[jboss-cvs] JBossAS SVN: r88880 - in projects/security/security-negotiation/branches/SECURITY-353: jboss-negotiation-portal/src/main/java and 9 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Thu May 14 13:02:06 EDT 2009


Author: darran.lofthouse at jboss.com
Date: 2009-05-14 13:02:06 -0400 (Thu, 14 May 2009)
New Revision: 88880

Added:
   projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/build.xml
   projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/
   projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/
   projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/
   projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/
   projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/
   projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/PortalAuthenticator.java
   projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/PortalIdentityLoginModule.java
   projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/jbossweb/
   projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/jbossweb/jboss-service.xml
   projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/
   projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/login-config.xml
   projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/web.xml
Modified:
   projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/
   projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/.classpath
   projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/.project
   projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/pom.xml
   projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
Log:
Initial integration with JBoss Portal


Property changes on: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal
___________________________________________________________________
Name: svn:ignore
   - target

   + target
.settings


Modified: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/.classpath
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/.classpath	2009-05-14 16:08:16 UTC (rev 88879)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/.classpath	2009-05-14 17:02:06 UTC (rev 88880)
@@ -1,7 +1,14 @@
 <classpath>
-  <classpathentry kind="src" path="src/main/java"/>
-  <classpathentry kind="src" path="src/resources"/>
-  <classpathentry kind="src" path="src/tests/java" output="target/test-classes"/>
+  <classpathentry kind="src" path="src/tests/java" output="target/test-classes" including="**/*.java"/>
+  <classpathentry kind="src" path="src/main/java" including="**/*.java"/>
+  <classpathentry kind="src" path="src/resources" including="**/*" excluding="**/*.java"/>
   <classpathentry kind="output" path="target/classes"/>
+  <classpathentry kind="lib" path="/home/darranl/src/JBoss_Portal/jboss-4.2.3.GA/server/default/deploy/jboss-portal-exploded.sar/lib/portal-identity-lib.jar"/>
+  <classpathentry kind="var" path="M2_REPO/jboss/jboss-common/4.2.3.GA/jboss-common-4.2.3.GA.jar"/>
+  <classpathentry kind="src" path="/jboss-negotiation-common"/>
+  <classpathentry kind="var" path="M2_REPO/jboss/jbosssx/4.2.3.GA/jbosssx-4.2.3.GA.jar"/>
+  <classpathentry kind="var" path="M2_REPO/jboss/web/jbossweb/2.1.0.GA/jbossweb-2.1.0.GA.jar"/>
+  <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/jboss/web/servlet-api/2.1.0.GA/servlet-api-2.1.0.GA.jar"/>
   <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
 </classpath>
\ No newline at end of file

Modified: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/.project
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/.project	2009-05-14 16:08:16 UTC (rev 88879)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/.project	2009-05-14 17:02:06 UTC (rev 88880)
@@ -1,13 +1,12 @@
 <projectDescription>
-  <name>jboss-negotiation-spnego</name>
-  <comment>JBoss Negotiation Library</comment>
+  <name>jboss-negotiation-portal</name>
+  <comment>JBoss Negotiation - Additional classes for JBoss Portal integration.</comment>
   <projects>
-    <project>jboss-negotiation-portal</project>
+    <project>jboss-negotiation-common</project>
   </projects>
   <buildSpec>
     <buildCommand>
       <name>org.eclipse.jdt.core.javabuilder</name>
-      <arguments/>
     </buildCommand>
   </buildSpec>
   <natures>

Added: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/build.xml
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/build.xml	                        (rev 0)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/build.xml	2009-05-14 17:02:06 UTC (rev 88880)
@@ -0,0 +1,35 @@
+<project name="JBoss-Negotiation-Portal" default="deploy" basedir=".">
+
+  <property environment="env"/>
+  <property name="jboss.home" location="${env.JBOSS_HOME}" />
+  <property name="jboss.server.dir" location="${jboss.home}/server/default" />
+
+  <property name="resources.dir" location="${basedir}/src/resources" />
+  <property name="target.dir" location="${basedir}/target" />
+  
+  <path id="project.classpath">
+  </path>
+
+  <target name="prepare">  
+    <echo message="JBoss Home - ${jboss.home}"/>
+  </target>
+
+  <target name="compile" depends="prepare">  
+  </target>
+
+  <target name="deploy" depends="compile">
+    <!-- Add new authenticators. -->
+    <copy file="${resources.dir}/jbossweb/jboss-service.xml" 
+          todir="${jboss.server.dir}/deploy/jboss-web.deployer/META-INF" />
+    <!-- Configure portal war to use authenticator. -->
+    <copy file="${resources.dir}/portal/web.xml" 
+          todir="${jboss.server.dir}/deploy/jboss-portal-exploded.sar/portal-server.war/WEB-INF" />
+    <!-- Replace the portal login-config.xml -->
+    <copy file="${resources.dir}/portal/login-config.xml" 
+              todir="${jboss.server.dir}/deploy/jboss-portal-exploded.sar/conf" />        
+    <!-- Copy portal specific jar. -->
+    <copy file="${target.dir}/jboss-negotiation-portal.jar"
+          todir="${jboss.server.dir}/lib" />
+    
+  </target>
+</project>
\ No newline at end of file


Property changes on: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/build.xml
___________________________________________________________________
Name: svn:keywords
   + Id Revision
Name: svn:eol-style
   + LF

Modified: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/pom.xml
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/pom.xml	2009-05-14 16:08:16 UTC (rev 88879)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/pom.xml	2009-05-14 17:02:06 UTC (rev 88880)
@@ -31,9 +31,30 @@
   <!-- Do not add version information here, use ../parent/pom.xml instead -->
   <dependencies>
     <!-- Local Dependencies -->    
-          
+    <dependency>
+      <groupId>org.jboss.security</groupId>
+      <artifactId>jboss-negotiation-common</artifactId>
+    </dependency>
+              
     <!-- Global dependencies -->
-
+    <dependency>
+      <groupId>jboss</groupId>
+      <artifactId>jbosssx</artifactId>
+    </dependency>    
+    <dependency>
+      <groupId>jboss.web</groupId>
+      <artifactId>servlet-api</artifactId>
+    </dependency>
+    
+    <!-- System dependencies -->
+    <dependency>
+      <groupId>org.jboss.portal</groupId>
+      <artifactId>identity</artifactId>
+      <version>1.0.8</version>
+      <scope>system</scope>
+      <systemPath>${JBOSS_HOME}/server/default/deploy/jboss-portal-exploded.sar/lib/portal-identity-lib.jar</systemPath>
+    </dependency>
+    
   </dependencies>
 
 </project>


Property changes on: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org
___________________________________________________________________
Name: svn:mergeinfo
   + 

Added: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/PortalAuthenticator.java
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/PortalAuthenticator.java	                        (rev 0)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/PortalAuthenticator.java	2009-05-14 17:02:06 UTC (rev 88880)
@@ -0,0 +1,51 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * 
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.negotiation.portal;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.jboss.security.negotiation.NegotiationAuthenticator;
+
+/**
+ * An extension of the NegotiationAuthenticator to integrate with
+ * JBoss Portal.
+ * 
+ * @author darran.lofthouse at jboss.com
+ * @version $Revision: 83572 $
+ */
+public class PortalAuthenticator extends NegotiationAuthenticator
+{
+
+   @Override
+   public void invoke(Request request, Response response) throws IOException, ServletException
+   {      
+      request.setAttribute("ssoEnabled", "true");
+
+      super.invoke(request, response);
+   }
+
+}

Added: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/PortalIdentityLoginModule.java
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/PortalIdentityLoginModule.java	                        (rev 0)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/PortalIdentityLoginModule.java	2009-05-14 17:02:06 UTC (rev 88880)
@@ -0,0 +1,71 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * 
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.negotiation.portal;
+
+import java.security.Principal;
+
+import javax.security.auth.login.LoginException;
+
+import org.jboss.portal.identity.auth.IdentityLoginModule;
+
+/**
+ * An extension of the IdentityLoginModule to allow for integration
+ * with JBoss Negotiation.  The overrides here should be considered 
+ * for potential changes within Portal to allow easier integration.
+ * 
+ * @author darran.lofthouse at jboss.com
+ * @version $Revision$
+ */
+public class PortalIdentityLoginModule extends IdentityLoginModule
+{
+
+   @Override
+   protected String[] getUsernameAndPassword() throws LoginException
+   {
+      String[] values = super.getUsernameAndPassword();
+
+      if (values == null || values.length != 2)
+      {
+         throw new IllegalArgumentException("Unexpected response from getUsernameAndPassword()");
+      }
+
+      Object identity = sharedState.get("javax.security.auth.login.name");
+      if (identity != null)
+      {
+         String originalUser = values[0];
+         if (identity instanceof Principal)
+         {
+            values[0] = ((Principal) identity).getName();
+         }
+         else
+         {
+            values[0] = identity.toString();
+         }
+         values[1] = "";
+         log.info("Replaced username '" + originalUser + "' with '" + values[0] + "'.");
+      }
+
+      return values;
+   }
+
+}


Property changes on: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/main/java/org/jboss/security/negotiation/portal/PortalIdentityLoginModule.java
___________________________________________________________________
Name: svn:keywords
   + Id Revision
Name: svn:eol-style
   + LF

Added: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/jbossweb/jboss-service.xml
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/jbossweb/jboss-service.xml	                        (rev 0)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/jbossweb/jboss-service.xml	2009-05-14 17:02:06 UTC (rev 88880)
@@ -0,0 +1,212 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- $Id$ -->
+<server> 
+   
+   <!-- JBossWeb Service-->
+   <mbean code="org.jboss.web.tomcat.service.JBossWeb"
+      name="jboss.web:service=WebServer" xmbean-dd="META-INF/webserver-xmbean.xml">
+      
+      <!-- You can configure a set of authenticators keyed by http-auth method used. This
+      will apply the same set of authenticators across all web applications. You can
+      override the set of authenticators at the web application level by adding
+      <authenticators> element to the respective jboss-web.xml --> 
+      <!--
+      -->
+      <attribute name="Authenticators" serialDataType="jbxb">
+         <java:properties xmlns:java="urn:jboss:java-properties"
+            xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
+            xs:schemaLocation="urn:jboss:java-properties resource:java-properties_1_0.xsd">
+            <java:property>
+               <java:key>BASIC</java:key>
+               <java:value>org.apache.catalina.authenticator.BasicAuthenticator</java:value>
+            </java:property>
+            <java:property>
+               <java:key>CLIENT-CERT</java:key>
+               <java:value>org.apache.catalina.authenticator.SSLAuthenticator</java:value>
+            </java:property>
+            <java:property>
+               <java:key>DIGEST</java:key>
+               <java:value>org.apache.catalina.authenticator.DigestAuthenticator</java:value>
+            </java:property>
+            <java:property>
+               <java:key>FORM</java:key>
+               <java:value>org.apache.catalina.authenticator.FormAuthenticator</java:value>
+            </java:property> 
+            <java:property>
+              <java:key>SPNEGO</java:key>
+              <java:value>org.jboss.security.negotiation.NegotiationAuthenticator</java:value>
+            </java:property>
+            <java:property>
+              <java:key>SPNEGO_PORTAL</java:key>
+              <java:value>org.jboss.security.negotiation.portal.PortalAuthenticator</java:value>
+            </java:property>            
+            <java:property>
+               <java:key>NONE</java:key>
+               <java:value>org.apache.catalina.authenticator.NonLoginAuthenticator</java:value>
+            </java:property> 
+         </java:properties>
+      </attribute> 
+	   
+      <!-- The JAAS security domain to use in the absense of an explicit
+      security-domain specification in the war WEB-INF/jboss-web.xml
+      -->
+      <attribute name="DefaultSecurityDomain">java:/jaas/other</attribute>
+
+      <!-- Get the flag indicating if the normal Java2 parent first class
+           loading model should be used over the servlet 2.3 web container first
+           model.
+      -->
+      <attribute name="Java2ClassLoadingCompliance">false</attribute>
+      <!-- A flag indicating if the JBoss Loader should be used. This loader
+           uses a unified class loader as the class loader rather than the tomcat
+           specific class loader.
+           The default is false to ensure that wars have isolated class loading
+           for duplicate jars and jsp files.
+      -->
+      <attribute name="UseJBossWebLoader">false</attribute>
+      <!-- The list of package prefixes that should not be loaded without
+         delegating to the parent class loader before trying the web app
+         class loader. The packages listed here are those tha are used by
+         the web container implementation and cannot be overriden. The format
+         is a comma separated list of the package names. There cannot be any
+         whitespace between the package prefixes.
+         This setting only applies when UseJBossWebLoader=false.
+      -->
+      <attribute name="FilteredPackages">javax.servlet</attribute>
+
+      <attribute name="LenientEjbLink">true</attribute>
+
+      <!--Flag to delete the Work Dir on Context Destroy -->
+      <attribute name="DeleteWorkDirOnContextDestroy">false</attribute>
+
+      <!--
+          Class of the session manager (used if context is marked as 'distributable'. Currently allowed values:
+          - org.jboss.web.tomcat.service.session.JBossCacheManager
+      -->
+      <attribute name="ManagerClass">org.jboss.web.tomcat.service.session.JBossCacheManager</attribute>
+
+      <!-- The name of the request attribute under with the authenticated JAAS
+      Subject is stored on successful authentication. If null or empty then
+      the Subject will not be stored.
+      -->
+      <!--
+      <attribute name="SubjectAttributeName">j_subject</attribute>
+      -->
+
+      <!-- The SessionIdAlphabet is the set of characters used to create a session Id
+           It must be made up of exactly 65 unique characters
+      <attribute name="SessionIdAlphabet">ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-*</attribute>
+      -->
+
+      <!--
+      *******************************************************
+      ****************** CLUSTERING *************************
+      *******************************************************
+      In order to activate HTTP Session clustering for Tomcat
+      make sure you run JBoss's "all" configuration i.e.
+      "run -c all"
+      (the default configuration doesn't contain clustering)
+ 
+      Furthermore, you may change SnapshotMode and
+      SnapshotInterval attributes below to indicate when to
+      synchronize changes with the other node(s).   
+
+      If you use Apache+mod_jk(2) you will most probably use
+      the AJP1.3 connector below. Thus, if you so wish,
+      you may comment (i.e. deactivate) the HTTP connector
+      as it won't be used anymore.
+
+      *******************************************************
+      *******************************************************
+      *******************************************************
+      --> 
+		
+      <!--
+      If you are using clustering, the following two attributes
+      define when the sessions are replicated to the other nodes.
+      The default value, "instant", synchronously replicates changes
+      to the other nodes at the end of requests. In this case, the 
+      "SnapshotInterval" attribute is not used.
+      The "interval" mode, in association with the "SnapshotInterval"
+      attribute, indicates that modified sessions will only be replicated
+      every "SnapshotInterval" milliseconds at most.
+		
+      Note that this attribute is not in effect if the replication-granularity
+      is set to FIELD. If it is FIELD, it will be per http request (that is, 
+      "instant" mode.)
+      --> 
+      <attribute name="SnapshotMode">instant</attribute> <!-- you may switch to "interval" -->
+      <attribute name="SnapshotInterval">2000</attribute>
+
+      <!--
+      Whether to use MOD_JK(2) for load balancing with sticky session 
+      combined with JvmRoute. If set to true, it will insert a JvmRouteFilter 
+      to intercept every request and replace the JvmRoute if it detects a 
+      failover. In addition, you will need to set the JvmRoute inside
+      Tomcat, e.g.,
+        Engine name="jboss.web" jmvRoute="Node1" defaultHost="localhost" 
+      in server.xml.
+
+      For clustering purpose only.
+      -->
+      <attribute name="UseJK">false</attribute>
+
+      <!--
+       Clustering only: Determines the maximum interval between requests, in 
+       seconds, after which a request will trigger replication of the session's 
+       timestamp and other metadata regardless of whether the request has otherwise 
+       made the session dirty.  Such replication ensures that other nodes in the 
+       cluster are aware of the most recent value for the session's timestamp 
+       and won't incorrectly expire an unreplicated session upon failover. It also
+       results in correct values for HttpSession.getLastAccessedTime() calls 
+       following failover.
+
+       The cost of this metadata replication depends on the configured
+       replication-granularity. With <code>SESSION</code>, the session's 
+       attribute map is replicated along with the metadata, so it can be fairly 
+       costly.  With other granularities, the metadata object is replicated 
+       separately from the attributes and only contains a String, and a few longs, 
+       ints and booleans.
+   
+       A value of 0 means the metadata will be replicated whenever the session is
+       accessed.  A value of -1 means the metadata will be replicated only if some
+       other activity during the request (e.g. modifying an attribute) has
+       resulted in other replication work involving the session. A positive value
+       greater than the HttpSession.getMaxInactiveInterval() value will be treated 
+       as a likely misconfiguration and converted to 0; i.e. replicate the 
+       metadata on every request.
+    
+       Default value if unconfigured is 60 seconds.
+      -->
+      <attribute name="MaxUnreplicatedInterval">60</attribute>
+
+      <attribute name="Domain">jboss.web</attribute>
+
+      <!-- A mapping to the server security manager service which must be
+      operation compatible with type
+      org.jboss.security.plugins.JaasSecurityManagerServiceMBean. This is only
+      needed if web applications are allowed to flush the security manager
+      authentication cache when the web sessions invalidate.
+      -->
+      <depends optional-attribute-name="SecurityManagerService"
+         proxy-type="attribute">jboss.security:service=JaasSecurityManager
+      </depends>
+
+      <!--
+         Needed if using HTTP Session Clustering or if the
+         ClusteredSingleSignOn valve is enabled in the tomcat server.xml file
+      -->
+      <!--
+      <depends>jboss.cache:service=TomcatClusteringCache</depends>
+      -->
+      
+      <depends>jboss:service=TransactionManager</depends>
+      
+      <!-- Only needed if the org.jboss.web.tomcat.service.jca.CachedConnectionValve
+      is enabled in the tomcat server.xml file.
+      -->
+      <depends>jboss.jca:service=CachedConnectionManager</depends>
+      
+   </mbean>
+
+</server>


Property changes on: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/jbossweb/jboss-service.xml
___________________________________________________________________
Name: svn:keywords
   + Id Revision
Name: svn:eol-style
   + LF

Added: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/login-config.xml
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/login-config.xml	                        (rev 0)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/login-config.xml	2009-05-14 17:02:06 UTC (rev 88880)
@@ -0,0 +1,127 @@
+<?xml version='1.0'?>
+<!--~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+  ~ JBoss, a division of Red Hat                                              ~
+  ~ Copyright 2006, Red Hat Middleware, LLC, and individual                   ~
+  ~ contributors as indicated by the @authors tag. See the                    ~
+  ~ copyright.txt in the distribution for a full listing of                   ~
+  ~ individual contributors.                                                  ~
+  ~                                                                           ~
+  ~ This is free software; you can redistribute it and/or modify it           ~
+  ~ under the terms of the GNU Lesser General Public License as               ~
+  ~ published by the Free Software Foundation; either version 2.1 of          ~
+  ~ the License, or (at your option) any later version.                       ~
+  ~                                                                           ~
+  ~ This software is distributed in the hope that it will be useful,          ~
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of            ~
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU          ~
+  ~ Lesser General Public License for more details.                           ~
+  ~                                                                           ~
+  ~ You should have received a copy of the GNU Lesser General Public          ~
+  ~ License along with this software; if not, write to the Free               ~
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA        ~
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.                  ~
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~-->
+
+<!DOCTYPE policy PUBLIC
+   "-//JBoss//DTD JBOSS Security Config 3.0//EN"
+   "http://www.jboss.org/j2ee/dtd/security_config.dtd">
+<policy>
+   <!-- For the JCR CMS -->
+   <application-policy name="cms">
+      <authentication>
+         <login-module code="org.apache.jackrabbit.core.security.SimpleLoginModule" flag="required"/>
+      </authentication>
+   </application-policy>
+   
+   <application-policy name="portal">
+      <authentication>
+
+        <login-module
+         code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule"
+         flag="requisite">
+          <module-option name="password-stacking">useFirstPass</module-option>
+          <module-option name="serverSecurityDomain">host</module-option>
+        </login-module>
+
+         <!--To configure LDAP support with IdentityLoginModule please check documentation on how to
+         configure portal identity modules for this-->
+         <login-module code="org.jboss.security.negotiation.portal.PortalIdentityLoginModule" flag="required">
+            <module-option name="unauthenticatedIdentity">guest</module-option>
+            <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
+            <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
+            <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
+            <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
+            <module-option name="validateUserNameCase">true</module-option>
+            <module-option name="additionalRole">Authenticated</module-option>
+         </login-module>
+
+         <!--Use can use this module instead of IdentityLoginModule to bind to LDAP. It simply extends JBossSX LdapExtLoginModule so
+          all configuration that can be applied to LdapExtLoginModule also can be applied here. For user that
+          was authenticated successfully it will try to take identity modules from portal, check if such user (and roles it belongs to)
+          is present, and if not it will try to create them. Then for all roles assigned to this authenticated principal it will
+          try to check and create them using identity modules. This behaviour can be disabled using "synchronizeRoles". You can also
+          define one "defaultAssignRole" that will be always assigned to synchronized user.
+          It is also possible to set option "synchronizeIdentity" to "false" so this module will act exactly like LdapExtLoginModule
+          but it will inject role defined in "additionalRole".  For obvious reasons
+          this is designed to use with portal identity modules configured with DB and not LDAP-->
+         <!--There is also SynchronizingLDAPLoginModule which provide the same set of options on top of JBossSX LdapLoginModule-->
+         <!--<login-module code="org.jboss.portal.identity.auth.SynchronizingLDAPExtLoginModule" flag="required">
+            <module-option name="synchronizeIdentity">true</module-option>
+            <module-option name="synchronizeRoles">true</module-option>
+            <module-option name="preserveRoles">true</module-option>
+            <module-option name="additionalRole">Authenticated</module-option>
+            <module-option name="defaultAssignedRole">User</module-option>
+            <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
+            <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
+            <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
+            <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
+            <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
+            <module-option name="java.naming.provider.url">ldap://example.com:10389/</module-option>
+            <module-option name="java.naming.security.authentication">simple</module-option>
+            <module-option name="bindDN">cn=Directory Manager</module-option>
+            <module-option name="bindCredential">lolo</module-option>
+            <module-option name="baseCtxDN">ou=People,o=test,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com</module-option>
+            <module-option name="baseFilter">(uid={0})</module-option>
+            <module-option name="rolesCtxDN">ou=Roles,o=test,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com</module-option>
+            <module-option name="roleFilter">(member={1})</module-option>
+            <module-option name="roleAttributeID">cn</module-option>
+            <module-option name="roleRecursion">-1</module-option>
+            <module-option name="searchTimeLimit">10000</module-option>
+            <module-option name="searchScope">SUBTREE_SCOPE</module-option>
+            <module-option name="allowEmptyPasswords">false</module-option>
+         </login-module>-->
+
+         <!--This login module should be placed at the end of authentication stack. It always returns
+         true in login() method so it should be always "optional" and exists after other "required" module in the stack.
+         It will try to synchronize authenticated user into portal store using portal identity modules. Each subject principal assigned
+         by previous modules will be tried to synchronize into portal as a role.  -->
+         <!--<login-module code="org.jboss.portal.identity.auth.SynchronizingLoginModule" flag="optional">
+            <module-option name="synchronizeIdentity">true</module-option>
+            <module-option name="synchronizeRoles">true</module-option>
+            <module-option name="preserveRoles">true</module-option>
+            <module-option name="additionalRole">Authenticated</module-option>
+            <module-option name="defaultAssignedRole">User</module-option>
+            <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
+            <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
+            <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
+            <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
+         </login-module>-->
+
+         <!--Uncomment this if you want to fall down to users kept in DB if LDAP authentication fails
+             This may be usefull if you want to use Admin user provided with portal database schema-->
+         <!--Note that this may lead to the security risk - with LDAP  when storing user profile information
+             that are not mapped as attribute you may have LDAP user synchronized into DB with no password set.
+             Please see HibernateUserProfileImpl module options "synchronizeNonExistingUsers", "acceptOtherImplementations"
+             "defaultSynchronizePassword" or "randomSynchronizePassword" to manage this behaviour-->
+         <!--<login-module code = "org.jboss.portal.identity.auth.DBIdentityLoginModule" flag="sufficient">
+            <module-option name="dsJndiName">java:/PortalDS</module-option>
+            <module-option name="principalsQuery">SELECT jbp_password FROM jbp_users WHERE jbp_uname=?</module-option>
+            <module-option name="rolesQuery">SELECT jbp_roles.jbp_name, 'Roles' FROM  jbp_role_membership INNER JOIN jbp_roles ON jbp_role_membership.jbp_rid = jbp_roles.jbp_rid INNER JOIN jbp_users ON jbp_role_membership.jbp_uid = jbp_users.jbp_uid WHERE jbp_users.jbp_uname=?</module-option>
+            <module-option name="hashAlgorithm">MD5</module-option>
+            <module-option name="hashEncoding">HEX</module-option>
+            <module-option name="additionalRole">Authenticated</module-option>
+         </login-module>-->
+         
+      </authentication>
+   </application-policy>
+</policy>


Property changes on: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/login-config.xml
___________________________________________________________________
Name: svn:keywords
   + Id Revision
Name: svn:eol-style
   + LF

Added: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/web.xml
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/web.xml	                        (rev 0)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/web.xml	2009-05-14 17:02:06 UTC (rev 88880)
@@ -0,0 +1,224 @@
+<?xml version="1.0"?>
+<!--~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+  ~ JBoss, a division of Red Hat                                              ~
+  ~ Copyright 2006, Red Hat Middleware, LLC, and individual                   ~
+  ~ contributors as indicated by the @authors tag. See the                    ~
+  ~ copyright.txt in the distribution for a full listing of                   ~
+  ~ individual contributors.                                                  ~
+  ~                                                                           ~
+  ~ This is free software; you can redistribute it and/or modify it           ~
+  ~ under the terms of the GNU Lesser General Public License as               ~
+  ~ published by the Free Software Foundation; either version 2.1 of          ~
+  ~ the License, or (at your option) any later version.                       ~
+  ~                                                                           ~
+  ~ This software is distributed in the hope that it will be useful,          ~
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of            ~
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU          ~
+  ~ Lesser General Public License for more details.                           ~
+  ~                                                                           ~
+  ~ You should have received a copy of the GNU Lesser General Public          ~
+  ~ License along with this software; if not, write to the Free               ~
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA        ~
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.                  ~
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~-->
+
+<!DOCTYPE web-app PUBLIC
+   "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+   "http://java.sun.com/dtd/web-app_2_3.dtd">
+<web-app>
+   <description>JBoss Portal</description>
+   <!-- Comment/Uncomment to enable portal session replication
+   <distributable/>
+   -->
+
+   <!-- Bridge portal user events -->
+   <listener>
+      <listener-class>org.jboss.portal.core.impl.api.event.ServletEventBridge</listener-class>
+   </listener>
+   
+   <!--   Session listener to kill all sub-sessions -->
+   <listener>
+      <listener-class>org.jboss.portal.server.listener.SessionListener</listener-class>
+   </listener>
+
+   <!-- The portal servlet is the main entrance point -->
+   <servlet>
+      <servlet-name>PortalServletWithPathMapping</servlet-name>
+      <servlet-class>org.jboss.portal.server.servlet.PortalServlet</servlet-class>
+      <init-param>
+         <param-name>asDefaultServlet</param-name>
+         <param-value>false</param-value>
+         <description>The servlet needs to know wether it is set as a default servlet or not</description>
+      </init-param>
+      <init-param>
+         <param-name>controllerFactoryName</param-name>
+         <param-value>portal:service=ControllerFactory</param-value>
+         <description>The request controller factory for the portal servlet</description>
+      </init-param>
+      <load-on-startup>0</load-on-startup>
+      <security-role-ref>
+        <role-name>Authenticated</role-name>
+        <role-link>Authenticated</role-link>
+      </security-role-ref>
+   </servlet>
+
+   <!-- The portal servlet is the main entrance point -->
+   <servlet>
+      <servlet-name>PortalServletWithDefaultServletMapping</servlet-name>
+      <servlet-class>org.jboss.portal.server.servlet.PortalServlet</servlet-class>
+      <init-param>
+         <param-name>asDefaultServlet</param-name>
+         <param-value>true</param-value>
+         <description>The servlet needs to know wether it is set as a default servlet or not</description>
+      </init-param>
+      <init-param>
+         <param-name>controllerFactoryName</param-name>
+         <param-value>portal:service=ControllerFactory</param-value>
+         <description>The request controller factory for the portal servlet</description>
+      </init-param>
+      <load-on-startup>0</load-on-startup>
+      <security-role-ref>
+        <role-name>Authenticated</role-name>
+        <role-link>Authenticated</role-link>
+      </security-role-ref>
+   </servlet>
+
+   <!-- Provide access to unauthenticated users -->
+   <servlet-mapping>
+      <servlet-name>PortalServletWithPathMapping</servlet-name>
+      <url-pattern>/*</url-pattern>
+   </servlet-mapping>
+
+   <!-- Provide secure access to unauthenticated users -->
+   <servlet-mapping>
+      <servlet-name>PortalServletWithPathMapping</servlet-name>
+      <url-pattern>/sec/*</url-pattern>
+   </servlet-mapping>
+
+   <!-- Provide access to authenticated users -->
+   <servlet-mapping>
+      <servlet-name>PortalServletWithPathMapping</servlet-name>
+      <url-pattern>/auth/*</url-pattern>
+   </servlet-mapping>
+
+   <!-- Provide secure access to authenticated users -->
+   <servlet-mapping>
+      <servlet-name>PortalServletWithPathMapping</servlet-name>
+      <url-pattern>/authsec/*</url-pattern>
+   </servlet-mapping>
+
+   <!-- Force the mapping of the jsp and images because of the default servlet replacement -->
+   <servlet-mapping>
+      <servlet-name>jsp</servlet-name>
+      <url-pattern>/login.jsp</url-pattern>
+   </servlet-mapping>
+   <servlet-mapping>
+      <servlet-name>default</servlet-name>
+      <url-pattern>/images/login_bottom.png</url-pattern>
+   </servlet-mapping>
+   <servlet-mapping>
+      <servlet-name>default</servlet-name>
+      <url-pattern>/images/login_bottom_left.png</url-pattern>
+   </servlet-mapping>
+   <servlet-mapping>
+      <servlet-name>default</servlet-name>
+      <url-pattern>/images/login_bottom_right.png</url-pattern>
+   </servlet-mapping>
+   <servlet-mapping>
+      <servlet-name>default</servlet-name>
+      <url-pattern>/images/login_left.png</url-pattern>
+   </servlet-mapping>
+   <servlet-mapping>
+      <servlet-name>default</servlet-name>
+      <url-pattern>/images/login_right.png</url-pattern>
+   </servlet-mapping>
+   <servlet-mapping>
+      <servlet-name>default</servlet-name>
+      <url-pattern>/images/login_top.png</url-pattern>
+   </servlet-mapping>
+   <servlet-mapping>
+      <servlet-name>default</servlet-name>
+      <url-pattern>/images/login_top_left.png</url-pattern>
+   </servlet-mapping>
+   <servlet-mapping>
+      <servlet-name>default</servlet-name>
+      <url-pattern>/images/login_top_right.png</url-pattern>
+   </servlet-mapping>
+
+   <session-config>
+      <session-timeout>15</session-timeout>
+   </session-config>
+
+   <!--
+     | JDBC usage must be done with
+     | DataSource ds = (DataSource)ctx.lookup("java:comp/env/jdbc/PortalDS";
+     -->
+   <resource-ref>
+      <res-ref-name>jdbc/PortalDS</res-ref-name>
+      <res-type>javax.sql.DataSource</res-type>
+      <res-auth>Container</res-auth>
+      <res-sharing-scope>Shareable</res-sharing-scope>
+   </resource-ref>
+
+   <security-constraint>
+      <web-resource-collection>
+         <web-resource-name>Authenticated</web-resource-name>
+         <description></description>
+         <url-pattern>/auth/*</url-pattern>
+      </web-resource-collection>
+      <auth-constraint>
+         <role-name>Authenticated</role-name>
+      </auth-constraint>
+   </security-constraint>
+
+   <security-constraint>
+     <web-resource-collection>
+       <web-resource-name>Secure</web-resource-name>
+       <url-pattern>/sec/*</url-pattern>
+     </web-resource-collection>
+     <user-data-constraint>
+       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+     </user-data-constraint>
+   </security-constraint>
+
+   <security-constraint>
+     <web-resource-collection>
+       <web-resource-name>Secure+Authenticated</web-resource-name>
+       <url-pattern>/authsec/*</url-pattern>
+     </web-resource-collection>
+     <auth-constraint>
+       <role-name>Authenticated</role-name>
+     </auth-constraint>
+     <user-data-constraint>
+       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+     </user-data-constraint>
+   </security-constraint>
+
+   <!--
+     | Uncomment to use BASIC authentication scheme. Don't forget to comment other
+     | form authentication.
+     -->
+   <!--
+   <login-config>
+      <auth-method>BASIC</auth-method>
+      <realm-name>JBoss Portal</realm-name>
+   </login-config>
+   -->
+
+   <!--
+     | Uncomment to use FORM authentication scheme. Don't forget to comment other
+     | form authentication.
+     -->
+   <!--
+   -->
+   <login-config>
+      <auth-method>SPNEGO_PORTAL</auth-method>
+      <realm-name>JBoss Portal</realm-name>
+
+   </login-config>
+
+   <security-role>
+      <role-name>Authenticated</role-name>
+   </security-role>
+
+</web-app>


Property changes on: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-portal/src/resources/portal/web.xml
___________________________________________________________________
Name: svn:keywords
   + Id Revision
Name: svn:eol-style
   + LF

Modified: projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
===================================================================
--- projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java	2009-05-14 16:08:16 UTC (rev 88879)
+++ projects/security/security-negotiation/branches/SECURITY-353/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java	2009-05-14 17:02:06 UTC (rev 88880)
@@ -128,7 +128,7 @@
                {
                   String userName = identity.getName();
                   log.debug("Storing username '" + userName + "' and empty password");
-                  // Add the username and a null password to the shared state map
+                  // Add the username and a empty password to the shared state map
                   sharedState.put("javax.security.auth.login.name", identity);
                   sharedState.put("javax.security.auth.login.password", "");
                }




More information about the jboss-cvs-commits mailing list