1 17 package org.apache.geronimo.security.deployment; 18 19 import java.util.HashMap ; 20 import java.util.HashSet ; 21 import java.util.Iterator ; 22 import java.util.Map ; 23 import java.util.Set ; 24 import javax.management.ObjectName ; 25 import javax.security.auth.Subject ; 26 import javax.security.auth.x500.X500Principal ; 27 28 import org.apache.geronimo.common.DeploymentException; 29 import org.apache.geronimo.gbean.GBeanData; 30 import org.apache.geronimo.security.RealmPrincipal; 31 import org.apache.geronimo.security.deploy.DefaultPrincipal; 32 import org.apache.geronimo.security.deploy.DistinguishedName; 33 import org.apache.geronimo.security.deploy.Principal; 34 import org.apache.geronimo.security.deploy.Realm; 35 import org.apache.geronimo.security.deploy.Role; 36 import org.apache.geronimo.security.deploy.Security; 37 import org.apache.geronimo.security.jaas.NamedUsernamePasswordCredential; 38 import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager; 39 import org.apache.geronimo.security.util.ConfigurationUtil; 40 import org.apache.geronimo.xbeans.geronimo.security.GerDefaultPrincipalType; 41 import org.apache.geronimo.xbeans.geronimo.security.GerDistinguishedNameType; 42 import org.apache.geronimo.xbeans.geronimo.security.GerNamedUsernamePasswordCredentialType; 43 import org.apache.geronimo.xbeans.geronimo.security.GerPrincipalType; 44 import org.apache.geronimo.xbeans.geronimo.security.GerRealmType; 45 import org.apache.geronimo.xbeans.geronimo.security.GerRoleMappingsType; 46 import org.apache.geronimo.xbeans.geronimo.security.GerRoleType; 47 import org.apache.geronimo.xbeans.geronimo.security.GerSecurityType; 48 49 50 53 public class SecurityBuilder { 54 55 public static SecurityConfiguration buildSecurityConfiguration(GerSecurityType securityType) throws DeploymentException { 56 Security security = buildSecurityConfig(securityType); 57 return buildSecurityConfiguration(security); 58 } 59 60 public static SecurityConfiguration buildSecurityConfiguration(Security security) throws DeploymentException { 61 Map roleDesignates = new HashMap (); 62 Map principalRoleMap = new HashMap (); 63 Map roleToPrincipalMap = new HashMap (); 64 buildRolePrincipalMap(security, roleDesignates, roleToPrincipalMap); 65 invertMap(roleToPrincipalMap, principalRoleMap); 66 SecurityConfiguration securityConfiguration = new SecurityConfiguration(principalRoleMap, roleDesignates, security.getDefaultPrincipal(), security.getDefaultRole(), security.isDoAsCurrentCaller(), security.isUseContextHandler()); 67 return securityConfiguration; 68 } 69 70 private static Map invertMap(Map roleToPrincipalMap, Map principalRoleMapping) { 71 for (Iterator roles = roleToPrincipalMap.entrySet().iterator(); roles.hasNext();) { 72 Map.Entry entry = (Map.Entry ) roles.next(); 73 String role = (String ) entry.getKey(); 74 Set principals = (Set ) entry.getValue(); 75 for (Iterator iter = principals.iterator(); iter.hasNext();) { 76 java.security.Principal principal = (java.security.Principal ) iter.next(); 77 78 HashSet roleSet = (HashSet ) principalRoleMapping.get(principal); 79 if (roleSet == null) { 80 roleSet = new HashSet (); 81 principalRoleMapping.put(principal, roleSet); 82 } 83 roleSet.add(role); 84 } 85 } 86 return principalRoleMapping; 87 } 88 89 private static void buildRolePrincipalMap(Security security, Map roleDesignates, Map roleToPrincipalMap) throws DeploymentException { 90 91 Iterator rollMappings = security.getRoleMappings().values().iterator(); 92 while (rollMappings.hasNext()) { 93 Role role = (Role) rollMappings.next(); 94 95 String roleName = role.getRoleName(); 96 Subject roleDesignate = new Subject (); 97 Set principalSet = new HashSet (); 98 99 Iterator realms = role.getRealms().values().iterator(); 100 while (realms.hasNext()) { 101 Realm realm = (Realm) realms.next(); 102 103 Iterator principals = realm.getPrincipals().iterator(); 104 while (principals.hasNext()) { 105 Principal principal = (Principal ) principals.next(); 106 107 RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(principal, realm.getRealmName()); 108 109 if (realmPrincipal == null) throw new DeploymentException("Unable to create realm principal"); 110 111 principalSet.add(realmPrincipal); 112 if (principal.isDesignatedRunAs()) roleDesignate.getPrincipals().add(realmPrincipal); 113 } 114 } 115 116 for (Iterator names = role.getDNames().iterator(); names.hasNext();) { 117 DistinguishedName dn = (DistinguishedName) names.next(); 118 119 X500Principal x500Principal = ConfigurationUtil.generateX500Principal(dn.getName()); 120 121 principalSet.add(x500Principal); 122 if (dn.isDesignatedRunAs()) { 123 roleDesignate.getPrincipals().add(x500Principal); 124 } 125 } 126 127 Set roleMapping = (Set ) roleToPrincipalMap.get(roleName); 128 if (roleMapping == null) { 129 roleMapping = new HashSet (); 130 roleToPrincipalMap.put(roleName, roleMapping); 131 } 132 roleMapping.addAll(principalSet); 133 134 if (roleDesignate.getPrincipals().size() > 0) { 135 roleDesignates.put(roleName, roleDesignate); 136 } 137 } 138 } 139 140 private static Security buildSecurityConfig(GerSecurityType securityType) { 141 Security security = null; 142 143 if (securityType == null) { 144 return null; 145 } 146 security = new Security(); 147 148 security.setDoAsCurrentCaller(securityType.getDoasCurrentCaller()); 149 security.setUseContextHandler(securityType.getUseContextHandler()); 150 if (securityType.isSetDefaultRole()) { 151 security.setDefaultRole(securityType.getDefaultRole().trim()); 152 } 153 154 if (securityType.isSetRoleMappings()) { 155 GerRoleMappingsType roleMappingsType = securityType.getRoleMappings(); 156 for (int i = 0; i < roleMappingsType.sizeOfRoleArray(); i++) { 157 GerRoleType roleType = roleMappingsType.getRoleArray(i); 158 Role role = new Role(); 159 160 String roleName = roleType.getRoleName().trim(); 161 role.setRoleName(roleName); 162 163 for (int j = 0; j < roleType.sizeOfRealmArray(); j++) { 164 GerRealmType realmType = roleType.getRealmArray(j); 165 String realmName = realmType.getRealmName().trim(); 166 Realm realm = new Realm(); 167 168 realm.setRealmName(realmName); 169 170 for (int k = 0; k < realmType.sizeOfPrincipalArray(); k++) { 171 realm.getPrincipals().add(buildPrincipal(realmType.getPrincipalArray(k))); 172 } 173 174 role.getRealms().put(realmName, realm); 175 } 176 177 for (int j = 0; j < roleType.sizeOfDistinguishedNameArray(); j++) { 178 GerDistinguishedNameType dnType = roleType.getDistinguishedNameArray(j); 179 DistinguishedName name = new DistinguishedName(dnType.getName()); 180 181 name.setDesignatedRunAs(dnType.getDesignatedRunAs()); 182 183 role.append(name); 184 } 185 186 security.getRoleMappings().put(roleName, role); 187 } 188 } 189 190 security.setDefaultPrincipal(buildDefaultPrincipal(securityType.getDefaultPrincipal())); 191 192 return security; 193 } 194 195 public static DefaultPrincipal buildDefaultPrincipal(GerDefaultPrincipalType defaultPrincipalType) { 197 DefaultPrincipal defaultPrincipal = new DefaultPrincipal(); 198 199 defaultPrincipal.setRealmName(defaultPrincipalType.getRealmName().trim()); 200 defaultPrincipal.setPrincipal(buildPrincipal(defaultPrincipalType.getPrincipal())); 201 GerNamedUsernamePasswordCredentialType[] namedCredentials = defaultPrincipalType.getNamedUsernamePasswordCredentialArray(); 202 if (namedCredentials.length > 0) { 203 Set defaultCredentialSet = new HashSet (); 204 for (int i = 0; i < namedCredentials.length; i++) { 205 GerNamedUsernamePasswordCredentialType namedCredentialType = namedCredentials[i]; 206 NamedUsernamePasswordCredential namedCredential = new NamedUsernamePasswordCredential(namedCredentialType.getUsername(), namedCredentialType.getPassword().toCharArray(), namedCredentialType.getName()); 207 defaultCredentialSet.add(namedCredential); 208 } 209 defaultPrincipal.setNamedUserPasswordCredentials(defaultCredentialSet); 210 } 211 return defaultPrincipal; 212 } 213 214 public static Principal buildPrincipal(GerPrincipalType principalType) { 216 Principal principal = new Principal (); 217 218 principal.setClassName(principalType.getClass1()); 219 principal.setPrincipalName(principalType.getName()); 220 principal.setDesignatedRunAs(principalType.isSetDesignatedRunAs()); 221 222 return principal; 223 } 224 225 public static GBeanData configureApplicationPolicyManager(ObjectName name, Map contextIDToPermissionsMap, SecurityConfiguration securityConfiguration) { 226 GBeanData jaccBeanData = new GBeanData(name, ApplicationPolicyConfigurationManager.GBEAN_INFO); 227 jaccBeanData.setAttribute("contextIdToPermissionsMap", contextIDToPermissionsMap); 228 jaccBeanData.setAttribute("principalRoleMap", securityConfiguration.getPrincipalRoleMap()); 229 jaccBeanData.setAttribute("roleDesignates", securityConfiguration.getRoleDesignates()); 230 return jaccBeanData; 231 } 232 233 } 234 | Popular Tags |