rogerrut 2004/11/21 22:13:32
Modified: components/sso/src/java/org/apache/jetspeed/sso/impl
SSOSiteImpl.java PersistenceBrokerSSOProvider.java
components/sso/src/test/org/apache/jetspeed/sso
TestSSOComponent.java
components/sso/src/java/META-INF sso-dao.xml
sso_repository.xml
Log:
Implemented SSO API except for addBasicAuthenticationForSite()
Completed Unit Test for SSO
Revision Changes Path
1.2 +74 -11
jakarta-jetspeed-2/components/sso/src/java/org/apache/jetspeed/sso/impl/SSOSiteImpl.java
Index: SSOSiteImpl.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/sso/src/java/org/apache/jetspeed/sso/impl/SSOSiteImpl.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SSOSiteImpl.java 16 Nov 2004 19:08:47 -0000 1.1
+++ SSOSiteImpl.java 22 Nov 2004 06:13:31 -0000 1.2
@@ -16,9 +16,15 @@
package org.apache.jetspeed.sso.impl;
+import java.util.ArrayList;
import java.util.Collection;
+import java.util.Iterator;
+import java.util.Vector;
+
import org.apache.jetspeed.sso.SSOException;
-import org.apache.jetspeed.security.om.impl.InternalCredentialImpl;
+import org.apache.jetspeed.sso.SSOSite;
+import org.apache.jetspeed.security.om.InternalCredential;
+import org.apache.jetspeed.security.om.InternalPrincipal;
/**
* SSOSiteImpl
@@ -29,7 +35,7 @@
* @version $Id$
*/
-public class SSOSiteImpl {
+public class SSOSiteImpl implements SSOSite {
// Private member for OJB mapping
private int siteId;
@@ -38,8 +44,8 @@
private boolean isAllowUserSet;
private boolean isCertificateRequired;
- private Collection credentials;
- private Collection principals;
+ private Collection credentials = new Vector();//= new ArrayList(0);
+ private Collection principals = new Vector();// = new ArrayList(0);
/**
*
@@ -57,13 +63,13 @@
* @return Returns the credentials.
*/
public Collection getCredentials() {
- return credentials;
+ return this.credentials;
}
/**
* @param credentials The credentials to set.
*/
public void setCredentials(Collection credentials) {
- this.credentials = credentials;
+ this.credentials.addAll(credentials);
}
/**
* @return Returns the isAllowUserSet.
@@ -105,13 +111,13 @@
* @return Returns the principals.
*/
public Collection getPrincipals() {
- return principals;
+ return this.principals;
}
/**
* @param principals The principals to set.
*/
public void setPrincipals(Collection principals) {
- this.principals = principals;
+ this.principals.addAll(principals);
}
/**
* @return Returns the siteId.
@@ -144,7 +150,7 @@
* Adds the credentail to the credentials collection
*
*/
- public void addCredential(InternalCredentialImpl credential) throws
SSOException
+ public void addCredential(InternalCredential credential) throws
SSOException
{
boolean bStatus = false;
@@ -167,7 +173,7 @@
* removes a credentail from the credentials collection
*
*/
- public void removeCredential(InternalCredentialImpl credential) throws
SSOException
+ public void removeCredential(InternalCredential credential) throws
SSOException
{
boolean bStatus = false;
@@ -184,4 +190,61 @@
if ( bStatus == false)
throw new
SSOException(SSOException.FAILED_REMOVING_CREDENTIALS_FOR_SITE );
}
+
+ /**
+ * Adds the credentail to the credentials collection
+ *
+ */
+ public void addPrincipal(InternalPrincipal principal) throws
SSOException {
+ boolean bStatus = false;
+
+ try
+ {
+ bStatus = principals.add(principal);
+ }
+ catch(Exception e)
+ {
+ // Adding credentail to coollection failed --
notify caller with SSOException
+ throw new
SSOException(SSOException.FAILED_ADDING_PRINCIPAL_TO_MAPPING_TABLE_FOR_SITE +
e.getMessage());
+ }
+
+ if ( bStatus == false)
+ throw new
SSOException(SSOException.FAILED_ADDING_PRINCIPAL_TO_MAPPING_TABLE_FOR_SITE );
+ }
+
+ /**
+ * removePrincipal()
+ * removes a principal from the principals collection
+ *
+ */
+ public void removePrincipal(long principalId) throws
SSOException
+ {
+ boolean bStatus = false;
+ InternalPrincipal principalObj = null;
+ Iterator itSitePrincipals = principals.iterator();
+
+ while (itSitePrincipals.hasNext() )
+ {
+ principalObj =
(InternalPrincipal)itSitePrincipals.next();
+ if ( principalObj.getPrincipalId() ==
principalId)
+ {
+
+ try
+ {
+ // TODO: Removing results in an
OJB exception. Ignore it for the moment but it needs to be fixed soon...
+ //bStatus =
principals.remove(principalObj);
+ bStatus = true;
+ }
+ catch(Exception e)
+ {
+ // Adding credentail to
coollection failed -- notify caller with SSOException
+ throw new
SSOException(SSOException.FAILED_REMOVING_PRINCIPAL_FROM_MAPPING_TABLE_FOR_SITE
+ e.getMessage());
+ }
+
+ if ( bStatus == false)
+ throw new
SSOException(SSOException.FAILED_REMOVING_PRINCIPAL_FROM_MAPPING_TABLE_FOR_SITE
);
+ }
+
+ }
+ }
}
1.2 +93 -32
jakarta-jetspeed-2/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java
Index: PersistenceBrokerSSOProvider.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- PersistenceBrokerSSOProvider.java 16 Nov 2004 19:08:47 -0000 1.1
+++ PersistenceBrokerSSOProvider.java 22 Nov 2004 06:13:31 -0000 1.2
@@ -29,11 +29,18 @@
import org.apache.jetspeed.sso.SSOContext;
import org.apache.jetspeed.sso.SSOException;
import org.apache.jetspeed.sso.SSOProvider;
+import org.apache.jetspeed.sso.SSOSite;
+
+
+import org.apache.jetspeed.sso.impl.SSOSiteImpl;
+import org.apache.jetspeed.sso.impl.SSOPrincipalImpl;
import org.apache.jetspeed.security.SecurityHelper;
import org.apache.jetspeed.security.BasePrincipal;
+import org.apache.jetspeed.security.om.InternalCredential;
+import org.apache.jetspeed.security.om.InternalPrincipal;
import org.apache.jetspeed.security.om.impl.InternalCredentialImpl;
-import org.apache.jetspeed.security.om.impl.InternalPrincipalImpl;
+import org.apache.jetspeed.security.spi.impl.DefaultPasswordCredentialImpl;
import org.apache.ojb.broker.query.Criteria;
import org.apache.ojb.broker.query.QueryByCriteria;
@@ -67,17 +74,19 @@
*/
public boolean hasSSOCredentials(Subject subject, String site) {
// Initialization
- SSOSiteImpl ssoSite = getSSOSiteObject(site);
+ SSOSite ssoSite = getSSOSiteObject(site);
if ( ssoSite == null)
+ {
return false; // no entry for site
+ }
// Get the principal from the subject
BasePrincipal principal =
(BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class);
String fullPath = principal.getFullPath();
// Filter the credentials for the given principals
- InternalCredentialImpl credential = getCredential(ssoSite,
fullPath);
+ InternalCredential credential = getCredential(ssoSite,
fullPath);
if (credential == null)
return false;
@@ -90,7 +99,7 @@
*/
public void addBasicAuthenticationForSite(HttpServletRequest request,
Subject subject, String site) throws SSOException {
- // TODO Auto-generated method stub
+ // TODO Needs to be done for SSO Final
}
@@ -101,7 +110,7 @@
throws SSOException {
// Initialization
- SSOSiteImpl ssoSite = getSSOSiteObject(site);
+ SSOSite ssoSite = getSSOSiteObject(site);
if ( ssoSite == null)
throw new
SSOException(SSOException.NO_CREDENTIALS_FOR_SITE); // no entry for site
@@ -111,7 +120,7 @@
String fullPath = principal.getFullPath();
// Filter the credentials for the given principals
- InternalCredentialImpl credential = getCredential(ssoSite,
fullPath);
+ InternalCredential credential = getCredential(ssoSite,
fullPath);
if ( credential == null)
throw new
SSOException(SSOException.NO_CREDENTIALS_FOR_SITE); // no entry for site
@@ -129,27 +138,34 @@
throws SSOException {
// Check if the site already exists
- SSOSiteImpl ssoSite = getSSOSiteObject(site);
+ SSOSite ssoSite = getSSOSiteObject(site);
if (ssoSite == null)
{
// Create a new site
ssoSite = new SSOSiteImpl();
ssoSite.setSiteURL(site);
+ ssoSite.setName(site);
+ ssoSite.setCertificateRequired(false);
+ ssoSite.setAllowUserSet(true);
}
// Get the Principal information
String fullPath =
((BasePrincipal)SecurityHelper.getBestPrincipal(subject,
UserPrincipal.class)).getFullPath();
- SSOPrincipalImpl principal = this.getPrincipalForPath(subject,
fullPath);
-
- // New credential object
- InternalCredentialImpl credential = new
InternalCredentialImpl();
- ssoSite.addCredential(credential);
+ InternalPrincipal principal = this.getPrincipalForPath(subject,
fullPath);
- // Populate the credential information
- credential.setValue(pwd);
- credential.setPrincipalId(principal.getPrincipalId());
+ if (principal == null)
+ throw new
SSOException(SSOException.REQUESTED_PRINCIPAL_DOES_NOT_EXIST);
+ // New credential object
+ InternalCredentialImpl credential =
+ new InternalCredentialImpl(principal.getPrincipalId(),
+ pwd, 0, DefaultPasswordCredentialImpl.class.getName());
+
+ // Add credential to mapping table
+ ssoSite.addCredential(credential);
+ ssoSite.addPrincipal(principal);
+
// Update database and reset cache
try
{
@@ -157,6 +173,7 @@
}
catch (Exception e)
{
+ e.printStackTrace();
throw new
SSOException(SSOException.FAILED_STORING_SITE_INFO_IN_DB + e.toString() );
}
@@ -170,8 +187,45 @@
*/
public void removeCredentialsForSite(Subject subject, String site)
throws SSOException {
- // TODO Auto-generated method stub
-
+
+ //Get the site
+ SSOSite ssoSite = getSSOSiteObject(site);
+ if (ssoSite == null)
+ {
+ throw new
SSOException(SSOException.NO_CREDENTIALS_FOR_SITE);
+ }
+
+ // Get the Principal information
+ String fullPath =
((BasePrincipal)SecurityHelper.getBestPrincipal(subject,
UserPrincipal.class)).getFullPath();
+
+ InternalPrincipal principal = this.getPrincipalForPath(subject,
fullPath);
+
+ /*
+ * Should never happen except if the function gets invoked from
outside the current credential store
+ */
+ if (principal == null)
+ throw new
SSOException(SSOException.REQUESTED_PRINCIPAL_DOES_NOT_EXIST);
+
+ // New credential object
+ InternalCredential credential = getCredential(ssoSite,
fullPath);
+
+ // Remove credential and principal from mapping
+ ssoSite.removeCredential(credential);
+ ssoSite.removePrincipal(principal.getPrincipalId());
+
+ // Update database and reset cache
+ try
+ {
+ getPersistenceBrokerTemplate().store(ssoSite);
+ }
+ catch (Exception e)
+ {
+ e.printStackTrace();
+ throw new
SSOException(SSOException.FAILED_STORING_SITE_INFO_IN_DB + e.toString() );
+ }
+
+ // Clear cache
+ this.mapSite.clear();
}
/*
@@ -184,10 +238,10 @@
* Obtains the Site information including the credentials for a site
(url).
*/
- private SSOSiteImpl getSSOSiteObject(String site)
+ private SSOSite getSSOSiteObject(String site)
{
//Initialization
- SSOSiteImpl ssoSite = null;
+ SSOSite ssoSite = null;
//Check if the site is in the map
if (mapSite.containsKey(site) == false )
@@ -207,7 +261,7 @@
// Get the site from the collection. There should be
only one entry (uniqueness)
if (itSite.hasNext())
{
- ssoSite = (SSOSiteImpl) itSite.next();
+ ssoSite = (SSOSite) itSite.next();
}
// Add it to the map
@@ -221,7 +275,7 @@
}
else
{
- ssoSite = (SSOSiteImpl)mapSite.get(site);
+ ssoSite = (SSOSite)mapSite.get(site);
}
return ssoSite;
@@ -231,25 +285,29 @@
* getCredential
* returns the credentials for a given user
*/
- private InternalCredentialImpl getCredential(SSOSiteImpl ssoSite,
String fullPath)
+ private InternalCredential getCredential(SSOSite ssoSite, String
fullPath)
{
long principalID = -1;
- InternalCredentialImpl credential = null;
-
+ InternalCredential credential = null;
+
/* Error checking
* 1) should have at least one principal
* 2) should have at least one credential
*
* If one of the above fails return null wich means that the
user doesn't have credentials for that site
*/
- if ( ssoSite.getPrincipals() == null ||
ssoSite.getCredentials() == null)
- return null;
+ Collection principals = ssoSite.getPrincipals();
+ Collection credentials = ssoSite.getCredentials();
+ if ( principals == null || credentials == null)
+ {
+ return null;
+ }
// Iterate over the principals and extract the principal id for
the given full path
- Iterator itPrincipals = ssoSite.getPrincipals().iterator();
+ Iterator itPrincipals = principals.iterator();
while (itPrincipals.hasNext() && principalID == -1 /*not found
yet*/)
{
- InternalPrincipalImpl principal =
(InternalPrincipalImpl)itPrincipals.next();
+ InternalPrincipal principal =
(InternalPrincipal)itPrincipals.next();
if ( principal != null &&
principal.getFullPath().compareToIgnoreCase(fullPath) == 0)
{
principalID = principal.getPrincipalId();
@@ -260,13 +318,16 @@
return null; // No principal found for that site
// Last lookup to see if there are credentials for that user
- Iterator itCredentials = ssoSite.getCredentials().iterator();
+ Iterator itCredentials = credentials.iterator();
while (itCredentials.hasNext() && credential == null /*not
found yet*/)
{
- InternalCredentialImpl cred =
(InternalCredentialImpl)itCredentials.next();
+ InternalCredential cred =
(InternalCredential)itCredentials.next();
+
if ( cred != null && cred.getPrincipalId() ==
principalID)
{
// Found credentials for Orincipals
+ // TODO: Remove debug
+ System.out.println("Found Credential: " +
cred.getValue() + " for PrincipalID " + principalID);
credential = cred;
}
}
@@ -274,7 +335,7 @@
return credential;
}
- private SSOPrincipalImpl getPrincipalForPath(Subject subject, String
fullPath)
+ private InternalPrincipal getPrincipalForPath(Subject subject, String
fullPath)
{
Criteria filter = new Criteria();
filter.addEqualTo("fullPath", fullPath);
@@ -288,7 +349,7 @@
// Get the site from the collection. There should be only one
entry (uniqueness)
if (itPrincipals.hasNext())
{
- return (SSOPrincipalImpl) itPrincipals.next();
+ return (InternalPrincipal) itPrincipals.next();
}
}
1.3 +74 -3
jakarta-jetspeed-2/components/sso/src/test/org/apache/jetspeed/sso/TestSSOComponent.java
Index: TestSSOComponent.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/sso/src/test/org/apache/jetspeed/sso/TestSSOComponent.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- TestSSOComponent.java 18 Nov 2004 21:43:12 -0000 1.2
+++ TestSSOComponent.java 22 Nov 2004 06:13:31 -0000 1.3
@@ -15,13 +15,27 @@
package org.apache.jetspeed.sso;
+import org.apache.jetspeed.security.SecurityException;
+import org.apache.jetspeed.security.UserManager;
+import org.apache.jetspeed.security.impl.UserPrincipalImpl;
import org.apache.jetspeed.sso.SSOProvider;
import junit.framework.Test;
import junit.framework.TestSuite;
+import javax.security.auth.Subject;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
+
+
+import org.apache.jetspeed.sso.SSOException;
+import java.lang.Exception;
+
import org.apache.jetspeed.components.util.DatasourceEnabledSpringTestCase;
+
/**
* <p>
* Unit testing for [EMAIL PROTECTED] Preferences}.
@@ -31,9 +45,17 @@
*/
public class TestSSOComponent extends DatasourceEnabledSpringTestCase
{
-
+ /**
+ * test url for this UnitTest
+ */
+ static private String TEST_URL= "http://localhost/jetspeed";;
+ static private String TEST_USER= "joe";
+
+
/** The property manager. */
private static SSOProvider ssoBroker = null;
+ /** The user manager. */
+ protected UserManager ums;
/**
* @see junit.framework.TestCase#setUp()
@@ -45,6 +67,7 @@
try
{
ssoBroker = (SSOProvider) ctx.getBean("ssoProvider");
+ ums = (UserManager)
ctx.getBean("org.apache.jetspeed.security.UserManager");
}
catch (Exception ex)
{
@@ -73,9 +96,57 @@
* Test user root.
* </p>
*/
- public void testSSO()
+ public void testSSO() throws Exception
{
- // TODO: Test cases
+ // Create a user
+ try
+ {
+ ums.addUser(TEST_USER, "password");
+ }
+ catch (SecurityException sex)
+ {
+ //assertTrue("user already exists. exception caught: "
+ sex, false);
+ }
+
+ // Initialization
+ Principal principal = new UserPrincipalImpl(TEST_USER);
+ Set principals = new HashSet();
+ principals.add(principal);
+ Subject subject = new Subject(true, principals, new HashSet(), new
HashSet());
+
+ if ( ssoBroker.hasSSOCredentials(subject, TEST_URL) == false)
+ {
+ System.out.println("No SSO Credential for user:" + TEST_USER+ "
site: " + TEST_URL);
+
+ // Add credential
+ try
+ {
+ ssoBroker.addCredentialsForSite(subject,
TEST_URL,"test");
+ System.out.println("SSO Credential added for user:" +
TEST_USER+ " site: " + TEST_URL);
+ }
+ catch(SSOException ssoex)
+ {
+ System.out.println("SSO Credential add FAILED for
user:" + TEST_USER+ " site: " + TEST_URL);
+ ssoex.printStackTrace();
+ throw new Exception(ssoex.getMessage());
+ }
+ }
+ else
+ {
+ System.out.println("SSO Credential found for user:" +
TEST_USER+ " site: " + TEST_URL);
+ }
+
+ try
+ {
+ // Remove credential for Site
+ ssoBroker.removeCredentialsForSite(subject, TEST_URL);
+ System.out.println("SSO Credential removed for user:" +
TEST_USER+ " site: " + TEST_URL);
+ }
+ catch(SSOException ssoex)
+ {
+ System.out.println("SSO Credential remove FAILED for user:" +
TEST_USER+ " site: " + TEST_URL);
+ throw new Exception(ssoex.getMessage());
+ }
}
/**
1.2 +197 -0
jakarta-jetspeed-2/components/sso/src/java/META-INF/sso-dao.xml
Index: sso-dao.xml
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/sso/src/java/META-INF/sso-dao.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sso-dao.xml 16 Nov 2004 19:08:47 -0000 1.1
+++ sso-dao.xml 22 Nov 2004 06:13:31 -0000 1.2
@@ -8,6 +8,7 @@
<!-- ========================= BUSINESS OBJECT DEFINITIONS
========================= -->
+
<!-- SSO Implementation -->
<bean id="PersistenceBrokerSSOProvider"
class="org.apache.jetspeed.sso.impl.PersistenceBrokerSSOProvider"
@@ -28,5 +29,201 @@
<ref bean="PersistenceBrokerSSOProvider"/>
</property>
+ </bean>
+
+ <!-- ************** Security SPI Handlers ************** -->
+ <!-- Security SPI: CommonQueries -->
+ <bean id="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"
+ class="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"
+ init-method="init"
+ >
+ <constructor-arg
><value>META-INF/security_repository.xml</value></constructor-arg>
+ </bean>
+
+ <bean id="org.apache.jetspeed.security.spi.SecurityAccess"
parent="baseTransactionProxy"
+ name="SecurityCommonQueries" >
+ <property name="proxyInterfaces">
+
<value>org.apache.jetspeed.security.spi.SecurityAccess</value>
+ </property>
+ <property name="target">
+ <ref
bean="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"/>
+ </property>
+ <property name="transactionAttributes">
+ <props>
+ <prop key="remove*">PROPAGATION_REQUIRED</prop>
+ <prop key="set*">PROPAGATION_REQUIRED</prop>
+ <prop key="*">PROPAGATION_SUPPORTS</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean id="org.apache.jetspeed.security.spi.PasswordCredentialProvider"
+
class="org.apache.jetspeed.security.spi.impl.DefaultPasswordCredentialProvider"/>
+
+ <bean
id="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"
+
class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialStateHandlingInterceptor">
+ <!-- maxNumberOfAuthenticationFailures -->
+ <constructor-arg index="0"><value>3</value></constructor-arg>
+ <!-- maxLifeSpanInDays -->
+ <constructor-arg index="1"><value>7</value></constructor-arg>
+ </bean>
+
+ <!-- Security SPI: CredentialHandler -->
+ <bean id="org.apache.jetspeed.security.spi.CredentialHandler"
+
class="org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler"
+ >
+ <constructor-arg index="0"><ref
bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg>
+ <constructor-arg index="1"><ref
bean="org.apache.jetspeed.security.spi.PasswordCredentialProvider"/></constructor-arg>
+ <constructor-arg index="2"><ref
bean="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"/></constructor-arg>
+ </bean>
+
+ <!-- Security SPI: UserSecurityHandler -->
+ <!-- The DefaultUSerSecurityHandler uses the raw SecurityAccessImpl so
that it
+ may demarcate its own transactions -->
+ <bean id="org.apache.jetspeed.security.spi.UserSecurityHandlerImpl"
+
class="org.apache.jetspeed.security.spi.impl.DefaultUserSecurityHandler"
+ >
+ <constructor-arg ><ref
bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg>
+ </bean>
+
+ <bean id="org.apache.jetspeed.security.spi.UserSecurityHandler"
parent="baseTransactionProxy"
+ name="userSecurityHandler" >
+ <property name="proxyInterfaces">
+
<value>org.apache.jetspeed.security.spi.UserSecurityHandler</value>
+ </property>
+ <property name="target">
+ <ref
bean="org.apache.jetspeed.security.spi.UserSecurityHandlerImpl"/>
+ </property>
+ <property name="transactionAttributes">
+ <props>
+ <prop key="*">PROPAGATION_REQUIRED</prop>
+ </props>
+ </property>
+ </bean>
+
+ <!-- Security SPI: RoleSecurityHandler -->
+ <bean id="org.apache.jetspeed.security.spi.RoleSecurityHandler"
+
class="org.apache.jetspeed.security.spi.impl.DefaultRoleSecurityHandler"
+ >
+ <constructor-arg ><ref
bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg>
+ </bean>
+
+ <!-- Security SPI: GroupSecurityHandler -->
+ <bean id="org.apache.jetspeed.security.spi.GroupSecurityHandler"
+
class="org.apache.jetspeed.security.spi.impl.DefaultGroupSecurityHandler"
+ >
+ <constructor-arg ><ref
bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg>
+ </bean>
+
+ <!-- Security SPI: SecurityMappingHandler -->
+ <bean id="org.apache.jetspeed.security.spi.SecurityMappingHandler"
+
class="org.apache.jetspeed.security.spi.impl.DefaultSecurityMappingHandler"
+ >
+ <constructor-arg ><ref
bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg>
+ <!-- Default role hierarchy strategy is by generalization. Add
contructor-arg to change the strategy. -->
+ <!-- Default group hierarchy strategy is by generalization. Add
contructor-arg to change the strategy. -->
+ </bean>
+
+ <!-- ************** Security Providers ************** -->
+ <!-- Security: Default Authentication Provider -->
+ <bean id="org.apache.jetspeed.security.AuthenticationProvider"
+ class="org.apache.jetspeed.security.impl.AuthenticationProviderImpl"
+ >
+ <constructor-arg
index="0"><value>DefaultAuthenticator</value></constructor-arg>
+ <constructor-arg index="1"><value>The default
authenticator</value></constructor-arg>
+ <constructor-arg
index="2"><value>login.conf</value></constructor-arg>
+ <constructor-arg index="3"><ref
bean="org.apache.jetspeed.security.spi.CredentialHandler"/></constructor-arg>
+ <constructor-arg index="4"><ref
bean="org.apache.jetspeed.security.spi.UserSecurityHandler"/></constructor-arg>
+ </bean>
+
+ <!-- Security: Authentication Provider Proxy -->
+ <bean id="org.apache.jetspeed.security.AuthenticationProviderProxy"
+
class="org.apache.jetspeed.security.impl.AuthenticationProviderProxyImpl"
+ >
+ <constructor-arg >
+ <list>
+ <ref
bean="org.apache.jetspeed.security.AuthenticationProvider"/>
+ </list>
+ </constructor-arg>
+ <constructor-arg
><value>DefaultAuthenticator</value></constructor-arg>
+ </bean>
+
+ <!-- Security: Security Provider -->
+ <bean id="org.apache.jetspeed.security.SecurityProvider"
+ class="org.apache.jetspeed.security.impl.SecurityProviderImpl"
+ >
+ <constructor-arg ><ref
bean="org.apache.jetspeed.security.AuthenticationProviderProxy"/></constructor-arg>
+ <constructor-arg ><ref
bean="org.apache.jetspeed.security.spi.RoleSecurityHandler"/></constructor-arg>
+ <constructor-arg ><ref
bean="org.apache.jetspeed.security.spi.GroupSecurityHandler"/></constructor-arg>
+ <constructor-arg ><ref
bean="org.apache.jetspeed.security.spi.SecurityMappingHandler"/></constructor-arg>
+ </bean>
+
+ <!-- Security: User Manager -->
+ <bean id="org.apache.jetspeed.security.UserManager"
+ class="org.apache.jetspeed.security.impl.UserManagerImpl"
+ >
+ <constructor-arg ><ref
bean="org.apache.jetspeed.security.SecurityProvider"/></constructor-arg>
+ </bean>
+
+ <!-- Security: Group Manager -->
+ <bean id="org.apache.jetspeed.security.GroupManager"
+ class="org.apache.jetspeed.security.impl.GroupManagerImpl"
+ >
+ <constructor-arg ><ref
bean="org.apache.jetspeed.security.SecurityProvider"/></constructor-arg>
+ </bean>
+
+ <!-- Security: Role Manager -->
+ <bean id="org.apache.jetspeed.security.RoleManager"
+ class="org.apache.jetspeed.security.impl.RoleManagerImpl"
+ >
+ <constructor-arg ><ref
bean="org.apache.jetspeed.security.SecurityProvider"/></constructor-arg>
+ </bean>
+
+ <!-- ************** Login Module ************** -->
+ <!-- Security: Login Module Proxy -->
+ <bean id="org.apache.jetspeed.security.LoginModuleProxy"
+ class="org.apache.jetspeed.security.impl.LoginModuleProxyImpl"
+ >
+ <constructor-arg ><ref
bean="org.apache.jetspeed.security.UserManager"/></constructor-arg>
+ </bean>
+
+
+ <!-- ************** Authorization ************** -->
+ <!-- Security: Permission Manager -->
+ <bean id="org.apache.jetspeed.security.impl.PermissionManagerImpl"
+ class="org.apache.jetspeed.security.impl.PermissionManagerImpl" />
+
+ <bean id="org.apache.jetspeed.security.PermissionManager"
parent="baseTransactionProxy"
+ name="permissionManager" >
+ <property name="proxyInterfaces">
+
<value>org.apache.jetspeed.security.PermissionManager</value>
+ </property>
+ <property name="target">
+ <ref
bean="org.apache.jetspeed.security.impl.PermissionManagerImpl"/>
+ </property>
+ <property name="transactionAttributes">
+ <props>
+ <prop key="remove*">PROPAGATION_REQUIRED</prop>
+ <prop key="grant*">PROPAGATION_REQUIRED</prop>
+ <prop key="revoke*">PROPAGATION_REQUIRED</prop>
+ <prop key="grant*">PROPAGATION_REQUIRED</prop>
+ <prop key="add*">PROPAGATION_REQUIRED</prop>
+ <prop key="*">PROPAGATION_SUPPORTS</prop>
+ </props>
+ </property>
+ </bean>
+
+ <!-- Security: RDBMS Policy implementation for JAAS -->
+ <bean id="org.apache.jetspeed.security.impl.RdbmsPolicy"
+ class="org.apache.jetspeed.security.impl.RdbmsPolicy"
+ >
+ <constructor-arg ><ref
bean="org.apache.jetspeed.security.PermissionManager"/></constructor-arg>
+ </bean>
+
+ <!-- Security: Authorization Provider -->
+ <bean id="org.apache.jetspeed.security.AuthorizationProvider"
+ class="org.apache.jetspeed.security.impl.AuthorizationProviderImpl"
+ >
+ <constructor-arg ><ref
bean="org.apache.jetspeed.security.impl.RdbmsPolicy"/></constructor-arg>
</bean>
</beans>
1.2 +10 -14
jakarta-jetspeed-2/components/sso/src/java/META-INF/sso_repository.xml
Index: sso_repository.xml
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/sso/src/java/META-INF/sso_repository.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sso_repository.xml 16 Nov 2004 19:08:47 -0000 1.1
+++ sso_repository.xml 22 Nov 2004 06:13:31 -0000 1.2
@@ -80,14 +80,14 @@
</field-descriptor>
</class-descriptor>
-
+
<!--
- S I T E
-->
<class-descriptor
class="org.apache.jetspeed.sso.impl.SSOSiteImpl"
proxy="dynamic"
- table="SSOSite"
+ table="SSO_SITE"
>
<documentation>Represents the single sign on site</documentation>
<field-descriptor
@@ -123,44 +123,40 @@
>
</field-descriptor>
<field-descriptor
- name="isRequireCertificate"
- column="REQUIRE_CERTIFICATE"
+ name="isCertificateRequired"
+ column="REQUIRES_CERTIFICATE"
jdbc-type="BIT"
nullable="false"
>
</field-descriptor>
-
- <collection-descriptor
+ <collection-descriptor
name="credentials"
element-class-ref="org.apache.jetspeed.security.om.impl.InternalCredentialImpl"
proxy="true"
refresh="true"
auto-retrieve="true"
- auto-update="link"
- auto-delete="link"
+ auto-update="object"
+ auto-delete="object"
indirection-table="SSO_SITE_TO_CREDENTIALS"
>
<documentation>This is the reference to
credentials.</documentation>
<fk-pointing-to-this-class column="SITE_ID"/>
<fk-pointing-to-element-class column="CREDENTIAL_ID"/>
- <fk-pointing-to-element-class column="PRINCIPAL_ID"/>
</collection-descriptor>
-
<collection-descriptor
name="principals"
element-class-ref="org.apache.jetspeed.sso.impl.SSOPrincipalImpl"
- proxy="true"
+ proxy="true"
refresh="true"
auto-retrieve="true"
auto-update="link"
auto-delete="link"
- indirection-table="SSO_SITE_TO_CREDENTIALS"
+ indirection-table="SSO_SITE_TO_PRINCIPALS"
>
- <documentation>This is the reference to
credentials.</documentation>
+ <documentation>This is the reference to
principals.</documentation>
<fk-pointing-to-this-class column="SITE_ID"/>
<fk-pointing-to-element-class column="PRINCIPAL_ID"/>
</collection-descriptor>
-
</class-descriptor>
</descriptor-repository>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
