Home » geronimo-2.2-source-release » org.apache.geronimo.security.deployment » [javadoc | source]

    1   /**
    2    *
    3    * Copyright 2003-2004 The Apache Software Foundation
    4    *
    5    *  Licensed under the Apache License, Version 2.0 (the "License");
    6    *  you may not use this file except in compliance with the License.
    7    *  You may obtain a copy of the License at
    8    *
    9    *     http://www.apache.org/licenses/LICENSE-2.0
   10    *
   11    *  Unless required by applicable law or agreed to in writing, software
   12    *  distributed under the License is distributed on an "AS IS" BASIS,
   13    *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   14    *  See the License for the specific language governing permissions and
   15    *  limitations under the License.
   16    */
   17   package org.apache.geronimo.security.deployment;
   18   
   19   import java.util.HashMap;
   20   import java.util.HashSet;
   21   import java.util.Iterator;
   22   import java.util.Map;
   23   import java.util.Set;
   24   import javax.management.ObjectName;
   25   import javax.security.auth.Subject;
   26   import javax.security.auth.x500.X500Principal;
   27   
   28   import org.apache.geronimo.common.DeploymentException;
   29   import org.apache.geronimo.gbean.GBeanData;
   30   import org.apache.geronimo.security.RealmPrincipal;
   31   import org.apache.geronimo.security.deploy.DefaultPrincipal;
   32   import org.apache.geronimo.security.deploy.DistinguishedName;
   33   import org.apache.geronimo.security.deploy.Principal;
   34   import org.apache.geronimo.security.deploy.Realm;
   35   import org.apache.geronimo.security.deploy.Role;
   36   import org.apache.geronimo.security.deploy.Security;
   37   import org.apache.geronimo.security.jaas.NamedUsernamePasswordCredential;
   38   import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
   39   import org.apache.geronimo.security.util.ConfigurationUtil;
   40   import org.apache.geronimo.xbeans.geronimo.security.GerDefaultPrincipalType;
   41   import org.apache.geronimo.xbeans.geronimo.security.GerDistinguishedNameType;
   42   import org.apache.geronimo.xbeans.geronimo.security.GerNamedUsernamePasswordCredentialType;
   43   import org.apache.geronimo.xbeans.geronimo.security.GerPrincipalType;
   44   import org.apache.geronimo.xbeans.geronimo.security.GerRealmType;
   45   import org.apache.geronimo.xbeans.geronimo.security.GerRoleMappingsType;
   46   import org.apache.geronimo.xbeans.geronimo.security.GerRoleType;
   47   import org.apache.geronimo.xbeans.geronimo.security.GerSecurityType;
   48   
   49   
   50   /**
   51    * @version $Rev:  $ $Date:  $
   52    */
   53   public class SecurityBuilder {
   54   
   55       public static SecurityConfiguration buildSecurityConfiguration(GerSecurityType securityType) throws DeploymentException {
   56           Security security = buildSecurityConfig(securityType);
   57           return buildSecurityConfiguration(security);
   58       }
   59   
   60       public static SecurityConfiguration buildSecurityConfiguration(Security security) throws DeploymentException {
   61           Map roleDesignates = new HashMap();
   62           Map principalRoleMap = new HashMap();
   63           Map roleToPrincipalMap = new HashMap();
   64           buildRolePrincipalMap(security, roleDesignates, roleToPrincipalMap);
   65           invertMap(roleToPrincipalMap, principalRoleMap);
   66           SecurityConfiguration securityConfiguration = new SecurityConfiguration(principalRoleMap, roleDesignates, security.getDefaultPrincipal(), security.getDefaultRole(), security.isDoAsCurrentCaller(), security.isUseContextHandler());
   67           return securityConfiguration;
   68       }
   69   
   70       private static Map invertMap(Map roleToPrincipalMap, Map principalRoleMapping) {
   71           for (Iterator roles = roleToPrincipalMap.entrySet().iterator(); roles.hasNext();) {
   72               Map.Entry entry = (Map.Entry) roles.next();
   73               String role = (String) entry.getKey();
   74               Set principals = (Set) entry.getValue();
   75               for (Iterator iter = principals.iterator(); iter.hasNext();) {
   76                   java.security.Principal principal = (java.security.Principal) iter.next();
   77   
   78                   HashSet roleSet = (HashSet) principalRoleMapping.get(principal);
   79                   if (roleSet == null) {
   80                       roleSet = new HashSet();
   81                       principalRoleMapping.put(principal, roleSet);
   82                   }
   83                   roleSet.add(role);
   84               }
   85           }
   86           return principalRoleMapping;
   87       }
   88   
   89       private static void buildRolePrincipalMap(Security security, Map roleDesignates, Map roleToPrincipalMap) throws DeploymentException {
   90   
   91           Iterator rollMappings = security.getRoleMappings().values().iterator();
   92           while (rollMappings.hasNext()) {
   93               Role role = (Role) rollMappings.next();
   94   
   95               String roleName = role.getRoleName();
   96               Subject roleDesignate = new Subject();
   97               Set principalSet = new HashSet();
   98   
   99               Iterator realms = role.getRealms().values().iterator();
  100               while (realms.hasNext()) {
  101                   Realm realm = (Realm) realms.next();
  102   
  103                   Iterator principals = realm.getPrincipals().iterator();
  104                   while (principals.hasNext()) {
  105                       Principal principal = (Principal) principals.next();
  106   
  107                       RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(principal, realm.getRealmName());
  108   
  109                       if (realmPrincipal == null) throw new DeploymentException("Unable to create realm principal");
  110   
  111                       principalSet.add(realmPrincipal);
  112                       if (principal.isDesignatedRunAs()) roleDesignate.getPrincipals().add(realmPrincipal);
  113                   }
  114               }
  115   
  116               for (Iterator names = role.getDNames().iterator(); names.hasNext();) {
  117                   DistinguishedName dn = (DistinguishedName) names.next();
  118   
  119                   X500Principal x500Principal = ConfigurationUtil.generateX500Principal(dn.getName());
  120   
  121                   principalSet.add(x500Principal);
  122                   if (dn.isDesignatedRunAs()) {
  123                       roleDesignate.getPrincipals().add(x500Principal);
  124                   }
  125               }
  126   
  127               Set roleMapping = (Set) roleToPrincipalMap.get(roleName);
  128               if (roleMapping == null) {
  129                   roleMapping = new HashSet();
  130                   roleToPrincipalMap.put(roleName, roleMapping);
  131               }
  132               roleMapping.addAll(principalSet);
  133   
  134               if (roleDesignate.getPrincipals().size() > 0) {
  135                   roleDesignates.put(roleName, roleDesignate);
  136               }
  137           }
  138       }
  139   
  140       private static Security buildSecurityConfig(GerSecurityType securityType) {
  141           Security security = null;
  142   
  143           if (securityType == null) {
  144               return null;
  145           }
  146           security = new Security();
  147   
  148           security.setDoAsCurrentCaller(securityType.getDoasCurrentCaller());
  149           security.setUseContextHandler(securityType.getUseContextHandler());
  150           if (securityType.isSetDefaultRole()) {
  151               security.setDefaultRole(securityType.getDefaultRole().trim());
  152           }
  153   
  154           if (securityType.isSetRoleMappings()) {
  155               GerRoleMappingsType roleMappingsType = securityType.getRoleMappings();
  156               for (int i = 0; i < roleMappingsType.sizeOfRoleArray(); i++) {
  157                   GerRoleType roleType = roleMappingsType.getRoleArray(i);
  158                   Role role = new Role();
  159   
  160                   String roleName = roleType.getRoleName().trim();
  161                   role.setRoleName(roleName);
  162   
  163                   for (int j = 0; j < roleType.sizeOfRealmArray(); j++) {
  164                       GerRealmType realmType = roleType.getRealmArray(j);
  165                       String realmName = realmType.getRealmName().trim();
  166                       Realm realm = new Realm();
  167   
  168                       realm.setRealmName(realmName);
  169   
  170                       for (int k = 0; k < realmType.sizeOfPrincipalArray(); k++) {
  171                           realm.getPrincipals().add(buildPrincipal(realmType.getPrincipalArray(k)));
  172                       }
  173   
  174                       role.getRealms().put(realmName, realm);
  175                   }
  176   
  177                   for (int j = 0; j < roleType.sizeOfDistinguishedNameArray(); j++) {
  178                       GerDistinguishedNameType dnType = roleType.getDistinguishedNameArray(j);
  179                       DistinguishedName name = new DistinguishedName(dnType.getName());
  180   
  181                       name.setDesignatedRunAs(dnType.getDesignatedRunAs());
  182   
  183                       role.append(name);
  184                   }
  185   
  186                   security.getRoleMappings().put(roleName, role);
  187               }
  188           }
  189   
  190           security.setDefaultPrincipal(buildDefaultPrincipal(securityType.getDefaultPrincipal()));
  191   
  192           return security;
  193       }
  194   
  195       //used from app client builder
  196       public static DefaultPrincipal buildDefaultPrincipal(GerDefaultPrincipalType defaultPrincipalType) {
  197           DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
  198   
  199           defaultPrincipal.setRealmName(defaultPrincipalType.getRealmName().trim());
  200           defaultPrincipal.setPrincipal(buildPrincipal(defaultPrincipalType.getPrincipal()));
  201           GerNamedUsernamePasswordCredentialType[] namedCredentials = defaultPrincipalType.getNamedUsernamePasswordCredentialArray();
  202           if (namedCredentials.length > 0) {
  203               Set defaultCredentialSet = new HashSet();
  204               for (int i = 0; i < namedCredentials.length; i++) {
  205                   GerNamedUsernamePasswordCredentialType namedCredentialType = namedCredentials[i];
  206                   NamedUsernamePasswordCredential namedCredential = new NamedUsernamePasswordCredential(namedCredentialType.getUsername(), namedCredentialType.getPassword().toCharArray(), namedCredentialType.getName());
  207                   defaultCredentialSet.add(namedCredential);
  208               }
  209               defaultPrincipal.setNamedUserPasswordCredentials(defaultCredentialSet);
  210           }
  211           return defaultPrincipal;
  212       }
  213   
  214       //used from TSSConfigEditor
  215       public static Principal buildPrincipal(GerPrincipalType principalType) {
  216           Principal principal = new Principal();
  217   
  218           principal.setClassName(principalType.getClass1());
  219           principal.setPrincipalName(principalType.getName());
  220           principal.setDesignatedRunAs(principalType.isSetDesignatedRunAs());
  221   
  222           return principal;
  223       }
  224   
  225       public static GBeanData configureApplicationPolicyManager(ObjectName name, Map contextIDToPermissionsMap, SecurityConfiguration securityConfiguration) {
  226           GBeanData jaccBeanData = new GBeanData(name, ApplicationPolicyConfigurationManager.GBEAN_INFO);
  227           jaccBeanData.setAttribute("contextIdToPermissionsMap", contextIDToPermissionsMap);
  228           jaccBeanData.setAttribute("principalRoleMap", securityConfiguration.getPrincipalRoleMap());
  229           jaccBeanData.setAttribute("roleDesignates", securityConfiguration.getRoleDesignates());
  230           return jaccBeanData;
  231       }
  232   
  233   }

Home » geronimo-2.2-source-release » org.apache.geronimo.security.deployment » [javadoc | source]