KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > geronimo > security > deployment > SecurityBuilder


1 /**
2  *
3  * Copyright 2003-2004 The Apache Software Foundation
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17 package org.apache.geronimo.security.deployment;
18
19 import java.util.HashMap JavaDoc;
20 import java.util.HashSet JavaDoc;
21 import java.util.Iterator JavaDoc;
22 import java.util.Map JavaDoc;
23 import java.util.Set JavaDoc;
24 import javax.management.ObjectName JavaDoc;
25 import javax.security.auth.Subject JavaDoc;
26 import javax.security.auth.x500.X500Principal JavaDoc;
27
28 import org.apache.geronimo.common.DeploymentException;
29 import org.apache.geronimo.gbean.GBeanData;
30 import org.apache.geronimo.security.RealmPrincipal;
31 import org.apache.geronimo.security.deploy.DefaultPrincipal;
32 import org.apache.geronimo.security.deploy.DistinguishedName;
33 import org.apache.geronimo.security.deploy.Principal;
34 import org.apache.geronimo.security.deploy.Realm;
35 import org.apache.geronimo.security.deploy.Role;
36 import org.apache.geronimo.security.deploy.Security;
37 import org.apache.geronimo.security.jaas.NamedUsernamePasswordCredential;
38 import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
39 import org.apache.geronimo.security.util.ConfigurationUtil;
40 import org.apache.geronimo.xbeans.geronimo.security.GerDefaultPrincipalType;
41 import org.apache.geronimo.xbeans.geronimo.security.GerDistinguishedNameType;
42 import org.apache.geronimo.xbeans.geronimo.security.GerNamedUsernamePasswordCredentialType;
43 import org.apache.geronimo.xbeans.geronimo.security.GerPrincipalType;
44 import org.apache.geronimo.xbeans.geronimo.security.GerRealmType;
45 import org.apache.geronimo.xbeans.geronimo.security.GerRoleMappingsType;
46 import org.apache.geronimo.xbeans.geronimo.security.GerRoleType;
47 import org.apache.geronimo.xbeans.geronimo.security.GerSecurityType;
48
49
50 /**
51  * @version $Rev: $ $Date: $
52  */
53 public class SecurityBuilder {
54
55     public static SecurityConfiguration buildSecurityConfiguration(GerSecurityType securityType) throws DeploymentException {
56         Security security = buildSecurityConfig(securityType);
57         return buildSecurityConfiguration(security);
58     }
59
60     public static SecurityConfiguration buildSecurityConfiguration(Security security) throws DeploymentException {
61         Map JavaDoc roleDesignates = new HashMap JavaDoc();
62         Map JavaDoc principalRoleMap = new HashMap JavaDoc();
63         Map JavaDoc roleToPrincipalMap = new HashMap JavaDoc();
64         buildRolePrincipalMap(security, roleDesignates, roleToPrincipalMap);
65         invertMap(roleToPrincipalMap, principalRoleMap);
66         SecurityConfiguration securityConfiguration = new SecurityConfiguration(principalRoleMap, roleDesignates, security.getDefaultPrincipal(), security.getDefaultRole(), security.isDoAsCurrentCaller(), security.isUseContextHandler());
67         return securityConfiguration;
68     }
69
70     private static Map JavaDoc invertMap(Map JavaDoc roleToPrincipalMap, Map JavaDoc principalRoleMapping) {
71         for (Iterator JavaDoc roles = roleToPrincipalMap.entrySet().iterator(); roles.hasNext();) {
72             Map.Entry JavaDoc entry = (Map.Entry JavaDoc) roles.next();
73             String JavaDoc role = (String JavaDoc) entry.getKey();
74             Set JavaDoc principals = (Set JavaDoc) entry.getValue();
75             for (Iterator JavaDoc iter = principals.iterator(); iter.hasNext();) {
76                 java.security.Principal JavaDoc principal = (java.security.Principal JavaDoc) iter.next();
77
78                 HashSet JavaDoc roleSet = (HashSet JavaDoc) principalRoleMapping.get(principal);
79                 if (roleSet == null) {
80                     roleSet = new HashSet JavaDoc();
81                     principalRoleMapping.put(principal, roleSet);
82                 }
83                 roleSet.add(role);
84             }
85         }
86         return principalRoleMapping;
87     }
88
89     private static void buildRolePrincipalMap(Security security, Map JavaDoc roleDesignates, Map JavaDoc roleToPrincipalMap) throws DeploymentException {
90
91         Iterator JavaDoc rollMappings = security.getRoleMappings().values().iterator();
92         while (rollMappings.hasNext()) {
93             Role role = (Role) rollMappings.next();
94
95             String JavaDoc roleName = role.getRoleName();
96             Subject JavaDoc roleDesignate = new Subject JavaDoc();
97             Set JavaDoc principalSet = new HashSet JavaDoc();
98
99             Iterator JavaDoc realms = role.getRealms().values().iterator();
100             while (realms.hasNext()) {
101                 Realm realm = (Realm) realms.next();
102
103                 Iterator JavaDoc principals = realm.getPrincipals().iterator();
104                 while (principals.hasNext()) {
105                     Principal JavaDoc principal = (Principal JavaDoc) principals.next();
106
107                     RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(principal, realm.getRealmName());
108
109                     if (realmPrincipal == null) throw new DeploymentException("Unable to create realm principal");
110
111                     principalSet.add(realmPrincipal);
112                     if (principal.isDesignatedRunAs()) roleDesignate.getPrincipals().add(realmPrincipal);
113                 }
114             }
115
116             for (Iterator JavaDoc names = role.getDNames().iterator(); names.hasNext();) {
117                 DistinguishedName dn = (DistinguishedName) names.next();
118
119                 X500Principal JavaDoc x500Principal = ConfigurationUtil.generateX500Principal(dn.getName());
120
121                 principalSet.add(x500Principal);
122                 if (dn.isDesignatedRunAs()) {
123                     roleDesignate.getPrincipals().add(x500Principal);
124                 }
125             }
126
127             Set JavaDoc roleMapping = (Set JavaDoc) roleToPrincipalMap.get(roleName);
128             if (roleMapping == null) {
129                 roleMapping = new HashSet JavaDoc();
130                 roleToPrincipalMap.put(roleName, roleMapping);
131             }
132             roleMapping.addAll(principalSet);
133
134             if (roleDesignate.getPrincipals().size() > 0) {
135                 roleDesignates.put(roleName, roleDesignate);
136             }
137         }
138     }
139
140     private static Security buildSecurityConfig(GerSecurityType securityType) {
141         Security security = null;
142
143         if (securityType == null) {
144             return null;
145         }
146         security = new Security();
147
148         security.setDoAsCurrentCaller(securityType.getDoasCurrentCaller());
149         security.setUseContextHandler(securityType.getUseContextHandler());
150         if (securityType.isSetDefaultRole()) {
151             security.setDefaultRole(securityType.getDefaultRole().trim());
152         }
153
154         if (securityType.isSetRoleMappings()) {
155             GerRoleMappingsType roleMappingsType = securityType.getRoleMappings();
156             for (int i = 0; i < roleMappingsType.sizeOfRoleArray(); i++) {
157                 GerRoleType roleType = roleMappingsType.getRoleArray(i);
158                 Role role = new Role();
159
160                 String JavaDoc roleName = roleType.getRoleName().trim();
161                 role.setRoleName(roleName);
162
163                 for (int j = 0; j < roleType.sizeOfRealmArray(); j++) {
164                     GerRealmType realmType = roleType.getRealmArray(j);
165                     String JavaDoc realmName = realmType.getRealmName().trim();
166                     Realm realm = new Realm();
167
168                     realm.setRealmName(realmName);
169
170                     for (int k = 0; k < realmType.sizeOfPrincipalArray(); k++) {
171                         realm.getPrincipals().add(buildPrincipal(realmType.getPrincipalArray(k)));
172                     }
173
174                     role.getRealms().put(realmName, realm);
175                 }
176
177                 for (int j = 0; j < roleType.sizeOfDistinguishedNameArray(); j++) {
178                     GerDistinguishedNameType dnType = roleType.getDistinguishedNameArray(j);
179                     DistinguishedName name = new DistinguishedName(dnType.getName());
180
181                     name.setDesignatedRunAs(dnType.getDesignatedRunAs());
182
183                     role.append(name);
184                 }
185
186                 security.getRoleMappings().put(roleName, role);
187             }
188         }
189
190         security.setDefaultPrincipal(buildDefaultPrincipal(securityType.getDefaultPrincipal()));
191
192         return security;
193     }
194
195     //used from app client builder
196 public static DefaultPrincipal buildDefaultPrincipal(GerDefaultPrincipalType defaultPrincipalType) {
197         DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
198
199         defaultPrincipal.setRealmName(defaultPrincipalType.getRealmName().trim());
200         defaultPrincipal.setPrincipal(buildPrincipal(defaultPrincipalType.getPrincipal()));
201         GerNamedUsernamePasswordCredentialType[] namedCredentials = defaultPrincipalType.getNamedUsernamePasswordCredentialArray();
202         if (namedCredentials.length > 0) {
203             Set JavaDoc defaultCredentialSet = new HashSet JavaDoc();
204             for (int i = 0; i < namedCredentials.length; i++) {
205                 GerNamedUsernamePasswordCredentialType namedCredentialType = namedCredentials[i];
206                 NamedUsernamePasswordCredential namedCredential = new NamedUsernamePasswordCredential(namedCredentialType.getUsername(), namedCredentialType.getPassword().toCharArray(), namedCredentialType.getName());
207                 defaultCredentialSet.add(namedCredential);
208             }
209             defaultPrincipal.setNamedUserPasswordCredentials(defaultCredentialSet);
210         }
211         return defaultPrincipal;
212     }
213
214     //used from TSSConfigEditor
215 public static Principal JavaDoc buildPrincipal(GerPrincipalType principalType) {
216         Principal JavaDoc principal = new Principal JavaDoc();
217
218         principal.setClassName(principalType.getClass1());
219         principal.setPrincipalName(principalType.getName());
220         principal.setDesignatedRunAs(principalType.isSetDesignatedRunAs());
221
222         return principal;
223     }
224
225     public static GBeanData configureApplicationPolicyManager(ObjectName JavaDoc name, Map JavaDoc contextIDToPermissionsMap, SecurityConfiguration securityConfiguration) {
226         GBeanData jaccBeanData = new GBeanData(name, ApplicationPolicyConfigurationManager.GBEAN_INFO);
227         jaccBeanData.setAttribute("contextIdToPermissionsMap", contextIDToPermissionsMap);
228         jaccBeanData.setAttribute("principalRoleMap", securityConfiguration.getPrincipalRoleMap());
229         jaccBeanData.setAttribute("roleDesignates", securityConfiguration.getRoleDesignates());
230         return jaccBeanData;
231     }
232
233 }
234
Popular Tags