[jboss-cvs] JBossAS SVN: r88880 - in projects/security/security-negotiation/branches/SECURITY-353: jboss-negotiation-portal/src/main/java and 9 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu May 14 13:02:06 EDT 2009
Author: darran.lofthouse at jboss.com
Date: 2009-05-14 13:02:06 -0400 (Thu, 14 May 2009)
New Revision: 88880
Added:
projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/build.xml
projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/
projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/
projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/
projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/
projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/
projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/PortalAuthenticator.java
projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/PortalIdentityLoginModule.java
projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/jbossweb/
projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/jbossweb/jboss-service.xml
projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/
projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/login-config.xml
projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/web.xml
Modified:
projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/
projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/.classpath
projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/.project
projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/pom.xml
projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
Log:
Initial integration with JBoss Portal
Property changes on: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal
___________________________________________________________________
Name: svn:ignore
- target
+ target
.settings
Modified: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/.classpath
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/.classpath 2009-05-14 16:08:16 UTC (rev 88879)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/.classpath 2009-05-14 17:02:06 UTC (rev 88880)
@@ -1,7 +1,14 @@
<classpath>
- <classpathentry kind="src" path="src/main/java"/>
- <classpathentry kind="src" path="src/resources"/>
- <classpathentry kind="src" path="src/tests/java" output="target/test-classes"/>
+ <classpathentry kind="src" path="src/tests/java" output="target/test-classes" including="**/*.java"/>
+ <classpathentry kind="src" path="src/main/java" including="**/*.java"/>
+ <classpathentry kind="src" path="src/resources" including="**/*" excluding="**/*.java"/>
<classpathentry kind="output" path="target/classes"/>
+ <classpathentry kind="lib" path="/home/darranl/src/JBoss_Portal/jboss-4.2.3.GA/server/default/deploy/jboss-portal-exploded.sar/lib/portal-identity-lib.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common/4.2.3.GA/jboss-common-4.2.3.GA.jar"/>
+ <classpathentry kind="src" path="/jboss-negotiation-common"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jbosssx/4.2.3.GA/jbosssx-4.2.3.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/web/jbossweb/2.1.0.GA/jbossweb-2.1.0.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/web/servlet-api/2.1.0.GA/servlet-api-2.1.0.GA.jar"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
</classpath>
\ No newline at end of file
Modified: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/.project
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/.project 2009-05-14 16:08:16 UTC (rev 88879)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/.project 2009-05-14 17:02:06 UTC (rev 88880)
@@ -1,13 +1,12 @@
<projectDescription>
- <name>jboss-negotiation-spnego</name>
- <comment>JBoss Negotiation Library</comment>
+ <name>jboss-negotiation-portal</name>
+ <comment>JBoss Negotiation - Additional classes for JBoss Portal integration.</comment>
<projects>
- <project>jboss-negotiation-portal</project>
+ <project>jboss-negotiation-common</project>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.jdt.core.javabuilder</name>
- <arguments/>
</buildCommand>
</buildSpec>
<natures>
Added: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/build.xml
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/build.xml (rev 0)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/build.xml 2009-05-14 17:02:06 UTC (rev 88880)
@@ -0,0 +1,35 @@
+<project name="JBoss-Negotiation-Portal" default="deploy" basedir=".">
+
+ <property environment="env"/>
+ <property name="jboss.home" location="${env.JBOSS_HOME}" />
+ <property name="jboss.server.dir" location="${jboss.home}/server/default" />
+
+ <property name="resources.dir" location="${basedir}/src/resources" />
+ <property name="target.dir" location="${basedir}/target" />
+
+ <path id="project.classpath">
+ </path>
+
+ <target name="prepare">
+ <echo message="JBoss Home - ${jboss.home}"/>
+ </target>
+
+ <target name="compile" depends="prepare">
+ </target>
+
+ <target name="deploy" depends="compile">
+ <!-- Add new authenticators. -->
+ <copy file="${resources.dir}/jbossweb/jboss-service.xml"
+ todir="${jboss.server.dir}/deploy/jboss-web.deployer/META-INF" />
+ <!-- Configure portal war to use authenticator. -->
+ <copy file="${resources.dir}/portal/web.xml"
+ todir="${jboss.server.dir}/deploy/jboss-portal-exploded.sar/portal-server.war/WEB-INF" />
+ <!-- Replace the portal login-config.xml -->
+ <copy file="${resources.dir}/portal/login-config.xml"
+ todir="${jboss.server.dir}/deploy/jboss-portal-exploded.sar/conf" />
+ <!-- Copy portal specific jar. -->
+ <copy file="${target.dir}/jboss-negotiation-portal.jar"
+ todir="${jboss.server.dir}/lib" />
+
+ </target>
+</project>
\ No newline at end of file
Property changes on: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/build.xml
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/pom.xml
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/pom.xml 2009-05-14 16:08:16 UTC (rev 88879)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/pom.xml 2009-05-14 17:02:06 UTC (rev 88880)
@@ -31,9 +31,30 @@
<!-- Do not add version information here, use ../parent/pom.xml instead -->
<dependencies>
<!-- Local Dependencies -->
-
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-negotiation-common</artifactId>
+ </dependency>
+
<!-- Global dependencies -->
-
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jbosssx</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>jboss.web</groupId>
+ <artifactId>servlet-api</artifactId>
+ </dependency>
+
+ <!-- System dependencies -->
+ <dependency>
+ <groupId>org.jboss.portal</groupId>
+ <artifactId>identity</artifactId>
+ <version>1.0.8</version>
+ <scope>system</scope>
+ <systemPath>${JBOSS_HOME}/server/default/deploy/jboss-portal-exploded.sar/lib/portal-identity-lib.jar</systemPath>
+ </dependency>
+
</dependencies>
</project>
Property changes on: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org
___________________________________________________________________
Name: svn:mergeinfo
+
Added: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/PortalAuthenticator.java
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/PortalAuthenticator.java (rev 0)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/PortalAuthenticator.java 2009-05-14 17:02:06 UTC (rev 88880)
@@ -0,0 +1,51 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ *
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.negotiation.portal;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.jboss.security.negotiation.NegotiationAuthenticator;
+
+/**
+ * An extension of the NegotiationAuthenticator to integrate with
+ * JBoss Portal.
+ *
+ * @author darran.lofthouse at jboss.com
+ * @version $Revision: 83572 $
+ */
+public class PortalAuthenticator extends NegotiationAuthenticator
+{
+
+ @Override
+ public void invoke(Request request, Response response) throws IOException, ServletException
+ {
+ request.setAttribute("ssoEnabled", "true");
+
+ super.invoke(request, response);
+ }
+
+}
Added: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/PortalIdentityLoginModule.java
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/PortalIdentityLoginModule.java (rev 0)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/PortalIdentityLoginModule.java 2009-05-14 17:02:06 UTC (rev 88880)
@@ -0,0 +1,71 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ *
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.negotiation.portal;
+
+import java.security.Principal;
+
+import javax.security.auth.login.LoginException;
+
+import org.jboss.portal.identity.auth.IdentityLoginModule;
+
+/**
+ * An extension of the IdentityLoginModule to allow for integration
+ * with JBoss Negotiation. The overrides here should be considered
+ * for potential changes within Portal to allow easier integration.
+ *
+ * @author darran.lofthouse at jboss.com
+ * @version $Revision$
+ */
+public class PortalIdentityLoginModule extends IdentityLoginModule
+{
+
+ @Override
+ protected String[] getUsernameAndPassword() throws LoginException
+ {
+ String[] values = super.getUsernameAndPassword();
+
+ if (values == null || values.length != 2)
+ {
+ throw new IllegalArgumentException("Unexpected response from getUsernameAndPassword()");
+ }
+
+ Object identity = sharedState.get("javax.security.auth.login.name");
+ if (identity != null)
+ {
+ String originalUser = values[0];
+ if (identity instanceof Principal)
+ {
+ values[0] = ((Principal) identity).getName();
+ }
+ else
+ {
+ values[0] = identity.toString();
+ }
+ values[1] = "";
+ log.info("Replaced username '" + originalUser + "' with '" + values[0] + "'.");
+ }
+
+ return values;
+ }
+
+}
Property changes on: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/PortalIdentityLoginModule.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Added: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/jbossweb/jboss-service.xml
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/jbossweb/jboss-service.xml (rev 0)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/jbossweb/jboss-service.xml 2009-05-14 17:02:06 UTC (rev 88880)
@@ -0,0 +1,212 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- $Id$ -->
+<server>
+
+ <!-- JBossWeb Service-->
+ <mbean code="org.jboss.web.tomcat.service.JBossWeb"
+ name="jboss.web:service=WebServer" xmbean-dd="META-INF/webserver-xmbean.xml">
+
+ <!-- You can configure a set of authenticators keyed by http-auth method used. This
+ will apply the same set of authenticators across all web applications. You can
+ override the set of authenticators at the web application level by adding
+ <authenticators> element to the respective jboss-web.xml -->
+ <!--
+ -->
+ <attribute name="Authenticators" serialDataType="jbxb">
+ <java:properties xmlns:java="urn:jboss:java-properties"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
+ xs:schemaLocation="urn:jboss:java-properties resource:java-properties_1_0.xsd">
+ <java:property>
+ <java:key>BASIC</java:key>
+ <java:value>org.apache.catalina.authenticator.BasicAuthenticator</java:value>
+ </java:property>
+ <java:property>
+ <java:key>CLIENT-CERT</java:key>
+ <java:value>org.apache.catalina.authenticator.SSLAuthenticator</java:value>
+ </java:property>
+ <java:property>
+ <java:key>DIGEST</java:key>
+ <java:value>org.apache.catalina.authenticator.DigestAuthenticator</java:value>
+ </java:property>
+ <java:property>
+ <java:key>FORM</java:key>
+ <java:value>org.apache.catalina.authenticator.FormAuthenticator</java:value>
+ </java:property>
+ <java:property>
+ <java:key>SPNEGO</java:key>
+ <java:value>org.jboss.security.negotiation.NegotiationAuthenticator</java:value>
+ </java:property>
+ <java:property>
+ <java:key>SPNEGO_PORTAL</java:key>
+ <java:value>org.jboss.security.negotiation.portal.PortalAuthenticator</java:value>
+ </java:property>
+ <java:property>
+ <java:key>NONE</java:key>
+ <java:value>org.apache.catalina.authenticator.NonLoginAuthenticator</java:value>
+ </java:property>
+ </java:properties>
+ </attribute>
+
+ <!-- The JAAS security domain to use in the absense of an explicit
+ security-domain specification in the war WEB-INF/jboss-web.xml
+ -->
+ <attribute name="DefaultSecurityDomain">java:/jaas/other</attribute>
+
+ <!-- Get the flag indicating if the normal Java2 parent first class
+ loading model should be used over the servlet 2.3 web container first
+ model.
+ -->
+ <attribute name="Java2ClassLoadingCompliance">false</attribute>
+ <!-- A flag indicating if the JBoss Loader should be used. This loader
+ uses a unified class loader as the class loader rather than the tomcat
+ specific class loader.
+ The default is false to ensure that wars have isolated class loading
+ for duplicate jars and jsp files.
+ -->
+ <attribute name="UseJBossWebLoader">false</attribute>
+ <!-- The list of package prefixes that should not be loaded without
+ delegating to the parent class loader before trying the web app
+ class loader. The packages listed here are those tha are used by
+ the web container implementation and cannot be overriden. The format
+ is a comma separated list of the package names. There cannot be any
+ whitespace between the package prefixes.
+ This setting only applies when UseJBossWebLoader=false.
+ -->
+ <attribute name="FilteredPackages">javax.servlet</attribute>
+
+ <attribute name="LenientEjbLink">true</attribute>
+
+ <!--Flag to delete the Work Dir on Context Destroy -->
+ <attribute name="DeleteWorkDirOnContextDestroy">false</attribute>
+
+ <!--
+ Class of the session manager (used if context is marked as 'distributable'. Currently allowed values:
+ - org.jboss.web.tomcat.service.session.JBossCacheManager
+ -->
+ <attribute name="ManagerClass">org.jboss.web.tomcat.service.session.JBossCacheManager</attribute>
+
+ <!-- The name of the request attribute under with the authenticated JAAS
+ Subject is stored on successful authentication. If null or empty then
+ the Subject will not be stored.
+ -->
+ <!--
+ <attribute name="SubjectAttributeName">j_subject</attribute>
+ -->
+
+ <!-- The SessionIdAlphabet is the set of characters used to create a session Id
+ It must be made up of exactly 65 unique characters
+ <attribute name="SessionIdAlphabet">ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-*</attribute>
+ -->
+
+ <!--
+ *******************************************************
+ ****************** CLUSTERING *************************
+ *******************************************************
+ In order to activate HTTP Session clustering for Tomcat
+ make sure you run JBoss's "all" configuration i.e.
+ "run -c all"
+ (the default configuration doesn't contain clustering)
+
+ Furthermore, you may change SnapshotMode and
+ SnapshotInterval attributes below to indicate when to
+ synchronize changes with the other node(s).
+
+ If you use Apache+mod_jk(2) you will most probably use
+ the AJP1.3 connector below. Thus, if you so wish,
+ you may comment (i.e. deactivate) the HTTP connector
+ as it won't be used anymore.
+
+ *******************************************************
+ *******************************************************
+ *******************************************************
+ -->
+
+ <!--
+ If you are using clustering, the following two attributes
+ define when the sessions are replicated to the other nodes.
+ The default value, "instant", synchronously replicates changes
+ to the other nodes at the end of requests. In this case, the
+ "SnapshotInterval" attribute is not used.
+ The "interval" mode, in association with the "SnapshotInterval"
+ attribute, indicates that modified sessions will only be replicated
+ every "SnapshotInterval" milliseconds at most.
+
+ Note that this attribute is not in effect if the replication-granularity
+ is set to FIELD. If it is FIELD, it will be per http request (that is,
+ "instant" mode.)
+ -->
+ <attribute name="SnapshotMode">instant</attribute> <!-- you may switch to "interval" -->
+ <attribute name="SnapshotInterval">2000</attribute>
+
+ <!--
+ Whether to use MOD_JK(2) for load balancing with sticky session
+ combined with JvmRoute. If set to true, it will insert a JvmRouteFilter
+ to intercept every request and replace the JvmRoute if it detects a
+ failover. In addition, you will need to set the JvmRoute inside
+ Tomcat, e.g.,
+ Engine name="jboss.web" jmvRoute="Node1" defaultHost="localhost"
+ in server.xml.
+
+ For clustering purpose only.
+ -->
+ <attribute name="UseJK">false</attribute>
+
+ <!--
+ Clustering only: Determines the maximum interval between requests, in
+ seconds, after which a request will trigger replication of the session's
+ timestamp and other metadata regardless of whether the request has otherwise
+ made the session dirty. Such replication ensures that other nodes in the
+ cluster are aware of the most recent value for the session's timestamp
+ and won't incorrectly expire an unreplicated session upon failover. It also
+ results in correct values for HttpSession.getLastAccessedTime() calls
+ following failover.
+
+ The cost of this metadata replication depends on the configured
+ replication-granularity. With <code>SESSION</code>, the session's
+ attribute map is replicated along with the metadata, so it can be fairly
+ costly. With other granularities, the metadata object is replicated
+ separately from the attributes and only contains a String, and a few longs,
+ ints and booleans.
+
+ A value of 0 means the metadata will be replicated whenever the session is
+ accessed. A value of -1 means the metadata will be replicated only if some
+ other activity during the request (e.g. modifying an attribute) has
+ resulted in other replication work involving the session. A positive value
+ greater than the HttpSession.getMaxInactiveInterval() value will be treated
+ as a likely misconfiguration and converted to 0; i.e. replicate the
+ metadata on every request.
+
+ Default value if unconfigured is 60 seconds.
+ -->
+ <attribute name="MaxUnreplicatedInterval">60</attribute>
+
+ <attribute name="Domain">jboss.web</attribute>
+
+ <!-- A mapping to the server security manager service which must be
+ operation compatible with type
+ org.jboss.security.plugins.JaasSecurityManagerServiceMBean. This is only
+ needed if web applications are allowed to flush the security manager
+ authentication cache when the web sessions invalidate.
+ -->
+ <depends optional-attribute-name="SecurityManagerService"
+ proxy-type="attribute">jboss.security:service=JaasSecurityManager
+ </depends>
+
+ <!--
+ Needed if using HTTP Session Clustering or if the
+ ClusteredSingleSignOn valve is enabled in the tomcat server.xml file
+ -->
+ <!--
+ <depends>jboss.cache:service=TomcatClusteringCache</depends>
+ -->
+
+ <depends>jboss:service=TransactionManager</depends>
+
+ <!-- Only needed if the org.jboss.web.tomcat.service.jca.CachedConnectionValve
+ is enabled in the tomcat server.xml file.
+ -->
+ <depends>jboss.jca:service=CachedConnectionManager</depends>
+
+ </mbean>
+
+</server>
Property changes on: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/jbossweb/jboss-service.xml
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Added: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/login-config.xml
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/login-config.xml (rev 0)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/login-config.xml 2009-05-14 17:02:06 UTC (rev 88880)
@@ -0,0 +1,127 @@
+<?xml version='1.0'?>
+<!--~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ ~ JBoss, a division of Red Hat ~
+ ~ Copyright 2006, Red Hat Middleware, LLC, and individual ~
+ ~ contributors as indicated by the @authors tag. See the ~
+ ~ copyright.txt in the distribution for a full listing of ~
+ ~ individual contributors. ~
+ ~ ~
+ ~ This is free software; you can redistribute it and/or modify it ~
+ ~ under the terms of the GNU Lesser General Public License as ~
+ ~ published by the Free Software Foundation; either version 2.1 of ~
+ ~ the License, or (at your option) any later version. ~
+ ~ ~
+ ~ This software is distributed in the hope that it will be useful, ~
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of ~
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ~
+ ~ Lesser General Public License for more details. ~
+ ~ ~
+ ~ You should have received a copy of the GNU Lesser General Public ~
+ ~ License along with this software; if not, write to the Free ~
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ~
+ ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org. ~
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~-->
+
+<!DOCTYPE policy PUBLIC
+ "-//JBoss//DTD JBOSS Security Config 3.0//EN"
+ "http://www.jboss.org/j2ee/dtd/security_config.dtd">
+<policy>
+ <!-- For the JCR CMS -->
+ <application-policy name="cms">
+ <authentication>
+ <login-module code="org.apache.jackrabbit.core.security.SimpleLoginModule" flag="required"/>
+ </authentication>
+ </application-policy>
+
+ <application-policy name="portal">
+ <authentication>
+
+ <login-module
+ code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule"
+ flag="requisite">
+ <module-option name="password-stacking">useFirstPass</module-option>
+ <module-option name="serverSecurityDomain">host</module-option>
+ </login-module>
+
+ <!--To configure LDAP support with IdentityLoginModule please check documentation on how to
+ configure portal identity modules for this-->
+ <login-module code="org.jboss.security.negotiation.portal.PortalIdentityLoginModule" flag="required">
+ <module-option name="unauthenticatedIdentity">guest</module-option>
+ <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
+ <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
+ <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
+ <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
+ <module-option name="validateUserNameCase">true</module-option>
+ <module-option name="additionalRole">Authenticated</module-option>
+ </login-module>
+
+ <!--Use can use this module instead of IdentityLoginModule to bind to LDAP. It simply extends JBossSX LdapExtLoginModule so
+ all configuration that can be applied to LdapExtLoginModule also can be applied here. For user that
+ was authenticated successfully it will try to take identity modules from portal, check if such user (and roles it belongs to)
+ is present, and if not it will try to create them. Then for all roles assigned to this authenticated principal it will
+ try to check and create them using identity modules. This behaviour can be disabled using "synchronizeRoles". You can also
+ define one "defaultAssignRole" that will be always assigned to synchronized user.
+ It is also possible to set option "synchronizeIdentity" to "false" so this module will act exactly like LdapExtLoginModule
+ but it will inject role defined in "additionalRole". For obvious reasons
+ this is designed to use with portal identity modules configured with DB and not LDAP-->
+ <!--There is also SynchronizingLDAPLoginModule which provide the same set of options on top of JBossSX LdapLoginModule-->
+ <!--<login-module code="org.jboss.portal.identity.auth.SynchronizingLDAPExtLoginModule" flag="required">
+ <module-option name="synchronizeIdentity">true</module-option>
+ <module-option name="synchronizeRoles">true</module-option>
+ <module-option name="preserveRoles">true</module-option>
+ <module-option name="additionalRole">Authenticated</module-option>
+ <module-option name="defaultAssignedRole">User</module-option>
+ <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
+ <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
+ <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
+ <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
+ <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
+ <module-option name="java.naming.provider.url">ldap://example.com:10389/</module-option>
+ <module-option name="java.naming.security.authentication">simple</module-option>
+ <module-option name="bindDN">cn=Directory Manager</module-option>
+ <module-option name="bindCredential">lolo</module-option>
+ <module-option name="baseCtxDN">ou=People,o=test,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com</module-option>
+ <module-option name="baseFilter">(uid={0})</module-option>
+ <module-option name="rolesCtxDN">ou=Roles,o=test,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com</module-option>
+ <module-option name="roleFilter">(member={1})</module-option>
+ <module-option name="roleAttributeID">cn</module-option>
+ <module-option name="roleRecursion">-1</module-option>
+ <module-option name="searchTimeLimit">10000</module-option>
+ <module-option name="searchScope">SUBTREE_SCOPE</module-option>
+ <module-option name="allowEmptyPasswords">false</module-option>
+ </login-module>-->
+
+ <!--This login module should be placed at the end of authentication stack. It always returns
+ true in login() method so it should be always "optional" and exists after other "required" module in the stack.
+ It will try to synchronize authenticated user into portal store using portal identity modules. Each subject principal assigned
+ by previous modules will be tried to synchronize into portal as a role. -->
+ <!--<login-module code="org.jboss.portal.identity.auth.SynchronizingLoginModule" flag="optional">
+ <module-option name="synchronizeIdentity">true</module-option>
+ <module-option name="synchronizeRoles">true</module-option>
+ <module-option name="preserveRoles">true</module-option>
+ <module-option name="additionalRole">Authenticated</module-option>
+ <module-option name="defaultAssignedRole">User</module-option>
+ <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
+ <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
+ <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
+ <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
+ </login-module>-->
+
+ <!--Uncomment this if you want to fall down to users kept in DB if LDAP authentication fails
+ This may be usefull if you want to use Admin user provided with portal database schema-->
+ <!--Note that this may lead to the security risk - with LDAP when storing user profile information
+ that are not mapped as attribute you may have LDAP user synchronized into DB with no password set.
+ Please see HibernateUserProfileImpl module options "synchronizeNonExistingUsers", "acceptOtherImplementations"
+ "defaultSynchronizePassword" or "randomSynchronizePassword" to manage this behaviour-->
+ <!--<login-module code = "org.jboss.portal.identity.auth.DBIdentityLoginModule" flag="sufficient">
+ <module-option name="dsJndiName">java:/PortalDS</module-option>
+ <module-option name="principalsQuery">SELECT jbp_password FROM jbp_users WHERE jbp_uname=?</module-option>
+ <module-option name="rolesQuery">SELECT jbp_roles.jbp_name, 'Roles' FROM jbp_role_membership INNER JOIN jbp_roles ON jbp_role_membership.jbp_rid = jbp_roles.jbp_rid INNER JOIN jbp_users ON jbp_role_membership.jbp_uid = jbp_users.jbp_uid WHERE jbp_users.jbp_uname=?</module-option>
+ <module-option name="hashAlgorithm">MD5</module-option>
+ <module-option name="hashEncoding">HEX</module-option>
+ <module-option name="additionalRole">Authenticated</module-option>
+ </login-module>-->
+
+ </authentication>
+ </application-policy>
+</policy>
Property changes on: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/login-config.xml
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Added: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/web.xml
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/web.xml (rev 0)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/web.xml 2009-05-14 17:02:06 UTC (rev 88880)
@@ -0,0 +1,224 @@
+<?xml version="1.0"?>
+<!--~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ ~ JBoss, a division of Red Hat ~
+ ~ Copyright 2006, Red Hat Middleware, LLC, and individual ~
+ ~ contributors as indicated by the @authors tag. See the ~
+ ~ copyright.txt in the distribution for a full listing of ~
+ ~ individual contributors. ~
+ ~ ~
+ ~ This is free software; you can redistribute it and/or modify it ~
+ ~ under the terms of the GNU Lesser General Public License as ~
+ ~ published by the Free Software Foundation; either version 2.1 of ~
+ ~ the License, or (at your option) any later version. ~
+ ~ ~
+ ~ This software is distributed in the hope that it will be useful, ~
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of ~
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ~
+ ~ Lesser General Public License for more details. ~
+ ~ ~
+ ~ You should have received a copy of the GNU Lesser General Public ~
+ ~ License along with this software; if not, write to the Free ~
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ~
+ ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org. ~
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~-->
+
+<!DOCTYPE web-app PUBLIC
+ "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+ "http://java.sun.com/dtd/web-app_2_3.dtd">
+<web-app>
+ <description>JBoss Portal</description>
+ <!-- Comment/Uncomment to enable portal session replication
+ <distributable/>
+ -->
+
+ <!-- Bridge portal user events -->
+ <listener>
+ <listener-class>org.jboss.portal.core.impl.api.event.ServletEventBridge</listener-class>
+ </listener>
+
+ <!-- Session listener to kill all sub-sessions -->
+ <listener>
+ <listener-class>org.jboss.portal.server.listener.SessionListener</listener-class>
+ </listener>
+
+ <!-- The portal servlet is the main entrance point -->
+ <servlet>
+ <servlet-name>PortalServletWithPathMapping</servlet-name>
+ <servlet-class>org.jboss.portal.server.servlet.PortalServlet</servlet-class>
+ <init-param>
+ <param-name>asDefaultServlet</param-name>
+ <param-value>false</param-value>
+ <description>The servlet needs to know wether it is set as a default servlet or not</description>
+ </init-param>
+ <init-param>
+ <param-name>controllerFactoryName</param-name>
+ <param-value>portal:service=ControllerFactory</param-value>
+ <description>The request controller factory for the portal servlet</description>
+ </init-param>
+ <load-on-startup>0</load-on-startup>
+ <security-role-ref>
+ <role-name>Authenticated</role-name>
+ <role-link>Authenticated</role-link>
+ </security-role-ref>
+ </servlet>
+
+ <!-- The portal servlet is the main entrance point -->
+ <servlet>
+ <servlet-name>PortalServletWithDefaultServletMapping</servlet-name>
+ <servlet-class>org.jboss.portal.server.servlet.PortalServlet</servlet-class>
+ <init-param>
+ <param-name>asDefaultServlet</param-name>
+ <param-value>true</param-value>
+ <description>The servlet needs to know wether it is set as a default servlet or not</description>
+ </init-param>
+ <init-param>
+ <param-name>controllerFactoryName</param-name>
+ <param-value>portal:service=ControllerFactory</param-value>
+ <description>The request controller factory for the portal servlet</description>
+ </init-param>
+ <load-on-startup>0</load-on-startup>
+ <security-role-ref>
+ <role-name>Authenticated</role-name>
+ <role-link>Authenticated</role-link>
+ </security-role-ref>
+ </servlet>
+
+ <!-- Provide access to unauthenticated users -->
+ <servlet-mapping>
+ <servlet-name>PortalServletWithPathMapping</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <!-- Provide secure access to unauthenticated users -->
+ <servlet-mapping>
+ <servlet-name>PortalServletWithPathMapping</servlet-name>
+ <url-pattern>/sec/*</url-pattern>
+ </servlet-mapping>
+
+ <!-- Provide access to authenticated users -->
+ <servlet-mapping>
+ <servlet-name>PortalServletWithPathMapping</servlet-name>
+ <url-pattern>/auth/*</url-pattern>
+ </servlet-mapping>
+
+ <!-- Provide secure access to authenticated users -->
+ <servlet-mapping>
+ <servlet-name>PortalServletWithPathMapping</servlet-name>
+ <url-pattern>/authsec/*</url-pattern>
+ </servlet-mapping>
+
+ <!-- Force the mapping of the jsp and images because of the default servlet replacement -->
+ <servlet-mapping>
+ <servlet-name>jsp</servlet-name>
+ <url-pattern>/login.jsp</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>default</servlet-name>
+ <url-pattern>/images/login_bottom.png</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>default</servlet-name>
+ <url-pattern>/images/login_bottom_left.png</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>default</servlet-name>
+ <url-pattern>/images/login_bottom_right.png</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>default</servlet-name>
+ <url-pattern>/images/login_left.png</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>default</servlet-name>
+ <url-pattern>/images/login_right.png</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>default</servlet-name>
+ <url-pattern>/images/login_top.png</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>default</servlet-name>
+ <url-pattern>/images/login_top_left.png</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>default</servlet-name>
+ <url-pattern>/images/login_top_right.png</url-pattern>
+ </servlet-mapping>
+
+ <session-config>
+ <session-timeout>15</session-timeout>
+ </session-config>
+
+ <!--
+ | JDBC usage must be done with
+ | DataSource ds = (DataSource)ctx.lookup("java:comp/env/jdbc/PortalDS";
+ -->
+ <resource-ref>
+ <res-ref-name>jdbc/PortalDS</res-ref-name>
+ <res-type>javax.sql.DataSource</res-type>
+ <res-auth>Container</res-auth>
+ <res-sharing-scope>Shareable</res-sharing-scope>
+ </resource-ref>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Authenticated</web-resource-name>
+ <description></description>
+ <url-pattern>/auth/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>Authenticated</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secure</web-resource-name>
+ <url-pattern>/sec/*</url-pattern>
+ </web-resource-collection>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secure+Authenticated</web-resource-name>
+ <url-pattern>/authsec/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>Authenticated</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <!--
+ | Uncomment to use BASIC authentication scheme. Don't forget to comment other
+ | form authentication.
+ -->
+ <!--
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>JBoss Portal</realm-name>
+ </login-config>
+ -->
+
+ <!--
+ | Uncomment to use FORM authentication scheme. Don't forget to comment other
+ | form authentication.
+ -->
+ <!--
+ -->
+ <login-config>
+ <auth-method>SPNEGO_PORTAL</auth-method>
+ <realm-name>JBoss Portal</realm-name>
+
+ </login-config>
+
+ <security-role>
+ <role-name>Authenticated</role-name>
+ </security-role>
+
+</web-app>
Property changes on: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/web.xml
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java 2009-05-14 16:08:16 UTC (rev 88879)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java 2009-05-14 17:02:06 UTC (rev 88880)
@@ -128,7 +128,7 @@
{
String userName = identity.getName();
log.debug("Storing username '" + userName + "' and empty password");
- // Add the username and a null password to the shared state map
+ // Add the username and a empty password to the shared state map
sharedState.put("javax.security.auth.login.name", identity);
sharedState.put("javax.security.auth.login.password", "");
}
More information about the jboss-cvs-commits
mailing list