KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > geronimo > security > deployment > GeronimoSecurityBuilderImpl


1 /**
2  * Licensed to the Apache Software Foundation (ASF) under one or more
3  * contributor license agreements. See the NOTICE file distributed with
4  * this work for additional information regarding copyright ownership.
5  * The ASF licenses this file to You under the Apache License, Version 2.0
6  * (the "License"); you may not use this file except in compliance with
7  * the License. You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */

17
18 package org.apache.geronimo.security.deployment;
19
20 import java.util.Map JavaDoc;
21 import java.util.HashMap JavaDoc;
22 import java.util.Iterator JavaDoc;
23 import java.util.Set JavaDoc;
24 import java.util.HashSet JavaDoc;
25
26 import javax.security.auth.Subject JavaDoc;
27 import javax.security.auth.x500.X500Principal JavaDoc;
28 import javax.xml.namespace.QName JavaDoc;
29
30 import org.apache.xmlbeans.XmlObject;
31 import org.apache.xmlbeans.QNameSet;
32 import org.apache.xmlbeans.XmlException;
33 import org.apache.geronimo.deployment.DeploymentContext;
34 import org.apache.geronimo.deployment.xmlbeans.XmlBeansUtil;
35 import org.apache.geronimo.common.DeploymentException;
36 import org.apache.geronimo.security.deploy.Security;
37 import org.apache.geronimo.security.deploy.Role;
38 import org.apache.geronimo.security.deploy.RealmPrincipalInfo;
39 import org.apache.geronimo.security.deploy.LoginDomainPrincipalInfo;
40 import org.apache.geronimo.security.deploy.PrincipalInfo;
41 import org.apache.geronimo.security.deploy.DistinguishedName;
42 import org.apache.geronimo.security.deploy.DefaultPrincipal;
43 import org.apache.geronimo.security.util.ConfigurationUtil;
44 import org.apache.geronimo.security.jaas.NamedUsernamePasswordCredential;
45 import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager;
46 import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
47 import org.apache.geronimo.xbeans.geronimo.security.GerSecurityType;
48 import org.apache.geronimo.xbeans.geronimo.security.GerRoleMappingsType;
49 import org.apache.geronimo.xbeans.geronimo.security.GerRoleType;
50 import org.apache.geronimo.xbeans.geronimo.security.GerDistinguishedNameType;
51 import org.apache.geronimo.xbeans.geronimo.security.GerDefaultPrincipalType;
52 import org.apache.geronimo.xbeans.geronimo.security.GerNamedUsernamePasswordCredentialType;
53 import org.apache.geronimo.xbeans.geronimo.security.GerRealmPrincipalType;
54 import org.apache.geronimo.xbeans.geronimo.security.GerLoginDomainPrincipalType;
55 import org.apache.geronimo.xbeans.geronimo.security.GerPrincipalType;
56 import org.apache.geronimo.xbeans.geronimo.security.GerSecurityDocument;
57 import org.apache.geronimo.gbean.GBeanData;
58 import org.apache.geronimo.gbean.AbstractName;
59 import org.apache.geronimo.gbean.GBeanInfo;
60 import org.apache.geronimo.gbean.GBeanInfoBuilder;
61 import org.apache.geronimo.kernel.Naming;
62 import org.apache.geronimo.kernel.GBeanAlreadyExistsException;
63 import org.apache.geronimo.kernel.repository.Environment;
64 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
65 import org.apache.geronimo.j2ee.deployment.SecurityBuilder;
66 import org.apache.geronimo.j2ee.deployment.EARContext;
67
68 /**
69  * @version $Rev: 476049 $ $Date: 2006-11-16 23:35:17 -0500 (Thu, 16 Nov 2006) $
70  */

71 public class GeronimoSecurityBuilderImpl implements SecurityBuilder {
72     private static final QName JavaDoc SECURITY_QNAME = GerSecurityDocument.type.getDocumentElementName();
73     private static final QNameSet SECURITY_QNAME_SET = QNameSet.singleton(SECURITY_QNAME);
74
75
76     public void buildEnvironment(XmlObject container, Environment environment) throws DeploymentException {
77     }
78
79     public void build(XmlObject container, DeploymentContext applicationContext, DeploymentContext moduleContext) throws DeploymentException {
80         EARContext earContext = (EARContext) applicationContext;
81         XmlObject[] items = container.selectChildren(SECURITY_QNAME_SET);
82         if (items.length > 1) {
83             throw new DeploymentException("Unexpected count of security elements in geronimo plan " + items.length + " qnameset: " + SECURITY_QNAME_SET);
84         }
85         if (items.length == 1) {
86             GerSecurityType securityType;
87             try {
88                 securityType = (GerSecurityType) XmlBeansUtil.typedCopy(items[0], GerSecurityType.type);
89             } catch (XmlException e) {
90                 throw new DeploymentException("Could not validate security element", e);
91             }
92             Security security = buildSecurityConfig(securityType);
93             ClassLoader JavaDoc classLoader = applicationContext.getClassLoader();
94             SecurityConfiguration securityConfiguration = buildSecurityConfiguration(security, classLoader);
95             earContext.setSecurityConfiguration(securityConfiguration);
96         }
97         //add the JACC gbean if there is a principal-role mapping and we are on the correct module
98
if (earContext.getSecurityConfiguration() != null && applicationContext == moduleContext) {
99             Naming naming = earContext.getNaming();
100             GBeanData roleMapperData = configureRoleMapper(naming, earContext.getModuleName(), earContext.getSecurityConfiguration());
101             try {
102                 earContext.addGBean(roleMapperData);
103             } catch (GBeanAlreadyExistsException e) {
104                 throw new DeploymentException("Role mapper gbean already present", e);
105             }
106             GBeanData jaccBeanData = configureApplicationPolicyManager(naming, earContext.getModuleName(), earContext.getContextIDToPermissionsMap(), earContext.getSecurityConfiguration());
107             jaccBeanData.setReferencePattern("PrincipalRoleMapper", roleMapperData.getAbstractName());
108             try {
109                 earContext.addGBean(jaccBeanData);
110             } catch (GBeanAlreadyExistsException e) {
111                 throw new DeploymentException("JACC manager gbean already present", e);
112             }
113             earContext.setJaccManagerName(jaccBeanData.getAbstractName());
114         }
115     }
116
117     private static SecurityConfiguration buildSecurityConfiguration(Security security, ClassLoader JavaDoc classLoader) {
118         Map JavaDoc roleDesignates = new HashMap JavaDoc();
119         Map JavaDoc principalRoleMap = new HashMap JavaDoc();
120         Map JavaDoc roleToPrincipalMap = new HashMap JavaDoc();
121         GeronimoSecurityBuilderImpl.buildRolePrincipalMap(security, roleDesignates, roleToPrincipalMap, classLoader);
122         GeronimoSecurityBuilderImpl.invertMap(roleToPrincipalMap, principalRoleMap);
123         return new SecurityConfiguration(principalRoleMap, roleDesignates, security.getDefaultPrincipal(), security.getDefaultRole(), security.isDoAsCurrentCaller(), security.isUseContextHandler());
124     }
125
126     private static Map JavaDoc invertMap(Map JavaDoc roleToPrincipalMap, Map JavaDoc principalRoleMapping) {
127         for (Iterator JavaDoc roles = roleToPrincipalMap.entrySet().iterator(); roles.hasNext();) {
128             Map.Entry JavaDoc entry = (Map.Entry JavaDoc) roles.next();
129             String JavaDoc role = (String JavaDoc) entry.getKey();
130             Set JavaDoc principals = (Set JavaDoc) entry.getValue();
131             for (Iterator JavaDoc iter = principals.iterator(); iter.hasNext();) {
132                 java.security.Principal JavaDoc principal = (java.security.Principal JavaDoc) iter.next();
133
134                 HashSet JavaDoc roleSet = (HashSet JavaDoc) principalRoleMapping.get(principal);
135                 if (roleSet == null) {
136                     roleSet = new HashSet JavaDoc();
137                     principalRoleMapping.put(principal, roleSet);
138                 }
139                 roleSet.add(role);
140             }
141         }
142         return principalRoleMapping;
143     }
144
145     /**
146      * non-interface, used in some jetty/tomcat tests
147      *
148      * @param security
149      * @param roleDesignates
150      * @param roleToPrincipalMap
151      * @param classLoader
152      */

153     public static void buildRolePrincipalMap(Security security, Map JavaDoc roleDesignates, Map JavaDoc roleToPrincipalMap, ClassLoader JavaDoc classLoader) {
154
155         Iterator JavaDoc roleMappings = security.getRoleMappings().values().iterator();
156         while (roleMappings.hasNext()) {
157             Role role = (Role) roleMappings.next();
158
159             String JavaDoc roleName = role.getRoleName();
160             Subject JavaDoc roleDesignate = new Subject JavaDoc();
161             Set JavaDoc principalSet = new HashSet JavaDoc();
162
163             Iterator JavaDoc realmPrincipals = role.getRealmPrincipals().iterator();
164             while (realmPrincipals.hasNext()) {
165                 RealmPrincipalInfo realmPrincipal = (RealmPrincipalInfo) realmPrincipals.next();
166                 java.security.Principal JavaDoc principal = ConfigurationUtil.generateRealmPrincipal(realmPrincipal.getRealm(), realmPrincipal.getDomain(), realmPrincipal, classLoader);
167
168                 principalSet.add(principal);
169                 if (realmPrincipal.isDesignatedRunAs()) roleDesignate.getPrincipals().add(principal);
170             }
171
172             Iterator JavaDoc domainPrincipals = role.getLoginDomainPrincipals().iterator();
173             while (domainPrincipals.hasNext()) {
174                 LoginDomainPrincipalInfo domainPrincipal = (LoginDomainPrincipalInfo) domainPrincipals.next();
175                 java.security.Principal JavaDoc principal = ConfigurationUtil.generateDomainPrincipal(domainPrincipal.getDomain(), domainPrincipal, classLoader);
176
177                 principalSet.add(principal);
178                 if (domainPrincipal.isDesignatedRunAs()) roleDesignate.getPrincipals().add(principal);
179             }
180
181             Iterator JavaDoc principals = role.getPrincipals().iterator();
182             while (principals.hasNext()) {
183                 PrincipalInfo plainPrincipalInfo = (PrincipalInfo) principals.next();
184                 java.security.Principal JavaDoc principal = ConfigurationUtil.generatePrincipal(plainPrincipalInfo, classLoader);
185
186                 principalSet.add(principal);
187                 if (plainPrincipalInfo.isDesignatedRunAs()) roleDesignate.getPrincipals().add(principal);
188             }
189
190             for (Iterator JavaDoc names = role.getDistinguishedNames().iterator(); names.hasNext();) {
191                 DistinguishedName dn = (DistinguishedName) names.next();
192
193                 X500Principal JavaDoc x500Principal = ConfigurationUtil.generateX500Principal(dn.getName());
194
195                 principalSet.add(x500Principal);
196                 if (dn.isDesignatedRunAs()) roleDesignate.getPrincipals().add(x500Principal);
197             }
198
199             Set JavaDoc roleMapping = (Set JavaDoc) roleToPrincipalMap.get(roleName);
200             if (roleMapping == null) {
201                 roleMapping = new HashSet JavaDoc();
202                 roleToPrincipalMap.put(roleName, roleMapping);
203             }
204             roleMapping.addAll(principalSet);
205
206             if (roleDesignate.getPrincipals().size() > 0) {
207                 roleDesignates.put(roleName, roleDesignate);
208             }
209         }
210     }
211
212     private Security buildSecurityConfig(GerSecurityType securityType) {
213         Security security;
214
215         if (securityType == null) {
216             return null;
217         }
218         security = new Security();
219
220         security.setDoAsCurrentCaller(securityType.getDoasCurrentCaller());
221         security.setUseContextHandler(securityType.getUseContextHandler());
222         if (securityType.isSetDefaultRole()) {
223             security.setDefaultRole(securityType.getDefaultRole().trim());
224         }
225
226         if (securityType.isSetRoleMappings()) {
227             GerRoleMappingsType roleMappingsType = securityType.getRoleMappings();
228             for (int i = 0; i < roleMappingsType.sizeOfRoleArray(); i++) {
229                 GerRoleType roleType = roleMappingsType.getRoleArray(i);
230                 Role role = new Role();
231
232                 String JavaDoc roleName = roleType.getRoleName().trim();
233                 role.setRoleName(roleName);
234
235                 for (int j = 0; j < roleType.sizeOfRealmPrincipalArray(); j++) {
236                     role.getRealmPrincipals().add(GeronimoSecurityBuilderImpl.buildRealmPrincipal(roleType.getRealmPrincipalArray(j)));
237                 }
238
239                 for (int j = 0; j < roleType.sizeOfLoginDomainPrincipalArray(); j++) {
240                     role.getLoginDomainPrincipals().add(GeronimoSecurityBuilderImpl.buildDomainPrincipal(roleType.getLoginDomainPrincipalArray(j)));
241                 }
242
243                 for (int j = 0; j < roleType.sizeOfPrincipalArray(); j++) {
244                     role.getPrincipals().add(buildPrincipal(roleType.getPrincipalArray(j)));
245                 }
246
247                 for (int j = 0; j < roleType.sizeOfDistinguishedNameArray(); j++) {
248                     GerDistinguishedNameType dnType = roleType.getDistinguishedNameArray(j);
249
250                     role.getDistinguishedNames().add(new DistinguishedName(dnType.getName().trim(), dnType.getDesignatedRunAs()));
251                 }
252
253                 security.getRoleMappings().put(roleName, role);
254             }
255         }
256
257         security.setDefaultPrincipal(buildDefaultPrincipal(securityType.getDefaultPrincipal()));
258
259         return security;
260     }
261
262     //used from app client builder
263
public DefaultPrincipal buildDefaultPrincipal(XmlObject xmlObject) {
264         GerDefaultPrincipalType defaultPrincipalType = (GerDefaultPrincipalType) xmlObject;
265         DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
266
267         if(defaultPrincipalType.isSetPrincipal()) {
268             defaultPrincipal.setPrincipal(buildPrincipal(defaultPrincipalType.getPrincipal()));
269         } else if(defaultPrincipalType.isSetLoginDomainPrincipal()) {
270             defaultPrincipal.setPrincipal(buildDomainPrincipal(defaultPrincipalType.getLoginDomainPrincipal()));
271         } else if(defaultPrincipalType.isSetRealmPrincipal()) {
272             defaultPrincipal.setPrincipal(buildRealmPrincipal(defaultPrincipalType.getRealmPrincipal()));
273         } else {
274             throw new IllegalStateException JavaDoc("default-principal does not contain a principal, login-domain-principal, or realm-principal");
275         }
276         GerNamedUsernamePasswordCredentialType[] namedCredentials = defaultPrincipalType.getNamedUsernamePasswordCredentialArray();
277         if (namedCredentials.length > 0) {
278             Set JavaDoc defaultCredentialSet = new HashSet JavaDoc();
279             for (int i = 0; i < namedCredentials.length; i++) {
280                 GerNamedUsernamePasswordCredentialType namedCredentialType = namedCredentials[i];
281                 NamedUsernamePasswordCredential namedCredential = new NamedUsernamePasswordCredential(namedCredentialType.getUsername().trim(), namedCredentialType.getPassword().trim().toCharArray(), namedCredentialType.getName().trim());
282                 defaultCredentialSet.add(namedCredential);
283             }
284             defaultPrincipal.setNamedUserPasswordCredentials(defaultCredentialSet);
285         }
286         return defaultPrincipal;
287     }
288
289     private static RealmPrincipalInfo buildRealmPrincipal(GerRealmPrincipalType realmPrincipalType) {
290         return new RealmPrincipalInfo(realmPrincipalType.getRealmName().trim(), realmPrincipalType.getDomainName().trim(), realmPrincipalType.getClass1().trim(), realmPrincipalType.getName().trim(), realmPrincipalType.isSetDesignatedRunAs());
291     }
292
293     private static LoginDomainPrincipalInfo buildDomainPrincipal(GerLoginDomainPrincipalType domainPrincipalType) {
294         return new LoginDomainPrincipalInfo(domainPrincipalType.getDomainName().trim(), domainPrincipalType.getClass1().trim(), domainPrincipalType.getName().trim(), domainPrincipalType.isSetDesignatedRunAs());
295     }
296
297     //used from TSSConfigEditor
298
public PrincipalInfo buildPrincipal(XmlObject xmlObject) {
299         GerPrincipalType principalType = (GerPrincipalType) xmlObject;
300         return new PrincipalInfo(principalType.getClass1().trim(), principalType.getName().trim(), principalType.isSetDesignatedRunAs());
301     }
302
303     public GBeanData configureRoleMapper(Naming naming, AbstractName moduleName, Object JavaDoc securityConfiguration) {
304         AbstractName roleMapperName = naming.createChildName(moduleName, "RoleMapper", "RoleMapper");
305         GBeanData roleMapperData = new GBeanData(roleMapperName, ApplicationPrincipalRoleConfigurationManager.GBEAN_INFO);
306         roleMapperData.setAttribute("principalRoleMap", ((SecurityConfiguration) securityConfiguration).getPrincipalRoleMap());
307         return roleMapperData;
308     }
309
310     public GBeanData configureApplicationPolicyManager(Naming naming, AbstractName moduleName, Map JavaDoc contextIDToPermissionsMap, Object JavaDoc securityConfiguration) {
311         AbstractName jaccBeanName = naming.createChildName(moduleName, NameFactory.JACC_MANAGER, NameFactory.JACC_MANAGER);
312         GBeanData jaccBeanData = new GBeanData(jaccBeanName, ApplicationPolicyConfigurationManager.GBEAN_INFO);
313         jaccBeanData.setAttribute("contextIdToPermissionsMap", contextIDToPermissionsMap);
314         jaccBeanData.setAttribute("roleDesignates", ((SecurityConfiguration) securityConfiguration).getRoleDesignates());
315         return jaccBeanData;
316
317     }
318
319     public QNameSet getSpecQNameSet() {
320         return QNameSet.EMPTY;
321     }
322
323     public QNameSet getPlanQNameSet() {
324         return SECURITY_QNAME_SET;
325     }
326
327     public static final GBeanInfo GBEAN_INFO;
328
329     static {
330         GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(GeronimoSecurityBuilderImpl.class, NameFactory.MODULE_BUILDER);
331
332         infoFactory.addInterface(SecurityBuilder.class);
333
334
335         GBEAN_INFO = infoFactory.getBeanInfo();
336     }
337
338     public static GBeanInfo getGBeanInfo() {
339         return GBEAN_INFO;
340     }
341
342 }
343
Popular Tags