;
- }
- catch(Exception e)
- {
- LoginException le = new LoginException("Failed to delegate createPasswordHash");
- le.initCause(e);
- throw le;
- }
- }
-
- DigestCallback callback = null;
- String callbackClassName = (String) options.get(digestOption);
- if( callbackClassName != null )
- {
- try
- {
- ClassLoader loader = SecurityActions.getContextClassLoader();
- Class callbackClass = loader.loadClass(callbackClassName);
- callback = (DigestCallback) callbackClass.newInstance();
- if( log.isTraceEnabled() )
- log.trace("Created DigestCallback: "+callback);
- }
- catch (Exception e)
- {
- if( log.isTraceEnabled() )
- log.trace("Failed to load DigestCallback", e);
- SecurityException ex = new SecurityException("Failed to load DigestCallback");
- ex.initCause(e);
- throw ex;
- }
- Map tmp = new HashMap();
- tmp.putAll(options);
- tmp.put("javax.security.auth.login.name", username);
- tmp.put("javax.security.auth.login.password", password);
-
- callback.init(tmp);
- // Check for a callbacks
- Callback[] callbacks = (Callback[]) tmp.get("callbacks");
- if( callbacks != null )
- {
- try
- {
- callbackHandler.handle(callbacks);
- }
- catch(IOException e)
- {
- LoginException le = new LoginException(digestOption+" callback failed");
- le.initCause(e);
- throw le;
- }
- catch(UnsupportedCallbackException e)
- {
- LoginException le = new LoginException(digestOption+" callback failed");
- le.initCause(e);
- throw le;
- }
- }
- }
- String passwordHash = Util.createPasswordHash(hashAlgorithm, hashEncoding,
- hashCharset, username, password, callback);
- return passwordHash;
- }
-
- /**
- * Get the error associated with the validatePassword failure
- * @return the Throwable seen during validatePassword, null if no
- * error occurred.
- */
- protected Throwable getValidateError()
- {
- return validateError;
- }
-
- /**
- * Set the error associated with the validatePassword failure
- * @param validateError
- */
- protected void setValidateError(Throwable validateError)
- {
- this.validateError = validateError;
- }
-
- /** A hook that allows subclasses to change the validation of the input
- password against the expected password. This version checks that
- neither inputPassword or expectedPassword are null that that
- inputPassword.equals(expectedPassword) is true;
- @return true if the inputPassword is valid, false otherwise.
- */
- protected boolean validatePassword(String inputPassword, String expectedPassword)
- {
- if( inputPassword == null || expectedPassword == null )
- return false;
- boolean valid = false;
- if( ignorePasswordCase == true )
- valid = inputPassword.equalsIgnoreCase(expectedPassword);
- else
- valid = inputPassword.equals(expectedPassword);
- return valid;
- }
-
-
- /** Get the expected password for the current username available via
- the getUsername() method. This is called from within the login()
- method after the CallbackHandler has returned the username and
- candidate password.
- @return the valid password String
- */
- abstract protected String getUsersPassword() throws LoginException;
-
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,467 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.spi;
+
+import java.io.IOException;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.crypto.digest.DigestCallback;
+
+
+/** An abstract subclass of AbstractServerLoginModule that imposes
+ * an identity == String username, credentials == String password view on
+ * the login process.
+ * <p>
+ * Subclasses override the <code>getUsersPassword()</code>
+ * and <code>getRoleSets()</code> methods to return the expected password and roles
+ * for the user.
+ *
+ * @see #getUsername()
+ * @see #getUsersPassword()
+ * @see #getRoleSets()
+ * @see #createIdentity(String)
+
+ @author Scott.Stark at jboss.org
+ @version $Revision$
+ */
+public abstract class UsernamePasswordLoginModule extends AbstractServerLoginModule
+{
+ /** The login identity */
+ private Principal identity;
+ /** The proof of login identity */
+ private char[] credential;
+ /** the message digest algorithm used to hash passwords. If null then
+ plain passwords will be used. */
+ private String hashAlgorithm = null;
+ /** the name of the charset/encoding to use when converting the password
+ String to a byte array. Default is the platform's default encoding.
+ */
+ private String hashCharset = null;
+ /** the string encoding format to use. Defaults to base64. */
+ private String hashEncoding = null;
+ /** A flag indicating if the password comparison should ignore case */
+ private boolean ignorePasswordCase;
+ /** A flag indicating if the store password should be hashed using the hashAlgorithm */
+ private boolean hashStorePassword;
+
+ /** A flag indicating if the user inputted password should be hashed using the hashAlgorithm */
+ private boolean hashUserPassword = true;
+ /** A flag that restores the ability to override the createPasswordHash(String,String) */
+ private boolean legacyCreatePasswordHash;
+ /** */
+ private Throwable validateError;
+
+ /** Override the superclass method to look for the following options after
+ first invoking the super version.
+ @param options :
+ option: hashAlgorithm - the message digest algorithm used to hash passwords.
+ If null then plain passwords will be used.
+ option: hashCharset - the name of the charset/encoding to use when converting
+ the password String to a byte array. Default is the platform's default
+ encoding.
+ option: hashEncoding - the string encoding format to use. Defaults to base64.
+ option: ignorePasswordCase: A flag indicating if the password comparison
+ should ignore case.
+ option: digestCallback - The class name of the DigestCallback {@link org.jboss.crypto.digest.DigestCallback}
+ implementation that includes pre/post digest content like salts for hashing
+ the input password. Only used if hashAlgorithm has been specified.
+ option: hashStorePassword - A flag indicating if the store password returned
+ from #getUsersPassword() should be hashed .
+ option: hashUserPassword - A flag indicating if the user entered password should be hashed.
+ option: storeDigestCallback - The class name of the DigestCallback {@link org.jboss.crypto.digest.DigestCallback}
+ implementation that includes pre/post digest content like salts for hashing
+ the store/expected password. Only used if hashStorePassword or hashUserPassword is true and
+ hashAlgorithm has been specified.
+ */
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map<String,?> sharedState, Map<String,?> options)
+ {
+ super.initialize(subject, callbackHandler, sharedState, options);
+
+ // Check to see if password hashing has been enabled.
+ // If an algorithm is set, check for a format and charset.
+ hashAlgorithm = (String) options.get("hashAlgorithm");
+ if( hashAlgorithm != null )
+ {
+ hashEncoding = (String) options.get("hashEncoding");
+ if( hashEncoding == null )
+ hashEncoding = Util.BASE64_ENCODING;
+ hashCharset = (String) options.get("hashCharset");
+ if( log.isTraceEnabled() )
+ {
+ log.trace("Password hashing activated: algorithm = " + hashAlgorithm
+ + ", encoding = " + hashEncoding
+ + ", charset = " + (hashCharset == null ? "{default}" : hashCharset)
+ + ", callback = " + options.get("digestCallback")
+ + ", storeCallback = " + options.get("storeDigestCallback")
+ );
+ }
+ }
+ String flag = (String) options.get("ignorePasswordCase");
+ ignorePasswordCase = Boolean.valueOf(flag).booleanValue();
+ flag = (String) options.get("hashStorePassword");
+ hashStorePassword = Boolean.valueOf(flag).booleanValue();
+ flag = (String) options.get("hashUserPassword");
+ if( flag != null )
+ hashUserPassword = Boolean.valueOf(flag).booleanValue();
+ flag = (String) options.get("legacyCreatePasswordHash");
+ if( flag != null )
+ legacyCreatePasswordHash = Boolean.valueOf(flag).booleanValue();
+ }
+
+ /** Perform the authentication of the username and password.
+ */
+ @SuppressWarnings("unchecked")
+ public boolean login() throws LoginException
+ {
+ // See if shared credentials exist
+ if( super.login() == true )
+ {
+ // Setup our view of the user
+ Object username = sharedState.get("javax.security.auth.login.name");
+ if( username instanceof Principal )
+ identity = (Principal) username;
+ else
+ {
+ String name = username.toString();
+ try
+ {
+ identity = createIdentity(name);
+ }
+ catch(Exception e)
+ {
+ log.debug("Failed to create principal", e);
+ throw new LoginException("Failed to create principal: "+ e.getMessage());
+ }
+ }
+ Object password = sharedState.get("javax.security.auth.login.password");
+ if( password instanceof char[] )
+ credential = (char[]) password;
+ else if( password != null )
+ {
+ String tmp = password.toString();
+ credential = tmp.toCharArray();
+ }
+ return true;
+ }
+
+ super.loginOk = false;
+ String[] info = getUsernameAndPassword();
+ String username = info[0];
+ String password = info[1];
+ if( username == null && password == null )
+ {
+ identity = unauthenticatedIdentity;
+ super.log.trace("Authenticating as unauthenticatedIdentity="+identity);
+ }
+
+ if( identity == null )
+ {
+ try
+ {
+ identity = createIdentity(username);
+ }
+ catch(Exception e)
+ {
+ log.debug("Failed to create principal", e);
+ throw new LoginException("Failed to create principal: "+ e.getMessage());
+ }
+
+ // Hash the user entered password if password hashing is in use
+ if( hashAlgorithm != null && hashUserPassword == true )
+ password = createPasswordHash(username, password, "digestCallback");
+ // Validate the password supplied by the subclass
+ String expectedPassword = getUsersPassword();
+ // Allow the storeDigestCallback to hash the expected password
+ if( hashAlgorithm != null && hashStorePassword == true )
+ expectedPassword = createPasswordHash(username, expectedPassword, "storeDigestCallback");
+ if( validatePassword(password, expectedPassword) == false )
+ {
+ Throwable ex = getValidateError();
+ FailedLoginException fle = new FailedLoginException("Password Incorrect/Password Required");
+ if( ex != null )
+ {
+ log.debug("Bad password for username="+username, ex);
+ fle.initCause(ex);
+ }
+ else
+ {
+ log.debug("Bad password for username="+username);
+ }
+ throw fle;
+ }
+ }
+
+ if( getUseFirstPass() == true )
+ { // Add the username and password to the shared state map
+ sharedState.put("javax.security.auth.login.name", username);
+ sharedState.put("javax.security.auth.login.password", credential);
+ }
+ super.loginOk = true;
+ super.log.trace("User '" + identity + "' authenticated, loginOk="+loginOk);
+ return true;
+ }
+
+ protected Principal getIdentity()
+ {
+ return identity;
+ }
+ protected Principal getUnauthenticatedIdentity()
+ {
+ return unauthenticatedIdentity;
+ }
+
+ protected Object getCredentials()
+ {
+ return credential;
+ }
+ protected String getUsername()
+ {
+ String username = null;
+ if( getIdentity() != null )
+ username = getIdentity().getName();
+ return username;
+ }
+
+ /** Called by login() to acquire the username and password strings for
+ authentication. This method does no validation of either.
+ @return String[], [0] = username, [1] = password
+ @exception LoginException thrown if CallbackHandler is not set or fails.
+ */
+ protected String[] getUsernameAndPassword() throws LoginException
+ {
+ String[] info = {null, null};
+ // prompt for a username and password
+ if( callbackHandler == null )
+ {
+ throw new LoginException("Error: no CallbackHandler available " +
+ "to collect authentication information");
+ }
+
+ NameCallback nc = new NameCallback("User name: ", "guest");
+ PasswordCallback pc = new PasswordCallback("Password: ", false);
+ Callback[] callbacks = {nc, pc};
+ String username = null;
+ String password = null;
+ try
+ {
+ callbackHandler.handle(callbacks);
+ username = nc.getName();
+ char[] tmpPassword = pc.getPassword();
+ if( tmpPassword != null )
+ {
+ credential = new char[tmpPassword.length];
+ System.arraycopy(tmpPassword, 0, credential, 0, tmpPassword.length);
+ pc.clearPassword();
+ password = new String(credential);
+ }
+ }
+ catch(IOException e)
+ {
+ LoginException le = new LoginException("Failed to get username/password");
+ le.initCause(e);
+ throw le;
+ }
+ catch(UnsupportedCallbackException e)
+ {
+ LoginException le = new LoginException("CallbackHandler does not support: " + e.getCallback());
+ le.initCause(e);
+ throw le;
+ }
+ info[0] = username;
+ info[1] = password;
+ return info;
+ }
+
+ /**
+ * If hashing is enabled, this method is called from <code>login()</code>
+ * prior to password validation.
+ * <p>
+ * Subclasses may override it to provide customized password hashing,
+ * for example by adding user-specific information or salting. If the
+ * legacyCreatePasswordHash option is set, this method tries to delegate
+ * to the legacy createPasswordHash(String, String) method via reflection
+ * and this is the value returned.
+ * <p>
+ * The default version calculates the hash based on the following options:
+ * <ul>
+ * <li><em>hashAlgorithm</em>: The digest algorithm to use.
+ * <li><em>hashEncoding</em>: The format used to store the hashes (base64 or hex)
+ * <li><em>hashCharset</em>: The encoding used to convert the password to bytes
+ * for hashing.
+ * <li><em>digestCallback</em>: The class name of the
+ * org.jboss.security.auth.spi.DigestCallback implementation that includes
+ * pre/post digest content like salts.
+ * </ul>
+ * It will return null if the hash fails for any reason, which will in turn
+ * cause <code>validatePassword()</code> to fail.
+ *
+ * @param username ignored in default version
+ * @param password the password string to be hashed
+ * @param digestOption - the login module option name of the DigestCallback
+ * @throws SecurityException - thrown if there is a failure to load the
+ * digestOption DigestCallback
+ */
+ @SuppressWarnings("unchecked")
+ protected String createPasswordHash(String username, String password,
+ String digestOption)
+ throws LoginException
+ {
+ // Support for 4.0.2 createPasswordHash(String, String) override
+ if( legacyCreatePasswordHash )
+ {
+ try
+ {
+ // Try to invoke the subclass createPasswordHash(String, String)
+ Class<?>[] sig = {String.class, String.class};
+ Method createPasswordHash = getClass().getMethod("createPasswordHash", sig);
+ Object[] args = {username, password};
+ String passwordHash = (String) createPasswordHash.invoke(this, args);
+ return passwordHash;
+ }
+ catch (InvocationTargetException e)
+ {
+ LoginException le = new LoginException("Failed to delegate createPasswordHash");
+ le.initCause(e.getTargetException());
+ throw le;
+ }
+ catch(Exception e)
+ {
+ LoginException le = new LoginException("Failed to delegate createPasswordHash");
+ le.initCause(e);
+ throw le;
+ }
+ }
+
+ DigestCallback callback = null;
+ String callbackClassName = (String) options.get(digestOption);
+ if( callbackClassName != null )
+ {
+ try
+ {
+ ClassLoader loader = SecurityActions.getContextClassLoader();
+ Class<?> callbackClass = loader.loadClass(callbackClassName);
+ callback = (DigestCallback) callbackClass.newInstance();
+ if( log.isTraceEnabled() )
+ log.trace("Created DigestCallback: "+callback);
+ }
+ catch (Exception e)
+ {
+ if( log.isTraceEnabled() )
+ log.trace("Failed to load DigestCallback", e);
+ SecurityException ex = new SecurityException("Failed to load DigestCallback");
+ ex.initCause(e);
+ throw ex;
+ }
+ Map<String,Object> tmp = new HashMap<String,Object>();
+ tmp.putAll(options);
+ tmp.put("javax.security.auth.login.name", username);
+ tmp.put("javax.security.auth.login.password", password);
+
+ callback.init(tmp);
+ // Check for a callbacks
+ Callback[] callbacks = (Callback[]) tmp.get("callbacks");
+ if( callbacks != null )
+ {
+ try
+ {
+ callbackHandler.handle(callbacks);
+ }
+ catch(IOException e)
+ {
+ LoginException le = new LoginException(digestOption+" callback failed");
+ le.initCause(e);
+ throw le;
+ }
+ catch(UnsupportedCallbackException e)
+ {
+ LoginException le = new LoginException(digestOption+" callback failed");
+ le.initCause(e);
+ throw le;
+ }
+ }
+ }
+ String passwordHash = Util.createPasswordHash(hashAlgorithm, hashEncoding,
+ hashCharset, username, password, callback);
+ return passwordHash;
+ }
+
+ /**
+ * Get the error associated with the validatePassword failure
+ * @return the Throwable seen during validatePassword, null if no
+ * error occurred.
+ */
+ protected Throwable getValidateError()
+ {
+ return validateError;
+ }
+
+ /**
+ * Set the error associated with the validatePassword failure
+ * @param validateError
+ */
+ protected void setValidateError(Throwable validateError)
+ {
+ this.validateError = validateError;
+ }
+
+ /** A hook that allows subclasses to change the validation of the input
+ password against the expected password. This version checks that
+ neither inputPassword or expectedPassword are null that that
+ inputPassword.equals(expectedPassword) is true;
+ @return true if the inputPassword is valid, false otherwise.
+ */
+ protected boolean validatePassword(String inputPassword, String expectedPassword)
+ {
+ if( inputPassword == null || expectedPassword == null )
+ return false;
+ boolean valid = false;
+ if( ignorePasswordCase == true )
+ valid = inputPassword.equalsIgnoreCase(expectedPassword);
+ else
+ valid = inputPassword.equals(expectedPassword);
+ return valid;
+ }
+
+
+ /** Get the expected password for the current username available via
+ the getUsername() method. This is called from within the login()
+ method after the CallbackHandler has returned the username and
+ candidate password.
+ @return the valid password String
+ */
+ abstract protected String getUsersPassword() throws LoginException;
+
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/Users.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/Users.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/Users.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,165 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.spi;
-
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Iterator;
-
-import org.jboss.security.SimpleGroup;
-import org.jboss.security.SimplePrincipal;
-
-/**
- * The XMLLoginModule users/roles object representation.
- *
- * @author Scott.Stark at jboss.org
- * @version $Revision$
- */
-public class Users
-{
- private HashMap users = new HashMap();
-
- public static class User implements Comparable
- {
- private String name;
- private String password;
- private String encoding;
- private HashMap roleGroups = new HashMap();
-
- public User()
- {
- }
- public User(String name)
- {
- this.name = name;
- }
- public String getName()
- {
- return name;
- }
- public void setName(String name)
- {
- this.name = name;
- }
- public String getPassword()
- {
- return password;
- }
- public void setPassword(String password)
- {
- this.password = password;
- }
-
- public String getEncoding()
- {
- return encoding;
- }
- public void setEncoding(String encoding)
- {
- this.encoding = encoding;
- }
-
- public Group[] getRoleSets()
- {
- Group[] roleSets = new Group[roleGroups.size()];
- roleGroups.values().toArray(roleSets);
- return roleSets;
- }
- public String[] getRoleNames()
- {
- return getRoleNames("Roles");
- }
- public String[] getRoleNames(String roleGroup)
- {
- Group group = (Group) roleGroups.get(roleGroup);
- String[] names = {};
- if( group != null )
- {
- ArrayList tmp = new ArrayList();
- Enumeration iter = group.members();
- while( iter.hasMoreElements() )
- {
- Principal p = (Principal) iter.nextElement();
- tmp.add(p.getName());
- }
- names = new String[tmp.size()];
- tmp.toArray(names);
- }
- return names;
- }
- public void addRole(String roleName, String roleGroup)
- {
- Group group = (Group) roleGroups.get(roleGroup);
- if( group == null )
- {
- group = new SimpleGroup(roleGroup);
- roleGroups.put(roleGroup, group);
- }
- SimplePrincipal role = new SimplePrincipal(roleName);
- group.addMember(role);
- }
- public int compareTo(Object obj)
- {
- User u = (User) obj;
- return name.compareTo(u.name);
- }
-
- public String toString()
- {
- return "User{" +
- "name='" + name + "'" +
- ", password=*" +
- ", encoding='" + encoding + "'" +
- ", roleGroups=" + roleGroups +
- "}";
- }
- }
-
- public void addUser(User user)
- {
- users.put(user.getName(), user);
- }
- public Iterator getUsers()
- {
- return users.values().iterator();
- }
- public User getUser(String name)
- {
- User find = (User) users.get(name);
- return find;
- }
-
- public int size()
- {
- return users.size();
- }
-
- public String toString()
- {
- return "Users("+System.identityHashCode(this)+"){" +
- "users=" + users +
- "}";
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/Users.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/Users.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/Users.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/Users.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,165 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.spi;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+
+import org.jboss.security.SimpleGroup;
+import org.jboss.security.SimplePrincipal;
+
+/**
+ * The XMLLoginModule users/roles object representation.
+ *
+ * @author Scott.Stark at jboss.org
+ * @version $Revision$
+ */
+public class Users
+{
+ private HashMap<String,User> users = new HashMap<String,User>();
+
+ public static class User implements Comparable<User>
+ {
+ private String name;
+ private String password;
+ private String encoding;
+ private HashMap<String,Group> roleGroups = new HashMap<String,Group>();
+
+ public User()
+ {
+ }
+ public User(String name)
+ {
+ this.name = name;
+ }
+ public String getName()
+ {
+ return name;
+ }
+ public void setName(String name)
+ {
+ this.name = name;
+ }
+ public String getPassword()
+ {
+ return password;
+ }
+ public void setPassword(String password)
+ {
+ this.password = password;
+ }
+
+ public String getEncoding()
+ {
+ return encoding;
+ }
+ public void setEncoding(String encoding)
+ {
+ this.encoding = encoding;
+ }
+
+ @SuppressWarnings("unchecked")
+ public Group[] getRoleSets()
+ {
+ Group[] roleSets = new Group[roleGroups.size()];
+ roleGroups.values().toArray(roleSets);
+ return roleSets;
+ }
+ public String[] getRoleNames()
+ {
+ return getRoleNames("Roles");
+ }
+ public String[] getRoleNames(String roleGroup)
+ {
+ Group group = (Group) roleGroups.get(roleGroup);
+ String[] names = {};
+ if( group != null )
+ {
+ ArrayList<String> tmp = new ArrayList<String>();
+ Enumeration<? extends Principal> iter = group.members();
+ while( iter.hasMoreElements() )
+ {
+ Principal p = iter.nextElement();
+ tmp.add(p.getName());
+ }
+ names = new String[tmp.size()];
+ tmp.toArray(names);
+ }
+ return names;
+ }
+ public void addRole(String roleName, String roleGroup)
+ {
+ Group group = (Group) roleGroups.get(roleGroup);
+ if( group == null )
+ {
+ group = new SimpleGroup(roleGroup);
+ roleGroups.put(roleGroup, group);
+ }
+ SimplePrincipal role = new SimplePrincipal(roleName);
+ group.addMember(role);
+ }
+ public int compareTo(User obj)
+ {
+ return name.compareTo(obj.name);
+ }
+
+ public String toString()
+ {
+ return "User{" +
+ "name='" + name + "'" +
+ ", password=*" +
+ ", encoding='" + encoding + "'" +
+ ", roleGroups=" + roleGroups +
+ "}";
+ }
+ }
+
+ public void addUser(User user)
+ {
+ users.put(user.getName(), user);
+ }
+ public Iterator<User> getUsers()
+ {
+ return users.values().iterator();
+ }
+ public User getUser(String name)
+ {
+ User find = (User) users.get(name);
+ return find;
+ }
+
+ public int size()
+ {
+ return users.size();
+ }
+
+ public String toString()
+ {
+ return "Users("+System.identityHashCode(this)+"){" +
+ "users=" + users +
+ "}";
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsersLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsersLoginModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsersLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,156 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.spi;
-
-// $Id$
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.security.acl.Group;
-import java.util.Map;
-import java.util.Properties;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
-
-/**
- * A simple properties file based login module that consults a Java Properties
- * formatted text files for username to password("users.properties") mapping.
- * The name of the properties file may be overriden by the usersProperties option.
- * The properties file are loaded during initialization using the thread context
- * class loader. This means that these files can be placed into the J2EE
- * deployment jar or the JBoss config directory.
- *
- * The users.properties file uses a format:
- * username1=password1
- * username2=password2
- * ...
- *
- * to define all valid usernames and their corresponding passwords.
- *
- * @author Thomas.Diesler at jboss.org
- * @version $Revision$
- */
-public class UsersLoginModule extends UsernamePasswordLoginModule
-{
- /** The name of the properties resource containing user/passwords */
- private String usersRsrcName = "users.properties";
- /** The users.properties values */
- private Properties users;
-
- /**
- * Initialize this LoginModule.
- * @param options the login module option map. Supported options include:
- * usersProperties: The name of the properties resource containing
- * user/passwords. The default is "users.properties"
- */
- public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
- {
- super.initialize(subject, callbackHandler, sharedState, options);
- try
- {
- // Check for usersProperties & rolesProperties
- String option = (String) options.get("usersProperties");
- if (option != null)
- usersRsrcName = option;
-
- // Load the properties file that contains the list of users and passwords
- loadUsers();
- }
- catch (Exception e)
- {
- // Note that although this exception isn't passed on, users or roles will be null
- // so that any call to login will throw a LoginException.
- super.log.error("Failed to load users/passwords/role files", e);
- }
- }
-
- /**
- * Method to authenticate a Subject (phase 1). This validates that the
- * users properties file were loaded and then calls
- * super.login to perform the validation of the password.
- *
- * @exception javax.security.auth.login.LoginException thrown if the users or roles properties files
- * were not found or the super.login method fails.
- */
- public boolean login() throws LoginException
- {
- if (users == null)
- throw new LoginException("Missing users.properties file.");
-
- return super.login();
- }
-
- /**
- * Return a group Roles with no members
- *
- * @return Group[] containing the sets of roles
- */
- protected Group[] getRoleSets() throws LoginException
- {
- return new Group[0];
- }
-
- protected String getUsersPassword()
- {
- String username = getUsername();
- String password = null;
- if (username != null)
- password = users.getProperty(username, null);
- return password;
- }
-
- private void loadUsers() throws IOException
- {
- users = loadProperties(usersRsrcName);
- }
-
- /**
- * Loads the given properties file and returns a Properties object containing the
- * key,value pairs in that file.
- * The properties files should be in the class path.
- */
- private Properties loadProperties(String propertiesName) throws IOException
- {
- Properties bundle = null;
- ClassLoader loader = SecurityActions.getContextClassLoader();
- URL url = loader.getResource(propertiesName);
- if (url == null)
- throw new IOException("Properties file " + propertiesName + " not found");
-
- super.log.trace("Properties file=" + url);
-
- InputStream is = url.openStream();
- if (is != null)
- {
- bundle = new Properties();
- bundle.load(is);
- }
- else
- {
- throw new IOException("Properties file " + propertiesName + " not avilable");
- }
- return bundle;
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsersLoginModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsersLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsersLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsersLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,157 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.spi;
+
+// $Id$
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.security.acl.Group;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+/**
+ * A simple properties file based login module that consults a Java Properties
+ * formatted text files for username to password("users.properties") mapping.
+ * The name of the properties file may be overriden by the usersProperties option.
+ * The properties file are loaded during initialization using the thread context
+ * class loader. This means that these files can be placed into the J2EE
+ * deployment jar or the JBoss config directory.
+ *
+ * The users.properties file uses a format:
+ * username1=password1
+ * username2=password2
+ * ...
+ *
+ * to define all valid usernames and their corresponding passwords.
+ *
+ * @author Thomas.Diesler at jboss.org
+ * @version $Revision$
+ */
+public class UsersLoginModule extends UsernamePasswordLoginModule
+{
+ /** The name of the properties resource containing user/passwords */
+ private String usersRsrcName = "users.properties";
+ /** The users.properties values */
+ private Properties users;
+
+ /**
+ * Initialize this LoginModule.
+ * @param options the login module option map. Supported options include:
+ * usersProperties: The name of the properties resource containing
+ * user/passwords. The default is "users.properties"
+ */
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map<String,?> sharedState, Map<String,?> options)
+ {
+ super.initialize(subject, callbackHandler, sharedState, options);
+ try
+ {
+ // Check for usersProperties & rolesProperties
+ String option = (String) options.get("usersProperties");
+ if (option != null)
+ usersRsrcName = option;
+
+ // Load the properties file that contains the list of users and passwords
+ loadUsers();
+ }
+ catch (Exception e)
+ {
+ // Note that although this exception isn't passed on, users or roles will be null
+ // so that any call to login will throw a LoginException.
+ super.log.error("Failed to load users/passwords/role files", e);
+ }
+ }
+
+ /**
+ * Method to authenticate a Subject (phase 1). This validates that the
+ * users properties file were loaded and then calls
+ * super.login to perform the validation of the password.
+ *
+ * @exception javax.security.auth.login.LoginException thrown if the users or roles properties files
+ * were not found or the super.login method fails.
+ */
+ public boolean login() throws LoginException
+ {
+ if (users == null)
+ throw new LoginException("Missing users.properties file.");
+
+ return super.login();
+ }
+
+ /**
+ * Return a group Roles with no members
+ *
+ * @return Group[] containing the sets of roles
+ */
+ protected Group[] getRoleSets() throws LoginException
+ {
+ return new Group[0];
+ }
+
+ protected String getUsersPassword()
+ {
+ String username = getUsername();
+ String password = null;
+ if (username != null)
+ password = users.getProperty(username, null);
+ return password;
+ }
+
+ private void loadUsers() throws IOException
+ {
+ users = loadProperties(usersRsrcName);
+ }
+
+ /**
+ * Loads the given properties file and returns a Properties object containing the
+ * key,value pairs in that file.
+ * The properties files should be in the class path.
+ */
+ private Properties loadProperties(String propertiesName) throws IOException
+ {
+ Properties bundle = null;
+ ClassLoader loader = SecurityActions.getContextClassLoader();
+ URL url = loader.getResource(propertiesName);
+ if (url == null)
+ throw new IOException("Properties file " + propertiesName + " not found");
+
+ super.log.trace("Properties file=" + url);
+
+ InputStream is = url.openStream();
+ if (is != null)
+ {
+ bundle = new Properties();
+ bundle.load(is);
+ }
+ else
+ {
+ throw new IOException("Properties file " + propertiesName + " not avilable");
+ }
+ return bundle;
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsersRolesLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsersRolesLoginModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsersRolesLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,244 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.spi;
-
-import java.io.IOException;
-import java.security.acl.Group;
-import java.util.Map;
-import java.util.Properties;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
-
-/** A simple Properties map based login module that consults two Java Properties
- formatted text files for username to password("users.properties") and
- username to roles("roles.properties") mapping. The names of the properties
- files may be overriden by the usersProperties and rolesProperties options.
- The properties files are loaded during initialization using the thread context
- class loader. This means that these files can be placed into the J2EE
- deployment jar or the JBoss config directory.
-
- The users.properties file uses a format:
- username1=password1
- username2=password2
- ...
-
- to define all valid usernames and their corresponding passwords.
-
- The roles.properties file uses a format:
- username1=role1,role2,...
- username1.RoleGroup1=role3,role4,...
- username2=role1,role3,...
-
- to define the sets of roles for valid usernames. The "username.XXX" form of
- property name is used to assign the username roles to a particular named
- group of roles where the XXX portion of the property name is the group name.
- The "username=..." form is an abbreviation for "username.Roles=...".
- The following are therefore equivalent:
- jduke=TheDuke,AnimatedCharacter
- jduke.Roles=TheDuke,AnimatedCharacter
-
- @author <a href="edward.kenworthy at crispgroup.co.uk">Edward Kenworthy</a>
- @author Scott.Stark at jboss.org
- @version $Revision$
- */
-public class UsersRolesLoginModule extends UsernamePasswordLoginModule
-{
- /** The name of the default properties resource containing user/passwords */
- private String defaultUsersRsrcName = "defaultUsers.properties";
- /** The name of the default properties resource containing user/roles */
- private String defaultRolesRsrcName = "defaultRoles.properties";
- /** The name of the properties resource containing user/passwords */
- private String usersRsrcName = "users.properties";
- /** The name of the properties resource containing user/roles */
- private String rolesRsrcName = "roles.properties";
- /** The users.properties mappings */
- private Properties users;
- /** The roles.properties mappings */
- private Properties roles;
- /** The character used to seperate the role group name from the username
- * e.g., '.' in jduke.CallerPrincipal=...
- */
- private char roleGroupSeperator = '.';
-
- /** Initialize this LoginModule.
- *@param options - the login module option map. Supported options include:
- usersProperties: The name of the properties resource containing
- user/passwords. The default is "users.properties"
-
- rolesProperties: The name of the properties resource containing user/roles
- The default is "roles.properties".
-
- roleGroupSeperator: The character used to seperate the role group name from
- the username e.g., '.' in jduke.CallerPrincipal=... . The default = '.'.
- defaultUsersProperties=string: The name of the properties resource containing
- the username to password mappings that will be used as the defaults
- Properties passed to the usersProperties Properties. This defaults to
- defaultUsers.properties.
-
- defaultRolesProperties=string: The name of the properties resource containing
- the username to roles mappings that will be used as the defaults
- Properties passed to the usersProperties Properties. This defaults to
- defaultRoles.properties.
- */
- public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map sharedState, Map options)
- {
- super.initialize(subject, callbackHandler, sharedState, options);
- try
- {
- // Check for usersProperties & rolesProperties
- String option = (String) options.get("usersProperties");
- if (option != null)
- usersRsrcName = option;
- option = (String) options.get("defaultUsersProperties");
- if (option != null)
- defaultUsersRsrcName = option;
- option = (String) options.get("rolesProperties");
- if (option != null)
- rolesRsrcName = option;
- option = (String) options.get("defaultRolesProperties");
- if (option != null)
- defaultRolesRsrcName = option;
- option = (String) options.get("roleGroupSeperator");
- if( option != null )
- roleGroupSeperator = option.charAt(0);
- // Load the properties file that contains the list of users and passwords
- users = createUsers(options);
- roles = createRoles(options);
- }
- catch (Exception e)
- {
- /* Note that although this exception isn't passed on, users or roles
- will be null so that any call to login will throw a LoginException.
- */
- super.log.error("Failed to load users/passwords/role files", e);
- }
- }
-
- /** Method to authenticate a Subject (phase 1). This validates that the
- *users and roles properties files were loaded and then calls
- *super.login to perform the validation of the password.
- *@exception LoginException thrown if the users or roles properties files
- *were not found or the super.login method fails.
- */
- public boolean login() throws LoginException
- {
- if (users == null)
- throw new LoginException("Missing users.properties file.");
- if (roles == null)
- throw new LoginException("Missing roles.properties file.");
-
- return super.login();
- }
-
- /** Create the set of roles the user belongs to by parsing the roles.properties
- data for username=role1,role2,... and username.XXX=role1,role2,...
- patterns.
- @return Group[] containing the sets of roles
- */
- protected Group[] getRoleSets() throws LoginException
- {
- String targetUser = getUsername();
- Group[] roleSets = Util.getRoleSets(targetUser, roles, roleGroupSeperator, this);
- return roleSets;
- }
-
- protected String getUsersPassword()
- {
- String username = getUsername();
- String password = null;
- if (username != null)
- password = users.getProperty(username, null);
- return password;
- }
-
-// utility methods
-
- /**
- * Loads the users Properties from the defaultUsersRsrcName and usersRsrcName
- * resource settings.
- *
- * @throws IOException - thrown on failure to load the properties file.
- */
- protected void loadUsers() throws IOException
- {
- users = Util.loadProperties(defaultUsersRsrcName, usersRsrcName, log);
- }
- /**
- * A hook to allow subclasses to create the users Properties map. This
- * implementation simply calls loadUsers() and returns the users ivar.
- * Subclasses can override to obtain the users Properties map in a different
- * way.
- *
- * @param options - the login module options passed to initialize
- * @return Properties map used for the username/password mapping.
- * @throws IOException - thrown on failure to load the properties
- */
- protected Properties createUsers(Map options) throws IOException
- {
- loadUsers();
- return this.users;
- }
-
- /**
- * Loads the roles Properties from the defaultRolesRsrcName and rolesRsrcName
- * resource settings.
- *
- * @throws IOException - thrown on failure to load the properties file.
- */
- protected void loadRoles() throws IOException
- {
- roles = Util.loadProperties(defaultRolesRsrcName, rolesRsrcName, log);
- }
- /**
- * A hook to allow subclasses to create the roles Properties map. This
- * implementation simply calls loadRoles() and returns the roles ivar.
- * Subclasses can override to obtain the roles Properties map in a different
- * way.
- *
- * @param options - the login module options passed to initialize
- * @return Properties map used for the username/roles mapping.
- * @throws IOException - thrown on failure to load the properties
- */
- protected Properties createRoles(Map options) throws IOException
- {
- loadRoles();
- return this.roles;
- }
-
- /** Parse the comma delimited roles names given by value and add them to
- * group. The type of Principal created for each name is determined by
- * the createIdentity method.
- *
- * @see #createIdentity(String)
- *
- * @param group - the Group to add the roles to.
- * @param roles - the comma delimited role names.
- */
- protected void parseGroupMembers(Group group, String roles)
- {
- Util.parseGroupMembers(group, roles, this);
- }
-
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsersRolesLoginModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsersRolesLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsersRolesLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/UsersRolesLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,244 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.spi;
+
+import java.io.IOException;
+import java.security.acl.Group;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+/** A simple Properties map based login module that consults two Java Properties
+ formatted text files for username to password("users.properties") and
+ username to roles("roles.properties") mapping. The names of the properties
+ files may be overriden by the usersProperties and rolesProperties options.
+ The properties files are loaded during initialization using the thread context
+ class loader. This means that these files can be placed into the J2EE
+ deployment jar or the JBoss config directory.
+
+ The users.properties file uses a format:
+ username1=password1
+ username2=password2
+ ...
+
+ to define all valid usernames and their corresponding passwords.
+
+ The roles.properties file uses a format:
+ username1=role1,role2,...
+ username1.RoleGroup1=role3,role4,...
+ username2=role1,role3,...
+
+ to define the sets of roles for valid usernames. The "username.XXX" form of
+ property name is used to assign the username roles to a particular named
+ group of roles where the XXX portion of the property name is the group name.
+ The "username=..." form is an abbreviation for "username.Roles=...".
+ The following are therefore equivalent:
+ jduke=TheDuke,AnimatedCharacter
+ jduke.Roles=TheDuke,AnimatedCharacter
+
+ @author <a href="edward.kenworthy at crispgroup.co.uk">Edward Kenworthy</a>
+ @author Scott.Stark at jboss.org
+ @version $Revision$
+ */
+public class UsersRolesLoginModule extends UsernamePasswordLoginModule
+{
+ /** The name of the default properties resource containing user/passwords */
+ private String defaultUsersRsrcName = "defaultUsers.properties";
+ /** The name of the default properties resource containing user/roles */
+ private String defaultRolesRsrcName = "defaultRoles.properties";
+ /** The name of the properties resource containing user/passwords */
+ private String usersRsrcName = "users.properties";
+ /** The name of the properties resource containing user/roles */
+ private String rolesRsrcName = "roles.properties";
+ /** The users.properties mappings */
+ private Properties users;
+ /** The roles.properties mappings */
+ private Properties roles;
+ /** The character used to seperate the role group name from the username
+ * e.g., '.' in jduke.CallerPrincipal=...
+ */
+ private char roleGroupSeperator = '.';
+
+ /** Initialize this LoginModule.
+ *@param options - the login module option map. Supported options include:
+ usersProperties: The name of the properties resource containing
+ user/passwords. The default is "users.properties"
+
+ rolesProperties: The name of the properties resource containing user/roles
+ The default is "roles.properties".
+
+ roleGroupSeperator: The character used to seperate the role group name from
+ the username e.g., '.' in jduke.CallerPrincipal=... . The default = '.'.
+ defaultUsersProperties=string: The name of the properties resource containing
+ the username to password mappings that will be used as the defaults
+ Properties passed to the usersProperties Properties. This defaults to
+ defaultUsers.properties.
+
+ defaultRolesProperties=string: The name of the properties resource containing
+ the username to roles mappings that will be used as the defaults
+ Properties passed to the usersProperties Properties. This defaults to
+ defaultRoles.properties.
+ */
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map<String,?> sharedState, Map<String,?> options)
+ {
+ super.initialize(subject, callbackHandler, sharedState, options);
+ try
+ {
+ // Check for usersProperties & rolesProperties
+ String option = (String) options.get("usersProperties");
+ if (option != null)
+ usersRsrcName = option;
+ option = (String) options.get("defaultUsersProperties");
+ if (option != null)
+ defaultUsersRsrcName = option;
+ option = (String) options.get("rolesProperties");
+ if (option != null)
+ rolesRsrcName = option;
+ option = (String) options.get("defaultRolesProperties");
+ if (option != null)
+ defaultRolesRsrcName = option;
+ option = (String) options.get("roleGroupSeperator");
+ if( option != null )
+ roleGroupSeperator = option.charAt(0);
+ // Load the properties file that contains the list of users and passwords
+ users = createUsers(options);
+ roles = createRoles(options);
+ }
+ catch (Exception e)
+ {
+ /* Note that although this exception isn't passed on, users or roles
+ will be null so that any call to login will throw a LoginException.
+ */
+ super.log.error("Failed to load users/passwords/role files", e);
+ }
+ }
+
+ /** Method to authenticate a Subject (phase 1). This validates that the
+ *users and roles properties files were loaded and then calls
+ *super.login to perform the validation of the password.
+ *@exception LoginException thrown if the users or roles properties files
+ *were not found or the super.login method fails.
+ */
+ public boolean login() throws LoginException
+ {
+ if (users == null)
+ throw new LoginException("Missing users.properties file.");
+ if (roles == null)
+ throw new LoginException("Missing roles.properties file.");
+
+ return super.login();
+ }
+
+ /** Create the set of roles the user belongs to by parsing the roles.properties
+ data for username=role1,role2,... and username.XXX=role1,role2,...
+ patterns.
+ @return Group[] containing the sets of roles
+ */
+ protected Group[] getRoleSets() throws LoginException
+ {
+ String targetUser = getUsername();
+ Group[] roleSets = Util.getRoleSets(targetUser, roles, roleGroupSeperator, this);
+ return roleSets;
+ }
+
+ protected String getUsersPassword()
+ {
+ String username = getUsername();
+ String password = null;
+ if (username != null)
+ password = users.getProperty(username, null);
+ return password;
+ }
+
+// utility methods
+
+ /**
+ * Loads the users Properties from the defaultUsersRsrcName and usersRsrcName
+ * resource settings.
+ *
+ * @throws IOException - thrown on failure to load the properties file.
+ */
+ protected void loadUsers() throws IOException
+ {
+ users = Util.loadProperties(defaultUsersRsrcName, usersRsrcName, log);
+ }
+ /**
+ * A hook to allow subclasses to create the users Properties map. This
+ * implementation simply calls loadUsers() and returns the users ivar.
+ * Subclasses can override to obtain the users Properties map in a different
+ * way.
+ *
+ * @param options - the login module options passed to initialize
+ * @return Properties map used for the username/password mapping.
+ * @throws IOException - thrown on failure to load the properties
+ */
+ protected Properties createUsers(Map<String,?> options) throws IOException
+ {
+ loadUsers();
+ return this.users;
+ }
+
+ /**
+ * Loads the roles Properties from the defaultRolesRsrcName and rolesRsrcName
+ * resource settings.
+ *
+ * @throws IOException - thrown on failure to load the properties file.
+ */
+ protected void loadRoles() throws IOException
+ {
+ roles = Util.loadProperties(defaultRolesRsrcName, rolesRsrcName, log);
+ }
+ /**
+ * A hook to allow subclasses to create the roles Properties map. This
+ * implementation simply calls loadRoles() and returns the roles ivar.
+ * Subclasses can override to obtain the roles Properties map in a different
+ * way.
+ *
+ * @param options - the login module options passed to initialize
+ * @return Properties map used for the username/roles mapping.
+ * @throws IOException - thrown on failure to load the properties
+ */
+ protected Properties createRoles(Map<String,?> options) throws IOException
+ {
+ loadRoles();
+ return this.roles;
+ }
+
+ /** Parse the comma delimited roles names given by value and add them to
+ * group. The type of Principal created for each name is determined by
+ * the createIdentity method.
+ *
+ * @see #createIdentity(String)
+ *
+ * @param group - the Group to add the roles to.
+ * @param roles - the comma delimited role names.
+ */
+ protected void parseGroupMembers(Group group, String roles)
+ {
+ Util.parseGroupMembers(group, roles, this);
+ }
+
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/XMLLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/XMLLoginModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/XMLLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,135 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.spi;
-
-import java.security.acl.Group;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
-
-/** A login module that obtains its security information directly from its
- login module options. The name of the login module comes from the use of
- the login-config.xml descriptor which allows the user/roles content to be
- embedded directly in the login module configuration. The following
- login-config.xml fragment illustrates an example:
-
- <?xml version="1.0" encoding="UTF-8"?>
- <policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns="http://www.jboss.org/j2ee/schema/jaas"
- targetNamespace="http://www.jboss.org/j2ee/schema/jaas"
- >
-...
- <application-policy name="test-xml-config">
- <authentication>
- <login-module code="org.jboss.security.auth.spi.XMLLoginModule" flag="required">
- <module-option name="userInfo">
- <lm:users xmlns:lm="http://jboss.org/schemas/XMLLoginModule">
- <lm:user name="jduke" password="theduke">
- <lm:role name="TheDuke"/>
- <lm:role name="AnimatedCharacter"/>
- </lm:user>
- <lm:user name="javaduke" password="anotherduke">
- <lm:role name="TheDuke2"/>
- <lm:role name="AnimatedCharacter2"/>
- <lm:role name="Java Duke" group="CallerPrincipal" />
- </lm:user>
- </lm:users>
- </module-option>
- <module-option name="unauthenticatedIdentity">guest</module-option>
- </login-module>
- </authentication>
- </application-policy>
- </policy>
-
- @author Scott.Stark at jboss.org
- @version $Revision$
- */
-public class XMLLoginModule extends UsernamePasswordLoginModule
-{
- /** The name of the properties resource containing user/passwords */
- private Users users;
-
- /** Initialize this LoginModule.
- *@param options - the login module option map. Supported options include:
- *userInfo: The name of the properties resource containing
- user/passwords. The default is "users.properties"
- */
- public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map sharedState, Map options)
- {
- super.initialize(subject, callbackHandler, sharedState, options);
- try
- {
- users = (Users) options.get("userInfo");
- }
- catch (Exception e)
- {
- // Note that although this exception isn't passed on, users or roles will be null
- // so that any call to login will throw a LoginException.
- super.log.error("Failed to load users/passwords/role files", e);
- }
- }
-
- /** Method to authenticate a Subject (phase 1). This validates that the
- *users and roles properties files were loaded and then calls
- *super.login to perform the validation of the password.
- *@exception javax.security.auth.login.LoginException thrown if the users or roles properties files
- *were not found or the super.login method fails.
- */
- public boolean login() throws LoginException
- {
- if (users == null)
- throw new LoginException("Missing usersInfo user/role mapping");
-
- return super.login();
- }
-
- /** Obtain the various groups of roles for the user
- @return Group[] containing the sets of roles
- */
- protected Group[] getRoleSets() throws LoginException
- {
- String targetUser = getUsername();
- Users.User user = users.getUser(targetUser);
- Group[] roleSets = {};
- if( user != null )
- roleSets = user.getRoleSets();
-
- return roleSets;
- }
-
- protected String getUsersPassword()
- {
- String username = getUsername();
- Users.User user = users.getUser(username);
- String password = null;
- if (user != null)
- {
- password = user.getPassword();
- }
-
- return password;
- }
-
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/XMLLoginModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/XMLLoginModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/XMLLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/auth/spi/XMLLoginModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,135 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.spi;
+
+import java.security.acl.Group;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+/** A login module that obtains its security information directly from its
+ login module options. The name of the login module comes from the use of
+ the login-config.xml descriptor which allows the user/roles content to be
+ embedded directly in the login module configuration. The following
+ login-config.xml fragment illustrates an example:
+
+ <?xml version="1.0" encoding="UTF-8"?>
+ <policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns="http://www.jboss.org/j2ee/schema/jaas"
+ targetNamespace="http://www.jboss.org/j2ee/schema/jaas"
+ >
+...
+ <application-policy name="test-xml-config">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.XMLLoginModule" flag="required">
+ <module-option name="userInfo">
+ <lm:users xmlns:lm="http://jboss.org/schemas/XMLLoginModule">
+ <lm:user name="jduke" password="theduke">
+ <lm:role name="TheDuke"/>
+ <lm:role name="AnimatedCharacter"/>
+ </lm:user>
+ <lm:user name="javaduke" password="anotherduke">
+ <lm:role name="TheDuke2"/>
+ <lm:role name="AnimatedCharacter2"/>
+ <lm:role name="Java Duke" group="CallerPrincipal" />
+ </lm:user>
+ </lm:users>
+ </module-option>
+ <module-option name="unauthenticatedIdentity">guest</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+ </policy>
+
+ @author Scott.Stark at jboss.org
+ @version $Revision$
+ */
+public class XMLLoginModule extends UsernamePasswordLoginModule
+{
+ /** The name of the properties resource containing user/passwords */
+ private Users users;
+
+ /** Initialize this LoginModule.
+ *@param options - the login module option map. Supported options include:
+ *userInfo: The name of the properties resource containing
+ user/passwords. The default is "users.properties"
+ */
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map<String,?> sharedState, Map<String,?> options)
+ {
+ super.initialize(subject, callbackHandler, sharedState, options);
+ try
+ {
+ users = (Users) options.get("userInfo");
+ }
+ catch (Exception e)
+ {
+ // Note that although this exception isn't passed on, users or roles will be null
+ // so that any call to login will throw a LoginException.
+ super.log.error("Failed to load users/passwords/role files", e);
+ }
+ }
+
+ /** Method to authenticate a Subject (phase 1). This validates that the
+ *users and roles properties files were loaded and then calls
+ *super.login to perform the validation of the password.
+ *@exception javax.security.auth.login.LoginException thrown if the users or roles properties files
+ *were not found or the super.login method fails.
+ */
+ public boolean login() throws LoginException
+ {
+ if (users == null)
+ throw new LoginException("Missing usersInfo user/role mapping");
+
+ return super.login();
+ }
+
+ /** Obtain the various groups of roles for the user
+ @return Group[] containing the sets of roles
+ */
+ protected Group[] getRoleSets() throws LoginException
+ {
+ String targetUser = getUsername();
+ Users.User user = users.getUser(targetUser);
+ Group[] roleSets = {};
+ if( user != null )
+ roleSets = user.getRoleSets();
+
+ return roleSets;
+ }
+
+ protected String getUsersPassword()
+ {
+ String username = getUsername();
+ Users.User user = users.getUser(username);
+ String password = null;
+ if (user != null)
+ {
+ password = user.getPassword();
+ }
+
+ return password;
+ }
+
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/AuthorizationInfoContainer.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/AuthorizationInfoContainer.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/AuthorizationInfoContainer.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,79 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.authorization;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.authorization.config.AuthorizationConfigEntryHolder;
-import org.jboss.security.config.AuthorizationInfo;
-import org.jboss.xb.binding.GenericValueContainer;
-
-//$Id$
-
-/**
- * A container for creating AuthorizationInfo during jbxb parse.
- *
- * @author anil.saldhana at jboss.org
- * @version $Revision$
- */
-public class AuthorizationInfoContainer
- implements GenericValueContainer
-{
- private static Logger log = Logger.getLogger(AuthorizationInfoContainer.class);
-
- AuthorizationInfo info = null;
-
- String authName = null;
-
- List moduleEntries = new ArrayList();
-
- public void addChild(QName name, Object value)
- {
- log.debug("addChild::" + name + ":" + value);
- if("name".equals(name.getLocalPart()))
- {
- authName = (String)value;
- }
- else if( value instanceof AuthorizationConfigEntryHolder )
- {
- AuthorizationConfigEntryHolder ace = (AuthorizationConfigEntryHolder) value;
- moduleEntries.add(ace.getEntry());
- }
- }
-
- public Object instantiate()
- {
- info = new AuthorizationInfo(authName);
- info.add(moduleEntries);
- return info;
- }
-
- public Class getTargetClass()
- {
- return AuthorizationInfo.class;
- }
-
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/AuthorizationInfoContainer.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/AuthorizationInfoContainer.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/AuthorizationInfoContainer.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/AuthorizationInfoContainer.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,79 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.authorization;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.authorization.config.AuthorizationConfigEntryHolder;
+import org.jboss.security.authorization.config.AuthorizationModuleEntry;
+import org.jboss.security.config.AuthorizationInfo;
+import org.jboss.xb.binding.GenericValueContainer;
+
+//$Id$
+
+/**
+ * A container for creating AuthorizationInfo during jbxb parse.
+ *
+ * @author anil.saldhana at jboss.org
+ * @version $Revision$
+ */
+public class AuthorizationInfoContainer
+ implements GenericValueContainer
+{
+ private static Logger log = Logger.getLogger(AuthorizationInfoContainer.class);
+
+ AuthorizationInfo info = null;
+
+ String authName = null;
+
+ List<AuthorizationModuleEntry> moduleEntries = new ArrayList<AuthorizationModuleEntry>();
+
+ public void addChild(QName name, Object value)
+ {
+ log.debug("addChild::" + name + ":" + value);
+ if("name".equals(name.getLocalPart()))
+ {
+ authName = (String)value;
+ }
+ else if( value instanceof AuthorizationConfigEntryHolder )
+ {
+ AuthorizationConfigEntryHolder ace = (AuthorizationConfigEntryHolder) value;
+ moduleEntries.add(ace.getEntry());
+ }
+ }
+
+ public Object instantiate()
+ {
+ info = new AuthorizationInfo(authName);
+ info.add(moduleEntries);
+ return info;
+ }
+
+ public Class<?> getTargetClass()
+ {
+ return AuthorizationInfo.class;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/SecurityActions.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/SecurityActions.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,52 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authorization;
-
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-
-//$Id$
-
-/**
- * Privileged Actions for this package
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jun 11, 2006
- * @version $Revision$
- */
-class SecurityActions
-{
- private static class GetTCLAction implements PrivilegedAction
- {
- static PrivilegedAction ACTION = new GetTCLAction();
- public Object run()
- {
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
- return loader;
- }
- }
-
- static ClassLoader getContextClassLoader()
- {
- ClassLoader loader = (ClassLoader) AccessController.doPrivileged(GetTCLAction.ACTION);
- return loader;
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/SecurityActions.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/SecurityActions.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/SecurityActions.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/SecurityActions.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,52 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+//$Id$
+
+/**
+ * Privileged Actions for this package
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jun 11, 2006
+ * @version $Revision$
+ */
+class SecurityActions
+{
+ private static class GetTCLAction implements PrivilegedAction<ClassLoader>
+ {
+ static PrivilegedAction<ClassLoader> ACTION = new GetTCLAction();
+ public ClassLoader run()
+ {
+ ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ return loader;
+ }
+ }
+
+ static ClassLoader getContextClassLoader()
+ {
+ ClassLoader loader = (ClassLoader) AccessController.doPrivileged(GetTCLAction.ACTION);
+ return loader;
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,94 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authorization.config;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.xml.namespace.QName;
-
-import org.jboss.security.config.ControlFlag;
-import org.jboss.security.config.ModuleOption;
-import org.jboss.xb.binding.GenericValueContainer;
-
-//$Id$
-
-/**
- * A container for creating AuthorizationConfigurationEntry during jbxb parse.
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jun 9, 2006
- * @version $Revision$
- */
-public class AuthorizationConfigEntryHolder implements GenericValueContainer
-{
- private Map moduleOptions = new HashMap();
- String moduleName = null;
- ControlFlag controlFlag = ControlFlag.REQUIRED;
-
- public void addChild(QName name, Object value)
- {
- if("code".equals(name.getLocalPart()))
- {
- moduleName = (String)value;
- }
- if("flag".equals(name.getLocalPart()))
- {
- String tempVal = (String)value;
- if("optional".equals(tempVal))
- controlFlag = ControlFlag.OPTIONAL;
- else
- if("requisite".equals(tempVal))
- controlFlag = ControlFlag.REQUISITE;
- else
- if("sufficient".equals(tempVal))
- controlFlag = ControlFlag.SUFFICIENT;
- }
- if(value instanceof ModuleOption)
- {
- ModuleOption mo = (ModuleOption)value;
- moduleOptions.put(mo.getName(),mo.getValue());
- }
- }
-
- public void addOption(ModuleOption option)
- {
- moduleOptions.put(option.getName(), option.getValue());
- }
-
- public AuthorizationModuleEntry getEntry()
- {
- return (AuthorizationModuleEntry)instantiate();
- }
-
- public Object instantiate()
- {
- AuthorizationModuleEntry entry = new AuthorizationModuleEntry( moduleName,moduleOptions );
- entry.setControlFlag(controlFlag);
- return entry;
- }
-
- public Class getTargetClass()
- {
- return AuthorizationModuleEntry.class;
- }
-
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,94 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization.config;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+
+import org.jboss.security.config.ControlFlag;
+import org.jboss.security.config.ModuleOption;
+import org.jboss.xb.binding.GenericValueContainer;
+
+//$Id$
+
+/**
+ * A container for creating AuthorizationConfigurationEntry during jbxb parse.
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jun 9, 2006
+ * @version $Revision$
+ */
+public class AuthorizationConfigEntryHolder implements GenericValueContainer
+{
+ private Map<String,Object> moduleOptions = new HashMap<String,Object>();
+ String moduleName = null;
+ ControlFlag controlFlag = ControlFlag.REQUIRED;
+
+ public void addChild(QName name, Object value)
+ {
+ if("code".equals(name.getLocalPart()))
+ {
+ moduleName = (String)value;
+ }
+ if("flag".equals(name.getLocalPart()))
+ {
+ String tempVal = (String)value;
+ if("optional".equals(tempVal))
+ controlFlag = ControlFlag.OPTIONAL;
+ else
+ if("requisite".equals(tempVal))
+ controlFlag = ControlFlag.REQUISITE;
+ else
+ if("sufficient".equals(tempVal))
+ controlFlag = ControlFlag.SUFFICIENT;
+ }
+ if(value instanceof ModuleOption)
+ {
+ ModuleOption mo = (ModuleOption)value;
+ moduleOptions.put(mo.getName(),mo.getValue());
+ }
+ }
+
+ public void addOption(ModuleOption option)
+ {
+ moduleOptions.put(option.getName(), option.getValue());
+ }
+
+ public AuthorizationModuleEntry getEntry()
+ {
+ return (AuthorizationModuleEntry)instantiate();
+ }
+
+ public Object instantiate()
+ {
+ AuthorizationModuleEntry entry = new AuthorizationModuleEntry( moduleName,moduleOptions );
+ entry.setControlFlag(controlFlag);
+ return entry;
+ }
+
+ public Class<?> getTargetClass()
+ {
+ return AuthorizationModuleEntry.class;
+ }
+
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,145 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authorization.modules.ejb;
-
-import java.lang.reflect.Method;
-import java.security.CodeSource;
-import java.security.Permission;
-import java.security.Policy;
-import java.security.Principal;
-import java.security.ProtectionDomain;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.jacc.EJBMethodPermission;
-import javax.security.jacc.EJBRoleRefPermission;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.PolicyRegistration;
-import org.jboss.security.authorization.Resource;
-import org.jboss.security.authorization.ResourceKeys;
-import org.jboss.security.authorization.modules.AbstractJACCModuleDelegate;
-import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
-import org.jboss.security.authorization.resources.EJBResource;
-import org.jboss.security.identity.Role;
-import org.jboss.security.identity.RoleGroup;
-
-
-//$Id$
-
-/**
- * Authorization Module delegate that deals with the authorization decisions
- * for the EJB Layer
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jul 6, 2006
- * @version $Revision$
- */
-public class EJBJACCPolicyModuleDelegate extends AbstractJACCModuleDelegate
-{
- private String ejbName = null;
- private Method ejbMethod = null;
- private String methodInterface = null;
- private CodeSource ejbCS = null;
- private String roleName = null;
- private Boolean roleRefCheck = Boolean.FALSE;
- //private Group securityContextRoles = null;
-
- public EJBJACCPolicyModuleDelegate()
- {
- log = Logger.getLogger(getClass());
- trace = log.isTraceEnabled();
- }
-
- /**
- * @see AuthorizationModuleDelegate#authorize(Resource)
- */
- public int authorize(Resource resource, Subject callerSubject, RoleGroup role)
- {
- if(resource instanceof EJBResource == false)
- throw new IllegalArgumentException("resource is not an EJBResource");
-
- EJBResource ejbResource = (EJBResource) resource;
-
- //Get the context map
- Map<String,Object> map = resource.getMap();
- if(map == null)
- throw new IllegalStateException("Map from the Resource is null");
-
- this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
-
- this.ejbCS = ejbResource.getCodeSource();
- this.ejbMethod = ejbResource.getEjbMethod();
- this.ejbName = ejbResource.getEjbName();
- this.methodInterface = ejbResource.getEjbMethodInterface();
-
- this.roleName = (String)map.get(ResourceKeys.ROLENAME);
-
- this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK);
- if(this.roleRefCheck == Boolean.TRUE)
- return checkRoleRef(callerSubject, role);
- else
- return process(callerSubject, role);
- }
-
- //Private Methods
- /**
- * Process the request
- * @param request
- * @param sc
- * @return
- */
- private int process(Subject callerSubject, Role role)
- {
- EJBMethodPermission methodPerm =
- new EJBMethodPermission(ejbName, methodInterface, ejbMethod);
- boolean policyDecision = checkWithPolicy(methodPerm, callerSubject, role);
- if( policyDecision == false )
- {
- String msg = "Denied: "+methodPerm+", caller=" + callerSubject+", role="+role;
- if(trace)
- log.trace("EJB Jacc Delegate:"+msg);
- }
- return policyDecision ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
- }
-
- private int checkRoleRef(Subject callerSubject, RoleGroup callerRoles)
- {
- //This has to be the EJBRoleRefPermission
- EJBRoleRefPermission ejbRoleRefPerm = new EJBRoleRefPermission(ejbName,roleName);
- boolean policyDecision = checkWithPolicy(ejbRoleRefPerm, callerSubject, callerRoles);
- if( policyDecision == false )
- {
- String msg = "Denied: "+ejbRoleRefPerm+", caller=" + callerSubject;
- if(trace)
- log.trace("EJB Jacc Delegate:"+msg);
- }
- return policyDecision ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
- }
-
- private boolean checkWithPolicy(Permission ejbPerm, Subject subject, Role role)
- {
- Principal[] principals = this.getPrincipals(subject, role);
- ProtectionDomain pd = new ProtectionDomain (ejbCS, null, null, principals);
- return Policy.getPolicy().implies(pd, ejbPerm);
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,144 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization.modules.ejb;
+
+import java.lang.reflect.Method;
+import java.security.CodeSource;
+import java.security.Permission;
+import java.security.Policy;
+import java.security.Principal;
+import java.security.ProtectionDomain;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.jacc.EJBMethodPermission;
+import javax.security.jacc.EJBRoleRefPermission;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.PolicyRegistration;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceKeys;
+import org.jboss.security.authorization.modules.AbstractJACCModuleDelegate;
+import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
+import org.jboss.security.authorization.resources.EJBResource;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
+
+
+//$Id$
+
+/**
+ * Authorization Module delegate that deals with the authorization decisions
+ * for the EJB Layer
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jul 6, 2006
+ * @version $Revision$
+ */
+public class EJBJACCPolicyModuleDelegate extends AbstractJACCModuleDelegate
+{
+ private String ejbName = null;
+ private Method ejbMethod = null;
+ private String methodInterface = null;
+ private CodeSource ejbCS = null;
+ private String roleName = null;
+ private Boolean roleRefCheck = Boolean.FALSE;
+
+ public EJBJACCPolicyModuleDelegate()
+ {
+ log = Logger.getLogger(getClass());
+ trace = log.isTraceEnabled();
+ }
+
+ /**
+ * @see AuthorizationModuleDelegate#authorize(Resource)
+ */
+ public int authorize(Resource resource, Subject callerSubject, RoleGroup role)
+ {
+ if(resource instanceof EJBResource == false)
+ throw new IllegalArgumentException("resource is not an EJBResource");
+
+ EJBResource ejbResource = (EJBResource) resource;
+
+ //Get the context map
+ Map<String,Object> map = resource.getMap();
+ if(map == null)
+ throw new IllegalStateException("Map from the Resource is null");
+
+ this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
+
+ this.ejbCS = ejbResource.getCodeSource();
+ this.ejbMethod = ejbResource.getEjbMethod();
+ this.ejbName = ejbResource.getEjbName();
+ this.methodInterface = ejbResource.getEjbMethodInterface();
+
+ this.roleName = (String)map.get(ResourceKeys.ROLENAME);
+
+ this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK);
+ if(this.roleRefCheck == Boolean.TRUE)
+ return checkRoleRef(callerSubject, role);
+ else
+ return process(callerSubject, role);
+ }
+
+ //Private Methods
+ /**
+ * Process the request
+ * @param request
+ * @param sc
+ * @return
+ */
+ private int process(Subject callerSubject, Role role)
+ {
+ EJBMethodPermission methodPerm =
+ new EJBMethodPermission(ejbName, methodInterface, ejbMethod);
+ boolean policyDecision = checkWithPolicy(methodPerm, callerSubject, role);
+ if( policyDecision == false )
+ {
+ String msg = "Denied: "+methodPerm+", caller=" + callerSubject+", role="+role;
+ if(trace)
+ log.trace("EJB Jacc Delegate:"+msg);
+ }
+ return policyDecision ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
+ }
+
+ private int checkRoleRef(Subject callerSubject, RoleGroup callerRoles)
+ {
+ //This has to be the EJBRoleRefPermission
+ EJBRoleRefPermission ejbRoleRefPerm = new EJBRoleRefPermission(ejbName,roleName);
+ boolean policyDecision = checkWithPolicy(ejbRoleRefPerm, callerSubject, callerRoles);
+ if( policyDecision == false )
+ {
+ String msg = "Denied: "+ejbRoleRefPerm+", caller=" + callerSubject;
+ if(trace)
+ log.trace("EJB Jacc Delegate:"+msg);
+ }
+ return policyDecision ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
+ }
+
+ private boolean checkWithPolicy(Permission ejbPerm, Subject subject, Role role)
+ {
+ Principal[] principals = this.getPrincipals(subject, role);
+ ProtectionDomain pd = new ProtectionDomain (ejbCS, null, null, principals);
+ return Policy.getPolicy().implies(pd, ejbPerm);
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,294 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authorization.modules.ejb;
-
-import java.lang.reflect.Method;
-import java.security.Principal;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.AnybodyPrincipal;
-import org.jboss.security.RunAs;
-import org.jboss.security.RunAsIdentity;
-import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.PolicyRegistration;
-import org.jboss.security.authorization.Resource;
-import org.jboss.security.authorization.ResourceKeys;
-import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
-import org.jboss.security.authorization.resources.EJBResource;
-import org.jboss.security.identity.Role;
-import org.jboss.security.identity.RoleGroup;
-import org.jboss.security.identity.plugins.SimpleRole;
-import org.jboss.security.identity.plugins.SimpleRoleGroup;
-import org.jboss.security.javaee.SecurityRoleRef;
-
-
-//$Id$
-
-/**
- * Authorization Module delegate that deals with the authorization decisions
- * for the EJB Layer (Default Behavior)
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jul 6, 2006
- * @version $Revision$
- */
-public class EJBPolicyModuleDelegate extends AuthorizationModuleDelegate
-{
- private String ejbName = null;
- private Method ejbMethod = null;
- private Principal ejbPrincipal = null;
- //private Set<Principal> methodRoles = null;
- private RoleGroup methodRoles = null;
- private String methodInterface = null;
- private RunAs callerRunAs = null;
- private String roleName = null;
- private Boolean roleRefCheck = Boolean.FALSE;
- private Set<SecurityRoleRef> securityRoleReferences = null;
-
- private final Role ANYBODY_ROLE = new SimpleRole(AnybodyPrincipal.ANYBODY);
-
- public EJBPolicyModuleDelegate()
- {
- log = Logger.getLogger(getClass());
- trace = log.isTraceEnabled();
- }
-
- /**
- * @see AuthorizationModuleDelegate#authorize(Resource)
- */
- public int authorize(Resource resource, Subject callerSubject, RoleGroup role)
- {
- if(resource instanceof EJBResource == false)
- throw new IllegalArgumentException("resource is not an EJBResource");
-
- EJBResource ejbResource = (EJBResource) resource;
-
- //Get the context map
- Map<String,Object> map = resource.getMap();
- if(map == null)
- throw new IllegalStateException("Map from the Resource is null");
-
- /*AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
- if(am == null)
- throw new IllegalStateException("Authorization Manager is null");
- if(am instanceof PolicyRegistration)
- this.policyRegistration = (PolicyRegistration) am; */
-
- this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
-
- this.roleName = (String)map.get(ResourceKeys.ROLENAME);
- this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK);
-
- this.callerRunAs = ejbResource.getCallerRunAsIdentity();
- this.ejbMethod = ejbResource.getEjbMethod();
- this.ejbName = ejbResource.getEjbName();
- this.ejbPrincipal = ejbResource.getPrincipal();
- this.methodInterface = ejbResource.getEjbMethodInterface();
- this.methodRoles = ejbResource.getEjbMethodRoles();
- this.securityRoleReferences = ejbResource.getSecurityRoleReferences();
-
- if(this.roleRefCheck == Boolean.TRUE)
- return checkRoleRef(role);
- else
- return process(role);
- }
-
- //Private Methods
- /**
- * Process the request
- * @param request
- * @param sc
- * @return
- */
- private int process(RoleGroup principalRole)
- {
- boolean allowed = true;
-
- //Get the method permissions
- if (methodRoles == null)
- {
- if(this.ejbMethod == null)
- throw new IllegalStateException("ejbMethod is null");
- String method = this.ejbMethod.getName();
- String msg = "No method permissions assigned to method=" + method
- + ", interface=" + methodInterface;
- if(trace)
- log.trace("Exception:"+msg);
-
- return AuthorizationContext.DENY;
- }
- else if (trace)
- {
- log.trace("method=" + this.ejbMethod + ", interface=" + this.methodInterface
- + ", requiredRoles=" + methodRoles);
- }
-
- // Check if the caller is allowed to access the method
- if(methodRoles.containsAll(ANYBODY_ROLE) == false)
- //if (methodRoles.contains(AnybodyPrincipal.ANYBODY_PRINCIPAL) == false)
- {
- // The caller is using a the caller identity
- if (callerRunAs == null)
- {
- //AuthorizationManager am = (AuthorizationManager)policyRegistration;
-
- // Now actually check if the current caller has one of the required method roles
- if(principalRole == null)
- throw new IllegalStateException("Principal Role is null");
- if(methodRoles.containsAtleastOneRole(principalRole) == false)
- {
- if(this.ejbMethod == null)
- throw new IllegalStateException("ejbMethod is null");
-
- //Set<Principal> userRoles = am.getUserRoles(ejbPrincipal);
- String method = this.ejbMethod.getName();
- String msg = "Insufficient method permissions, principal=" + ejbPrincipal
- + ", ejbName=" + this.ejbName
- + ", method=" + method + ", interface=" + this.methodInterface
- + ", requiredRoles=" + methodRoles + ", principalRoles=" + principalRole;
- if(trace)
- log.trace("Exception:"+msg);
- allowed = false;
- }
-
- /*// Now actually check if the current caller has one of the required method roles
- if (am.doesUserHaveRole(ejbPrincipal, methodRoles) == false)
- {
- if(this.ejbMethod == null)
- throw new IllegalStateException("ejbMethod is null");
-
- Set<Principal> userRoles = am.getUserRoles(ejbPrincipal);
- String method = this.ejbMethod.getName();
- String msg = "Insufficient method permissions, principal=" + ejbPrincipal
- + ", ejbName=" + this.ejbName
- + ", method=" + method + ", interface=" + this.methodInterface
- + ", requiredRoles=" + methodRoles + ", principalRoles=" + userRoles;
- if(trace)
- log.trace("Exception:"+msg);
- allowed = false;
- }*/
- }
-
- // The caller is using a run-as identity
- else
- {
- if(callerRunAs instanceof RunAsIdentity)
- {
- RunAsIdentity callerRunAsIdentity = (RunAsIdentity) callerRunAs;
- RoleGroup srg = new SimpleRoleGroup(callerRunAsIdentity.getRunAsRoles());
-
- // Check that the run-as role is in the set of method roles
- if(srg.containsAtleastOneRole(methodRoles) == false)
- {
- String method = this.ejbMethod.getName();
- String msg = "Insufficient method permissions, principal=" + ejbPrincipal
- + ", ejbName=" + this.ejbName
- + ", method=" + method + ", interface=" + this.methodInterface
- + ", requiredRoles=" + methodRoles + ", runAsRoles="
- + callerRunAsIdentity.getRunAsRoles();
- if(trace)
- log.trace("Exception:"+msg);
- allowed = false;
- }
-
- /*// Check that the run-as role is in the set of method roles
- if (callerRunAsIdentity.doesUserHaveRole(methodRoles) == false)
- {
- String method = this.ejbMethod.getName();
- String msg = "Insufficient method permissions, principal=" + ejbPrincipal
- + ", ejbName=" + this.ejbName
- + ", method=" + method + ", interface=" + this.methodInterface
- + ", requiredRoles=" + methodRoles + ", runAsRoles="
- + callerRunAsIdentity.getRunAsRoles();
- if(trace)
- log.trace("Exception:"+msg);
- allowed = false;
- }*/
- }
-
- }
- }
- return allowed ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
- }
-
- private int checkRoleRef(RoleGroup principalRole)
- {
- //AuthorizationManager am = (AuthorizationManager)policyRegistration;
- //Check the caller of this beans run-as identity
- if (ejbPrincipal == null && callerRunAs == null)
- {
- if(trace)
- log.trace("ejbPrincipal = null,callerRunAsIdentity = null => DENY" );
- return AuthorizationContext.DENY;
- }
-
- // Map the role name used by Bean Provider to the security role
- // link in the deployment descriptor. The EJB 1.1 spec requires
- // the security role refs in the descriptor but for backward
- // compability we're not enforcing this requirement.
- //
- // TODO (2.3): add a conditional check using jboss.xml <enforce-ejb-restrictions> element
- // which will throw an exception in case no matching
- // security ref is found.
- boolean matchFound = false;
- Iterator<SecurityRoleRef> it = this.securityRoleReferences.iterator();
- while ( it.hasNext())
- {
- SecurityRoleRef meta = it.next();
- if (meta.getName().equals(roleName))
- {
- roleName = meta.getLink();
- matchFound = true;
- break;
- }
- }
-
- if (!matchFound)
- log.trace("no match found for security role " + roleName +
- " in the deployment descriptor for ejb " + this.ejbName);
-
- /*HashSet<Principal> set = new HashSet<Principal>();
- set.add(new SimplePrincipal(roleName));*/
-
- Role deploymentrole = new SimpleRole(roleName);
-
- boolean allowed = false;
- if (callerRunAs == null)
- allowed = principalRole.containsRole(deploymentrole);
- //allowed = am.doesUserHaveRole(ejbPrincipal, set);
- else
- {
- if(callerRunAs instanceof RunAsIdentity)
- {
- RunAsIdentity callerRunAsIdentity = (RunAsIdentity) callerRunAs;
- SimpleRoleGroup srg = new SimpleRoleGroup(callerRunAsIdentity.getRunAsRoles());
- allowed = srg.containsRole(deploymentrole);
- //allowed = callerRunAsIdentity.doesUserHaveRole(set);
- }
- }
- return allowed ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,250 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization.modules.ejb;
+
+import java.lang.reflect.Method;
+import java.security.Principal;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.AnybodyPrincipal;
+import org.jboss.security.RunAs;
+import org.jboss.security.RunAsIdentity;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.PolicyRegistration;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceKeys;
+import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
+import org.jboss.security.authorization.resources.EJBResource;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
+import org.jboss.security.javaee.SecurityRoleRef;
+
+
+//$Id$
+
+/**
+ * Authorization Module delegate that deals with the authorization decisions
+ * for the EJB Layer (Default Behavior)
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jul 6, 2006
+ * @version $Revision$
+ */
+public class EJBPolicyModuleDelegate extends AuthorizationModuleDelegate
+{
+ private String ejbName = null;
+ private Method ejbMethod = null;
+ private Principal ejbPrincipal = null;
+ private RoleGroup methodRoles = null;
+ private String methodInterface = null;
+ private RunAs callerRunAs = null;
+ private String roleName = null;
+ private Boolean roleRefCheck = Boolean.FALSE;
+ private Set<SecurityRoleRef> securityRoleReferences = null;
+
+ private final Role ANYBODY_ROLE = new SimpleRole(AnybodyPrincipal.ANYBODY);
+
+ public EJBPolicyModuleDelegate()
+ {
+ log = Logger.getLogger(getClass());
+ trace = log.isTraceEnabled();
+ }
+
+ /**
+ * @see AuthorizationModuleDelegate#authorize(Resource)
+ */
+ public int authorize(Resource resource, Subject callerSubject, RoleGroup role)
+ {
+ if(resource instanceof EJBResource == false)
+ throw new IllegalArgumentException("resource is not an EJBResource");
+
+ EJBResource ejbResource = (EJBResource) resource;
+
+ //Get the context map
+ Map<String,Object> map = resource.getMap();
+ if(map == null)
+ throw new IllegalStateException("Map from the Resource is null");
+
+ this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
+
+ this.roleName = (String)map.get(ResourceKeys.ROLENAME);
+ this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK);
+
+ this.callerRunAs = ejbResource.getCallerRunAsIdentity();
+ this.ejbMethod = ejbResource.getEjbMethod();
+ this.ejbName = ejbResource.getEjbName();
+ this.ejbPrincipal = ejbResource.getPrincipal();
+ this.methodInterface = ejbResource.getEjbMethodInterface();
+ this.methodRoles = ejbResource.getEjbMethodRoles();
+ this.securityRoleReferences = ejbResource.getSecurityRoleReferences();
+
+ if(this.roleRefCheck == Boolean.TRUE)
+ return checkRoleRef(role);
+ else
+ return process(role);
+ }
+
+ //Private Methods
+ /**
+ * Process the request
+ * @param request
+ * @param sc
+ * @return
+ */
+ private int process(RoleGroup principalRole)
+ {
+ boolean allowed = true;
+
+ //Get the method permissions
+ if (methodRoles == null)
+ {
+ if(this.ejbMethod == null)
+ throw new IllegalStateException("ejbMethod is null");
+ String method = this.ejbMethod.getName();
+ String msg = "No method permissions assigned to method=" + method
+ + ", interface=" + methodInterface;
+ if(trace)
+ log.trace("Exception:"+msg);
+
+ return AuthorizationContext.DENY;
+ }
+ else if (trace)
+ {
+ log.trace("method=" + this.ejbMethod + ", interface=" + this.methodInterface
+ + ", requiredRoles=" + methodRoles);
+ }
+
+ // Check if the caller is allowed to access the method
+ if(methodRoles.containsAll(ANYBODY_ROLE) == false)
+ {
+ // The caller is using a the caller identity
+ if (callerRunAs == null)
+ {
+ //AuthorizationManager am = (AuthorizationManager)policyRegistration;
+
+ // Now actually check if the current caller has one of the required method roles
+ if(principalRole == null)
+ throw new IllegalStateException("Principal Role is null");
+ if(methodRoles.containsAtleastOneRole(principalRole) == false)
+ {
+ if(this.ejbMethod == null)
+ throw new IllegalStateException("ejbMethod is null");
+
+ //Set<Principal> userRoles = am.getUserRoles(ejbPrincipal);
+ String method = this.ejbMethod.getName();
+ String msg = "Insufficient method permissions, principal=" + ejbPrincipal
+ + ", ejbName=" + this.ejbName
+ + ", method=" + method + ", interface=" + this.methodInterface
+ + ", requiredRoles=" + methodRoles + ", principalRoles=" + principalRole;
+ if(trace)
+ log.trace("Exception:"+msg);
+ allowed = false;
+ }
+ }
+
+ // The caller is using a run-as identity
+ else
+ {
+ if(callerRunAs instanceof RunAsIdentity)
+ {
+ RunAsIdentity callerRunAsIdentity = (RunAsIdentity) callerRunAs;
+ RoleGroup srg = new SimpleRoleGroup(callerRunAsIdentity.getRunAsRoles());
+
+ // Check that the run-as role is in the set of method roles
+ if(srg.containsAtleastOneRole(methodRoles) == false)
+ {
+ String method = this.ejbMethod.getName();
+ String msg = "Insufficient method permissions, principal=" + ejbPrincipal
+ + ", ejbName=" + this.ejbName
+ + ", method=" + method + ", interface=" + this.methodInterface
+ + ", requiredRoles=" + methodRoles + ", runAsRoles="
+ + callerRunAsIdentity.getRunAsRoles();
+ if(trace)
+ log.trace("Exception:"+msg);
+ allowed = false;
+ }
+ }
+
+ }
+ }
+ return allowed ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
+ }
+
+ private int checkRoleRef(RoleGroup principalRole)
+ {
+ //AuthorizationManager am = (AuthorizationManager)policyRegistration;
+ //Check the caller of this beans run-as identity
+ if (ejbPrincipal == null && callerRunAs == null)
+ {
+ if(trace)
+ log.trace("ejbPrincipal = null,callerRunAsIdentity = null => DENY" );
+ return AuthorizationContext.DENY;
+ }
+
+ // Map the role name used by Bean Provider to the security role
+ // link in the deployment descriptor. The EJB 1.1 spec requires
+ // the security role refs in the descriptor but for backward
+ // compability we're not enforcing this requirement.
+ //
+ // TODO (2.3): add a conditional check using jboss.xml <enforce-ejb-restrictions> element
+ // which will throw an exception in case no matching
+ // security ref is found.
+ boolean matchFound = false;
+ Iterator<SecurityRoleRef> it = this.securityRoleReferences.iterator();
+ while ( it.hasNext())
+ {
+ SecurityRoleRef meta = it.next();
+ if (meta.getName().equals(roleName))
+ {
+ roleName = meta.getLink();
+ matchFound = true;
+ break;
+ }
+ }
+
+ if (!matchFound)
+ log.trace("no match found for security role " + roleName +
+ " in the deployment descriptor for ejb " + this.ejbName);
+
+ Role deploymentrole = new SimpleRole(roleName);
+
+ boolean allowed = false;
+ if (callerRunAs == null)
+ allowed = principalRole.containsRole(deploymentrole);
+ else
+ {
+ if(callerRunAs instanceof RunAsIdentity)
+ {
+ RunAsIdentity callerRunAsIdentity = (RunAsIdentity) callerRunAs;
+ SimpleRoleGroup srg = new SimpleRoleGroup(callerRunAsIdentity.getRunAsRoles());
+ allowed = srg.containsRole(deploymentrole);
+ }
+ }
+ return allowed ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/cache/JBossAuthenticationCache.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/cache/JBossAuthenticationCache.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/cache/JBossAuthenticationCache.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,197 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.cache;
-
-import java.security.Principal;
-import java.util.Arrays;
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-
-import javax.security.auth.Subject;
-
-import org.jboss.security.SecurityConstants;
-
-//$Id$
-
-/**
- * Authentication Cache keyed in by Principal
- * @author Anil.Saldhana at redhat.com
- * @since May 13, 2007
- * @version $Revision$
- */
-public class JBossAuthenticationCache implements SecurityCache<Principal>
-{
- /** Initial Capacity for the Hash Map **/
- private int initialCapacity = 16;
-
- /** Load Factor for the HashMap **/
- private float loadFactor = (float) 0.75;
-
- /** Concurrency Level hint to the concurrent hashmap **/
- private int concurrencyLevel = 16;
-
- private ConcurrentHashMap<Principal,AuthCacheObject> cacheMap = null;
-
- public JBossAuthenticationCache()
- {
- constructCache();
- }
-
- public JBossAuthenticationCache(int initCapacity, float loadFactor,int level)
- {
- this.concurrencyLevel = level;
- this.loadFactor = loadFactor;
- this.initialCapacity = initCapacity;
- constructCache();
- }
-
- /**
- * @see SecurityCache#addCacheEntry(Object, Map)
- */
- public void addCacheEntry(Principal principal, Map<String, Object> map)
- throws SecurityCacheException
- {
- try
- {
- AuthCacheObject ao = new AuthCacheObject(map.get(SecurityConstants.CREDENTIAL),
- (Subject) map.get(SecurityConstants.SUBJECT));
- cacheMap.put(principal, ao);
- }
- catch(Exception e)
- {
- throw new SecurityCacheException(e);
- }
- }
-
- /**
- * @see SecurityCache#cacheHit(Object)
- */
- public boolean cacheHit(Principal principal)
- {
- return cacheMap.containsKey(principal);
- }
-
- /**
- * @see SecurityCache#cacheOperation(Object, Map)
- */
- public void cacheOperation(Principal principal, Map<String,Object> map)
- throws SecurityCacheException
- {
- boolean isValid = false;
- if(!cacheHit(principal))
- throw new SecurityCacheException("Cache Miss");
- Object cred = map.get(SecurityConstants.CREDENTIAL);
- AuthCacheObject ao = cacheMap.get(principal);
- Object cacheCred = ao.credential;
-
- //Anonymous login
- if(cred == null || cacheCred == null)
- {
- if(cred == null && cacheCred == null)
- isValid = true;
- }
- // See if the credential is assignable to the cache value
- else if( cacheCred.getClass().isAssignableFrom(cred.getClass()) )
- {
- /* Validate the credential by trying Comparable, char[], byte[],
- Object[], and finally Object.equals()
- */
- if( cacheCred instanceof Comparable )
- {
- Comparable c = (Comparable) cacheCred;
- isValid = c.compareTo(cred) == 0;
- }
- else if( cacheCred instanceof char[] )
- {
- char[] a1 = (char[]) cacheCred;
- char[] a2 = (char[]) cred;
- isValid = Arrays.equals(a1, a2);
- }
- else if( cacheCred instanceof byte[] )
- {
- byte[] a1 = (byte[]) cacheCred;
- byte[] a2 = (byte[]) cred;
- isValid = Arrays.equals(a1, a2);
- }
- else if( cacheCred.getClass().isArray() )
- {
- Object[] a1 = (Object[]) cacheCred;
- Object[] a2 = (Object[]) cred;
- isValid = Arrays.equals(a1, a2);
- }
- else
- {
- isValid = cacheCred.equals(cred);
- }
- }
- else if( cacheCred instanceof char[] && cred instanceof String )
- {
- char[] a1 = (char[]) cacheCred;
- char[] a2 = ((String) cred).toCharArray();
- isValid = Arrays.equals(a1, a2);
- }
- else if( cacheCred instanceof String && cred instanceof char[] )
- {
- char[] a1 = ((String) cacheCred).toCharArray();
- char[] a2 = (char[]) cred;
- isValid = Arrays.equals(a1, a2);
- }
-
- if(!isValid)
- throw new SecurityCacheException("Cache Validation Failed");
- }
-
- /**
- * @see SecurityCache#get(Object)
- */
- public <Y> Y get(Principal key) throws SecurityCacheException
- {
- Subject subj = null;
- if(cacheHit(key))
- {
- AuthCacheObject aco = cacheMap.get(key);
- subj = aco.subject;
- }
- return (Y) subj;
- }
-
- private void constructCache()
- {
- cacheMap =
- new ConcurrentHashMap<Principal,AuthCacheObject>(initialCapacity,
- loadFactor, concurrencyLevel);
- }
-
- private class AuthCacheObject
- {
- private Object credential;
- private Subject subject;
-
- public AuthCacheObject(Object credential, Subject subject)
- {
- super();
- this.credential = credential;
- this.subject = subject;
- }
- }
-
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/cache/JBossAuthenticationCache.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/cache/JBossAuthenticationCache.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/cache/JBossAuthenticationCache.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/cache/JBossAuthenticationCache.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,198 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.cache;
+
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+import javax.security.auth.Subject;
+
+import org.jboss.security.SecurityConstants;
+
+
+/**
+ * Authentication Cache keyed in by Principal
+ * @author Anil.Saldhana at redhat.com
+ * @since May 13, 2007
+ * @version $Revision$
+ */
+public class JBossAuthenticationCache implements SecurityCache<Principal>
+{
+ /** Initial Capacity for the Hash Map **/
+ private int initialCapacity = 16;
+
+ /** Load Factor for the HashMap **/
+ private float loadFactor = (float) 0.75;
+
+ /** Concurrency Level hint to the concurrent hashmap **/
+ private int concurrencyLevel = 16;
+
+ private ConcurrentHashMap<Principal,AuthCacheObject> cacheMap = null;
+
+ public JBossAuthenticationCache()
+ {
+ constructCache();
+ }
+
+ public JBossAuthenticationCache(int initCapacity, float loadFactor,int level)
+ {
+ this.concurrencyLevel = level;
+ this.loadFactor = loadFactor;
+ this.initialCapacity = initCapacity;
+ constructCache();
+ }
+
+ /**
+ * @see SecurityCache#addCacheEntry(Object, Map)
+ */
+ public void addCacheEntry(Principal principal, Map<String, Object> map)
+ throws SecurityCacheException
+ {
+ try
+ {
+ AuthCacheObject ao = new AuthCacheObject(map.get(SecurityConstants.CREDENTIAL),
+ (Subject) map.get(SecurityConstants.SUBJECT));
+ cacheMap.put(principal, ao);
+ }
+ catch(Exception e)
+ {
+ throw new SecurityCacheException(e);
+ }
+ }
+
+ /**
+ * @see SecurityCache#cacheHit(Object)
+ */
+ public boolean cacheHit(Principal principal)
+ {
+ return cacheMap.containsKey(principal);
+ }
+
+ /**
+ * @see SecurityCache#cacheOperation(Object, Map)
+ */
+ @SuppressWarnings("unchecked")
+ public void cacheOperation(Principal principal, Map<String,Object> map)
+ throws SecurityCacheException
+ {
+ boolean isValid = false;
+ if(!cacheHit(principal))
+ throw new SecurityCacheException("Cache Miss");
+ Object cred = map.get(SecurityConstants.CREDENTIAL);
+ AuthCacheObject ao = cacheMap.get(principal);
+ Object cacheCred = ao.credential;
+
+ //Anonymous login
+ if(cred == null || cacheCred == null)
+ {
+ if(cred == null && cacheCred == null)
+ isValid = true;
+ }
+ // See if the credential is assignable to the cache value
+ else if( cacheCred.getClass().isAssignableFrom(cred.getClass()) )
+ {
+ /* Validate the credential by trying Comparable, char[], byte[],
+ Object[], and finally Object.equals()
+ */
+ if( cacheCred instanceof Comparable )
+ {
+ Comparable c = (Comparable) cacheCred;
+ isValid = c.compareTo(cred) == 0;
+ }
+ else if( cacheCred instanceof char[] )
+ {
+ char[] a1 = (char[]) cacheCred;
+ char[] a2 = (char[]) cred;
+ isValid = Arrays.equals(a1, a2);
+ }
+ else if( cacheCred instanceof byte[] )
+ {
+ byte[] a1 = (byte[]) cacheCred;
+ byte[] a2 = (byte[]) cred;
+ isValid = Arrays.equals(a1, a2);
+ }
+ else if( cacheCred.getClass().isArray() )
+ {
+ Object[] a1 = (Object[]) cacheCred;
+ Object[] a2 = (Object[]) cred;
+ isValid = Arrays.equals(a1, a2);
+ }
+ else
+ {
+ isValid = cacheCred.equals(cred);
+ }
+ }
+ else if( cacheCred instanceof char[] && cred instanceof String )
+ {
+ char[] a1 = (char[]) cacheCred;
+ char[] a2 = ((String) cred).toCharArray();
+ isValid = Arrays.equals(a1, a2);
+ }
+ else if( cacheCred instanceof String && cred instanceof char[] )
+ {
+ char[] a1 = ((String) cacheCred).toCharArray();
+ char[] a2 = (char[]) cred;
+ isValid = Arrays.equals(a1, a2);
+ }
+
+ if(!isValid)
+ throw new SecurityCacheException("Cache Validation Failed");
+ }
+
+ /**
+ * @see SecurityCache#get(Object)
+ */
+ @SuppressWarnings("unchecked")
+ public <Y> Y get(Principal key) throws SecurityCacheException
+ {
+ Subject subj = null;
+ if(cacheHit(key))
+ {
+ AuthCacheObject aco = cacheMap.get(key);
+ subj = aco.subject;
+ }
+ return (Y) subj;
+ }
+
+ private void constructCache()
+ {
+ cacheMap =
+ new ConcurrentHashMap<Principal,AuthCacheObject>(initialCapacity,
+ loadFactor, concurrencyLevel);
+ }
+
+ private class AuthCacheObject
+ {
+ private Object credential;
+ private Subject subject;
+
+ public AuthCacheObject(Object credential, Subject subject)
+ {
+ super();
+ this.credential = credential;
+ this.subject = subject;
+ }
+ }
+
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/config/SecurityConfiguration.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/SecurityConfiguration.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/config/SecurityConfiguration.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,206 +0,0 @@
-/*
- * JBoss, the OpenSource J2EE webOS
- *
- * Distributable under LGPL license.
- * See terms of license at gnu.org.
- */
-package org.jboss.security.config;
-
-import java.security.Key;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.HashMap;
-
-/**
- * Class that provides the Configuration for authentication,
- * authorization, mapping info etc
- * It also holds the information like JSSE keystores, keytypes and
- * other crypto configuration
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @version $Revision$
- * @since Aug 28, 2006
- */
-public class SecurityConfiguration
-{
- /**
- * Map of Application Policies keyed in by name
- */
- private static HashMap<String,ApplicationPolicy> appPolicies = new HashMap<String,ApplicationPolicy>();
- private static String cipherAlgorithm;
- private static int iterationCount;
- private static String salt;
- private static String keyStoreType;
- private static String keyStoreURL;
- private static String keyStorePass;
- private static String trustStoreType;
- private static String trustStorePass;
- private static String trustStoreURL;
- private static Key cipherKey;
- private static AlgorithmParameterSpec cipherSpec;
- private static boolean deepCopySubjectMode;
-
- public static void addApplicationPolicy(ApplicationPolicy aP)
- {
- if(aP == null)
- throw new IllegalArgumentException("application policy is null");
- appPolicies.put(aP.getName(), aP);
- }
-
- public static ApplicationPolicy getApplicationPolicy(String policyName)
- {
- return (ApplicationPolicy)appPolicies.get(policyName);
- }
-
- public static String getCipherAlgorithm()
- {
- return cipherAlgorithm;
- }
-
- public static void setCipherAlgorithm(String ca)
- {
- cipherAlgorithm = ca;
- }
-
- public static Key getCipherKey()
- {
- return cipherKey;
- }
-
- public static void setCipherKey(Key ca)
- {
- cipherKey = ca;
- }
-
- public static AlgorithmParameterSpec getCipherSpec()
- {
- return cipherSpec;
- }
-
- public static void setCipherSpec(AlgorithmParameterSpec aps)
- {
- cipherSpec = aps;
- }
-
- public static int getIterationCount()
- {
- return iterationCount;
- }
-
- /** Set the iteration count used with PBE based on the keystore password.
- * @param count - an iteration count randomization value
- */
- public static void setIterationCount(int count)
- {
- iterationCount = count;
- }
-
-
- public static String getSalt()
- {
- return salt;
- }
- /** Set the salt used with PBE based on the keystore password.
- * @param salt - an 8 char randomization string
- */
- public static void setSalt(String s)
- {
- salt = s;
- }
-
-
- /** KeyStore implementation type being used.
- @return the KeyStore implementation type being used.
- */
- public static String getKeyStoreType()
- {
- return keyStoreType;
- }
- /** Set the type of KeyStore implementation to use. This is
- passed to the KeyStore.getInstance() factory method.
- */
- public static void setKeyStoreType(String type)
- {
- keyStoreType = type;
- }
- /** Get the KeyStore database URL string.
- */
- public static String getKeyStoreURL()
- {
- return keyStoreURL;
- }
- /** Set the KeyStore database URL string. This is used to obtain
- an InputStream to initialize the KeyStore.
- */
- public static void setKeyStoreURL(String storeURL)
- {
- keyStoreURL = storeURL;
- }
-
- /** Get the credential string for the KeyStore.
- */
- public static String getKeyStorePass()
- {
- return keyStorePass ;
- }
-
- /** Set the credential string for the KeyStore.
- */
- public static void setKeyStorePass(String password)
- {
- keyStorePass = password;
- }
-
- /** Get the type of the trust store
- * @return the type of the trust store
- */
- public static String getTrustStoreType()
- {
- return trustStoreType;
- }
-
- /** Set the type of the trust store
- * @param type - the trust store implementation type
- */
- public static void setTrustStoreType(String type)
- {
- trustStoreType = type;
- }
-
- /** Set the credential string for the trust store.
- */
- public static String getTrustStorePass()
- {
- return trustStorePass;
- }
-
- /** Set the credential string for the trust store.
- */
- public static void setTrustStorePass(String password)
- {
- trustStorePass = password;
- }
-
- /** Get the trust store database URL string.
- */
- public static String getTrustStoreURL()
- {
- return trustStoreURL;
- }
-
- /** Set the trust store database URL string. This is used to obtain
- an InputStream to initialize the trust store.
- */
- public static void setTrustStoreURL(String storeURL)
- {
- trustStoreURL = storeURL;
- }
-
- public static boolean isDeepCopySubjectMode()
- {
- return deepCopySubjectMode;
- }
-
- public static void setDeepCopySubjectMode(boolean dcsm)
- {
- deepCopySubjectMode = dcsm;
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/config/SecurityConfiguration.java (from rev 73388, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/SecurityConfiguration.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/config/SecurityConfiguration.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/config/SecurityConfiguration.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,224 @@
+/*
+ * JBoss, the OpenSource J2EE webOS
+ *
+ * Distributable under LGPL license.
+ * See terms of license at gnu.org.
+ */
+package org.jboss.security.config;
+
+import java.security.Key;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.HashMap;
+
+/**
+ * Class that provides the Configuration for authentication,
+ * authorization, mapping info etc
+ * It also holds the information like JSSE keystores, keytypes and
+ * other crypto configuration
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @version $Revision$
+ * @since Aug 28, 2006
+ */
+public class SecurityConfiguration
+{
+ /**
+ * Map of Application Policies keyed in by name
+ */
+ private static HashMap<String,ApplicationPolicy> appPolicies = new HashMap<String,ApplicationPolicy>();
+ private static String cipherAlgorithm;
+ private static int iterationCount;
+ private static String salt;
+ private static String keyStoreType;
+ private static String keyStoreURL;
+ private static String keyStorePass;
+ private static String trustStoreType;
+ private static String trustStorePass;
+ private static String trustStoreURL;
+ private static Key cipherKey;
+ private static AlgorithmParameterSpec cipherSpec;
+ private static boolean deepCopySubjectMode;
+
+ /**
+ * Add an application policy
+ * @param aP Application Policy
+ */
+ public static void addApplicationPolicy(ApplicationPolicy aP)
+ {
+ if(aP == null)
+ throw new IllegalArgumentException("application policy is null");
+ appPolicies.put(aP.getName(), aP);
+ }
+
+ /**
+ * Remove the Application Policy
+ * @param name Name of the Policy
+ */
+ public static void removeApplicationPolicy(String name)
+ {
+ appPolicies.remove(name);
+ }
+
+ /**
+ * Get an application policy
+ * @param policyName Name of the Policy (such as "other", "messaging")
+ * @return
+ */
+ public static ApplicationPolicy getApplicationPolicy(String policyName)
+ {
+ return (ApplicationPolicy)appPolicies.get(policyName);
+ }
+
+ public static String getCipherAlgorithm()
+ {
+ return cipherAlgorithm;
+ }
+
+ public static void setCipherAlgorithm(String ca)
+ {
+ cipherAlgorithm = ca;
+ }
+
+ public static Key getCipherKey()
+ {
+ return cipherKey;
+ }
+
+ public static void setCipherKey(Key ca)
+ {
+ cipherKey = ca;
+ }
+
+ public static AlgorithmParameterSpec getCipherSpec()
+ {
+ return cipherSpec;
+ }
+
+ public static void setCipherSpec(AlgorithmParameterSpec aps)
+ {
+ cipherSpec = aps;
+ }
+
+ public static int getIterationCount()
+ {
+ return iterationCount;
+ }
+
+ /** Set the iteration count used with PBE based on the keystore password.
+ * @param count - an iteration count randomization value
+ */
+ public static void setIterationCount(int count)
+ {
+ iterationCount = count;
+ }
+
+
+ public static String getSalt()
+ {
+ return salt;
+ }
+ /** Set the salt used with PBE based on the keystore password.
+ * @param salt - an 8 char randomization string
+ */
+ public static void setSalt(String s)
+ {
+ salt = s;
+ }
+
+
+ /** KeyStore implementation type being used.
+ @return the KeyStore implementation type being used.
+ */
+ public static String getKeyStoreType()
+ {
+ return keyStoreType;
+ }
+ /** Set the type of KeyStore implementation to use. This is
+ passed to the KeyStore.getInstance() factory method.
+ */
+ public static void setKeyStoreType(String type)
+ {
+ keyStoreType = type;
+ }
+ /** Get the KeyStore database URL string.
+ */
+ public static String getKeyStoreURL()
+ {
+ return keyStoreURL;
+ }
+ /** Set the KeyStore database URL string. This is used to obtain
+ an InputStream to initialize the KeyStore.
+ */
+ public static void setKeyStoreURL(String storeURL)
+ {
+ keyStoreURL = storeURL;
+ }
+
+ /** Get the credential string for the KeyStore.
+ */
+ public static String getKeyStorePass()
+ {
+ return keyStorePass ;
+ }
+
+ /** Set the credential string for the KeyStore.
+ */
+ public static void setKeyStorePass(String password)
+ {
+ keyStorePass = password;
+ }
+
+ /** Get the type of the trust store
+ * @return the type of the trust store
+ */
+ public static String getTrustStoreType()
+ {
+ return trustStoreType;
+ }
+
+ /** Set the type of the trust store
+ * @param type - the trust store implementation type
+ */
+ public static void setTrustStoreType(String type)
+ {
+ trustStoreType = type;
+ }
+
+ /** Set the credential string for the trust store.
+ */
+ public static String getTrustStorePass()
+ {
+ return trustStorePass;
+ }
+
+ /** Set the credential string for the trust store.
+ */
+ public static void setTrustStorePass(String password)
+ {
+ trustStorePass = password;
+ }
+
+ /** Get the trust store database URL string.
+ */
+ public static String getTrustStoreURL()
+ {
+ return trustStoreURL;
+ }
+
+ /** Set the trust store database URL string. This is used to obtain
+ an InputStream to initialize the trust store.
+ */
+ public static void setTrustStoreURL(String storeURL)
+ {
+ trustStoreURL = storeURL;
+ }
+
+ public static boolean isDeepCopySubjectMode()
+ {
+ return deepCopySubjectMode;
+ }
+
+ public static void setDeepCopySubjectMode(boolean dcsm)
+ {
+ deepCopySubjectMode = dcsm;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/JBossIdentityTrustContext.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/JBossIdentityTrustContext.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/JBossIdentityTrustContext.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,247 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.identitytrust;
-
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-import java.util.Map;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.config.ApplicationPolicy;
-import org.jboss.security.config.ControlFlag;
-import org.jboss.security.config.IdentityTrustInfo;
-import org.jboss.security.config.SecurityConfiguration;
-import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
-import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry;
-
-//$Id$
-
-/**
- * Implementation of the Identity Trust Context
- * @author Anil.Saldhana at redhat.com
- * @since Aug 2, 2007
- * @version $Revision$
- */
-public class JBossIdentityTrustContext extends IdentityTrustContext
-{
- protected Logger log = Logger.getLogger(JBossIdentityTrustContext.class);
-
- public JBossIdentityTrustContext(String secDomain, SecurityContext sc)
- {
- this.securityDomain = secDomain;
- this.securityContext = sc;
- }
-
- @Override
- public TrustDecision isTrusted() throws IdentityTrustException
- {
- TrustDecision decision = NOTAPPLICABLE;
-
- try
- {
- initializeModules();
- }
- catch (Exception e)
- {
- throw new IdentityTrustException(e);
- }
- //Do a PrivilegedAction
- try
- {
- decision = (TrustDecision) AccessController.doPrivileged(new PrivilegedExceptionAction()
- {
- public Object run() throws IdentityTrustException
- {
- TrustDecision result = invokeTrusted();
- if(result == PERMIT)
- invokeCommit();
- if(result == DENY || result == NOTAPPLICABLE)
- {
- invokeAbort();
- }
- return result;
- }
- });
- }
- catch (PrivilegedActionException e)
- {
- Exception exc = e.getException();
- log.trace("Error in isAuthorize:", exc);
- invokeAbort();
- throw ((IdentityTrustException)exc);
- }
- return decision;
- }
-
- private void initializeModules() throws Exception
- {
- //Clear the modules
- modules.clear();
- //Get the Configuration
- ApplicationPolicy aPolicy = SecurityConfiguration.getApplicationPolicy( securityDomain);
- if(aPolicy == null)
- throw new IllegalStateException("ApplicationPolicy not found for "+ securityDomain);
-
- IdentityTrustInfo iti = aPolicy.getIdentityTrustInfo();
- if(iti == null)
- return;
- IdentityTrustModuleEntry[] itmearr = iti.getIdentityTrustModuleEntry();
- for(IdentityTrustModuleEntry itme: itmearr)
- {
- ControlFlag cf = itme.getControlFlag();
- if(cf == null)
- cf = ControlFlag.REQUIRED;
-
- this.controlFlags.add(cf);
- modules.add(instantiateModule(itme.getName(), itme.getOptions()));
- }
- }
-
- private IdentityTrustModule instantiateModule(String name, Map map) throws Exception
- {
- IdentityTrustModule im = null;
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- try
- {
- Class clazz = tcl.loadClass(name);
- im = (IdentityTrustModule)clazz.newInstance();
- }
- catch ( Exception e)
- {
- log.debug("Error instantiating IdentityTrustModule:",e);
- }
- if(im == null)
- throw new IllegalStateException("IdentityTrustModule has not " +
- "been instantiated");
- im.initialize(this.securityContext, this.callbackHandler, this.sharedState,map);
- return im;
- }
-
- private TrustDecision invokeTrusted()
- throws IdentityTrustException
- {
- //Control Flag behavior
- boolean encounteredRequiredDeny = false;
- boolean encounteredRequiredNotApplicable = false;
- boolean encounteredOptionalError = false;
- IdentityTrustException moduleException = null;
- TrustDecision overallDecision = TrustDecision.NotApplicable;
- boolean encounteredRequiredPermit = false;
-
- TrustDecision decision = NOTAPPLICABLE;
- int length = modules.size();
-
- if(length == 0)
- return decision;
-
- for(int i = 0; i < length; i++)
- {
- IdentityTrustModule module = (IdentityTrustModule)modules.get(i);
- ControlFlag flag = (ControlFlag)this.controlFlags.get(i);
- try
- {
- decision = module.isTrusted();
- }
- catch(Exception ae)
- {
- decision = NOTAPPLICABLE;
- if(moduleException == null)
- moduleException = new IdentityTrustException(ae);
- }
-
- if(decision == PERMIT)
- {
- overallDecision = PERMIT;
- if(flag == ControlFlag.REQUIRED)
- encounteredRequiredPermit = true;
- //SUFFICIENT case
- if(flag == ControlFlag.SUFFICIENT && encounteredRequiredDeny == false)
- return PERMIT;
- continue; //Continue with the other modules
- }
-
- if(decision == NOTAPPLICABLE && flag == ControlFlag.REQUIRED)
- {
- encounteredRequiredNotApplicable = true;
- continue; //Continue with the other modules
- }
- //Go through the failure cases
- //REQUISITE case
- if(flag == ControlFlag.REQUISITE)
- {
- log.trace("REQUISITE failed for " + module);
- if(moduleException == null)
- moduleException = new IdentityTrustException("Authorization failed");
- else
- throw moduleException;
- }
- //REQUIRED Case
- if(flag == ControlFlag.REQUIRED)
- {
- log.trace("REQUIRED failed for " + module);
- encounteredRequiredDeny = true;
- }
- if(flag == ControlFlag.OPTIONAL)
- encounteredOptionalError = true;
- }
-
- //All the authorization modules have been visited.
- if(encounteredRequiredDeny)
- return DENY;
- if(overallDecision == DENY && encounteredOptionalError)
- return DENY;
- if(overallDecision == DENY)
- return DENY;
-
- if(encounteredRequiredNotApplicable && !encounteredRequiredPermit)
- return NOTAPPLICABLE;
- return PERMIT;
- }
-
- private void invokeCommit()
- throws IdentityTrustException
- {
- int length = modules.size();
- for(int i = 0; i < length; i++)
- {
- IdentityTrustModule module = (IdentityTrustModule)modules.get(i);
- boolean bool = module.commit();
- if(!bool)
- throw new IdentityTrustException("commit on modules failed");
- }
- }
-
- private void invokeAbort()
- throws IdentityTrustException
- {
- int length = modules.size();
- for(int i = 0; i < length; i++)
- {
- IdentityTrustModule module = (IdentityTrustModule)modules.get(i);
- boolean bool = module.abort();
- if(!bool)
- throw new IdentityTrustException("abort on modules failed");
- }
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/JBossIdentityTrustContext.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/JBossIdentityTrustContext.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/JBossIdentityTrustContext.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/JBossIdentityTrustContext.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,246 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.identitytrust;
+
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.Map;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.ControlFlag;
+import org.jboss.security.config.IdentityTrustInfo;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
+import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry;
+
+/**
+ * Implementation of the Identity Trust Context
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 2, 2007
+ * @version $Revision$
+ */
+public class JBossIdentityTrustContext extends IdentityTrustContext
+{
+ protected Logger log = Logger.getLogger(JBossIdentityTrustContext.class);
+
+ public JBossIdentityTrustContext(String secDomain, SecurityContext sc)
+ {
+ this.securityDomain = secDomain;
+ this.securityContext = sc;
+ }
+
+ @Override
+ public TrustDecision isTrusted() throws IdentityTrustException
+ {
+ TrustDecision decision = NOTAPPLICABLE;
+
+ try
+ {
+ initializeModules();
+ }
+ catch (Exception e)
+ {
+ throw new IdentityTrustException(e);
+ }
+ //Do a PrivilegedAction
+ try
+ {
+ decision = AccessController.doPrivileged(new PrivilegedExceptionAction<TrustDecision>()
+ {
+ public TrustDecision run() throws IdentityTrustException
+ {
+ TrustDecision result = invokeTrusted();
+ if(result == PERMIT)
+ invokeCommit();
+ if(result == DENY || result == NOTAPPLICABLE)
+ {
+ invokeAbort();
+ }
+ return result;
+ }
+ });
+ }
+ catch (PrivilegedActionException e)
+ {
+ Exception exc = e.getException();
+ log.trace("Error in isAuthorize:", exc);
+ invokeAbort();
+ throw ((IdentityTrustException)exc);
+ }
+ return decision;
+ }
+
+ private void initializeModules() throws Exception
+ {
+ //Clear the modules
+ modules.clear();
+ //Get the Configuration
+ ApplicationPolicy aPolicy = SecurityConfiguration.getApplicationPolicy( securityDomain);
+ if(aPolicy == null)
+ throw new IllegalStateException("ApplicationPolicy not found for "+ securityDomain);
+
+ IdentityTrustInfo iti = aPolicy.getIdentityTrustInfo();
+ if(iti == null)
+ return;
+ IdentityTrustModuleEntry[] itmearr = iti.getIdentityTrustModuleEntry();
+ for(IdentityTrustModuleEntry itme: itmearr)
+ {
+ ControlFlag cf = itme.getControlFlag();
+ if(cf == null)
+ cf = ControlFlag.REQUIRED;
+
+ this.controlFlags.add(cf);
+ modules.add(instantiateModule(itme.getName(), itme.getOptions()));
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ private IdentityTrustModule instantiateModule(String name, Map map) throws Exception
+ {
+ IdentityTrustModule im = null;
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ try
+ {
+ Class clazz = tcl.loadClass(name);
+ im = (IdentityTrustModule)clazz.newInstance();
+ }
+ catch ( Exception e)
+ {
+ log.debug("Error instantiating IdentityTrustModule:",e);
+ }
+ if(im == null)
+ throw new IllegalStateException("IdentityTrustModule has not " +
+ "been instantiated");
+ im.initialize(this.securityContext, this.callbackHandler, this.sharedState,map);
+ return im;
+ }
+
+ private TrustDecision invokeTrusted()
+ throws IdentityTrustException
+ {
+ //Control Flag behavior
+ boolean encounteredRequiredDeny = false;
+ boolean encounteredRequiredNotApplicable = false;
+ boolean encounteredOptionalError = false;
+ IdentityTrustException moduleException = null;
+ TrustDecision overallDecision = TrustDecision.NotApplicable;
+ boolean encounteredRequiredPermit = false;
+
+ TrustDecision decision = NOTAPPLICABLE;
+ int length = modules.size();
+
+ if(length == 0)
+ return decision;
+
+ for(int i = 0; i < length; i++)
+ {
+ IdentityTrustModule module = (IdentityTrustModule)modules.get(i);
+ ControlFlag flag = (ControlFlag)this.controlFlags.get(i);
+ try
+ {
+ decision = module.isTrusted();
+ }
+ catch(Exception ae)
+ {
+ decision = NOTAPPLICABLE;
+ if(moduleException == null)
+ moduleException = new IdentityTrustException(ae);
+ }
+
+ if(decision == PERMIT)
+ {
+ overallDecision = PERMIT;
+ if(flag == ControlFlag.REQUIRED)
+ encounteredRequiredPermit = true;
+ //SUFFICIENT case
+ if(flag == ControlFlag.SUFFICIENT && encounteredRequiredDeny == false)
+ return PERMIT;
+ continue; //Continue with the other modules
+ }
+
+ if(decision == NOTAPPLICABLE && flag == ControlFlag.REQUIRED)
+ {
+ encounteredRequiredNotApplicable = true;
+ continue; //Continue with the other modules
+ }
+ //Go through the failure cases
+ //REQUISITE case
+ if(flag == ControlFlag.REQUISITE)
+ {
+ log.trace("REQUISITE failed for " + module);
+ if(moduleException == null)
+ moduleException = new IdentityTrustException("Authorization failed");
+ else
+ throw moduleException;
+ }
+ //REQUIRED Case
+ if(flag == ControlFlag.REQUIRED)
+ {
+ log.trace("REQUIRED failed for " + module);
+ encounteredRequiredDeny = true;
+ }
+ if(flag == ControlFlag.OPTIONAL)
+ encounteredOptionalError = true;
+ }
+
+ //All the authorization modules have been visited.
+ if(encounteredRequiredDeny)
+ return DENY;
+ if(overallDecision == DENY && encounteredOptionalError)
+ return DENY;
+ if(overallDecision == DENY)
+ return DENY;
+
+ if(encounteredRequiredNotApplicable && !encounteredRequiredPermit)
+ return NOTAPPLICABLE;
+ return PERMIT;
+ }
+
+ private void invokeCommit()
+ throws IdentityTrustException
+ {
+ int length = modules.size();
+ for(int i = 0; i < length; i++)
+ {
+ IdentityTrustModule module = (IdentityTrustModule)modules.get(i);
+ boolean bool = module.commit();
+ if(!bool)
+ throw new IdentityTrustException("commit on modules failed");
+ }
+ }
+
+ private void invokeAbort()
+ throws IdentityTrustException
+ {
+ int length = modules.size();
+ for(int i = 0; i < length; i++)
+ {
+ IdentityTrustModule module = (IdentityTrustModule)modules.get(i);
+ boolean bool = module.abort();
+ if(!bool)
+ throw new IdentityTrustException("abort on modules failed");
+ }
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/SecurityActions.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/SecurityActions.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,66 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.identitytrust;
-
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-
-//$Id$
-
-/**
- * Privileged Blocks
- * @author Anil.Saldhana at redhat.com
- * @since May 11, 2007
- * @version $Revision$
- */
-class SecurityActions
-{
- static ClassLoader getContextClassLoader() throws PrivilegedActionException
- {
- return (ClassLoader) AccessController.doPrivileged(new PrivilegedExceptionAction()
- {
- public Object run()
- {
- return Thread.currentThread().getContextClassLoader();
- }
- });
- }
-
- static Class loadClass(final String name) throws PrivilegedActionException
- {
- return (Class) AccessController.doPrivileged(new PrivilegedExceptionAction()
- {
- public Object run() throws PrivilegedActionException
- {
- try
- {
- return getContextClassLoader().loadClass(name);
- }
- catch ( Exception e)
- {
- throw new PrivilegedActionException(e);
- }
- }
- });
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/SecurityActions.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/SecurityActions.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/SecurityActions.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/SecurityActions.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,64 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.identitytrust;
+
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since May 11, 2007
+ * @version $Revision$
+ */
+class SecurityActions
+{
+ static ClassLoader getContextClassLoader() throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+
+ static Class<?> loadClass(final String name) throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>()
+ {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ try
+ {
+ return getContextClassLoader().loadClass(name);
+ }
+ catch ( Exception e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ }
+ });
+ }}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/modules/AbstractIdentityTrustModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/modules/AbstractIdentityTrustModule.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/modules/AbstractIdentityTrustModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,81 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.identitytrust.modules;
-
-import java.util.Map;
-
-import javax.security.auth.callback.CallbackHandler;
-
-import org.jboss.security.SecurityContext;
-import org.jboss.security.identitytrust.IdentityTrustException;
-import org.jboss.security.identitytrust.IdentityTrustModule;
-import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
-
-//$Id$
-
-/**
- * Abstract IdentityTrustModule that pulls in common stuff
- * @author Anil.Saldhana at redhat.com
- * @since Aug 2, 2007
- * @version $Revision$
- */
-public abstract class AbstractIdentityTrustModule implements IdentityTrustModule
-{
- protected SecurityContext securityContext;
- protected CallbackHandler callbackHandler;
- protected Map sharedState;
- protected Map options;
-
- /**
- * @see IdentityTrustModule#abort()
- */
- public boolean abort() throws IdentityTrustException
- {
- return true;
- }
-
- /**
- * @see IdentityTrustModule#commit()
- */
- public boolean commit() throws IdentityTrustException
- {
- return true;
- }
-
- /**
- * @see IdentityTrustModule#initialize(SecurityContext, CallbackHandler, Map, Map)
- */
- public void initialize(SecurityContext sc,
- CallbackHandler handler, Map sharedState, Map options)
- throws IdentityTrustException
- {
- this.securityContext = sc;
- this.callbackHandler = handler;
- this.sharedState = sharedState;
- this.options = options;
- }
-
- /**
- * @see IdentityTrustModule#isTrusted()
- */
- public abstract TrustDecision isTrusted() throws IdentityTrustException;
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/modules/AbstractIdentityTrustModule.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/modules/AbstractIdentityTrustModule.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/modules/AbstractIdentityTrustModule.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/identitytrust/modules/AbstractIdentityTrustModule.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,81 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.identitytrust.modules;
+
+import java.util.Map;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.identitytrust.IdentityTrustException;
+import org.jboss.security.identitytrust.IdentityTrustModule;
+import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
+
+
+/**
+ * Abstract IdentityTrustModule that pulls in common stuff
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 2, 2007
+ * @version $Revision$
+ */
+public abstract class AbstractIdentityTrustModule implements IdentityTrustModule
+{
+ protected SecurityContext securityContext;
+ protected CallbackHandler callbackHandler;
+ protected Map<String,Object> sharedState;
+ protected Map<String,Object> options;
+
+ /**
+ * @see IdentityTrustModule#abort()
+ */
+ public boolean abort() throws IdentityTrustException
+ {
+ return true;
+ }
+
+ /**
+ * @see IdentityTrustModule#commit()
+ */
+ public boolean commit() throws IdentityTrustException
+ {
+ return true;
+ }
+
+ /**
+ * @see IdentityTrustModule#initialize(SecurityContext, CallbackHandler, Map, Map)
+ */
+ public void initialize(SecurityContext sc,
+ CallbackHandler handler, Map<String,Object> sharedState
+ , Map<String,Object> options)
+ throws IdentityTrustException
+ {
+ this.securityContext = sc;
+ this.callbackHandler = handler;
+ this.sharedState = sharedState;
+ this.options = options;
+ }
+
+ /**
+ * @see IdentityTrustModule#isTrusted()
+ */
+ public abstract TrustDecision isTrusted() throws IdentityTrustException;
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/config/RoleMappingConfigContainer.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/config/RoleMappingConfigContainer.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/config/RoleMappingConfigContainer.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,83 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.mapping.config;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.config.MappingInfo;
-import org.jboss.security.config.RoleMappingInfo;
-import org.jboss.xb.binding.GenericValueContainer;
-
-//$Id: RoleMappingConfigContainer.java 45942 2006-06-28 02:14:46Z asaldhana $
-
-/**
- * A container for creating RoleMappingConfig during jbxb parse.
- *
- * @author Anil.Saldhana at jboss.org
- * @version $Revision: 45942 $
- */
-public class RoleMappingConfigContainer
- implements GenericValueContainer
-{
- private static Logger log = Logger.getLogger(RoleMappingConfigContainer.class);
-
- private List moduleEntries = new ArrayList();
-
- /**
- * @see GenericValueContainer#addChild(javax.xml.namespace.QName, java.lang.Object)
- */
- public void addChild(QName name, Object value)
- {
- if(log.isTraceEnabled())
- log.trace("addChild:Qname="+name+":value="+value);
- if(value instanceof MappingModuleEntry)
- {
- this.moduleEntries.add(value);
- }
- }
-
- /**
- * @see GenericValueContainer#instantiate()
- */
- public Object instantiate()
- {
- /**
- * Currently we do not have the name of the application policy
- * This will be rectified in the ApplicationPolicyContainer
- */
- MappingInfo ri = new RoleMappingInfo("dummy");
- ri.add(moduleEntries);
- return ri;
- }
-
- /**
- * @see GenericValueContainer#getTargetClass()
- */
- public Class getTargetClass()
- {
- return RoleMappingInfo.class;
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/config/RoleMappingConfigContainer.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/config/RoleMappingConfigContainer.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/config/RoleMappingConfigContainer.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/config/RoleMappingConfigContainer.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,84 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.mapping.config;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.config.MappingInfo;
+import org.jboss.security.config.RoleMappingInfo;
+import org.jboss.xb.binding.GenericValueContainer;
+
+//$Id: RoleMappingConfigContainer.java 45942 2006-06-28 02:14:46Z asaldhana $
+
+/**
+ * A container for creating RoleMappingConfig during jbxb parse.
+ *
+ * @author Anil.Saldhana at jboss.org
+ * @version $Revision: 45942 $
+ */
+public class RoleMappingConfigContainer
+ implements GenericValueContainer
+{
+ private static Logger log = Logger.getLogger(RoleMappingConfigContainer.class);
+
+ private List<MappingModuleEntry> moduleEntries = new ArrayList<MappingModuleEntry>();
+
+ /**
+ * @see GenericValueContainer#addChild(javax.xml.namespace.QName, java.lang.Object)
+ */
+ public void addChild(QName name, Object value)
+ {
+ if(log.isTraceEnabled())
+ log.trace("addChild:Qname="+name+":value="+value);
+ if(value instanceof MappingModuleEntry)
+ {
+ MappingModuleEntry mme = (MappingModuleEntry) value;
+ this.moduleEntries.add(mme);
+ }
+ }
+
+ /**
+ * @see GenericValueContainer#instantiate()
+ */
+ public Object instantiate()
+ {
+ /**
+ * Currently we do not have the name of the application policy
+ * This will be rectified in the ApplicationPolicyContainer
+ */
+ MappingInfo ri = new RoleMappingInfo("dummy");
+ ri.add(moduleEntries);
+ return ri;
+ }
+
+ /**
+ * @see GenericValueContainer#getTargetClass()
+ */
+ public Class<?> getTargetClass()
+ {
+ return RoleMappingInfo.class;
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,129 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2006, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.mapping.providers;
-
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Map;
-import java.util.Set;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.identity.RoleGroup;
-import org.jboss.security.identity.plugins.SimpleRole;
-import org.jboss.security.identity.plugins.SimpleRoleGroup;
-import org.jboss.security.mapping.MappingProvider;
-import org.jboss.security.mapping.MappingResult;
-
-//$Id$
-
-/**
- * A Role Mapping Module that takes into consideration a principal
- * to roles mapping that can be done in the assembly descriptor of
- * jboss.xml, jboss-web.xml and jboss-app.xml
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Nov 1, 2006
- * @version $Revision$
- */
-public class DeploymentRolesMappingProvider implements MappingProvider<RoleGroup>
-{
- private static Logger log = Logger.getLogger(DeploymentRolesMappingProvider.class);
- private boolean trace = log.isTraceEnabled();
-
- private MappingResult<RoleGroup> result;
-
- public void init(Map<String,Object> options)
- {
- }
-
- public void setMappingResult(MappingResult<RoleGroup> res)
- {
- result = res;
- }
-
- /**
- * Obtains the deployment roles via the context map and applies it
- * on the mappedObject
- * @see MappingProvider#performMapping(Map, Object)
- */
- @SuppressWarnings("unchecked")
- public void performMapping(Map<String,Object> map, RoleGroup mappedObject)
- {
- if(map == null || map.isEmpty())
- throw new IllegalArgumentException("Context Map is null or empty");
-
- //Obtain the principal to roles mapping
- Principal principal = (Principal) map.get(SecurityConstants.PRINCIPAL_IDENTIFIER);
- Map<String,Set<String>> principalRolesMap = (Map<String,Set<String>>)map.get(SecurityConstants.DEPLOYMENT_PRINCIPAL_ROLES_MAP);
-
- Set<Principal> subjectPrincipals = (Set<Principal>) map.get(SecurityConstants.PRINCIPALS_SET_IDENTIFIER);
- if(trace)
- {
- log.trace("Principal="+principal+":principalRolesMap="+principalRolesMap+":");
- log.trace("subjectPrincipals="+subjectPrincipals);
- }
- if(principalRolesMap == null || principalRolesMap.isEmpty())
- {
- result.setMappedObject(mappedObject);
- return ; // No Mapping
- }
-
- if(principal != null)
- {
- mappedObject = mapGroup(principal, principalRolesMap, mappedObject);
- }
-
- if(subjectPrincipals != null)
- {
- for(Principal p: subjectPrincipals)
- {
- if(p instanceof Group)
- continue;
- mappedObject = mapGroup(p, principalRolesMap, mappedObject);
- }
- }
-
- result.setMappedObject(mappedObject);
- }
-
- private RoleGroup mapGroup(Principal principal, Map<String, Set<String>> principalRolesMap,
- RoleGroup mappedObject)
- {
- Set<String> roleset = (Set<String>)principalRolesMap.get(principal.getName());
- if(roleset != null)
- {
- RoleGroup newRoles = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
-
- if(roleset != null)
- {
- for(String r:roleset)
- {
- newRoles.addRole(new SimpleRole(r));
- }
- }
-
- mappedObject.clearRoles();
- mappedObject.getRoles().addAll(newRoles.getRoles());
- }
- return mappedObject;
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,128 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.mapping.providers;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Map;
+import java.util.Set;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
+import org.jboss.security.mapping.MappingProvider;
+import org.jboss.security.mapping.MappingResult;
+
+
+/**
+ * A Role Mapping Module that takes into consideration a principal
+ * to roles mapping that can be done in the assembly descriptor of
+ * jboss.xml, jboss-web.xml and jboss-app.xml
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Nov 1, 2006
+ * @version $Revision$
+ */
+public class DeploymentRolesMappingProvider implements MappingProvider<RoleGroup>
+{
+ private static Logger log = Logger.getLogger(DeploymentRolesMappingProvider.class);
+ private boolean trace = log.isTraceEnabled();
+
+ private MappingResult<RoleGroup> result;
+
+ public void init(Map<String,Object> options)
+ {
+ }
+
+ public void setMappingResult(MappingResult<RoleGroup> res)
+ {
+ result = res;
+ }
+
+ /**
+ * Obtains the deployment roles via the context map and applies it
+ * on the mappedObject
+ * @see MappingProvider#performMapping(Map, Object)
+ */
+ @SuppressWarnings("unchecked")
+ public void performMapping(Map<String,Object> map, RoleGroup mappedObject)
+ {
+ if(map == null || map.isEmpty())
+ throw new IllegalArgumentException("Context Map is null or empty");
+
+ //Obtain the principal to roles mapping
+ Principal principal = (Principal) map.get(SecurityConstants.PRINCIPAL_IDENTIFIER);
+ Map<String,Set<String>> principalRolesMap = (Map<String,Set<String>>)map.get(SecurityConstants.DEPLOYMENT_PRINCIPAL_ROLES_MAP);
+
+ Set<Principal> subjectPrincipals = (Set<Principal>) map.get(SecurityConstants.PRINCIPALS_SET_IDENTIFIER);
+ if(trace)
+ {
+ log.trace("Principal="+principal+":principalRolesMap="+principalRolesMap+":");
+ log.trace("subjectPrincipals="+subjectPrincipals);
+ }
+ if(principalRolesMap == null || principalRolesMap.isEmpty())
+ {
+ result.setMappedObject(mappedObject);
+ return ; // No Mapping
+ }
+
+ if(principal != null)
+ {
+ mappedObject = mapGroup(principal, principalRolesMap, mappedObject);
+ }
+
+ if(subjectPrincipals != null)
+ {
+ for(Principal p: subjectPrincipals)
+ {
+ if(p instanceof Group)
+ continue;
+ mappedObject = mapGroup(p, principalRolesMap, mappedObject);
+ }
+ }
+
+ result.setMappedObject(mappedObject);
+ }
+
+ private RoleGroup mapGroup(Principal principal, Map<String, Set<String>> principalRolesMap,
+ RoleGroup mappedObject)
+ {
+ Set<String> roleset = (Set<String>)principalRolesMap.get(principal.getName());
+ if(roleset != null)
+ {
+ RoleGroup newRoles = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+
+ if(roleset != null)
+ {
+ for(String r:roleset)
+ {
+ newRoles.addRole(new SimpleRole(r));
+ }
+ }
+
+ mappedObject.clearRoles();
+ mappedObject.getRoles().addAll(newRoles.getRoles());
+ }
+ return mappedObject;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/MappingProviderUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/MappingProviderUtil.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/MappingProviderUtil.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,175 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2006, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.mapping.providers;
-
-import java.lang.reflect.Constructor;
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.StringTokenizer;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.SimplePrincipal;
-
-//$Id$
-
-/**
- * Utility class for Mapping Providers
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Oct 10, 2006
- * @version $Revision$
- */
-public class MappingProviderUtil
-{
- public static Logger log = Logger.getLogger(MappingProviderUtil.class);
-
- /**
- * Add principals passed via an enumeration into a group
- * @param grp
- * @param en
- * @return
- */
- public static Group addPrincipals(Group grp, Enumeration<? extends Principal> en)
- {
- while(en.hasMoreElements())
- grp.addMember(en.nextElement());
- return grp;
- }
-
- /**
- * Add the roles into the Group
- * @param roles Group of roles
- * @param addRoles
- * @return Group with the added roles
- */
- public static Group addRoles(Group roles, String[] addRoles)
- {
- Class<?> pClass = getPrincipalClass(roles);
- for(String str:addRoles)
- {
- roles.addMember(instantiatePrincipal(pClass,str));
- }
- return roles;
- }
-
-
- /**
- * Given a comma-separated list of roles, return a string array
- * @param str
- * @return
- */
- public static String[] getRolesFromCommaSeparatedString(String str)
- {
- if(str == null)
- throw new IllegalArgumentException("str is null");
- StringTokenizer st = new StringTokenizer(str,",");
- int numTokens = st != null ? st.countTokens() : 0;
- String[] tokens = new String[numTokens];
- for(int i = 0; i < numTokens; i++)
- {
- tokens[i] = st.nextToken();
- }
- return tokens;
- }
-
- /**
- * Instantiate a Principal representing a principal
- * @param cls principal class
- * @param role Name of the role
- * @return
- */
- public static Principal instantiatePrincipal(Class<?> cls, String role)
- {
- Principal p = null;
- try
- {
- Constructor<?> ctr = cls.getConstructor(new Class[] {String.class});
- p = (Principal)ctr.newInstance(new Object[]{role});
- }
- catch (Exception e)
- {
- if(log.isTraceEnabled())
- log.trace("Encountered exception in mapping provider:instantiatePrincipal:",e);
- }
- return p;
- }
-
- /**
- * Remove all the principals from the group
- * @param grp
- * @return
- */
- public static Group removePrincipals(Group grp)
- {
- HashSet<Principal> removeset = new HashSet<Principal>();
- Enumeration<? extends Principal> en = grp.members();
- while(en.hasMoreElements())
- {
- removeset.add(en.nextElement());
- }
-
- for(Principal p:removeset)
- grp.removeMember(p);
- return grp;
- }
-
- /**
- * Remove the roles from the Group
- * @param roles Group of roles
- * @param removeRoles
- * @return Group with roles removed
- */
- public static Group removeRoles(Group roles, String[] removeRoles)
- {
- //Assume that the roles all belong to the same principal class
- Class<?> pClass = getPrincipalClass(roles);
- for(String str:removeRoles)
- {
- roles.removeMember(instantiatePrincipal(pClass,str));
- }
- return roles;
- }
-
- /**
- * Replace the principals in first group with those in the second
- * @param fg
- * @param sg
- * @return
- */
- public static Group replacePrincipals(Group fg, Group sg)
- {
- return addPrincipals( removePrincipals(fg),sg.members());
- }
-
- private static Class<?> getPrincipalClass(Group roles)
- {
- //Assume that the roles all belong to the same principal class
- Class<?> principalClass = SimplePrincipal.class;
- Enumeration<? extends Principal> en = roles.members();
- if(en.hasMoreElements())
- {
- principalClass = roles.members().nextElement().getClass();
- }
- return principalClass;
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/MappingProviderUtil.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/MappingProviderUtil.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/MappingProviderUtil.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/MappingProviderUtil.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,173 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.mapping.providers;
+
+import java.lang.reflect.Constructor;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.StringTokenizer;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SimplePrincipal;
+
+/**
+ * Utility class for Mapping Providers
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Oct 10, 2006
+ * @version $Revision$
+ */
+public class MappingProviderUtil
+{
+ public static Logger log = Logger.getLogger(MappingProviderUtil.class);
+
+ /**
+ * Add principals passed via an enumeration into a group
+ * @param grp
+ * @param en
+ * @return
+ */
+ public static Group addPrincipals(Group grp, Enumeration<? extends Principal> en)
+ {
+ while(en.hasMoreElements())
+ grp.addMember(en.nextElement());
+ return grp;
+ }
+
+ /**
+ * Add the roles into the Group
+ * @param roles Group of roles
+ * @param addRoles
+ * @return Group with the added roles
+ */
+ public static Group addRoles(Group roles, String[] addRoles)
+ {
+ Class<?> pClass = getPrincipalClass(roles);
+ for(String str:addRoles)
+ {
+ roles.addMember(instantiatePrincipal(pClass,str));
+ }
+ return roles;
+ }
+
+
+ /**
+ * Given a comma-separated list of roles, return a string array
+ * @param str
+ * @return
+ */
+ public static String[] getRolesFromCommaSeparatedString(String str)
+ {
+ if(str == null)
+ throw new IllegalArgumentException("str is null");
+ StringTokenizer st = new StringTokenizer(str,",");
+ int numTokens = st != null ? st.countTokens() : 0;
+ String[] tokens = new String[numTokens];
+ for(int i = 0; i < numTokens; i++)
+ {
+ tokens[i] = st.nextToken();
+ }
+ return tokens;
+ }
+
+ /**
+ * Instantiate a Principal representing a principal
+ * @param cls principal class
+ * @param role Name of the role
+ * @return
+ */
+ public static Principal instantiatePrincipal(Class<?> cls, String role)
+ {
+ Principal p = null;
+ try
+ {
+ Constructor<?> ctr = cls.getConstructor(new Class[] {String.class});
+ p = (Principal)ctr.newInstance(new Object[]{role});
+ }
+ catch (Exception e)
+ {
+ if(log.isTraceEnabled())
+ log.trace("Encountered exception in mapping provider:instantiatePrincipal:",e);
+ }
+ return p;
+ }
+
+ /**
+ * Remove all the principals from the group
+ * @param grp
+ * @return
+ */
+ public static Group removePrincipals(Group grp)
+ {
+ HashSet<Principal> removeset = new HashSet<Principal>();
+ Enumeration<? extends Principal> en = grp.members();
+ while(en.hasMoreElements())
+ {
+ removeset.add(en.nextElement());
+ }
+
+ for(Principal p:removeset)
+ grp.removeMember(p);
+ return grp;
+ }
+
+ /**
+ * Remove the roles from the Group
+ * @param roles Group of roles
+ * @param removeRoles
+ * @return Group with roles removed
+ */
+ public static Group removeRoles(Group roles, String[] removeRoles)
+ {
+ //Assume that the roles all belong to the same principal class
+ Class<?> pClass = getPrincipalClass(roles);
+ for(String str:removeRoles)
+ {
+ roles.removeMember(instantiatePrincipal(pClass,str));
+ }
+ return roles;
+ }
+
+ /**
+ * Replace the principals in first group with those in the second
+ * @param fg
+ * @param sg
+ * @return
+ */
+ public static Group replacePrincipals(Group fg, Group sg)
+ {
+ return addPrincipals( removePrincipals(fg),sg.members());
+ }
+
+ private static Class<?> getPrincipalClass(Group roles)
+ {
+ //Assume that the roles all belong to the same principal class
+ Class<?> principalClass = SimplePrincipal.class;
+ Enumeration<? extends Principal> en = roles.members();
+ if(en.hasMoreElements())
+ {
+ principalClass = roles.members().nextElement().getClass();
+ }
+ return principalClass;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/SecurityActions.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/SecurityActions.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,98 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.mapping.providers;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.net.URLClassLoader;
-import java.security.AccessController;
-import java.security.Policy;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-
-//$Id$
-
-/**
- * Privileged Blocks
- * @author Anil.Saldhana at redhat.com
- * @since Sep 26, 2007
- * @version $Revision$
- */
-class SecurityActions
-{
- static ClassLoader getContextClassLoader()
- {
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
- {
- public ClassLoader run()
- {
- return Thread.currentThread().getContextClassLoader();
- }
- });
- }
-
- static URL findResource(final URLClassLoader cl, final String name)
- {
- return AccessController.doPrivileged(new PrivilegedAction<URL>()
- {
- public URL run()
- {
- return cl.findResource(name);
- }
- });
- }
-
- static Policy getPolicy()
- {
- return AccessController.doPrivileged(new PrivilegedAction<Policy>()
- {
- public Policy run()
- {
- return Policy.getPolicy();
- }
- });
- }
-
- static URL getResource(final ClassLoader cl, final String name)
- {
- return AccessController.doPrivileged(new PrivilegedAction<URL>()
- {
- public URL run()
- {
- return cl.getResource(name);
- }
- });
- }
-
- static InputStream openStream(final URL url) throws PrivilegedActionException
- {
- return AccessController.doPrivileged(new PrivilegedExceptionAction<InputStream>()
- {
- public InputStream run() throws IOException
- {
- return url.openStream();
- }
- });
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/SecurityActions.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/SecurityActions.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/SecurityActions.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/SecurityActions.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,96 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.mapping.providers;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.net.URLClassLoader;
+import java.security.AccessController;
+import java.security.Policy;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Sep 26, 2007
+ * @version $Revision$
+ */
+class SecurityActions
+{
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+
+ static URL findResource(final URLClassLoader cl, final String name)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<URL>()
+ {
+ public URL run()
+ {
+ return cl.findResource(name);
+ }
+ });
+ }
+
+ static Policy getPolicy()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Policy>()
+ {
+ public Policy run()
+ {
+ return Policy.getPolicy();
+ }
+ });
+ }
+
+ static URL getResource(final ClassLoader cl, final String name)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<URL>()
+ {
+ public URL run()
+ {
+ return cl.getResource(name);
+ }
+ });
+ }
+
+ static InputStream openStream(final URL url) throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<InputStream>()
+ {
+ public InputStream run() throws IOException
+ {
+ return url.openStream();
+ }
+ });
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectCNMapper.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectCNMapper.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectCNMapper.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,80 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.mapping.providers.principal;
-
-import java.security.Principal;
-import java.security.cert.X509Certificate;
-import java.util.Map;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.auth.certs.SubjectCNMapping;
-import org.jboss.security.mapping.MappingProvider;
-import org.jboss.security.mapping.MappingResult;
-
-//$Id$
-
-/**
- * A X500 Principal Mapper from a X509 Certificate that uses the client cert
- * SubjectDN CN='...' element as the principal.
- *
- * @see org.jboss.security.auth.certs.SubjectCNMapping
- * @author Anil.Saldhana at redhat.com
- * @since Oct 5, 2007
- * @version $Revision$
- */
-public class SubjectCNMapper implements MappingProvider<Principal>
-{
- private static final Logger log = Logger.getLogger(SubjectCNMapper.class);
- private Map options = null;
- private MappingResult<Principal> result;
-
- public void init(Map opt)
- {
- this.options = opt;
- }
-
- public void setMappingResult(MappingResult res)
- {
- result = res;
- }
-
- public void performMapping(Map contextMap, Principal principal)
- {
- if(principal instanceof X500Principal == false)
- return;
- if(contextMap == null)
- throw new IllegalArgumentException("ContextMap is null");
-
- X509Certificate[] certs = (X509Certificate[]) contextMap.get("X509");
- if(certs != null)
- {
- SubjectCNMapping sdn = new SubjectCNMapping();
- principal = sdn.toPrinicipal(certs);
- if(log.isTraceEnabled())
- log.trace("Mapped to Principal:"+principal);
- }
-
- result.setMappedObject(principal);
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectCNMapper.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectCNMapper.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectCNMapper.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectCNMapper.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,78 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.mapping.providers.principal;
+
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Map;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.auth.certs.SubjectCNMapping;
+import org.jboss.security.mapping.MappingProvider;
+import org.jboss.security.mapping.MappingResult;
+
+//$Id$
+
+/**
+ * A X500 Principal Mapper from a X509 Certificate that uses the client cert
+ * SubjectDN CN='...' element as the principal.
+ *
+ * @see org.jboss.security.auth.certs.SubjectCNMapping
+ * @author Anil.Saldhana at redhat.com
+ * @since Oct 5, 2007
+ * @version $Revision$
+ */
+public class SubjectCNMapper implements MappingProvider<Principal>
+{
+ private static final Logger log = Logger.getLogger(SubjectCNMapper.class);
+ private MappingResult<Principal> result;
+
+ public void init(Map<String,Object> opt)
+ {
+ }
+
+ public void setMappingResult(MappingResult<Principal> res)
+ {
+ result = res;
+ }
+
+ public void performMapping(Map<String,Object> contextMap, Principal principal)
+ {
+ if(principal instanceof X500Principal == false)
+ return;
+ if(contextMap == null)
+ throw new IllegalArgumentException("ContextMap is null");
+
+ X509Certificate[] certs = (X509Certificate[]) contextMap.get("X509");
+ if(certs != null)
+ {
+ SubjectCNMapping sdn = new SubjectCNMapping();
+ principal = sdn.toPrinicipal(certs);
+ if(log.isTraceEnabled())
+ log.trace("Mapped to Principal:"+principal);
+ }
+
+ result.setMappedObject(principal);
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectDNMapper.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectDNMapper.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectDNMapper.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,76 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.mapping.providers.principal;
-
-import java.security.Principal;
-import java.security.cert.X509Certificate;
-import java.util.Map;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.auth.certs.SubjectDNMapping;
-import org.jboss.security.mapping.MappingProvider;
-import org.jboss.security.mapping.MappingResult;
-
-//$Id$
-
-/**
- * A X500 Principal Mapper from a X509 Certificate
- * that considers SubjectDN of the Client certificate
- *
- * @see org.jboss.security.auth.certs.SubjectDNMapping
- * @author Anil.Saldhana at redhat.com
- * @since Oct 5, 2007
- * @version $Revision$
- */
-public class SubjectDNMapper implements MappingProvider<Principal>
-{
- private static final Logger log = Logger.getLogger(SubjectDNMapper.class);
- private Map options = null;
- private MappingResult<Principal> result;
-
- public void init(Map opt)
- {
- this.options = opt;
- }
-
- public void setMappingResult(MappingResult res)
- {
- result = res;
- }
-
- public void performMapping(Map contextMap, Principal principal)
- {
- if(contextMap == null)
- throw new IllegalArgumentException("ContextMap is null");
-
- X509Certificate[] certs = (X509Certificate[]) contextMap.get("X509");
- if(certs != null)
- {
- SubjectDNMapping sdn = new SubjectDNMapping();
- principal = sdn.toPrinicipal(certs);
- if(log.isTraceEnabled())
- log.trace("Mapped to Principal:"+principal);
- }
-
- result.setMappedObject(principal);
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectDNMapper.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectDNMapper.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectDNMapper.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectDNMapper.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,73 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.mapping.providers.principal;
+
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Map;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.auth.certs.SubjectDNMapping;
+import org.jboss.security.mapping.MappingProvider;
+import org.jboss.security.mapping.MappingResult;
+
+
+/**
+ * A X500 Principal Mapper from a X509 Certificate
+ * that considers SubjectDN of the Client certificate
+ *
+ * @see org.jboss.security.auth.certs.SubjectDNMapping
+ * @author Anil.Saldhana at redhat.com
+ * @since Oct 5, 2007
+ * @version $Revision$
+ */
+public class SubjectDNMapper implements MappingProvider<Principal>
+{
+ private static final Logger log = Logger.getLogger(SubjectDNMapper.class);
+ private MappingResult<Principal> result;
+
+ public void init(Map<String,Object> opt)
+ {
+ }
+
+ public void setMappingResult(MappingResult<Principal> res)
+ {
+ result = res;
+ }
+
+ public void performMapping(Map<String,Object> contextMap, Principal principal)
+ {
+ if(contextMap == null)
+ throw new IllegalArgumentException("ContextMap is null");
+
+ X509Certificate[] certs = (X509Certificate[]) contextMap.get("X509");
+ if(certs != null)
+ {
+ SubjectDNMapping sdn = new SubjectDNMapping();
+ principal = sdn.toPrinicipal(certs);
+ if(log.isTraceEnabled())
+ log.trace("Mapped to Principal:"+principal);
+ }
+
+ result.setMappedObject(principal);
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContextUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContextUtil.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContextUtil.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,205 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.plugins;
-
-import static org.jboss.security.SecurityConstants.CALLER_RAI_IDENTIFIER;
-import static org.jboss.security.SecurityConstants.ROLES_IDENTIFIER;
-import static org.jboss.security.SecurityConstants.RUNAS_IDENTITY_IDENTIFIER;
-
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-
-import org.jboss.security.RunAs;
-import org.jboss.security.RunAsIdentity;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextUtil;
-import org.jboss.security.SecurityIdentity;
-import org.jboss.security.SubjectInfo;
-import org.jboss.security.identity.RoleGroup;
-import org.jboss.security.identity.extensions.CredentialIdentity;
-
-//$Id$
-
-/**
- * Utility class for JBossSecurityContext implementation
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jan 5, 2007
- * @version $Revision$
- */
-public class JBossSecurityContextUtil extends SecurityContextUtil
-{
- public JBossSecurityContextUtil(SecurityContext sc)
- {
- this.securityContext = sc;
- }
-
- @SuppressWarnings("unchecked")
- @Override
- public <T> T get(String key)
- {
- validateSecurityContext();
- if(RUNAS_IDENTITY_IDENTIFIER.equals(key))
- return (T)securityContext.getOutgoingRunAs();
- else
- return (T) securityContext.getData().get(key);
- }
-
- @Override
- public String getUserName()
- {
- Principal p = getUserPrincipal();
- return p != null ? p.getName() : null;
- }
-
- @Override
- public Principal getUserPrincipal()
- {
- validateSecurityContext();
- Principal p = null;
- SubjectInfo subjectInfo = this.securityContext.getSubjectInfo();
- if(subjectInfo != null)
- {
- CredentialIdentity cIdentity = subjectInfo.getIdentity(CredentialIdentity.class);
- p = cIdentity != null ? cIdentity.asPrincipal() : null;
- }
- return p;
- }
-
- public Object getCredential()
- {
- validateSecurityContext();
- Object cred = null;
- SubjectInfo subjectInfo = this.securityContext.getSubjectInfo();
- if(subjectInfo != null)
- {
- CredentialIdentity cIdentity = subjectInfo.getIdentity(CredentialIdentity.class);
- cred = cIdentity != null ? cIdentity.getCredential(): null;
- }
- return cred;
- }
-
- public Subject getSubject()
- {
- validateSecurityContext();
- Subject s = null;
- SubjectInfo subjectInfo = this.securityContext.getSubjectInfo();
- if(subjectInfo != null)
- {
- s = subjectInfo.getAuthenticatedSubject();
- }
- return s;
- }
-
- @Override
- public <T> void set(String key, T obj)
- {
- validateSecurityContext();
- if(key == null)
- throw new IllegalArgumentException("Key is null");
- if(obj != null)
- {
- if(RUNAS_IDENTITY_IDENTIFIER.equals(key) && obj instanceof RunAsIdentity == false)
- throw new IllegalArgumentException("Not RunAsIdentity:"+obj);
- if(ROLES_IDENTIFIER.equals(key) && obj instanceof Group == false)
- throw new IllegalArgumentException("Not Group:"+obj);
- }
- if(RUNAS_IDENTITY_IDENTIFIER.equals(key))
- setRunAsIdentity( (RunAsIdentity) obj);
- else
- securityContext.getData().put(key, obj);
- }
-
- @SuppressWarnings("unchecked")
- @Override
- public <T> T remove(String key)
- {
- if(key == null)
- throw new IllegalArgumentException("Key is null");
- Map<String,Object> contextMap = securityContext.getData();
- if(RUNAS_IDENTITY_IDENTIFIER.equals(key))
- {
- RunAs runAs = securityContext.getOutgoingRunAs();
- //Move the caller RAI to current RAI
- securityContext.setOutgoingRunAs((RunAs) contextMap.get(CALLER_RAI_IDENTIFIER));
-
- //Clear the Caller RAI
- contextMap.remove(CALLER_RAI_IDENTIFIER);
- return (T) runAs;
- }
- return (T) contextMap.remove(key);
- }
-
- @Override
- public void setRoles(RoleGroup roles)
- {
- validateSecurityContext();
- securityContext.getSubjectInfo().setRoles(roles);
- }
-
-
- @Override
- public void setSecurityIdentity(SecurityIdentity sidentity)
- {
- createSubjectInfo(sidentity.getPrincipal(), sidentity.getCredential(),
- sidentity.getSubject());
- securityContext.setOutgoingRunAs(sidentity.getOutgoingRunAs());
- securityContext.setIncomingRunAs(sidentity.getIncomingRunAs());
- }
-
- @Override
- public SecurityIdentity getSecurityIdentity()
- {
- return new SecurityIdentity(securityContext.getSubjectInfo(),
- securityContext.getOutgoingRunAs(), securityContext.getIncomingRunAs());
- }
-
-
- //PRIVATE METHODS
- private void setRunAsIdentity(RunAsIdentity rai)
- {
- Map<String,Object> contextMap = securityContext.getData();
-
- //Move the current RAI on the sc into the caller rai
- RunAs currentRA = securityContext.getOutgoingRunAs();
- contextMap.put(CALLER_RAI_IDENTIFIER, currentRA);
-
- securityContext.setOutgoingRunAs(rai);
- }
-
-
- @Override
- public RoleGroup getRoles()
- {
- validateSecurityContext();
- return securityContext.getSubjectInfo().getRoles();
- }
-
- // Private Methods
- private void validateSecurityContext()
- {
- if(securityContext == null)
- throw new IllegalStateException("SecurityContext is null: set it on the util");
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContextUtil.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContextUtil.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContextUtil.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContextUtil.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,205 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.plugins;
+
+import static org.jboss.security.SecurityConstants.CALLER_RAI_IDENTIFIER;
+import static org.jboss.security.SecurityConstants.ROLES_IDENTIFIER;
+import static org.jboss.security.SecurityConstants.RUNAS_IDENTITY_IDENTIFIER;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+
+import org.jboss.security.RunAs;
+import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextUtil;
+import org.jboss.security.SecurityIdentity;
+import org.jboss.security.SubjectInfo;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.extensions.CredentialIdentity;
+
+//$Id$
+
+/**
+ * Utility class for JBossSecurityContext implementation
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jan 5, 2007
+ * @version $Revision$
+ */
+public class JBossSecurityContextUtil extends SecurityContextUtil
+{
+ public JBossSecurityContextUtil(SecurityContext sc)
+ {
+ this.securityContext = sc;
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public <T> T get(String key)
+ {
+ validateSecurityContext();
+ if(RUNAS_IDENTITY_IDENTIFIER.equals(key))
+ return (T)securityContext.getOutgoingRunAs();
+ else
+ return (T) securityContext.getData().get(key);
+ }
+
+ @Override
+ public String getUserName()
+ {
+ Principal p = getUserPrincipal();
+ return p != null ? p.getName() : null;
+ }
+
+ @Override
+ public Principal getUserPrincipal()
+ {
+ validateSecurityContext();
+ Principal p = null;
+ SubjectInfo subjectInfo = this.securityContext.getSubjectInfo();
+ if(subjectInfo != null)
+ {
+ CredentialIdentity<?> cIdentity = subjectInfo.getIdentity(CredentialIdentity.class);
+ p = cIdentity != null ? cIdentity.asPrincipal() : null;
+ }
+ return p;
+ }
+
+ public Object getCredential()
+ {
+ validateSecurityContext();
+ Object cred = null;
+ SubjectInfo subjectInfo = this.securityContext.getSubjectInfo();
+ if(subjectInfo != null)
+ {
+ CredentialIdentity<?> cIdentity = subjectInfo.getIdentity(CredentialIdentity.class);
+ cred = cIdentity != null ? cIdentity.getCredential(): null;
+ }
+ return cred;
+ }
+
+ public Subject getSubject()
+ {
+ validateSecurityContext();
+ Subject s = null;
+ SubjectInfo subjectInfo = this.securityContext.getSubjectInfo();
+ if(subjectInfo != null)
+ {
+ s = subjectInfo.getAuthenticatedSubject();
+ }
+ return s;
+ }
+
+ @Override
+ public <T> void set(String key, T obj)
+ {
+ validateSecurityContext();
+ if(key == null)
+ throw new IllegalArgumentException("Key is null");
+ if(obj != null)
+ {
+ if(RUNAS_IDENTITY_IDENTIFIER.equals(key) && obj instanceof RunAsIdentity == false)
+ throw new IllegalArgumentException("Not RunAsIdentity:"+obj);
+ if(ROLES_IDENTIFIER.equals(key) && obj instanceof Group == false)
+ throw new IllegalArgumentException("Not Group:"+obj);
+ }
+ if(RUNAS_IDENTITY_IDENTIFIER.equals(key))
+ setRunAsIdentity( (RunAsIdentity) obj);
+ else
+ securityContext.getData().put(key, obj);
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public <T> T remove(String key)
+ {
+ if(key == null)
+ throw new IllegalArgumentException("Key is null");
+ Map<String,Object> contextMap = securityContext.getData();
+ if(RUNAS_IDENTITY_IDENTIFIER.equals(key))
+ {
+ RunAs runAs = securityContext.getOutgoingRunAs();
+ //Move the caller RAI to current RAI
+ securityContext.setOutgoingRunAs((RunAs) contextMap.get(CALLER_RAI_IDENTIFIER));
+
+ //Clear the Caller RAI
+ contextMap.remove(CALLER_RAI_IDENTIFIER);
+ return (T) runAs;
+ }
+ return (T) contextMap.remove(key);
+ }
+
+ @Override
+ public void setRoles(RoleGroup roles)
+ {
+ validateSecurityContext();
+ securityContext.getSubjectInfo().setRoles(roles);
+ }
+
+
+ @Override
+ public void setSecurityIdentity(SecurityIdentity sidentity)
+ {
+ createSubjectInfo(sidentity.getPrincipal(), sidentity.getCredential(),
+ sidentity.getSubject());
+ securityContext.setOutgoingRunAs(sidentity.getOutgoingRunAs());
+ securityContext.setIncomingRunAs(sidentity.getIncomingRunAs());
+ }
+
+ @Override
+ public SecurityIdentity getSecurityIdentity()
+ {
+ return new SecurityIdentity(securityContext.getSubjectInfo(),
+ securityContext.getOutgoingRunAs(), securityContext.getIncomingRunAs());
+ }
+
+
+ //PRIVATE METHODS
+ private void setRunAsIdentity(RunAsIdentity rai)
+ {
+ Map<String,Object> contextMap = securityContext.getData();
+
+ //Move the current RAI on the sc into the caller rai
+ RunAs currentRA = securityContext.getOutgoingRunAs();
+ contextMap.put(CALLER_RAI_IDENTIFIER, currentRA);
+
+ securityContext.setOutgoingRunAs(rai);
+ }
+
+
+ @Override
+ public RoleGroup getRoles()
+ {
+ validateSecurityContext();
+ return securityContext.getSubjectInfo().getRoles();
+ }
+
+ // Private Methods
+ private void validateSecurityContext()
+ {
+ if(securityContext == null)
+ throw new IllegalStateException("SecurityContext is null: set it on the util");
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/audit/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/audit/SecurityActions.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/audit/SecurityActions.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,66 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.plugins.audit;
-
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-
-//$Id$
-
-/**
- * Privileged Blocks
- * @author Anil.Saldhana at redhat.com
- * @since May 11, 2007
- * @version $Revision$
- */
-class SecurityActions
-{
- static ClassLoader getContextClassLoader() throws PrivilegedActionException
- {
- return (ClassLoader) AccessController.doPrivileged(new PrivilegedExceptionAction()
- {
- public Object run()
- {
- return Thread.currentThread().getContextClassLoader();
- }
- });
- }
-
- static Class loadClass(final String name) throws PrivilegedActionException
- {
- return (Class) AccessController.doPrivileged(new PrivilegedExceptionAction()
- {
- public Object run() throws PrivilegedActionException
- {
- try
- {
- return getContextClassLoader().loadClass(name);
- }
- catch ( Exception e)
- {
- throw new PrivilegedActionException(e);
- }
- }
- });
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/audit/SecurityActions.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/audit/SecurityActions.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/audit/SecurityActions.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/audit/SecurityActions.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,64 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.plugins.audit;
+
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since May 11, 2007
+ * @version $Revision$
+ */
+class SecurityActions
+{
+ static ClassLoader getContextClassLoader() throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+
+ static Class<?> loadClass(final String name) throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>()
+ {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ try
+ {
+ return getContextClassLoader().loadClass(name);
+ }
+ catch ( Exception e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ }
+ });
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,781 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.plugins.auth;
-
-import java.lang.reflect.Method;
-import java.lang.reflect.UndeclaredThrowableException;
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Arrays;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.MessageInfo;
-import javax.security.auth.message.config.AuthConfigFactory;
-import javax.security.auth.message.config.AuthConfigProvider;
-import javax.security.auth.message.config.ServerAuthConfig;
-import javax.security.auth.message.config.ServerAuthContext;
-import javax.security.jacc.PolicyContext;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.AuthenticationManager;
-import org.jboss.security.AuthorizationManager;
-import org.jboss.security.RealmMapping;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextAssociation;
-import org.jboss.security.SecurityUtil;
-import org.jboss.security.SubjectSecurityManager;
-import org.jboss.security.auth.callback.AppCallbackHandler;
-import org.jboss.security.auth.callback.SecurityAssociationHandler;
-import org.jboss.util.CachePolicy;
-import org.jboss.util.TimedCachePolicy;
-
-/** The JaasSecurityManager is responsible both for authenticating credentials
- associated with principals and for role mapping. This implementation relies
- on the JAAS LoginContext/LoginModules associated with the security
- domain name associated with the class for authentication,
- and the context JAAS Subject object for role mapping.
-
- @see #isValid(Principal, Object, Subject)
- @see #getPrincipal(Principal)
- @see #doesUserHaveRole(Principal, Set)
-
- @author <a href="on at ibis.odessa.ua">Oleg Nitz</a>
- @author Scott.Stark at jboss.org
- @author Anil.Saldhana at jboss.org
- @version $Revision: 62860 $
-*/
-public class JaasSecurityManagerBase
- implements SubjectSecurityManager, RealmMapping
-{
- /** The authentication cache object.
- */
- public static class DomainInfo implements TimedCachePolicy.TimedEntry
- {
- private static Logger log = Logger.getLogger(DomainInfo.class);
- private static boolean trace = log.isTraceEnabled();
- private LoginContext loginCtx;
- private Subject subject;
- private Object credential;
- private Principal callerPrincipal;
- private long expirationTime;
- /** Is there an active authentication in process */
- private boolean needsDestroy;
- /** The number of users sharing this DomainInfo */
- private int activeUsers;
-
- /**
- Create a cache entry with the given lifetime in seconds. Since this comes
- from the TimedCachePolicy, its expected to be <= Integer.MAX_VALUE.
-
- @param lifetime - lifetime in seconds. A lifetime <= 0 means no caching
- with the exception of -1 which indicates that the cache entry never
- expires.
- */
- public DomainInfo(long lifetime)
- {
- expirationTime = lifetime;
- if( expirationTime != -1 )
- expirationTime *= 1000;
- }
-
- synchronized int acquire()
- {
- return activeUsers ++;
- }
- synchronized int release()
- {
- int users = activeUsers --;
- if( needsDestroy == true && users == 0 )
- {
- if( trace )
- log.trace("needsDestroy is true, doing logout");
- logout();
- }
- return users;
- }
- synchronized void logout()
- {
- if( trace )
- log.trace("logout, subject="+subject+", this="+this);
- try
- {
- if( loginCtx != null )
- loginCtx.logout();
- }
- catch(Throwable e)
- {
- if( trace )
- log.trace("Cache entry logout failed", e);
- }
- }
-
- public void init(long now)
- {
- expirationTime += now;
- }
- public boolean isCurrent(long now)
- {
- boolean isCurrent = expirationTime == -1;
- if( isCurrent == false )
- isCurrent = expirationTime > now;
- return isCurrent;
- }
- public boolean refresh()
- {
- return false;
- }
- /**
- * This
- */
- public void destroy()
- {
- if( trace )
- {
- log.trace("destroy, subject="+subject+", this="+this
- +", activeUsers="+activeUsers);
- }
-
- synchronized( this )
- {
- if( activeUsers == 0 )
- logout();
- else
- {
- if( trace )
- log.trace("destroy saw activeUsers="+activeUsers);
- needsDestroy = true;
- }
- }
- }
- public Object getValue()
- {
- return this;
- }
- public String toString()
- {
- StringBuffer tmp = new StringBuffer(super.toString());
- tmp.append('[');
- tmp.append(SubjectActions.toString(subject));
- tmp.append(",credential.class=");
- if( credential != null )
- {
- Class c = credential.getClass();
- tmp.append(c.getName());
- tmp.append('@');
- tmp.append(System.identityHashCode(c));
- }
- else
- {
- tmp.append("null");
- }
- tmp.append(",expirationTime=");
- tmp.append(expirationTime);
- tmp.append(']');
-
- return tmp.toString();
- }
- }
-
- /** The name of the domain this instance is securing. It is used as
- the appName into the SecurityPolicy.
- */
- private String securityDomain;
- /** A cache of DomainInfo objects keyd by Principal. This is now
- always set externally by our security manager service.
- */
- private CachePolicy domainCache;
- /** The JAAS callback handler to use in defaultLogin */
- private CallbackHandler handler;
- /** The setSecurityInfo(Principal, Object) method of the handler obj */
- private transient Method setSecurityInfo;
- /** The flag to indicate that the Subject sets need to be deep copied*/
- private boolean deepCopySubjectOption = false;
-
- /** The log4j category for the security manager domain
- */
- protected Logger log;
- protected boolean trace;
-
- /** Creates a default JaasSecurityManager for with a securityDomain
- name of 'other'.
- */
- public JaasSecurityManagerBase()
- {
- this("other", new SecurityAssociationHandler());
- }
- /** Creates a JaasSecurityManager for with a securityDomain
- name of that given by the 'securityDomain' argument.
- @param securityDomain the name of the security domain
- @param handler the JAAS callback handler instance to use
- @exception UndeclaredThrowableException thrown if handler does not
- implement a setSecurityInfo(Princpal, Object) method
- */
- public JaasSecurityManagerBase(String securityDomain, CallbackHandler handler)
- {
- this.securityDomain = securityDomain;
- this.handler = handler;
- String categoryName = getClass().getName()+'.'+securityDomain;
- this.log = Logger.getLogger(categoryName);
- this.trace = log.isTraceEnabled();
-
- // Get the setSecurityInfo(Principal principal, Object credential) method
- Class[] sig = {Principal.class, Object.class};
- try
- {
- setSecurityInfo = handler.getClass().getMethod("setSecurityInfo", sig);
- }
- catch (Exception e)
- {
- String msg = "Failed to find setSecurityInfo(Princpal, Object) method in handler";
- throw new UndeclaredThrowableException(e, msg);
- }
- log.debug("CallbackHandler: "+handler);
- }
-
- /** The domainCache is typically a shared object that is populated
- by the login code(LoginModule, etc.) and read by this class in the
- isValid() method.
- @see #isValid(Principal, Object, Subject)
- */
- public void setCachePolicy(CachePolicy domainCache)
- {
- this.domainCache = domainCache;
- log.debug("CachePolicy set to: "+domainCache);
- }
-
- /**
- * Flag to specify if deep copy of subject sets needs to be
- * enabled
- *
- * @param flag
- */
- public void setDeepCopySubjectOption(Boolean flag)
- {
- log.debug("setDeepCopySubjectOption="+ flag);
- this.deepCopySubjectOption = (flag == Boolean.TRUE) ;
- }
-
- /** Not really used anymore as the security manager service manages the
- security domain authentication caches.
- */
- public void flushCache()
- {
- if( domainCache != null )
- domainCache.flush();
- }
-
- /** Get the name of the security domain associated with this security mgr.
- @return Name of the security manager security domain.
- */
- public String getSecurityDomain()
- {
- return securityDomain;
- }
-
- /** Get the currently authenticated Subject. This is a thread local
- property shared across all JaasSecurityManager instances.
- @return The Subject authenticated in the current thread if one
- exists, null otherwise.
- */
- public Subject getActiveSubject()
- {
- /* This does not use SubjectActions.getActiveSubject since the caller
- must have the correct permissions to access the
- SecurityAssociation.getSubject method.
- */
- //return SecurityAssociation.getSubject();
- Subject subj = null;
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- if(sc != null)
- {
- subj = sc.getUtil().getSubject();
- }
- return subj;
- }
-
- /** Validate that the given credential is correct for principal. This
- returns the value from invoking isValid(principal, credential, null).
- @param principal - the security domain principal attempting access
- @param credential - the proof of identity offered by the principal
- @return true if the principal was authenticated, false otherwise.
- */
- public boolean isValid(Principal principal, Object credential)
- {
- return isValid(principal, credential, null);
- }
-
- /** Validate that the given credential is correct for principal. This first
- will check the current CachePolicy object if one exists to see if the
- user's cached credentials match the given credential. If there is no
- credential cache or the cache information is invalid or does not match,
- the user is authenticated against the JAAS login modules configured for
- the security domain.
- @param principal - the security domain principal attempting access
- @param credential the proof of identity offered by the principal
- @param activeSubject - if not null, a Subject that will be populated with
- the state of the authenticated Subject.
- @return true if the principal was authenticated, false otherwise.
- */
- public boolean isValid(Principal principal, Object credential,
- Subject activeSubject)
- {
- // Check the cache first
- DomainInfo cacheInfo = getCacheInfo(principal, true);
- if( trace )
- log.trace("Begin isValid, principal:"+principal+", cache info: "+cacheInfo);
-
- boolean isValid = false;
- if( cacheInfo != null )
- {
- isValid = validateCache(cacheInfo, credential, activeSubject);
- if( cacheInfo != null )
- cacheInfo.release();
- }
- if( isValid == false )
- isValid = authenticate(principal, credential, activeSubject);
- if( trace )
- log.trace("End isValid, "+isValid);
- return isValid;
- }
-
- /**
- * @see AuthenticationManager#isValid(MessageInfo, Subject, String)
- */
- public boolean isValid(MessageInfo requestMessage,Subject clientSubject, String layer)
- {
- CallbackHandler cbh = new AppCallbackHandler("DUMMY","DUMMY".toCharArray());
- return this.isValid(requestMessage, clientSubject, layer, cbh);
- }
-
- /**
- * @see AuthenticationManager#isValid(MessageInfo, Subject, String, CallbackHandler)
- */
- @SuppressWarnings("unchecked")
- public boolean isValid(MessageInfo requestMessage,Subject clientSubject, String layer,
- CallbackHandler handler)
- {
- AuthStatus status = AuthStatus.FAILURE;
-
- try
- {
- String contextID = PolicyContext.getContextID();
- AuthConfigFactory factory = AuthConfigFactory.getFactory();
- AuthConfigProvider provider = factory.getConfigProvider(layer,contextID,null);
- if(provider == null)
- throw new IllegalStateException("Provider is null for "+ layer + " for "+ contextID);
-
- ServerAuthConfig serverConfig = provider.getServerAuthConfig(layer,contextID,handler);
- ServerAuthContext sctx = serverConfig.getAuthContext(contextID,
- new Subject(), new HashMap());
- if(clientSubject == null)
- clientSubject = new Subject();
- Subject serviceSubject = new Subject();
- status = sctx.validateRequest(requestMessage, clientSubject, serviceSubject);
- //TODO: Add caching
- }
- catch(AuthException ae)
- {
- log.trace("AuthException:",ae);
- }
- return AuthStatus.SUCCESS == status ;
- }
-
- /** Map the argument principal from the deployment environment principal
- to the developer environment. This is called by the EJB context
- getCallerPrincipal() to return the Principal as described by
- the EJB developer domain.
- @return a Principal object that is valid in the deployment environment
- if one exists. If no Subject exists or the Subject has no principals
- then the argument principal is returned.
- */
- public Principal getPrincipal(Principal principal)
- {
- if(domainCache == null)
- return principal;
- Principal result = principal;
- // Get the CallerPrincipal group member
- synchronized( domainCache )
- {
- DomainInfo info = getCacheInfo(principal, false);
- if( trace )
- log.trace("getPrincipal, cache info: "+info);
- if( info != null )
- {
- result = info.callerPrincipal;
- // If the mapping did not have a callerPrincipal just use principal
- if( result == null )
- result = principal;
- info.release();
- }
- }
-
- return result;
- }
-
- /** Does the current Subject have a role(a Principal) that equates to one
- of the role names. This method obtains the Group named 'Roles' from
- the principal set of the currently authenticated Subject as determined
- by the SecurityAssociation.getSubject() method and then creates a
- SimplePrincipal for each name in roleNames. If the role is a member of the
- Roles group, then the user has the role. This requires that the caller
- establish the correct SecurityAssociation subject prior to calling this
- method. In the past this was done as a side-effect of an isValid() call,
- but this is no longer the case.
-
- @param principal - ignored. The current authenticated Subject determines
- the active user and assigned user roles.
- @param rolePrincipals - a Set of Principals for the roles to check.
-
- @see java.security.acl.Group;
- @see Subject#getPrincipals()
- */
- public boolean doesUserHaveRole(Principal principal, Set<Principal> rolePrincipals)
- {
- AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain,
- SecurityConstants.JAAS_CONTEXT_ROOT);
- return am.doesUserHaveRole(principal, rolePrincipals);
- }
-
- /** Return the set of domain roles the current active Subject 'Roles' group
- found in the subject Principals set.
-
- @param principal - ignored. The current authenticated Subject determines
- the active user and assigned user roles.
- @return The Set<Principal> for the application domain roles that the
- principal has been assigned.
- */
- public Set<Principal> getUserRoles(Principal principal)
- {
- AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain,
- SecurityConstants.JAAS_CONTEXT_ROOT);
- return am.getUserRoles(principal);
- }
-
- /**
- * @see AuthenticationManager#getTargetPrincipal(Principal,Map)
- */
- public Principal getTargetPrincipal(Principal anotherDomainPrincipal,
- Map<String,Object> contextMap)
- {
- throw new RuntimeException("Not implemented yet");
- }
-
- /** Currently this simply calls defaultLogin() to do a JAAS login using the
- security domain name as the login module configuration name.
-
- * @param principal - the user id to authenticate
- * @param credential - an opaque credential.
- * @return false on failure, true on success.
- */
- private boolean authenticate(Principal principal, Object credential,
- Subject theSubject)
- {
- Subject subject = null;
- boolean authenticated = false;
- LoginException authException = null;
-
- try
- {
- // Validate the principal using the login configuration for this domain
- LoginContext lc = defaultLogin(principal, credential);
- subject = lc.getSubject();
-
- // Set the current subject if login was successful
- if( subject != null )
- {
- // Copy the current subject into theSubject
- if( theSubject != null )
- {
- SubjectActions.copySubject(subject, theSubject, false,this.deepCopySubjectOption);
- }
- else
- {
- theSubject = subject;
- }
-
- authenticated = true;
- // Build the Subject based DomainInfo cache value
- updateCache(lc, subject, principal, credential);
- }
- }
- catch(LoginException e)
- {
- // Don't log anonymous user failures unless trace level logging is on
- if( principal != null && principal.getName() != null || trace )
- log.trace("Login failure", e);
- authException = e;
- }
- // Set the security association thread context info exception
- SubjectActions.setContextInfo("org.jboss.security.exception", authException);
-
- return authenticated;
- }
-
- /** Pass the security info to the login modules configured for
- this security domain using our SecurityAssociationHandler.
- @return The authenticated Subject if successful.
- @exception LoginException throw if login fails for any reason.
- */
- private LoginContext defaultLogin(Principal principal, Object credential)
- throws LoginException
- {
- /* We use our internal CallbackHandler to provide the security info. A
- copy must be made to ensure there is a unique handler per active
- login since there can be multiple active logins.
- */
- Object[] securityInfo = {principal, credential};
- CallbackHandler theHandler = null;
- try
- {
- theHandler = (CallbackHandler) handler.getClass().newInstance();
- setSecurityInfo.invoke(theHandler, securityInfo);
- }
- catch (Throwable e)
- {
- if( trace )
- log.trace("Failed to create/setSecurityInfo on handler", e);
- LoginException le = new LoginException("Failed to setSecurityInfo on handler");
- le.initCause(e);
- throw le;
- }
- Subject subject = new Subject();
- LoginContext lc = null;
- if( trace )
- log.trace("defaultLogin, principal="+principal);
- lc = SubjectActions.createLoginContext(securityDomain, subject, theHandler);
- lc.login();
- if( trace )
- log.trace("defaultLogin, lc="+lc+", subject="+SubjectActions.toString(subject));
- return lc;
- }
-
- /** Validate the cache credential value against the provided credential
- */
- @SuppressWarnings("unchecked")
- private boolean validateCache(DomainInfo info, Object credential,
- Subject theSubject)
- {
- if( trace )
- {
- StringBuffer tmp = new StringBuffer("Begin validateCache, info=");
- tmp.append(info.toString());
- tmp.append(";credential.class=");
- if( credential != null )
- {
- Class c = credential.getClass();
- tmp.append(c.getName());
- tmp.append('@');
- tmp.append(System.identityHashCode(c));
- }
- else
- {
- tmp.append("null");
- }
- log.trace(tmp.toString());
- }
-
- Object subjectCredential = info.credential;
- boolean isValid = false;
- // Check for a null credential as can be the case for an anonymous user
- if( credential == null || subjectCredential == null )
- {
- // Both credentials must be null
- isValid = (credential == null) && (subjectCredential == null);
- }
- // See if the credential is assignable to the cache value
- else if( subjectCredential.getClass().isAssignableFrom(credential.getClass()) )
- {
- /* Validate the credential by trying Comparable, char[], byte[],
- Object[], and finally Object.equals()
- */
- if( subjectCredential instanceof Comparable )
- {
- Comparable c = (Comparable) subjectCredential;
- isValid = c.compareTo(credential) == 0;
- }
- else if( subjectCredential instanceof char[] )
- {
- char[] a1 = (char[]) subjectCredential;
- char[] a2 = (char[]) credential;
- isValid = Arrays.equals(a1, a2);
- }
- else if( subjectCredential instanceof byte[] )
- {
- byte[] a1 = (byte[]) subjectCredential;
- byte[] a2 = (byte[]) credential;
- isValid = Arrays.equals(a1, a2);
- }
- else if( subjectCredential.getClass().isArray() )
- {
- Object[] a1 = (Object[]) subjectCredential;
- Object[] a2 = (Object[]) credential;
- isValid = Arrays.equals(a1, a2);
- }
- else
- {
- isValid = subjectCredential.equals(credential);
- }
- }
- else if( subjectCredential instanceof char[] && credential instanceof String )
- {
- char[] a1 = (char[]) subjectCredential;
- char[] a2 = ((String) credential).toCharArray();
- isValid = Arrays.equals(a1, a2);
- }
- else if( subjectCredential instanceof String && credential instanceof char[] )
- {
- char[] a1 = ((String) subjectCredential).toCharArray();
- char[] a2 = (char[]) credential;
- isValid = Arrays.equals(a1, a2);
- }
-
- // If the credentials match, set the thread's active Subject
- if( isValid )
- {
- // Copy the current subject into theSubject
- if( theSubject != null )
- {
- SubjectActions.copySubject(info.subject, theSubject, false,this.deepCopySubjectOption);
- }
- }
- if( trace )
- log.trace("End validateCache, isValid="+isValid);
-
- return isValid;
- }
-
- /** An accessor method that synchronizes access on the domainCache
- to avoid a race condition that can occur when the cache entry expires
- in the presence of multi-threaded access. The allowRefresh flag should
- be true for authentication accesses and false for other accesses.
- Previously the other accesses included authorization and caller principal
- mapping. Now the only use of the
-
- @param principal - the caller identity whose cached credentials are to
- be accessed.
- @param allowRefresh - a flag indicating if the cache access should flush
- any expired entries.
- */
- private DomainInfo getCacheInfo(Principal principal, boolean allowRefresh)
- {
- if( domainCache == null )
- return null;
-
- DomainInfo cacheInfo = null;
- synchronized( domainCache )
- {
- if( allowRefresh == true )
- cacheInfo = (DomainInfo) domainCache.get(principal);
- else
- cacheInfo = (DomainInfo) domainCache.peek(principal);
- if( cacheInfo != null )
- cacheInfo.acquire();
- }
- return cacheInfo;
- }
-
- private Subject updateCache(LoginContext lc, Subject subject,
- Principal principal, Object credential)
- {
- // If we don't have a cache there is nothing to update
- if( domainCache == null )
- return subject;
-
- long lifetime = 0;
- if( domainCache instanceof TimedCachePolicy )
- {
- TimedCachePolicy cache = (TimedCachePolicy) domainCache;
- lifetime = cache.getDefaultLifetime();
- }
- DomainInfo info = new DomainInfo(lifetime);
- info.loginCtx = lc;
- info.subject = new Subject();
- SubjectActions.copySubject(subject, info.subject, true, this.deepCopySubjectOption);
- info.credential = credential;
-
- if( trace )
- {
- log.trace("updateCache, inputSubject="+SubjectActions.toString(subject)
- +", cacheSubject="+SubjectActions.toString(info.subject));
- }
-
- /* Get the Subject callerPrincipal by looking for a Group called
- 'CallerPrincipal'
- */
- Set subjectGroups = subject.getPrincipals(Group.class);
- Iterator iter = subjectGroups.iterator();
- while( iter.hasNext() )
- {
- Group grp = (Group) iter.next();
- String name = grp.getName();
- if( name.equals("CallerPrincipal") )
- {
- Enumeration members = grp.members();
- if( members.hasMoreElements() )
- info.callerPrincipal = (Principal) members.nextElement();
- }
- }
-
- /* Handle null principals with no callerPrincipal. This is an indication
- of an user that has not provided any authentication info, but
- has been authenticated by the domain login module stack. Here we look
- for the first non-Group Principal and use that.
- */
- if( principal == null && info.callerPrincipal == null )
- {
- Set subjectPrincipals = subject.getPrincipals(Principal.class);
- iter = subjectPrincipals.iterator();
- while( iter.hasNext() )
- {
- Principal p = (Principal) iter.next();
- if( (p instanceof Group) == false )
- info.callerPrincipal = p;
- }
- }
-
- /* If the user already exists another login is active. Currently
- only one is allowed so remove the old and insert the new. Synchronize
- on the domainCache to ensure the removal and addition are an atomic
- operation so that getCacheInfo cannot see stale data.
- */
- synchronized( domainCache )
- {
- if( domainCache.peek(principal) != null )
- domainCache.remove(principal);
- domainCache.insert(principal, info);
- if( trace )
- log.trace("Inserted cache info: "+info);
- }
- return info.subject;
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,782 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.plugins.auth;
+
+import java.lang.reflect.Method;
+import java.lang.reflect.UndeclaredThrowableException;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Arrays;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.AuthConfigFactory;
+import javax.security.auth.message.config.AuthConfigProvider;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.config.ServerAuthContext;
+import javax.security.jacc.PolicyContext;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.AuthorizationManager;
+import org.jboss.security.RealmMapping;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityUtil;
+import org.jboss.security.SubjectSecurityManager;
+import org.jboss.security.auth.callback.AppCallbackHandler;
+import org.jboss.security.auth.callback.SecurityAssociationHandler;
+import org.jboss.util.CachePolicy;
+import org.jboss.util.TimedCachePolicy;
+
+/** The JaasSecurityManager is responsible both for authenticating credentials
+ associated with principals and for role mapping. This implementation relies
+ on the JAAS LoginContext/LoginModules associated with the security
+ domain name associated with the class for authentication,
+ and the context JAAS Subject object for role mapping.
+
+ @see #isValid(Principal, Object, Subject)
+ @see #getPrincipal(Principal)
+ @see #doesUserHaveRole(Principal, Set)
+
+ @author <a href="on at ibis.odessa.ua">Oleg Nitz</a>
+ @author Scott.Stark at jboss.org
+ @author Anil.Saldhana at jboss.org
+ @version $Revision: 62860 $
+*/
+public class JaasSecurityManagerBase
+ implements SubjectSecurityManager, RealmMapping
+{
+ /** The authentication cache object.
+ */
+ public static class DomainInfo implements TimedCachePolicy.TimedEntry
+ {
+ private static Logger log = Logger.getLogger(DomainInfo.class);
+ private static boolean trace = log.isTraceEnabled();
+ private LoginContext loginCtx;
+ private Subject subject;
+ private Object credential;
+ private Principal callerPrincipal;
+ private long expirationTime;
+ /** Is there an active authentication in process */
+ private boolean needsDestroy;
+ /** The number of users sharing this DomainInfo */
+ private int activeUsers;
+
+ /**
+ Create a cache entry with the given lifetime in seconds. Since this comes
+ from the TimedCachePolicy, its expected to be <= Integer.MAX_VALUE.
+
+ @param lifetime - lifetime in seconds. A lifetime <= 0 means no caching
+ with the exception of -1 which indicates that the cache entry never
+ expires.
+ */
+ public DomainInfo(long lifetime)
+ {
+ expirationTime = lifetime;
+ if( expirationTime != -1 )
+ expirationTime *= 1000;
+ }
+
+ synchronized int acquire()
+ {
+ return activeUsers ++;
+ }
+ synchronized int release()
+ {
+ int users = activeUsers --;
+ if( needsDestroy == true && users == 0 )
+ {
+ if( trace )
+ log.trace("needsDestroy is true, doing logout");
+ logout();
+ }
+ return users;
+ }
+ synchronized void logout()
+ {
+ if( trace )
+ log.trace("logout, subject="+subject+", this="+this);
+ try
+ {
+ if( loginCtx != null )
+ loginCtx.logout();
+ }
+ catch(Throwable e)
+ {
+ if( trace )
+ log.trace("Cache entry logout failed", e);
+ }
+ }
+
+ public void init(long now)
+ {
+ expirationTime += now;
+ }
+ public boolean isCurrent(long now)
+ {
+ boolean isCurrent = expirationTime == -1;
+ if( isCurrent == false )
+ isCurrent = expirationTime > now;
+ return isCurrent;
+ }
+ public boolean refresh()
+ {
+ return false;
+ }
+ /**
+ * This
+ */
+ public void destroy()
+ {
+ if( trace )
+ {
+ log.trace("destroy, subject="+subject+", this="+this
+ +", activeUsers="+activeUsers);
+ }
+
+ synchronized( this )
+ {
+ if( activeUsers == 0 )
+ logout();
+ else
+ {
+ if( trace )
+ log.trace("destroy saw activeUsers="+activeUsers);
+ needsDestroy = true;
+ }
+ }
+ }
+ public Object getValue()
+ {
+ return this;
+ }
+ public String toString()
+ {
+ StringBuffer tmp = new StringBuffer(super.toString());
+ tmp.append('[');
+ tmp.append(SubjectActions.toString(subject));
+ tmp.append(",credential.class=");
+ if( credential != null )
+ {
+ Class<?> c = credential.getClass();
+ tmp.append(c.getName());
+ tmp.append('@');
+ tmp.append(System.identityHashCode(c));
+ }
+ else
+ {
+ tmp.append("null");
+ }
+ tmp.append(",expirationTime=");
+ tmp.append(expirationTime);
+ tmp.append(']');
+
+ return tmp.toString();
+ }
+ }
+
+ /** The name of the domain this instance is securing. It is used as
+ the appName into the SecurityPolicy.
+ */
+ private String securityDomain;
+ /** A cache of DomainInfo objects keyd by Principal. This is now
+ always set externally by our security manager service.
+ */
+ private CachePolicy domainCache;
+ /** The JAAS callback handler to use in defaultLogin */
+ private CallbackHandler handler;
+ /** The setSecurityInfo(Principal, Object) method of the handler obj */
+ private transient Method setSecurityInfo;
+ /** The flag to indicate that the Subject sets need to be deep copied*/
+ private boolean deepCopySubjectOption = false;
+
+ /** The log4j category for the security manager domain
+ */
+ protected Logger log;
+ protected boolean trace;
+
+ /** Creates a default JaasSecurityManager for with a securityDomain
+ name of 'other'.
+ */
+ public JaasSecurityManagerBase()
+ {
+ this("other", new SecurityAssociationHandler());
+ }
+ /** Creates a JaasSecurityManager for with a securityDomain
+ name of that given by the 'securityDomain' argument.
+ @param securityDomain the name of the security domain
+ @param handler the JAAS callback handler instance to use
+ @exception UndeclaredThrowableException thrown if handler does not
+ implement a setSecurityInfo(Princpal, Object) method
+ */
+ public JaasSecurityManagerBase(String securityDomain, CallbackHandler handler)
+ {
+ this.securityDomain = securityDomain;
+ this.handler = handler;
+ String categoryName = getClass().getName()+'.'+securityDomain;
+ this.log = Logger.getLogger(categoryName);
+ this.trace = log.isTraceEnabled();
+
+ // Get the setSecurityInfo(Principal principal, Object credential) method
+ Class<?>[] sig = {Principal.class, Object.class};
+ try
+ {
+ setSecurityInfo = handler.getClass().getMethod("setSecurityInfo", sig);
+ }
+ catch (Exception e)
+ {
+ String msg = "Failed to find setSecurityInfo(Princpal, Object) method in handler";
+ throw new UndeclaredThrowableException(e, msg);
+ }
+ log.debug("CallbackHandler: "+handler);
+ }
+
+ /** The domainCache is typically a shared object that is populated
+ by the login code(LoginModule, etc.) and read by this class in the
+ isValid() method.
+ @see #isValid(Principal, Object, Subject)
+ */
+ public void setCachePolicy(CachePolicy domainCache)
+ {
+ this.domainCache = domainCache;
+ log.debug("CachePolicy set to: "+domainCache);
+ }
+
+ /**
+ * Flag to specify if deep copy of subject sets needs to be
+ * enabled
+ *
+ * @param flag
+ */
+ public void setDeepCopySubjectOption(Boolean flag)
+ {
+ log.debug("setDeepCopySubjectOption="+ flag);
+ this.deepCopySubjectOption = (flag == Boolean.TRUE) ;
+ }
+
+ /** Not really used anymore as the security manager service manages the
+ security domain authentication caches.
+ */
+ public void flushCache()
+ {
+ if( domainCache != null )
+ domainCache.flush();
+ }
+
+ /** Get the name of the security domain associated with this security mgr.
+ @return Name of the security manager security domain.
+ */
+ public String getSecurityDomain()
+ {
+ return securityDomain;
+ }
+
+ /** Get the currently authenticated Subject. This is a thread local
+ property shared across all JaasSecurityManager instances.
+ @return The Subject authenticated in the current thread if one
+ exists, null otherwise.
+ */
+ public Subject getActiveSubject()
+ {
+ /* This does not use SubjectActions.getActiveSubject since the caller
+ must have the correct permissions to access the
+ SecurityAssociation.getSubject method.
+ */
+ //return SecurityAssociation.getSubject();
+ Subject subj = null;
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if(sc != null)
+ {
+ subj = sc.getUtil().getSubject();
+ }
+ return subj;
+ }
+
+ /** Validate that the given credential is correct for principal. This
+ returns the value from invoking isValid(principal, credential, null).
+ @param principal - the security domain principal attempting access
+ @param credential - the proof of identity offered by the principal
+ @return true if the principal was authenticated, false otherwise.
+ */
+ public boolean isValid(Principal principal, Object credential)
+ {
+ return isValid(principal, credential, null);
+ }
+
+ /** Validate that the given credential is correct for principal. This first
+ will check the current CachePolicy object if one exists to see if the
+ user's cached credentials match the given credential. If there is no
+ credential cache or the cache information is invalid or does not match,
+ the user is authenticated against the JAAS login modules configured for
+ the security domain.
+ @param principal - the security domain principal attempting access
+ @param credential the proof of identity offered by the principal
+ @param activeSubject - if not null, a Subject that will be populated with
+ the state of the authenticated Subject.
+ @return true if the principal was authenticated, false otherwise.
+ */
+ public boolean isValid(Principal principal, Object credential,
+ Subject activeSubject)
+ {
+ // Check the cache first
+ DomainInfo cacheInfo = getCacheInfo(principal, true);
+ if( trace )
+ log.trace("Begin isValid, principal:"+principal+", cache info: "+cacheInfo);
+
+ boolean isValid = false;
+ if( cacheInfo != null )
+ {
+ isValid = validateCache(cacheInfo, credential, activeSubject);
+ if( cacheInfo != null )
+ cacheInfo.release();
+ }
+ if( isValid == false )
+ isValid = authenticate(principal, credential, activeSubject);
+ if( trace )
+ log.trace("End isValid, "+isValid);
+ return isValid;
+ }
+
+ /**
+ * @see AuthenticationManager#isValid(MessageInfo, Subject, String)
+ */
+ public boolean isValid(MessageInfo requestMessage,Subject clientSubject, String layer)
+ {
+ CallbackHandler cbh = new AppCallbackHandler("DUMMY","DUMMY".toCharArray());
+ return this.isValid(requestMessage, clientSubject, layer, cbh);
+ }
+
+ /**
+ * @see AuthenticationManager#isValid(MessageInfo, Subject, String, CallbackHandler)
+ */
+ @SuppressWarnings("unchecked")
+ public boolean isValid(MessageInfo requestMessage,Subject clientSubject, String layer,
+ CallbackHandler handler)
+ {
+ AuthStatus status = AuthStatus.FAILURE;
+
+ try
+ {
+ String contextID = PolicyContext.getContextID();
+ AuthConfigFactory factory = AuthConfigFactory.getFactory();
+ AuthConfigProvider provider = factory.getConfigProvider(layer,contextID,null);
+ if(provider == null)
+ throw new IllegalStateException("Provider is null for "+ layer + " for "+ contextID);
+
+ ServerAuthConfig serverConfig = provider.getServerAuthConfig(layer,contextID,handler);
+ ServerAuthContext sctx = serverConfig.getAuthContext(contextID,
+ new Subject(), new HashMap());
+ if(clientSubject == null)
+ clientSubject = new Subject();
+ Subject serviceSubject = new Subject();
+ status = sctx.validateRequest(requestMessage, clientSubject, serviceSubject);
+ //TODO: Add caching
+ }
+ catch(AuthException ae)
+ {
+ log.trace("AuthException:",ae);
+ }
+ return AuthStatus.SUCCESS == status ;
+ }
+
+ /** Map the argument principal from the deployment environment principal
+ to the developer environment. This is called by the EJB context
+ getCallerPrincipal() to return the Principal as described by
+ the EJB developer domain.
+ @return a Principal object that is valid in the deployment environment
+ if one exists. If no Subject exists or the Subject has no principals
+ then the argument principal is returned.
+ */
+ public Principal getPrincipal(Principal principal)
+ {
+ if(domainCache == null)
+ return principal;
+ Principal result = principal;
+ // Get the CallerPrincipal group member
+ synchronized( domainCache )
+ {
+ DomainInfo info = getCacheInfo(principal, false);
+ if( trace )
+ log.trace("getPrincipal, cache info: "+info);
+ if( info != null )
+ {
+ result = info.callerPrincipal;
+ // If the mapping did not have a callerPrincipal just use principal
+ if( result == null )
+ result = principal;
+ info.release();
+ }
+ }
+
+ return result;
+ }
+
+ /** Does the current Subject have a role(a Principal) that equates to one
+ of the role names. This method obtains the Group named 'Roles' from
+ the principal set of the currently authenticated Subject as determined
+ by the SecurityAssociation.getSubject() method and then creates a
+ SimplePrincipal for each name in roleNames. If the role is a member of the
+ Roles group, then the user has the role. This requires that the caller
+ establish the correct SecurityAssociation subject prior to calling this
+ method. In the past this was done as a side-effect of an isValid() call,
+ but this is no longer the case.
+
+ @param principal - ignored. The current authenticated Subject determines
+ the active user and assigned user roles.
+ @param rolePrincipals - a Set of Principals for the roles to check.
+
+ @see java.security.acl.Group;
+ @see Subject#getPrincipals()
+ */
+ public boolean doesUserHaveRole(Principal principal, Set<Principal> rolePrincipals)
+ {
+ AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain,
+ SecurityConstants.JAAS_CONTEXT_ROOT);
+ return am.doesUserHaveRole(principal, rolePrincipals);
+ }
+
+ /** Return the set of domain roles the current active Subject 'Roles' group
+ found in the subject Principals set.
+
+ @param principal - ignored. The current authenticated Subject determines
+ the active user and assigned user roles.
+ @return The Set<Principal> for the application domain roles that the
+ principal has been assigned.
+ */
+ @SuppressWarnings("deprecation")
+ public Set<Principal> getUserRoles(Principal principal)
+ {
+ AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain,
+ SecurityConstants.JAAS_CONTEXT_ROOT);
+ return am.getUserRoles(principal);
+ }
+
+ /**
+ * @see AuthenticationManager#getTargetPrincipal(Principal,Map)
+ */
+ public Principal getTargetPrincipal(Principal anotherDomainPrincipal,
+ Map<String,Object> contextMap)
+ {
+ throw new RuntimeException("Not implemented yet");
+ }
+
+ /** Currently this simply calls defaultLogin() to do a JAAS login using the
+ security domain name as the login module configuration name.
+
+ * @param principal - the user id to authenticate
+ * @param credential - an opaque credential.
+ * @return false on failure, true on success.
+ */
+ private boolean authenticate(Principal principal, Object credential,
+ Subject theSubject)
+ {
+ Subject subject = null;
+ boolean authenticated = false;
+ LoginException authException = null;
+
+ try
+ {
+ // Validate the principal using the login configuration for this domain
+ LoginContext lc = defaultLogin(principal, credential);
+ subject = lc.getSubject();
+
+ // Set the current subject if login was successful
+ if( subject != null )
+ {
+ // Copy the current subject into theSubject
+ if( theSubject != null )
+ {
+ SubjectActions.copySubject(subject, theSubject, false,this.deepCopySubjectOption);
+ }
+ else
+ {
+ theSubject = subject;
+ }
+
+ authenticated = true;
+ // Build the Subject based DomainInfo cache value
+ updateCache(lc, subject, principal, credential);
+ }
+ }
+ catch(LoginException e)
+ {
+ // Don't log anonymous user failures unless trace level logging is on
+ if( principal != null && principal.getName() != null || trace )
+ log.trace("Login failure", e);
+ authException = e;
+ }
+ // Set the security association thread context info exception
+ SubjectActions.setContextInfo("org.jboss.security.exception", authException);
+
+ return authenticated;
+ }
+
+ /** Pass the security info to the login modules configured for
+ this security domain using our SecurityAssociationHandler.
+ @return The authenticated Subject if successful.
+ @exception LoginException throw if login fails for any reason.
+ */
+ private LoginContext defaultLogin(Principal principal, Object credential)
+ throws LoginException
+ {
+ /* We use our internal CallbackHandler to provide the security info. A
+ copy must be made to ensure there is a unique handler per active
+ login since there can be multiple active logins.
+ */
+ Object[] securityInfo = {principal, credential};
+ CallbackHandler theHandler = null;
+ try
+ {
+ theHandler = (CallbackHandler) handler.getClass().newInstance();
+ setSecurityInfo.invoke(theHandler, securityInfo);
+ }
+ catch (Throwable e)
+ {
+ if( trace )
+ log.trace("Failed to create/setSecurityInfo on handler", e);
+ LoginException le = new LoginException("Failed to setSecurityInfo on handler");
+ le.initCause(e);
+ throw le;
+ }
+ Subject subject = new Subject();
+ LoginContext lc = null;
+ if( trace )
+ log.trace("defaultLogin, principal="+principal);
+ lc = SubjectActions.createLoginContext(securityDomain, subject, theHandler);
+ lc.login();
+ if( trace )
+ log.trace("defaultLogin, lc="+lc+", subject="+SubjectActions.toString(subject));
+ return lc;
+ }
+
+ /** Validate the cache credential value against the provided credential
+ */
+ @SuppressWarnings("unchecked")
+ private boolean validateCache(DomainInfo info, Object credential,
+ Subject theSubject)
+ {
+ if( trace )
+ {
+ StringBuffer tmp = new StringBuffer("Begin validateCache, info=");
+ tmp.append(info.toString());
+ tmp.append(";credential.class=");
+ if( credential != null )
+ {
+ Class c = credential.getClass();
+ tmp.append(c.getName());
+ tmp.append('@');
+ tmp.append(System.identityHashCode(c));
+ }
+ else
+ {
+ tmp.append("null");
+ }
+ log.trace(tmp.toString());
+ }
+
+ Object subjectCredential = info.credential;
+ boolean isValid = false;
+ // Check for a null credential as can be the case for an anonymous user
+ if( credential == null || subjectCredential == null )
+ {
+ // Both credentials must be null
+ isValid = (credential == null) && (subjectCredential == null);
+ }
+ // See if the credential is assignable to the cache value
+ else if( subjectCredential.getClass().isAssignableFrom(credential.getClass()) )
+ {
+ /* Validate the credential by trying Comparable, char[], byte[],
+ Object[], and finally Object.equals()
+ */
+ if( subjectCredential instanceof Comparable )
+ {
+ Comparable c = (Comparable) subjectCredential;
+ isValid = c.compareTo(credential) == 0;
+ }
+ else if( subjectCredential instanceof char[] )
+ {
+ char[] a1 = (char[]) subjectCredential;
+ char[] a2 = (char[]) credential;
+ isValid = Arrays.equals(a1, a2);
+ }
+ else if( subjectCredential instanceof byte[] )
+ {
+ byte[] a1 = (byte[]) subjectCredential;
+ byte[] a2 = (byte[]) credential;
+ isValid = Arrays.equals(a1, a2);
+ }
+ else if( subjectCredential.getClass().isArray() )
+ {
+ Object[] a1 = (Object[]) subjectCredential;
+ Object[] a2 = (Object[]) credential;
+ isValid = Arrays.equals(a1, a2);
+ }
+ else
+ {
+ isValid = subjectCredential.equals(credential);
+ }
+ }
+ else if( subjectCredential instanceof char[] && credential instanceof String )
+ {
+ char[] a1 = (char[]) subjectCredential;
+ char[] a2 = ((String) credential).toCharArray();
+ isValid = Arrays.equals(a1, a2);
+ }
+ else if( subjectCredential instanceof String && credential instanceof char[] )
+ {
+ char[] a1 = ((String) subjectCredential).toCharArray();
+ char[] a2 = (char[]) credential;
+ isValid = Arrays.equals(a1, a2);
+ }
+
+ // If the credentials match, set the thread's active Subject
+ if( isValid )
+ {
+ // Copy the current subject into theSubject
+ if( theSubject != null )
+ {
+ SubjectActions.copySubject(info.subject, theSubject, false,this.deepCopySubjectOption);
+ }
+ }
+ if( trace )
+ log.trace("End validateCache, isValid="+isValid);
+
+ return isValid;
+ }
+
+ /** An accessor method that synchronizes access on the domainCache
+ to avoid a race condition that can occur when the cache entry expires
+ in the presence of multi-threaded access. The allowRefresh flag should
+ be true for authentication accesses and false for other accesses.
+ Previously the other accesses included authorization and caller principal
+ mapping. Now the only use of the
+
+ @param principal - the caller identity whose cached credentials are to
+ be accessed.
+ @param allowRefresh - a flag indicating if the cache access should flush
+ any expired entries.
+ */
+ private DomainInfo getCacheInfo(Principal principal, boolean allowRefresh)
+ {
+ if( domainCache == null )
+ return null;
+
+ DomainInfo cacheInfo = null;
+ synchronized( domainCache )
+ {
+ if( allowRefresh == true )
+ cacheInfo = (DomainInfo) domainCache.get(principal);
+ else
+ cacheInfo = (DomainInfo) domainCache.peek(principal);
+ if( cacheInfo != null )
+ cacheInfo.acquire();
+ }
+ return cacheInfo;
+ }
+
+ private Subject updateCache(LoginContext lc, Subject subject,
+ Principal principal, Object credential)
+ {
+ // If we don't have a cache there is nothing to update
+ if( domainCache == null )
+ return subject;
+
+ long lifetime = 0;
+ if( domainCache instanceof TimedCachePolicy )
+ {
+ TimedCachePolicy cache = (TimedCachePolicy) domainCache;
+ lifetime = cache.getDefaultLifetime();
+ }
+ DomainInfo info = new DomainInfo(lifetime);
+ info.loginCtx = lc;
+ info.subject = new Subject();
+ SubjectActions.copySubject(subject, info.subject, true, this.deepCopySubjectOption);
+ info.credential = credential;
+
+ if( trace )
+ {
+ log.trace("updateCache, inputSubject="+SubjectActions.toString(subject)
+ +", cacheSubject="+SubjectActions.toString(info.subject));
+ }
+
+ /* Get the Subject callerPrincipal by looking for a Group called
+ 'CallerPrincipal'
+ */
+ Set<Group> subjectGroups = subject.getPrincipals(Group.class);
+ Iterator<Group> iter = subjectGroups.iterator();
+ while( iter.hasNext() )
+ {
+ Group grp = iter.next();
+ String name = grp.getName();
+ if( name.equals("CallerPrincipal") )
+ {
+ Enumeration<? extends Principal> members = grp.members();
+ if( members.hasMoreElements() )
+ info.callerPrincipal = members.nextElement();
+ }
+ }
+
+ /* Handle null principals with no callerPrincipal. This is an indication
+ of an user that has not provided any authentication info, but
+ has been authenticated by the domain login module stack. Here we look
+ for the first non-Group Principal and use that.
+ */
+ if( principal == null && info.callerPrincipal == null )
+ {
+ Set<Principal> subjectPrincipals = subject.getPrincipals(Principal.class);
+ Iterator<? extends Principal> iterPrincipals = subjectPrincipals.iterator();
+ while( iterPrincipals.hasNext() )
+ {
+ Principal p = iterPrincipals.next();
+ if( (p instanceof Group) == false )
+ info.callerPrincipal = p;
+ }
+ }
+
+ /* If the user already exists another login is active. Currently
+ only one is allowed so remove the old and insert the new. Synchronize
+ on the domainCache to ensure the removal and addition are an atomic
+ operation so that getCacheInfo cannot see stale data.
+ */
+ synchronized( domainCache )
+ {
+ if( domainCache.peek(principal) != null )
+ domainCache.remove(principal);
+ domainCache.insert(principal, info);
+ if( trace )
+ log.trace("Inserted cache info: "+info);
+ }
+ return info.subject;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/auth/SubjectActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/auth/SubjectActions.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/auth/SubjectActions.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,358 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.plugins.auth;
-
-import java.lang.reflect.Method;
-import java.security.AccessController;
-import java.security.Principal;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-import java.util.Iterator;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-import javax.security.jacc.PolicyContext;
-import javax.security.jacc.PolicyContextException;
-
-import org.jboss.security.SecurityAssociation;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextAssociation;
-import org.jboss.security.SecurityContextFactory;
-
-/** Common PrivilegedAction used by classes in this package.
- *
- * @author Scott.Stark at jboss.org
- * @author Anil.Saldhana at redhat.com
- * @version $Revision: 65313 $
- */
-class SubjectActions
-{
- private static class ToStringSubjectAction implements PrivilegedAction<String>
- {
- Subject subject;
- ToStringSubjectAction(Subject subject)
- {
- this.subject = subject;
- }
- public String run()
- {
- StringBuffer tmp = new StringBuffer();
- tmp.append("Subject(");
- tmp.append(System.identityHashCode(subject));
- tmp.append(").principals=");
- Iterator<Principal> principals = subject.getPrincipals().iterator();
- while( principals.hasNext() )
- {
- Object p = principals.next();
- Class<?> c = p.getClass();
- tmp.append(c.getName());
- tmp.append('@');
- tmp.append(System.identityHashCode(c));
- tmp.append('(');
- tmp.append(p);
- tmp.append(')');
- }
- return tmp.toString();
- }
- }
-
- private static class GetSubjectAction implements PrivilegedExceptionAction<Subject>
- {
- static PrivilegedExceptionAction<Subject> ACTION = new GetSubjectAction();
- public Subject run() throws PolicyContextException
- {
- return (Subject) PolicyContext.getContext(SecurityConstants.SUBJECT_CONTEXT_KEY);
- }
- }
-
- private static class CopySubjectAction implements PrivilegedAction
- {
- Subject fromSubject;
- Subject toSubject;
- boolean setReadOnly;
- boolean deepCopy;
-
- CopySubjectAction(Subject fromSubject, Subject toSubject, boolean setReadOnly)
- {
- this.fromSubject = fromSubject;
- this.toSubject = toSubject;
- this.setReadOnly = setReadOnly;
- }
- public void setDeepCopy(boolean flag)
- {
- this.deepCopy = flag;
- }
-
- @SuppressWarnings("unchecked")
- public Object run()
- {
- Set principals = fromSubject.getPrincipals();
- Set principals2 = toSubject.getPrincipals();
- Iterator<Principal> iter = principals.iterator();
- while( iter.hasNext() )
- principals2.add(getCloneIfNeeded(iter.next()));
- Set privateCreds = fromSubject.getPrivateCredentials();
- Set privateCreds2 = toSubject.getPrivateCredentials();
- iter = privateCreds.iterator();
- while( iter.hasNext() )
- privateCreds2.add(getCloneIfNeeded(iter.next()));
- Set publicCreds = fromSubject.getPublicCredentials();
- Set publicCreds2 = toSubject.getPublicCredentials();
- iter = publicCreds.iterator();
- while( iter.hasNext() )
- publicCreds2.add(getCloneIfNeeded(iter.next()));
- if( setReadOnly == true )
- toSubject.setReadOnly();
- return null;
- }
-
- /** Check if the deepCopy flag is ON &&
- * Object implements Cloneable and return cloned object */
- private Object getCloneIfNeeded(Object obj)
- {
- Object clonedObject = null;
- if(this.deepCopy && obj instanceof Cloneable)
- {
- Class clazz = obj.getClass();
- try
- {
- Method cloneMethod = clazz.getMethod("clone", null);
- clonedObject = cloneMethod.invoke(obj, null);
- }
- catch (Exception e)
- {//Ignore non-cloneable issues
- }
- }
- if(clonedObject == null)
- clonedObject = obj;
- return clonedObject;
- }
- }
-
- private static class LoginContextAction implements PrivilegedExceptionAction
- {
- String securityDomain;
- Subject subject;
- CallbackHandler handler;
- LoginContextAction(String securityDomain, Subject subject,
- CallbackHandler handler)
- {
- this.securityDomain = securityDomain;
- this.subject = subject;
- this.handler = handler;
- }
- public Object run() throws Exception
- {
- LoginContext lc = new LoginContext(securityDomain, subject, handler);
- return lc;
- }
- }
-
- private static class GetTCLAction implements PrivilegedAction
- {
- static PrivilegedAction ACTION = new GetTCLAction();
- public Object run()
- {
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
- return loader;
- }
- }
-
- private static class SetContextInfoAction implements PrivilegedAction
- {
- String key;
- Object value;
- SetContextInfoAction(String key, Object value)
- {
- this.key = key;
- this.value = value;
- }
- public Object run()
- {
- //Set it on the current security context also
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- if(sc != null)
- {
- sc.getData().put(key.toString(), value);
- }
- return SecurityAssociation.setContextInfo(key, value);
- }
- }
-
- interface PrincipalInfoAction
- {
- PrincipalInfoAction PRIVILEGED = new PrincipalInfoAction()
- {
- public void push(final Principal principal, final Object credential,
- final Subject subject, final String securityDomain)
- {
- AccessController.doPrivileged(
- new PrivilegedAction()
- {
- public Object run()
- {
- //SecurityAssociation.pushSubjectContext(subject, principal, credential);
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- if(sc == null)
- {
- try
- {
- sc = SecurityContextFactory.createSecurityContext(principal, credential,
- subject, securityDomain);
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- }
- SecurityContextAssociation.setSecurityContext(sc);
- return null;
- }
- }
- );
- }
- public void pop()
- {
- AccessController.doPrivileged(
- new PrivilegedAction()
- {
- public Object run()
- {
- //SecurityAssociation.popSubjectContext();
- SecurityContextAssociation.clearSecurityContext();
- return null;
- }
- }
- );
- }
- };
-
- PrincipalInfoAction NON_PRIVILEGED = new PrincipalInfoAction()
- {
- public void push(Principal principal, Object credential, Subject subject,
- String securityDomain)
- {
- //SecurityAssociation.pushSubjectContext(subject, principal, credential);
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- if(sc == null)
- {
- try
- {
- sc = SecurityContextFactory.createSecurityContext(principal, credential,
- subject, securityDomain);
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- }
- else
- {
- sc.getUtil().createSubjectInfo(principal, credential, subject);
- }
- SecurityContextAssociation.setSecurityContext(sc);
- }
- public void pop()
- {
- //SecurityAssociation.popSubjectContext();
- SecurityContextAssociation.clearSecurityContext();
- }
- };
-
- void push(Principal principal, Object credential, Subject subject, String securityDomain);
- void pop();
- }
-
- static Subject getActiveSubject() throws PrivilegedActionException
- {
- Subject subject = (Subject) AccessController.doPrivileged(GetSubjectAction.ACTION);
- return subject;
- }
- static void copySubject(Subject fromSubject, Subject toSubject)
- {
- copySubject(fromSubject, toSubject, false);
- }
- static void copySubject(Subject fromSubject, Subject toSubject, boolean setReadOnly)
- {
- CopySubjectAction action = new CopySubjectAction(fromSubject, toSubject, setReadOnly);
- if( System.getSecurityManager() != null )
- AccessController.doPrivileged(action);
- else
- action.run();
- }
-
- static void copySubject(Subject fromSubject, Subject toSubject, boolean setReadOnly,
- boolean deepCopy)
- {
- CopySubjectAction action = new CopySubjectAction(fromSubject, toSubject, setReadOnly);
- action.setDeepCopy(deepCopy);
- if( System.getSecurityManager() != null )
- AccessController.doPrivileged(action);
- else
- action.run();
- }
-
- static LoginContext createLoginContext(String securityDomain, Subject subject,
- CallbackHandler handler)
- throws LoginException
- {
- LoginContextAction action = new LoginContextAction(securityDomain, subject, handler);
- try
- {
- LoginContext lc = (LoginContext) AccessController.doPrivileged(action);
- return lc;
- }
- catch(PrivilegedActionException e)
- {
- Exception ex = e.getException();
- if( ex instanceof LoginException )
- throw (LoginException) ex;
- else
- throw new LoginException(ex.getMessage());
- }
- }
-
- static ClassLoader getContextClassLoader()
- {
- ClassLoader loader = (ClassLoader) AccessController.doPrivileged(GetTCLAction.ACTION);
- return loader;
- }
-
- static Object setContextInfo(String key, Object value)
- {
- SetContextInfoAction action = new SetContextInfoAction(key, value);
- Object prevInfo = AccessController.doPrivileged(action);
- return prevInfo;
- }
-
- static String toString(Subject subject)
- {
- ToStringSubjectAction action = new ToStringSubjectAction(subject);
- String info = (String) AccessController.doPrivileged(action);
- return info;
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/auth/SubjectActions.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/auth/SubjectActions.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/auth/SubjectActions.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/auth/SubjectActions.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,356 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.plugins.auth;
+
+import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
+
+import org.jboss.security.SecurityAssociation;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
+
+/** Common PrivilegedAction used by classes in this package.
+ *
+ * @author Scott.Stark at jboss.org
+ * @author Anil.Saldhana at redhat.com
+ * @version $Revision: 65313 $
+ */
+class SubjectActions
+{
+ private static class ToStringSubjectAction implements PrivilegedAction<String>
+ {
+ Subject subject;
+ ToStringSubjectAction(Subject subject)
+ {
+ this.subject = subject;
+ }
+ public String run()
+ {
+ StringBuffer tmp = new StringBuffer();
+ tmp.append("Subject(");
+ tmp.append(System.identityHashCode(subject));
+ tmp.append(").principals=");
+ Iterator<Principal> principals = subject.getPrincipals().iterator();
+ while( principals.hasNext() )
+ {
+ Object p = principals.next();
+ Class<?> c = p.getClass();
+ tmp.append(c.getName());
+ tmp.append('@');
+ tmp.append(System.identityHashCode(c));
+ tmp.append('(');
+ tmp.append(p);
+ tmp.append(')');
+ }
+ return tmp.toString();
+ }
+ }
+
+ private static class GetSubjectAction implements PrivilegedExceptionAction<Subject>
+ {
+ static PrivilegedExceptionAction<Subject> ACTION = new GetSubjectAction();
+ public Subject run() throws PolicyContextException
+ {
+ return (Subject) PolicyContext.getContext(SecurityConstants.SUBJECT_CONTEXT_KEY);
+ }
+ }
+
+ private static class CopySubjectAction implements PrivilegedAction<Object>
+ {
+ Subject fromSubject;
+ Subject toSubject;
+ boolean setReadOnly;
+ boolean deepCopy;
+
+ CopySubjectAction(Subject fromSubject, Subject toSubject, boolean setReadOnly)
+ {
+ this.fromSubject = fromSubject;
+ this.toSubject = toSubject;
+ this.setReadOnly = setReadOnly;
+ }
+ public void setDeepCopy(boolean flag)
+ {
+ this.deepCopy = flag;
+ }
+
+ @SuppressWarnings("unchecked")
+ public Object run()
+ {
+ Set principals = fromSubject.getPrincipals();
+ Set principals2 = toSubject.getPrincipals();
+ Iterator<Principal> iter = principals.iterator();
+ while( iter.hasNext() )
+ principals2.add(getCloneIfNeeded(iter.next()));
+ Set privateCreds = fromSubject.getPrivateCredentials();
+ Set privateCreds2 = toSubject.getPrivateCredentials();
+ iter = privateCreds.iterator();
+ while( iter.hasNext() )
+ privateCreds2.add(getCloneIfNeeded(iter.next()));
+ Set publicCreds = fromSubject.getPublicCredentials();
+ Set publicCreds2 = toSubject.getPublicCredentials();
+ iter = publicCreds.iterator();
+ while( iter.hasNext() )
+ publicCreds2.add(getCloneIfNeeded(iter.next()));
+ if( setReadOnly == true )
+ toSubject.setReadOnly();
+ return null;
+ }
+
+ /** Check if the deepCopy flag is ON &&
+ * Object implements Cloneable and return cloned object */
+ private Object getCloneIfNeeded(Object obj)
+ {
+ Object clonedObject = null;
+ if(this.deepCopy && obj instanceof Cloneable)
+ {
+ Class<?> clazz = obj.getClass();
+ try
+ {
+ Method cloneMethod = clazz.getMethod("clone", (Class[])null);
+ clonedObject = cloneMethod.invoke(obj, (Object[])null);
+ }
+ catch (Exception e)
+ {//Ignore non-cloneable issues
+ }
+ }
+ if(clonedObject == null)
+ clonedObject = obj;
+ return clonedObject;
+ }
+ }
+
+ private static class LoginContextAction implements PrivilegedExceptionAction<LoginContext>
+ {
+ String securityDomain;
+ Subject subject;
+ CallbackHandler handler;
+ LoginContextAction(String securityDomain, Subject subject,
+ CallbackHandler handler)
+ {
+ this.securityDomain = securityDomain;
+ this.subject = subject;
+ this.handler = handler;
+ }
+ public LoginContext run() throws Exception
+ {
+ LoginContext lc = new LoginContext(securityDomain, subject, handler);
+ return lc;
+ }
+ }
+
+ private static class GetTCLAction implements PrivilegedAction<ClassLoader>
+ {
+ static PrivilegedAction<ClassLoader> ACTION = new GetTCLAction();
+ public ClassLoader run()
+ {
+ ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ return loader;
+ }
+ }
+
+ private static class SetContextInfoAction implements PrivilegedAction<Object>
+ {
+ String key;
+ Object value;
+ SetContextInfoAction(String key, Object value)
+ {
+ this.key = key;
+ this.value = value;
+ }
+ public Object run()
+ {
+ //Set it on the current security context also
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if(sc != null)
+ {
+ sc.getData().put(key.toString(), value);
+ }
+ return SecurityAssociation.setContextInfo(key, value);
+ }
+ }
+
+ interface PrincipalInfoAction
+ {
+ PrincipalInfoAction PRIVILEGED = new PrincipalInfoAction()
+ {
+ public void push(final Principal principal, final Object credential,
+ final Subject subject, final String securityDomain)
+ {
+ AccessController.doPrivileged(
+ new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if(sc == null)
+ {
+ try
+ {
+ sc = SecurityContextFactory.createSecurityContext(principal, credential,
+ subject, securityDomain);
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+ SecurityContextAssociation.setSecurityContext(sc);
+ return null;
+ }
+ }
+ );
+ }
+ public void pop()
+ {
+ AccessController.doPrivileged(
+ new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ //SecurityAssociation.popSubjectContext();
+ SecurityContextAssociation.clearSecurityContext();
+ return null;
+ }
+ }
+ );
+ }
+ };
+
+ PrincipalInfoAction NON_PRIVILEGED = new PrincipalInfoAction()
+ {
+ public void push(Principal principal, Object credential, Subject subject,
+ String securityDomain)
+ {
+ //SecurityAssociation.pushSubjectContext(subject, principal, credential);
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if(sc == null)
+ {
+ try
+ {
+ sc = SecurityContextFactory.createSecurityContext(principal, credential,
+ subject, securityDomain);
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+ else
+ {
+ sc.getUtil().createSubjectInfo(principal, credential, subject);
+ }
+ SecurityContextAssociation.setSecurityContext(sc);
+ }
+ public void pop()
+ {
+ SecurityContextAssociation.clearSecurityContext();
+ }
+ };
+
+ void push(Principal principal, Object credential, Subject subject, String securityDomain);
+ void pop();
+ }
+
+ static Subject getActiveSubject() throws PrivilegedActionException
+ {
+ Subject subject = (Subject) AccessController.doPrivileged(GetSubjectAction.ACTION);
+ return subject;
+ }
+ static void copySubject(Subject fromSubject, Subject toSubject)
+ {
+ copySubject(fromSubject, toSubject, false);
+ }
+ static void copySubject(Subject fromSubject, Subject toSubject, boolean setReadOnly)
+ {
+ CopySubjectAction action = new CopySubjectAction(fromSubject, toSubject, setReadOnly);
+ if( System.getSecurityManager() != null )
+ AccessController.doPrivileged(action);
+ else
+ action.run();
+ }
+
+ static void copySubject(Subject fromSubject, Subject toSubject, boolean setReadOnly,
+ boolean deepCopy)
+ {
+ CopySubjectAction action = new CopySubjectAction(fromSubject, toSubject, setReadOnly);
+ action.setDeepCopy(deepCopy);
+ if( System.getSecurityManager() != null )
+ AccessController.doPrivileged(action);
+ else
+ action.run();
+ }
+
+ static LoginContext createLoginContext(String securityDomain, Subject subject,
+ CallbackHandler handler)
+ throws LoginException
+ {
+ LoginContextAction action = new LoginContextAction(securityDomain, subject, handler);
+ try
+ {
+ LoginContext lc = (LoginContext) AccessController.doPrivileged(action);
+ return lc;
+ }
+ catch(PrivilegedActionException e)
+ {
+ Exception ex = e.getException();
+ if( ex instanceof LoginException )
+ throw (LoginException) ex;
+ else
+ throw new LoginException(ex.getMessage());
+ }
+ }
+
+ static ClassLoader getContextClassLoader()
+ {
+ ClassLoader loader = (ClassLoader) AccessController.doPrivileged(GetTCLAction.ACTION);
+ return loader;
+ }
+
+ static Object setContextInfo(String key, Object value)
+ {
+ SetContextInfoAction action = new SetContextInfoAction(key, value);
+ Object prevInfo = AccessController.doPrivileged(action);
+ return prevInfo;
+ }
+
+ static String toString(Subject subject)
+ {
+ ToStringSubjectAction action = new ToStringSubjectAction(subject);
+ String info = (String) AccessController.doPrivileged(action);
+ return info;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/mapping/JBossMappingManager.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/mapping/JBossMappingManager.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/mapping/JBossMappingManager.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,131 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.plugins.mapping;
-
-import java.util.ArrayList;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.config.ApplicationPolicy;
-import org.jboss.security.config.MappingInfo;
-import org.jboss.security.config.SecurityConfiguration;
-import org.jboss.security.mapping.MappingContext;
-import org.jboss.security.mapping.MappingManager;
-import org.jboss.security.mapping.MappingProvider;
-import org.jboss.security.mapping.config.MappingModuleEntry;
-import org.jboss.security.plugins.JBossSecurityContext;
-
-//$Id$
-
-/**
- * JBoss implementation of Mapping Manager
- * @author Anil.Saldhana at redhat.com
- * @since Mar 9, 2007
- * @version $Revision$
- */
-public class JBossMappingManager implements MappingManager
-{
- protected static final Logger log = Logger.getLogger(JBossSecurityContext.class);
- protected boolean trace = log.isTraceEnabled();
-
- private String securityDomain;
-
- public JBossMappingManager(String domain)
- {
- this.securityDomain = domain;
- }
-
- /**
- * @see SecurityContext#getMappingContext(String)
- */
- public <T> MappingContext<T> getMappingContext(Class<T> mappingType)
- {
- //Apply Mapping Logic
- ApplicationPolicy aPolicy = SecurityConfiguration.getApplicationPolicy(securityDomain);
-
- if(aPolicy == null)
- {
- String defaultDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
- if(trace)
- log.trace("Application Policy not found for domain=" + securityDomain +
- ".Mapping framework will use the default domain:" + defaultDomain);
- aPolicy = SecurityConfiguration.getApplicationPolicy(defaultDomain);
- }
- if(aPolicy == null )
- throw new IllegalStateException("Application Policy is null for the security domain:"
- + securityDomain);
-
- MappingContext<T> mc = null;
- MappingInfo rmi = aPolicy.getMappingInfo(mappingType);
-
- /*if(mappingType == Group.class)
- {
- rmi = aPolicy.getRoleMappingInfo();
- }
- else if(mappingType == Principal.class)
- {
- rmi = aPolicy.getPrincipalMappingInfo();
- }*/
-
- if(rmi != null)
- {
- MappingModuleEntry[] mpe = rmi.getMappingModuleEntry();
- ArrayList<MappingProvider<T>> al = new ArrayList<MappingProvider<T>>();
-
- for(int i = 0 ; i < mpe.length; i++)
- {
- MappingProvider<T> mp = getMappingProvider(mpe[i]);
- if(mp != null)
- al.add(mp);
- }
- mc = new MappingContext<T>(al);
- }
-
- return mc;
- }
-
- public String getSecurityDomain()
- {
- return this.securityDomain;
- }
-
- @SuppressWarnings("unchecked")
- private <T> MappingProvider<T> getMappingProvider(MappingModuleEntry mme)
- {
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- MappingProvider<T> mp = null;
- try
- {
- String fqn = mme.getMappingModuleName();
- Class<?> cl = SecurityActions.loadClass(fqn,tcl);
- mp = (MappingProvider<T>) cl.newInstance();
- mp.init(mme.getOptions());
- }
- catch(Exception e)
- {
- if(trace)
- log.trace("Error in getting Mapping Provider",e);
- }
- return mp;
- }
-}
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/mapping/JBossMappingManager.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/mapping/JBossMappingManager.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/mapping/JBossMappingManager.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/mapping/JBossMappingManager.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,121 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.plugins.mapping;
+
+import java.util.ArrayList;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.MappingInfo;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.mapping.MappingContext;
+import org.jboss.security.mapping.MappingManager;
+import org.jboss.security.mapping.MappingProvider;
+import org.jboss.security.mapping.config.MappingModuleEntry;
+import org.jboss.security.plugins.JBossSecurityContext;
+
+
+/**
+ * JBoss implementation of Mapping Manager
+ * @author Anil.Saldhana at redhat.com
+ * @since Mar 9, 2007
+ * @version $Revision$
+ */
+public class JBossMappingManager implements MappingManager
+{
+ protected static final Logger log = Logger.getLogger(JBossSecurityContext.class);
+ protected boolean trace = log.isTraceEnabled();
+
+ private String securityDomain;
+
+ public JBossMappingManager(String domain)
+ {
+ this.securityDomain = domain;
+ }
+
+ /**
+ * @see SecurityContext#getMappingContext(String)
+ */
+ public <T> MappingContext<T> getMappingContext(Class<T> mappingType)
+ {
+ //Apply Mapping Logic
+ ApplicationPolicy aPolicy = SecurityConfiguration.getApplicationPolicy(securityDomain);
+
+ if(aPolicy == null)
+ {
+ String defaultDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
+ if(trace)
+ log.trace("Application Policy not found for domain=" + securityDomain +
+ ".Mapping framework will use the default domain:" + defaultDomain);
+ aPolicy = SecurityConfiguration.getApplicationPolicy(defaultDomain);
+ }
+ if(aPolicy == null )
+ throw new IllegalStateException("Application Policy is null for the security domain:"
+ + securityDomain);
+
+ MappingContext<T> mc = null;
+ MappingInfo rmi = aPolicy.getMappingInfo(mappingType);
+
+ if(rmi != null)
+ {
+ MappingModuleEntry[] mpe = rmi.getMappingModuleEntry();
+ ArrayList<MappingProvider<T>> al = new ArrayList<MappingProvider<T>>();
+
+ for(int i = 0 ; i < mpe.length; i++)
+ {
+ MappingProvider<T> mp = getMappingProvider(mpe[i]);
+ if(mp != null)
+ al.add(mp);
+ }
+ mc = new MappingContext<T>(al);
+ }
+
+ return mc;
+ }
+
+ public String getSecurityDomain()
+ {
+ return this.securityDomain;
+ }
+
+ @SuppressWarnings("unchecked")
+ private <T> MappingProvider<T> getMappingProvider(MappingModuleEntry mme)
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ MappingProvider<T> mp = null;
+ try
+ {
+ String fqn = mme.getMappingModuleName();
+ Class<?> cl = SecurityActions.loadClass(fqn,tcl);
+ mp = (MappingProvider<T>) cl.newInstance();
+ mp.init(mme.getOptions());
+ }
+ catch(Exception e)
+ {
+ if(trace)
+ log.trace("Error in getting Mapping Provider",e);
+ }
+ return mp;
+ }
+}
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/mapping/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/mapping/SecurityActions.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/mapping/SecurityActions.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,61 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.plugins.mapping;
-
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-
-//$Id$
-
-/**
- * Privileged Blocks
- * @author Anil.Saldhana at redhat.com
- * @since Jan 3, 2008
- * @version $Revision$
- */
-class SecurityActions
-{
- static ClassLoader getContextClassLoader()
- {
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
- {
- public ClassLoader run()
- {
- return Thread.currentThread().getContextClassLoader();
- }
- });
- }
-
- static Class<?> loadClass(final String fqn, final ClassLoader tcl)
- throws PrivilegedActionException
- {
- return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>()
- {
- public Class<?> run() throws PrivilegedActionException, ClassNotFoundException
- {
- return tcl.loadClass(fqn);
- }
- });
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/mapping/SecurityActions.java (from rev 73520, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/mapping/SecurityActions.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/mapping/SecurityActions.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/main/org/jboss/security/plugins/mapping/SecurityActions.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,59 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.plugins.mapping;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 3, 2008
+ * @version $Revision$
+ */
+class SecurityActions
+{
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+
+ static Class<?> loadClass(final String fqn, final ClassLoader tcl)
+ throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>()
+ {
+ public Class<?> run() throws PrivilegedActionException, ClassNotFoundException
+ {
+ return tcl.loadClass(fqn);
+ }
+ });
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,298 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.security.config;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.net.URL;
-import java.util.List;
-import java.util.Map;
-
-import javax.security.auth.login.AppConfigurationEntry;
-
-import org.jboss.security.audit.config.AuditProviderEntry;
-import org.jboss.security.auth.container.config.AuthModuleEntry;
-import org.jboss.security.auth.login.BaseAuthenticationInfo;
-import org.jboss.security.auth.login.LoginConfigObjectModelFactory;
-import org.jboss.security.auth.login.LoginModuleStackHolder;
-import org.jboss.security.auth.spi.UsersObjectModelFactory;
-import org.jboss.security.authorization.config.AuthorizationModuleEntry;
-import org.jboss.security.authorization.config.SecurityConfigObjectModelFactory;
-import org.jboss.security.config.ApplicationPolicy;
-import org.jboss.security.config.AuditInfo;
-import org.jboss.security.config.AuthorizationInfo;
-import org.jboss.security.config.ControlFlag;
-import org.jboss.security.config.IdentityTrustInfo;
-import org.jboss.security.config.MappingInfo;
-import org.jboss.security.config.PolicyConfig;
-import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry;
-import org.jboss.security.mapping.config.MappingModuleEntry;
-import org.jboss.test.AbstractJBossSXTest;
-import org.jboss.xb.binding.Unmarshaller;
-import org.jboss.xb.binding.UnmarshallerFactory;
-
-//$Id$
-
-/**
- * Security Configuration Unit Test Case
- * @author Anil.Saldhana at redhat.com
- * @since Jul 25, 2007
- * @version $Revision$
- */
-public class SecurityConfigurationUnitTestCase extends AbstractJBossSXTest
-{
- protected String schemaFile = "schema/security-config_5_0.xsd";
- protected String xmlFile = "config/securityConfig5.xml";
-
- protected PolicyConfig config = null;
-
- public SecurityConfigurationUnitTestCase(String name)
- {
- super(name);
- }
-
- protected void setUp() throws Exception
- {
- super.setUp();
- ClassLoader tcl = Thread.currentThread().getContextClassLoader();
-
- LoginConfigObjectModelFactory lcomf = new SecurityConfigObjectModelFactory();
- UsersObjectModelFactory uomf = new UsersObjectModelFactory();
- URL xmlFileURL = tcl.getResource(xmlFile);
- assertNotNull("XML File URL is not null", xmlFileURL);
- InputStreamReader xmlReader = loadURL(xmlFileURL);
- Unmarshaller unmarshaller = UnmarshallerFactory.newInstance().newUnmarshaller();
- unmarshaller.mapFactoryToNamespace(uomf, "http://www.jboss.org/j2ee/schemas/XMLLoginModule");
- unmarshaller.setSchemaValidation(true);
- unmarshaller.setNamespaceAware(true);
- unmarshaller.setFeature(Unmarshaller.SCHEMA_VALIDATION, Boolean.TRUE);
- Object root = null;
- config = (PolicyConfig) unmarshaller.unmarshal(xmlReader, lcomf, root);
- assertNotNull("PolicyConfig is not null", config);
- }
-
-
- public void testValidateJAASConfiguration()
- {
- ApplicationPolicy jaasConfig = config.get("conf-jaas");
- BaseAuthenticationInfo authInfo = jaasConfig.getAuthenticationInfo();
- List<?> entries = authInfo.getModuleEntries();
- assertEquals("Number of entries = 2", 2, entries.size());
-
- //First Entry
- Object entry = entries.get(0);
- assertTrue("Entry instanceof AppConfigurationEntry",
- entry instanceof AppConfigurationEntry);
- AppConfigurationEntry ace = (AppConfigurationEntry)entry;
- assertEquals("LM Name","org.jboss.test.TestLoginModule" ,ace.getLoginModuleName());
- assertEquals("Required", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
- ace.getControlFlag());
- Map<String,?> aceOptions = ace.getOptions();
- assertEquals("Number of options = 3", 3, aceOptions.size());
- assertEquals("name=1.1", "1.1", aceOptions.get("name"));
- assertEquals("succeed=true", "true", aceOptions.get("succeed"));
- assertEquals("throwEx=false", "false", aceOptions.get("throwEx"));
-
- //Second Entry
- entry = entries.get(1);
- assertTrue("Entry instanceof AppConfigurationEntry",
- entry instanceof AppConfigurationEntry);
- ace = (AppConfigurationEntry)entry;
- assertEquals("LM Name","org.jboss.test.TestLoginModule2" ,ace.getLoginModuleName());
- assertEquals("Optional expected", AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL,
- ace.getControlFlag());
- aceOptions = ace.getOptions();
- assertEquals("Number of options = 4", 4, aceOptions.size());
- assertEquals("name=1.2", "1.2", aceOptions.get("name"));
- assertEquals("succeed=false", "false", aceOptions.get("succeed"));
- assertEquals("throwEx=true", "true", aceOptions.get("throwEx"));
- assertEquals("dummy=d", "d", aceOptions.get("dummy"));
-
- }
-
- public void testValidateJASPIConfiguration()
- {
- ApplicationPolicy jaspiConfig = config.get("conf-jaspi");
- BaseAuthenticationInfo authInfo = jaspiConfig.getAuthenticationInfo();
- List<?> entries = authInfo.getModuleEntries();
- assertEquals("Number of entries = 2", 2, entries.size());
-
- //First Entry
- Object entry = entries.get(0);
- assertTrue("Entry instanceof AppConfigurationEntry",
- entry instanceof AuthModuleEntry);
- AuthModuleEntry ace = (AuthModuleEntry)entry;
- assertEquals("LM Name","TestAuthModule" ,ace.getAuthModuleName());
- assertEquals("Required", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
- ace.getControlFlag());
- Map<String,?> aceOptions = ace.getOptions();
- assertEquals("Number of options = 3", 3, aceOptions.size());
- assertEquals("usersProperties=u", "u", aceOptions.get("usersProperties"));
- assertEquals("rolesProperties=r", "r", aceOptions.get("rolesProperties"));
- assertEquals("unauthenticatedIdentity=anonymous",
- "anonymous", aceOptions.get("unauthenticatedIdentity"));
-
- //Second Entry
- entry = entries.get(1);
- assertTrue("Entry instanceof AppConfigurationEntry",
- entry instanceof AuthModuleEntry);
- ace = (AuthModuleEntry)entry;
- assertEquals("LM Name","TestAuthModule2" ,ace.getAuthModuleName());
- assertEquals("Required", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
- ace.getControlFlag());
- aceOptions = ace.getOptions();
- assertEquals("Number of options = 0", 0, aceOptions.size());
- LoginModuleStackHolder lmsh = ace.getLoginModuleStackHolder();
- assertEquals("lm-stack", "lm-stack", lmsh.getName());
- AppConfigurationEntry[] appEntries = lmsh.getAppConfigurationEntry();
- assertEquals("App Entries in LMSH=1",1,appEntries.length);
-
- Object appEntry = appEntries[0];
- assertTrue("Entry instanceof AppConfigurationEntry",
- appEntry instanceof AppConfigurationEntry);
- AppConfigurationEntry appace = (AppConfigurationEntry)appEntry;
- assertEquals("LM Name","org.jboss.security.auth.spi.UsersRolesLoginModule" ,
- appace.getLoginModuleName());
- assertEquals("Optional", AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL,
- appace.getControlFlag());
- Map<String,?> appaceOptions = appace.getOptions();
- assertEquals("Number of options = 3", 3, appaceOptions.size());
- assertEquals("usersProperties=u", "u", appaceOptions.get("usersProperties"));
- assertEquals("rolesProperties=r", "r", appaceOptions.get("rolesProperties"));
- assertEquals("unauthenticatedIdentity=anonymous",
- "anonymous", appaceOptions.get("unauthenticatedIdentity"));
- }
-
- public void testValidateCompleteConfiguration()
- {
- ApplicationPolicy completeConfig = config.get("conf-complete");
- BaseAuthenticationInfo authInfo = completeConfig.getAuthenticationInfo();
- List<?> entries = authInfo.getModuleEntries();
- assertEquals("Number of entries = 1", 1, entries.size());
-
- //First Entry
- Object entry = entries.get(0);
- assertTrue("Entry instanceof AppConfigurationEntry",
- entry instanceof AppConfigurationEntry);
- AppConfigurationEntry ace = (AppConfigurationEntry)entry;
- assertEquals("LM Name","org.jboss.test.TestLoginModule" ,ace.getLoginModuleName());
- assertEquals("Required", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
- ace.getControlFlag());
- Map<String,?> aceOptions = ace.getOptions();
- assertEquals("Number of options = 3", 3, aceOptions.size());
- assertEquals("name=1.1", "1.1", aceOptions.get("name"));
- assertEquals("succeed=true", "true", aceOptions.get("succeed"));
- assertEquals("throwEx=false", "false", aceOptions.get("throwEx"));
-
- //Authorization
- AuthorizationInfo authzInfo = completeConfig.getAuthorizationInfo();
- assertNotNull("AuthorizationInfo is not null", authzInfo);
- AuthorizationModuleEntry[] authzEntries = authzInfo.getAuthorizationModuleEntry();
- assertEquals("Length of authorization entries = 1", 1, authzEntries.length);
- AuthorizationModuleEntry authzEntry = authzEntries[0];
- assertEquals("TestPolicyModule","org.jboss.test.TestPolicyModule",
- authzEntry.getPolicyModuleName());
- assertEquals("Required", ControlFlag.REQUIRED,
- authzEntry.getControlFlag());
- Map<String,?> authzoptions = authzEntry.getOptions();
- assertEquals("Number of options = 2", 2, authzoptions.size());
- assertEquals("name=authz", "authz", authzoptions.get("name"));
- assertEquals("succeed=true", "true", authzoptions.get("succeed"));
-
- //Role Mapping
- MappingInfo mappingInfo = completeConfig.getRoleMappingInfo();
- assertNotNull("MappingInfo is not null", mappingInfo);
- MappingModuleEntry[] mmearr = mappingInfo.getMappingModuleEntry();
- assertEquals("Mapping entry length=1", 1, mmearr.length);
- MappingModuleEntry mme = mmearr[0];
- assertEquals("TestMappingModule","org.jboss.test.TestMappingModule",
- mme.getMappingModuleName());
- Map<String,?> mmOptions = mme.getOptions();
- assertEquals("Number of options = 2", 2, mmOptions.size());
- assertEquals("name=rolemap", "rolemap", mmOptions.get("name"));
- assertEquals("succeed=true", "true", mmOptions.get("succeed"));
-
- //Audit
- AuditInfo ai = completeConfig.getAuditInfo();
- assertNotNull("AuditInfo", ai);
- AuditProviderEntry[] apelist = ai.getAuditProviderEntry();
- assertEquals("Audit entry length=1", 1, apelist.length);
- AuditProviderEntry ape = apelist[0];
- assertEquals("TestMappingModule","org.jboss.test.TestMappingModule",
- mme.getMappingModuleName());
- Map<String,?> auditOptions = ape.getOptions();
- assertEquals("Number of options = 2", 2, auditOptions.size());
- assertEquals("name=auditprovider", "auditprovider", auditOptions.get("name"));
- assertEquals("succeed=false", "false", auditOptions.get("succeed"));
-
- //Identity Trust
- IdentityTrustInfo iti = completeConfig.getIdentityTrustInfo();
- assertNotNull("IdentityTrustInfo", iti);
- IdentityTrustModuleEntry[] itilist = iti.getIdentityTrustModuleEntry();
- assertEquals("IdentityTrustModuleEntry length=1", 1, itilist.length);
- IdentityTrustModuleEntry itie = itilist[0];
- assertEquals("TestMappingModule","org.jboss.test.TestMappingModule",
- mme.getMappingModuleName());
- Map<String,?> itieOptions = itie.getOptions();
- assertEquals("Number of options = 3", 3, itieOptions.size());
- assertEquals("name=trustprovider", "trustprovider", itieOptions.get("name"));
- assertEquals("succeed=true", "true", itieOptions.get("succeed"));
- assertEquals("dummy=dr", "dr", itieOptions.get("dummy"));
- }
-
- public void testApplicationPolicyExtension()
- {
- ApplicationPolicy completeConfig = config.get("conf-jaas-extend");
- assertNotNull("conf-jaas-extend is not null", completeConfig);
- BaseAuthenticationInfo bai = completeConfig.getAuthenticationInfo();
- assertNotNull("BaseAuthenticationInfo is not null", bai);
- assertEquals("3 login modules", 3,bai.getModuleEntries().size());
- AuthorizationInfo azi = completeConfig.getAuthorizationInfo();
- assertNotNull("AuthorizationInfo is not null", azi);
- assertEquals("3 authz modules", 3, azi.getModuleEntries().size());
- //Role Mapping
- MappingInfo mappingInfo = completeConfig.getRoleMappingInfo();
- assertNotNull("MappingInfo is not null", mappingInfo);
- assertEquals("1 map modules", 1, mappingInfo.getModuleEntries().size());
- //Audit
- AuditInfo ai = completeConfig.getAuditInfo();
- assertNotNull("AuditInfo", ai);
- AuditProviderEntry[] apelist = ai.getAuditProviderEntry();
- assertEquals("Audit entry length=1", 1, apelist.length);
- //Identity Trust
- IdentityTrustInfo iti = completeConfig.getIdentityTrustInfo();
- assertNotNull("IdentityTrustInfo", iti);
- IdentityTrustModuleEntry[] itilist = iti.getIdentityTrustModuleEntry();
- assertEquals("IdentityTrustModuleEntry length=1", 1, itilist.length);
- }
-
- private InputStreamReader loadURL(URL configURL)
- throws IOException
- {
- InputStream is = configURL.openStream();
- if (is == null)
- throw new IOException("Failed to obtain InputStream from url: " + configURL);
- InputStreamReader xmlReader = new InputStreamReader(is);
- return xmlReader;
- }
-}
\ No newline at end of file
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java (from rev 73388, projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,310 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.config;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.URL;
+import java.util.List;
+import java.util.Map;
+
+import javax.security.auth.login.AppConfigurationEntry;
+
+import org.jboss.security.audit.config.AuditProviderEntry;
+import org.jboss.security.auth.container.config.AuthModuleEntry;
+import org.jboss.security.auth.login.BaseAuthenticationInfo;
+import org.jboss.security.auth.login.LoginConfigObjectModelFactory;
+import org.jboss.security.auth.login.LoginModuleStackHolder;
+import org.jboss.security.auth.spi.UsersObjectModelFactory;
+import org.jboss.security.authorization.config.AuthorizationModuleEntry;
+import org.jboss.security.authorization.config.SecurityConfigObjectModelFactory;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.AuditInfo;
+import org.jboss.security.config.AuthorizationInfo;
+import org.jboss.security.config.ControlFlag;
+import org.jboss.security.config.IdentityTrustInfo;
+import org.jboss.security.config.MappingInfo;
+import org.jboss.security.config.PolicyConfig;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry;
+import org.jboss.security.mapping.config.MappingModuleEntry;
+import org.jboss.test.AbstractJBossSXTest;
+import org.jboss.xb.binding.Unmarshaller;
+import org.jboss.xb.binding.UnmarshallerFactory;
+
+/**
+ * Security Configuration Unit Test Case
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 25, 2007
+ * @version $Revision$
+ */
+public class SecurityConfigurationUnitTestCase extends AbstractJBossSXTest
+{
+ protected String schemaFile = "schema/security-config_5_0.xsd";
+ protected String xmlFile = "config/securityConfig5.xml";
+
+ protected PolicyConfig config = null;
+
+ public SecurityConfigurationUnitTestCase(String name)
+ {
+ super(name);
+ }
+
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+
+ LoginConfigObjectModelFactory lcomf = new SecurityConfigObjectModelFactory();
+ UsersObjectModelFactory uomf = new UsersObjectModelFactory();
+ URL xmlFileURL = tcl.getResource(xmlFile);
+ assertNotNull("XML File URL is not null", xmlFileURL);
+ InputStreamReader xmlReader = loadURL(xmlFileURL);
+ Unmarshaller unmarshaller = UnmarshallerFactory.newInstance().newUnmarshaller();
+ unmarshaller.mapFactoryToNamespace(uomf, "http://www.jboss.org/j2ee/schemas/XMLLoginModule");
+ unmarshaller.setSchemaValidation(true);
+ unmarshaller.setNamespaceAware(true);
+ unmarshaller.setFeature(Unmarshaller.SCHEMA_VALIDATION, Boolean.TRUE);
+ Object root = null;
+ config = (PolicyConfig) unmarshaller.unmarshal(xmlReader, lcomf, root);
+ assertNotNull("PolicyConfig is not null", config);
+ }
+
+
+ public void testValidateJAASConfiguration()
+ {
+ ApplicationPolicy jaasConfig = config.get("conf-jaas");
+ BaseAuthenticationInfo authInfo = jaasConfig.getAuthenticationInfo();
+ List<?> entries = authInfo.getModuleEntries();
+ assertEquals("Number of entries = 2", 2, entries.size());
+
+ //First Entry
+ Object entry = entries.get(0);
+ assertTrue("Entry instanceof AppConfigurationEntry",
+ entry instanceof AppConfigurationEntry);
+ AppConfigurationEntry ace = (AppConfigurationEntry)entry;
+ assertEquals("LM Name","org.jboss.test.TestLoginModule" ,ace.getLoginModuleName());
+ assertEquals("Required", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
+ ace.getControlFlag());
+ Map<String,?> aceOptions = ace.getOptions();
+ assertEquals("Number of options = 3", 3, aceOptions.size());
+ assertEquals("name=1.1", "1.1", aceOptions.get("name"));
+ assertEquals("succeed=true", "true", aceOptions.get("succeed"));
+ assertEquals("throwEx=false", "false", aceOptions.get("throwEx"));
+
+ //Second Entry
+ entry = entries.get(1);
+ assertTrue("Entry instanceof AppConfigurationEntry",
+ entry instanceof AppConfigurationEntry);
+ ace = (AppConfigurationEntry)entry;
+ assertEquals("LM Name","org.jboss.test.TestLoginModule2" ,ace.getLoginModuleName());
+ assertEquals("Optional expected", AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL,
+ ace.getControlFlag());
+ aceOptions = ace.getOptions();
+ assertEquals("Number of options = 4", 4, aceOptions.size());
+ assertEquals("name=1.2", "1.2", aceOptions.get("name"));
+ assertEquals("succeed=false", "false", aceOptions.get("succeed"));
+ assertEquals("throwEx=true", "true", aceOptions.get("throwEx"));
+ assertEquals("dummy=d", "d", aceOptions.get("dummy"));
+
+ }
+
+ public void testValidateJASPIConfiguration()
+ {
+ ApplicationPolicy jaspiConfig = config.get("conf-jaspi");
+ BaseAuthenticationInfo authInfo = jaspiConfig.getAuthenticationInfo();
+ List<?> entries = authInfo.getModuleEntries();
+ assertEquals("Number of entries = 2", 2, entries.size());
+
+ //First Entry
+ Object entry = entries.get(0);
+ assertTrue("Entry instanceof AppConfigurationEntry",
+ entry instanceof AuthModuleEntry);
+ AuthModuleEntry ace = (AuthModuleEntry)entry;
+ assertEquals("LM Name","TestAuthModule" ,ace.getAuthModuleName());
+ assertEquals("Required", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
+ ace.getControlFlag());
+ Map<String,?> aceOptions = ace.getOptions();
+ assertEquals("Number of options = 3", 3, aceOptions.size());
+ assertEquals("usersProperties=u", "u", aceOptions.get("usersProperties"));
+ assertEquals("rolesProperties=r", "r", aceOptions.get("rolesProperties"));
+ assertEquals("unauthenticatedIdentity=anonymous",
+ "anonymous", aceOptions.get("unauthenticatedIdentity"));
+
+ //Second Entry
+ entry = entries.get(1);
+ assertTrue("Entry instanceof AppConfigurationEntry",
+ entry instanceof AuthModuleEntry);
+ ace = (AuthModuleEntry)entry;
+ assertEquals("LM Name","TestAuthModule2" ,ace.getAuthModuleName());
+ assertEquals("Required", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
+ ace.getControlFlag());
+ aceOptions = ace.getOptions();
+ assertEquals("Number of options = 0", 0, aceOptions.size());
+ LoginModuleStackHolder lmsh = ace.getLoginModuleStackHolder();
+ assertEquals("lm-stack", "lm-stack", lmsh.getName());
+ AppConfigurationEntry[] appEntries = lmsh.getAppConfigurationEntry();
+ assertEquals("App Entries in LMSH=1",1,appEntries.length);
+
+ Object appEntry = appEntries[0];
+ assertTrue("Entry instanceof AppConfigurationEntry",
+ appEntry instanceof AppConfigurationEntry);
+ AppConfigurationEntry appace = (AppConfigurationEntry)appEntry;
+ assertEquals("LM Name","org.jboss.security.auth.spi.UsersRolesLoginModule" ,
+ appace.getLoginModuleName());
+ assertEquals("Optional", AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL,
+ appace.getControlFlag());
+ Map<String,?> appaceOptions = appace.getOptions();
+ assertEquals("Number of options = 3", 3, appaceOptions.size());
+ assertEquals("usersProperties=u", "u", appaceOptions.get("usersProperties"));
+ assertEquals("rolesProperties=r", "r", appaceOptions.get("rolesProperties"));
+ assertEquals("unauthenticatedIdentity=anonymous",
+ "anonymous", appaceOptions.get("unauthenticatedIdentity"));
+ }
+
+ public void testValidateCompleteConfiguration()
+ {
+ ApplicationPolicy completeConfig = config.get("conf-complete");
+ BaseAuthenticationInfo authInfo = completeConfig.getAuthenticationInfo();
+ List<?> entries = authInfo.getModuleEntries();
+ assertEquals("Number of entries = 1", 1, entries.size());
+
+ //First Entry
+ Object entry = entries.get(0);
+ assertTrue("Entry instanceof AppConfigurationEntry",
+ entry instanceof AppConfigurationEntry);
+ AppConfigurationEntry ace = (AppConfigurationEntry)entry;
+ assertEquals("LM Name","org.jboss.test.TestLoginModule" ,ace.getLoginModuleName());
+ assertEquals("Required", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
+ ace.getControlFlag());
+ Map<String,?> aceOptions = ace.getOptions();
+ assertEquals("Number of options = 3", 3, aceOptions.size());
+ assertEquals("name=1.1", "1.1", aceOptions.get("name"));
+ assertEquals("succeed=true", "true", aceOptions.get("succeed"));
+ assertEquals("throwEx=false", "false", aceOptions.get("throwEx"));
+
+ //Authorization
+ AuthorizationInfo authzInfo = completeConfig.getAuthorizationInfo();
+ assertNotNull("AuthorizationInfo is not null", authzInfo);
+ AuthorizationModuleEntry[] authzEntries = authzInfo.getAuthorizationModuleEntry();
+ assertEquals("Length of authorization entries = 1", 1, authzEntries.length);
+ AuthorizationModuleEntry authzEntry = authzEntries[0];
+ assertEquals("TestPolicyModule","org.jboss.test.TestPolicyModule",
+ authzEntry.getPolicyModuleName());
+ assertEquals("Required", ControlFlag.REQUIRED,
+ authzEntry.getControlFlag());
+ Map<String,?> authzoptions = authzEntry.getOptions();
+ assertEquals("Number of options = 2", 2, authzoptions.size());
+ assertEquals("name=authz", "authz", authzoptions.get("name"));
+ assertEquals("succeed=true", "true", authzoptions.get("succeed"));
+
+ //Role Mapping
+ MappingInfo mappingInfo = completeConfig.getRoleMappingInfo();
+ assertNotNull("MappingInfo is not null", mappingInfo);
+ MappingModuleEntry[] mmearr = mappingInfo.getMappingModuleEntry();
+ assertEquals("Mapping entry length=1", 1, mmearr.length);
+ MappingModuleEntry mme = mmearr[0];
+ assertEquals("TestMappingModule","org.jboss.test.TestMappingModule",
+ mme.getMappingModuleName());
+ Map<String,?> mmOptions = mme.getOptions();
+ assertEquals("Number of options = 2", 2, mmOptions.size());
+ assertEquals("name=rolemap", "rolemap", mmOptions.get("name"));
+ assertEquals("succeed=true", "true", mmOptions.get("succeed"));
+
+ //Audit
+ AuditInfo ai = completeConfig.getAuditInfo();
+ assertNotNull("AuditInfo", ai);
+ AuditProviderEntry[] apelist = ai.getAuditProviderEntry();
+ assertEquals("Audit entry length=1", 1, apelist.length);
+ AuditProviderEntry ape = apelist[0];
+ assertEquals("TestMappingModule","org.jboss.test.TestMappingModule",
+ mme.getMappingModuleName());
+ Map<String,?> auditOptions = ape.getOptions();
+ assertEquals("Number of options = 2", 2, auditOptions.size());
+ assertEquals("name=auditprovider", "auditprovider", auditOptions.get("name"));
+ assertEquals("succeed=false", "false", auditOptions.get("succeed"));
+
+ //Identity Trust
+ IdentityTrustInfo iti = completeConfig.getIdentityTrustInfo();
+ assertNotNull("IdentityTrustInfo", iti);
+ IdentityTrustModuleEntry[] itilist = iti.getIdentityTrustModuleEntry();
+ assertEquals("IdentityTrustModuleEntry length=1", 1, itilist.length);
+ IdentityTrustModuleEntry itie = itilist[0];
+ assertEquals("TestMappingModule","org.jboss.test.TestMappingModule",
+ mme.getMappingModuleName());
+ Map<String,?> itieOptions = itie.getOptions();
+ assertEquals("Number of options = 3", 3, itieOptions.size());
+ assertEquals("name=trustprovider", "trustprovider", itieOptions.get("name"));
+ assertEquals("succeed=true", "true", itieOptions.get("succeed"));
+ assertEquals("dummy=dr", "dr", itieOptions.get("dummy"));
+ }
+
+ public void testApplicationPolicyExtension()
+ {
+ ApplicationPolicy completeConfig = config.get("conf-jaas-extend");
+ assertNotNull("conf-jaas-extend is not null", completeConfig);
+ BaseAuthenticationInfo bai = completeConfig.getAuthenticationInfo();
+ assertNotNull("BaseAuthenticationInfo is not null", bai);
+ assertEquals("3 login modules", 3,bai.getModuleEntries().size());
+ AuthorizationInfo azi = completeConfig.getAuthorizationInfo();
+ assertNotNull("AuthorizationInfo is not null", azi);
+ assertEquals("3 authz modules", 3, azi.getModuleEntries().size());
+ //Role Mapping
+ MappingInfo mappingInfo = completeConfig.getRoleMappingInfo();
+ assertNotNull("MappingInfo is not null", mappingInfo);
+ assertEquals("1 map modules", 1, mappingInfo.getModuleEntries().size());
+ //Audit
+ AuditInfo ai = completeConfig.getAuditInfo();
+ assertNotNull("AuditInfo", ai);
+ AuditProviderEntry[] apelist = ai.getAuditProviderEntry();
+ assertEquals("Audit entry length=1", 1, apelist.length);
+ //Identity Trust
+ IdentityTrustInfo iti = completeConfig.getIdentityTrustInfo();
+ assertNotNull("IdentityTrustInfo", iti);
+ IdentityTrustModuleEntry[] itilist = iti.getIdentityTrustModuleEntry();
+ assertEquals("IdentityTrustModuleEntry length=1", 1, itilist.length);
+ }
+
+ public void testAddDeletionOfApplicationPolicies()
+ {
+ ApplicationPolicy aPolicy = new ApplicationPolicy("test");
+ SecurityConfiguration.addApplicationPolicy(aPolicy);
+ ApplicationPolicy ap = SecurityConfiguration.getApplicationPolicy("test");
+ assertNotNull("Application Policy for test != null", ap);
+ assertEquals("Application Policy Name = test", "test", ap.getName() );
+
+ SecurityConfiguration.removeApplicationPolicy("test");
+ assertNull("Application Policy for test is null",
+ SecurityConfiguration.getApplicationPolicy("test"));
+ }
+
+ private InputStreamReader loadURL(URL configURL)
+ throws IOException
+ {
+ InputStream is = configURL.openStream();
+ if (is == null)
+ throw new IOException("Failed to obtain InputStream from url: " + configURL);
+ InputStreamReader xmlReader = new InputStreamReader(is);
+ return xmlReader;
+ }
+}
\ No newline at end of file
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx-client/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx-client/pom.xml 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx-client/pom.xml 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,74 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-parent</artifactId>
- <version>3</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <groupId>org.jboss.security</groupId>
- <artifactId>jbosssx-client</artifactId>
- <version>2.0.2-SNAPSHOT</version>
- <packaging>jar</packaging>
- <name>JBoss Security Client</name>
- <url>http://www.jboss.org</url>
- <description>JBoss Security Client Library</description>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-jar-plugin</artifactId>
- <executions>
- <execution>
- <goals>
- <goal>jar</goal>
- </goals>
- </execution>
- </executions>
- <version>2.2</version>
- <configuration>
- <archive>
- <manifest>
- <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
- <addDefaultSpecificationEntries />
- </manifest>
- </archive>
- <classesDirectory>../jbosssx/target/classes</classesDirectory>
- <includes>
- <include>JBossORG-EULA.txt</include>
- <include>org/jboss/crypto/JBossSXProvider.class</include>
- <include>org/jboss/crypto/digest/*</include>
- <include>org/jboss/security/*</include>
- <include>org/jboss/security/auth/callback/*</include>
- <include>org/jboss/security/auth/login/*</include>
- <include>org/jboss/security/client/*</include>
- <include>org/jboss/security/auth/login/XMLLoginConfig.class</include>
- <include>org/jboss/security/auth/login/XMLLoginConfigMBean.class</include>
- <include>org/jboss/security/plugins/PBEUtils.class</include>
- <include>org/jboss/security/ssl/ClientSocketFactory.class</include>
- <include>org/jboss/security/ssl/RMISSLClientSocketFactory.class</include>
- <include>org/jboss/security/plugins/*SecurityContext*.class</include>
- <include>org/jboss/resource/security/*.class</include> </includes>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.jboss.maven.plugins</groupId>
- <artifactId>maven-jboss-deploy-plugin</artifactId>
- <version>1.4</version>
- <executions>
- <execution>
- <id>jboss-deploy</id>
- <goals>
- <goal>jboss-deploy</goal>
- </goals>
- <phase>deploy</phase>
- </execution>
- </executions>
- <configuration>
- <groupId>jboss</groupId>
- <jbossDeployRoot>${jboss.repository.root}</jbossDeployRoot>
- <removeArtifactVersion>true</removeArtifactVersion>
- </configuration>
- </plugin>
- </plugins>
- </build>
-</project>
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx-client/pom.xml (from rev 73528, projects/security/security-jboss-sx/trunk/jbosssx-client/pom.xml)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx-client/pom.xml (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/jbosssx-client/pom.xml 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,74 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-parent</artifactId>
+ <version>3</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx-client</artifactId>
+ <version>2.0.2.CR2</version>
+ <packaging>jar</packaging>
+ <name>JBoss Security Client</name>
+ <url>http://www.jboss.org</url>
+ <description>JBoss Security Client Library</description>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <executions>
+ <execution>
+ <goals>
+ <goal>jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ <version>2.2</version>
+ <configuration>
+ <archive>
+ <manifest>
+ <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
+ <addDefaultSpecificationEntries />
+ </manifest>
+ </archive>
+ <classesDirectory>../jbosssx/target/classes</classesDirectory>
+ <includes>
+ <include>JBossORG-EULA.txt</include>
+ <include>org/jboss/crypto/JBossSXProvider.class</include>
+ <include>org/jboss/crypto/digest/*</include>
+ <include>org/jboss/security/*</include>
+ <include>org/jboss/security/auth/callback/*</include>
+ <include>org/jboss/security/auth/login/*</include>
+ <include>org/jboss/security/client/*</include>
+ <include>org/jboss/security/auth/login/XMLLoginConfig.class</include>
+ <include>org/jboss/security/auth/login/XMLLoginConfigMBean.class</include>
+ <include>org/jboss/security/plugins/PBEUtils.class</include>
+ <include>org/jboss/security/ssl/ClientSocketFactory.class</include>
+ <include>org/jboss/security/ssl/RMISSLClientSocketFactory.class</include>
+ <include>org/jboss/security/plugins/*SecurityContext*.class</include>
+ <include>org/jboss/resource/security/*.class</include> </includes>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.jboss.maven.plugins</groupId>
+ <artifactId>maven-jboss-deploy-plugin</artifactId>
+ <version>1.4</version>
+ <executions>
+ <execution>
+ <id>jboss-deploy</id>
+ <goals>
+ <goal>jboss-deploy</goal>
+ </goals>
+ <phase>deploy</phase>
+ </execution>
+ </executions>
+ <configuration>
+ <groupId>jboss</groupId>
+ <jbossDeployRoot>${jboss.repository.root}</jbossDeployRoot>
+ <removeArtifactVersion>true</removeArtifactVersion>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Deleted: projects/security/security-jboss-sx/tags/2.0.2.CR2/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/pom.xml 2008-05-09 16:48:44 UTC (rev 73225)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/pom.xml 2008-05-20 14:46:23 UTC (rev 73529)
@@ -1,252 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-parent</artifactId>
- <version>3</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <groupId>org.jboss.security</groupId>
- <artifactId>jbosssx-parent</artifactId>
- <version>2.0.2-SNAPSHOT</version>
- <packaging>pom</packaging>
- <name>JBoss Security Implementation for the JBAS - Parent</name>
- <url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <scm>
- <connection>scm:svn:http://anonsvn.jboss.org/repos/jbossas/projects/security/security-jboss-sx/tags/2.0.2.Beta6</connection>
- <developerConnection>scm:svn:https://svn.jboss.org/repos/jbossas/projects/security/security-jboss-sx/tags/2.0.2.Beta6</developerConnection>
- </scm>
- <repositories>
- <repository>
- <id>repository.jboss.org</id>
- <name>JBoss Repository</name>
- <layout>default</layout>
- <url>http://repository.jboss.org/maven2/</url>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </repository>
-
- <repository>
- <id>snapshots.jboss.org</id>
- <name>JBoss Snapshots Repository</name>
- <layout>default</layout>
- <url>http://snapshots.jboss.org/maven2/</url>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- <releases>
- <enabled>false</enabled>
- </releases>
- </repository>
- </repositories>
-
- <modules>
- <module>identity</module>
- <module>acl</module>
- <module>jbosssx</module>
- <module>jbosssx-client</module>
- <module>assembly</module>
- </modules>
-
- <profiles>
- <!-- mvn install -Psecurity-manager -->
- <profile>
- <id>security-manager</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <properties>
- <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
- <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
- <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} ${test.env}</surefire.jvm.args>
- </properties>
- <modules>
- <module>jbosssx</module>
- </modules>
- </profile>
- <!-- mvn install -Psecurity-manager-debug -->
- <!-- Best Practice: mvn install -Psecurity-manager-debug 2>&1 > logfile2>&1 > logfile -->
- <profile>
- <id>security-manager-debug</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <properties>
- <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
- <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
- <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} -Djava.security.debug=failure,access ${test.env}</surefire.jvm.args>
- </properties>
- <modules>
- <module>jbosssx</module>
- </modules>
- </profile>
-
- <!-- Specify heap size for ACL tests -->
- <profile>
- <id>acl-heap-profile</id>
- <activation>
- <activeByDefault>true</activeByDefault>
- </activation>
- <properties>
- <surefire.jvm.args>-Xms512m -Xmx1024m</surefire.jvm.args>
- </properties>
- <modules>
- <module>acl</module>
- </modules>
- </profile>
- </profiles>
-
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <configuration>
- <printSummary>true</printSummary>
- <disableXmlReport>false</disableXmlReport>
- <testFailureIgnore>true</testFailureIgnore>
- <includes>
- <include>**/**TestCase.java</include>
- </includes>
- <forkMode>pertest</forkMode>
- <argLine>${surefire.jvm.args}</argLine>
- <useFile>false</useFile>
- <trimStackTrace>false</trimStackTrace>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.jboss.maven.plugins</groupId>
- <artifactId>maven-jboss-deploy-plugin</artifactId>
- <version>1.6</version>
- <executions>
- <execution>
- <id>jboss-deploy</id>
- <goals>
- <goal>jboss-deploy</goal>
- </goals>
- <phase>deploy</phase>
- </execution>
- </executions>
- <configuration>
- <groupId>jboss</groupId>
- <jbossDeployRoot>${jboss.repository.root}</jbossDeployRoot>
- <removeArtifactVersion>true</removeArtifactVersion>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <dependencyManagement>
- <dependencies>
- <dependency>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-common-core</artifactId>
- <version>2.2.1.GA</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-logging-spi</artifactId>
- <version>2.0.2.GA</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-logging-log4j</artifactId>
- <version>2.0.2.GA</version>
- <scope>runtime</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.javaee</groupId>
- <artifactId>jboss-jacc-api</artifactId>
- <version>1.1.0.${org.jboss.javaee.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.javaee</groupId>
- <artifactId>jboss-transaction-api</artifactId>
- <version>1.0.1.${org.jboss.javaee.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.javaee</groupId>
- <artifactId>jboss-jaspi-api</artifactId>
- <version>1.0.0.${org.jboss.javaee.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>acl-spi</artifactId>
- <version>${org.jboss.security.spi.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>authorization-spi</artifactId>
- <version>${org.jboss.security.spi.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>identity-spi</artifactId>
- <version>${org.jboss.security.spi.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-security-spi-bare</artifactId>
- <version>${org.jboss.security.spi.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>apache-log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>1.2.14</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>3.8.1</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-test</artifactId>
- <version>1.0.4.GA</version>
- <scope>test</scope>
- </dependency>
- </dependencies>
- </dependencyManagement>
-
- <distributionManagement>
- <repository>
- <!-- Copy the distribution jar file to a local checkout of the maven repositry
- - This variable can be set in $MAVEN_HOME/conf/settings.xml -->
- <id>repository.jboss.org</id>
- <url>file://${maven.repository.root}</url>
- </repository>
- <snapshotRepository>
- <id>snapshots.jboss.org</id>
- <name>JBoss Inc. Repository</name>
- <layout>default</layout>
- <url>dav:https://snapshots.jboss.org/maven2/</url>
- </snapshotRepository>
- </distributionManagement>
-
- <properties>
- <org.jboss.javaee.version>CR1</org.jboss.javaee.version>
- <org.jboss.security.spi.version>2.0.2-SNAPSHOT</org.jboss.security.spi.version>
- </properties>
-
-</project>
Copied: projects/security/security-jboss-sx/tags/2.0.2.CR2/pom.xml (from rev 73528, projects/security/security-jboss-sx/trunk/pom.xml)
===================================================================
--- projects/security/security-jboss-sx/tags/2.0.2.CR2/pom.xml (rev 0)
+++ projects/security/security-jboss-sx/tags/2.0.2.CR2/pom.xml 2008-05-20 14:46:23 UTC (rev 73529)
@@ -0,0 +1,252 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-parent</artifactId>
+ <version>3</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx-parent</artifactId>
+ <version>2.0.2.CR2</version>
+ <packaging>pom</packaging>
+ <name>JBoss Security Implementation for the JBAS - Parent</name>
+ <url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <scm>
+ <connection>scm:svn:http://anonsvn.jboss.org/repos/jbossas/projects/security/security-jboss-sx/tags/2.0.2.CR2</connection>
+ <developerConnection>scm:svn:https://svn.jboss.org/repos/jbossas/projects/security/security-jboss-sx/tags/2.0.2.CR2</developerConnection>
+ </scm>
+ <repositories>
+ <repository>
+ <id>repository.jboss.org</id>
+ <name>JBoss Repository</name>
+ <layout>default</layout>
+ <url>http://repository.jboss.org/maven2/</url>
+ <snapshots>
+ <enabled>false</enabled>
+ </snapshots>
+ </repository>
+
+ <repository>
+ <id>snapshots.jboss.org</id>
+ <name>JBoss Snapshots Repository</name>
+ <layout>default</layout>
+ <url>http://snapshots.jboss.org/maven2/</url>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ </repository>
+ </repositories>
+
+ <modules>
+ <module>identity</module>
+ <module>acl</module>
+ <module>jbosssx</module>
+ <module>jbosssx-client</module>
+ <module>assembly</module>
+ </modules>
+
+ <profiles>
+ <!-- mvn install -Psecurity-manager -->
+ <profile>
+ <id>security-manager</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <properties>
+ <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
+ <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
+ <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} ${test.env}</surefire.jvm.args>
+ </properties>
+ <modules>
+ <module>jbosssx</module>
+ </modules>
+ </profile>
+ <!-- mvn install -Psecurity-manager-debug -->
+ <!-- Best Practice: mvn install -Psecurity-manager-debug 2>&1 > logfile2>&1 > logfile -->
+ <profile>
+ <id>security-manager-debug</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <properties>
+ <test.env>-Dtest.basedir=${basedir}/target/test-classes</test.env>
+ <policy.file>${basedir}/src/tests/resources/java.policy</policy.file>
+ <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} -Djava.security.debug=failure,access ${test.env}</surefire.jvm.args>
+ </properties>
+ <modules>
+ <module>jbosssx</module>
+ </modules>
+ </profile>
+
+ <!-- Specify heap size for ACL tests -->
+ <profile>
+ <id>acl-heap-profile</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+ <properties>
+ <surefire.jvm.args>-Xms512m -Xmx1024m</surefire.jvm.args>
+ </properties>
+ <modules>
+ <module>acl</module>
+ </modules>
+ </profile>
+ </profiles>
+
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <printSummary>true</printSummary>
+ <disableXmlReport>false</disableXmlReport>
+ <testFailureIgnore>true</testFailureIgnore>
+ <includes>
+ <include>**/**TestCase.java</include>
+ </includes>
+ <forkMode>pertest</forkMode>
+ <argLine>${surefire.jvm.args}</argLine>
+ <useFile>false</useFile>
+ <trimStackTrace>false</trimStackTrace>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.jboss.maven.plugins</groupId>
+ <artifactId>maven-jboss-deploy-plugin</artifactId>
+ <version>1.6</version>
+ <executions>
+ <execution>
+ <id>jboss-deploy</id>
+ <goals>
+ <goal>jboss-deploy</goal>
+ </goals>
+ <phase>deploy</phase>
+ </execution>
+ </executions>
+ <configuration>
+ <groupId>jboss</groupId>
+ <jbossDeployRoot>${jboss.repository.root}</jbossDeployRoot>
+ <removeArtifactVersion>true</removeArtifactVersion>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-common-core</artifactId>
+ <version>2.2.1.GA</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-logging-spi</artifactId>
+ <version>2.0.2.GA</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-logging-log4j</artifactId>
+ <version>2.0.2.GA</version>
+ <scope>runtime</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.javaee</groupId>
+ <artifactId>jboss-jacc-api</artifactId>
+ <version>1.1.0.${org.jboss.javaee.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.javaee</groupId>
+ <artifactId>jboss-transaction-api</artifactId>
+ <version>1.0.1.${org.jboss.javaee.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.javaee</groupId>
+ <artifactId>jboss-jaspi-api</artifactId>
+ <version>1.0.0.${org.jboss.javaee.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>acl-spi</artifactId>
+ <version>${org.jboss.security.spi.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>authorization-spi</artifactId>
+ <version>${org.jboss.security.spi.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>identity-spi</artifactId>
+ <version>${org.jboss.security.spi.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-security-spi-bare</artifactId>
+ <version>${org.jboss.security.spi.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>apache-log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>1.2.14</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>3.8.1</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-test</artifactId>
+ <version>1.0.4.GA</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
+ <distributionManagement>
+ <repository>
+ <!-- Copy the distribution jar file to a local checkout of the maven repositry
+ - This variable can be set in $MAVEN_HOME/conf/settings.xml -->
+ <id>repository.jboss.org</id>
+ <url>file://${maven.repository.root}</url>
+ </repository>
+ <snapshotRepository>
+ <id>snapshots.jboss.org</id>
+ <name>JBoss Inc. Repository</name>
+ <layout>default</layout>
+ <url>dav:https://snapshots.jboss.org/maven2/</url>
+ </snapshotRepository>
+ </distributionManagement>
+
+ <properties>
+ <org.jboss.javaee.version>CR1</org.jboss.javaee.version>
+ <org.jboss.security.spi.version>2.0.2.CR1</org.jboss.security.spi.version>
+ </properties>
+
+</project>
More information about the jboss-cvs-commits
mailing list