rogerrut 2004/11/21 22:13:32 Modified: components/sso/src/java/org/apache/jetspeed/sso/impl SSOSiteImpl.java PersistenceBrokerSSOProvider.java components/sso/src/test/org/apache/jetspeed/sso TestSSOComponent.java components/sso/src/java/META-INF sso-dao.xml sso_repository.xml Log: Implemented SSO API except for addBasicAuthenticationForSite() Completed Unit Test for SSO Revision Changes Path 1.2 +74 -11 jakarta-jetspeed-2/components/sso/src/java/org/apache/jetspeed/sso/impl/SSOSiteImpl.java Index: SSOSiteImpl.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed-2/components/sso/src/java/org/apache/jetspeed/sso/impl/SSOSiteImpl.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- SSOSiteImpl.java 16 Nov 2004 19:08:47 -0000 1.1 +++ SSOSiteImpl.java 22 Nov 2004 06:13:31 -0000 1.2 @@ -16,9 +16,15 @@ package org.apache.jetspeed.sso.impl; +import java.util.ArrayList; import java.util.Collection; +import java.util.Iterator; +import java.util.Vector; + import org.apache.jetspeed.sso.SSOException; -import org.apache.jetspeed.security.om.impl.InternalCredentialImpl; +import org.apache.jetspeed.sso.SSOSite; +import org.apache.jetspeed.security.om.InternalCredential; +import org.apache.jetspeed.security.om.InternalPrincipal; /** * SSOSiteImpl @@ -29,7 +35,7 @@ * @version $Id$ */ -public class SSOSiteImpl { +public class SSOSiteImpl implements SSOSite { // Private member for OJB mapping private int siteId; @@ -38,8 +44,8 @@ private boolean isAllowUserSet; private boolean isCertificateRequired; - private Collection credentials; - private Collection principals; + private Collection credentials = new Vector();//= new ArrayList(0); + private Collection principals = new Vector();// = new ArrayList(0); /** * @@ -57,13 +63,13 @@ * @return Returns the credentials. */ public Collection getCredentials() { - return credentials; + return this.credentials; } /** * @param credentials The credentials to set. */ public void setCredentials(Collection credentials) { - this.credentials = credentials; + this.credentials.addAll(credentials); } /** * @return Returns the isAllowUserSet. @@ -105,13 +111,13 @@ * @return Returns the principals. */ public Collection getPrincipals() { - return principals; + return this.principals; } /** * @param principals The principals to set. */ public void setPrincipals(Collection principals) { - this.principals = principals; + this.principals.addAll(principals); } /** * @return Returns the siteId. @@ -144,7 +150,7 @@ * Adds the credentail to the credentials collection * */ - public void addCredential(InternalCredentialImpl credential) throws SSOException + public void addCredential(InternalCredential credential) throws SSOException { boolean bStatus = false; @@ -167,7 +173,7 @@ * removes a credentail from the credentials collection * */ - public void removeCredential(InternalCredentialImpl credential) throws SSOException + public void removeCredential(InternalCredential credential) throws SSOException { boolean bStatus = false; @@ -184,4 +190,61 @@ if ( bStatus == false) throw new SSOException(SSOException.FAILED_REMOVING_CREDENTIALS_FOR_SITE ); } + + /** + * Adds the credentail to the credentials collection + * + */ + public void addPrincipal(InternalPrincipal principal) throws SSOException { + boolean bStatus = false; + + try + { + bStatus = principals.add(principal); + } + catch(Exception e) + { + // Adding credentail to coollection failed -- notify caller with SSOException + throw new SSOException(SSOException.FAILED_ADDING_PRINCIPAL_TO_MAPPING_TABLE_FOR_SITE + e.getMessage()); + } + + if ( bStatus == false) + throw new SSOException(SSOException.FAILED_ADDING_PRINCIPAL_TO_MAPPING_TABLE_FOR_SITE ); + } + + /** + * removePrincipal() + * removes a principal from the principals collection + * + */ + public void removePrincipal(long principalId) throws SSOException + { + boolean bStatus = false; + InternalPrincipal principalObj = null; + Iterator itSitePrincipals = principals.iterator(); + + while (itSitePrincipals.hasNext() ) + { + principalObj = (InternalPrincipal)itSitePrincipals.next(); + if ( principalObj.getPrincipalId() == principalId) + { + + try + { + // TODO: Removing results in an OJB exception. Ignore it for the moment but it needs to be fixed soon... + //bStatus = principals.remove(principalObj); + bStatus = true; + } + catch(Exception e) + { + // Adding credentail to coollection failed -- notify caller with SSOException + throw new SSOException(SSOException.FAILED_REMOVING_PRINCIPAL_FROM_MAPPING_TABLE_FOR_SITE + e.getMessage()); + } + + if ( bStatus == false) + throw new SSOException(SSOException.FAILED_REMOVING_PRINCIPAL_FROM_MAPPING_TABLE_FOR_SITE ); + } + + } + } } 1.2 +93 -32 jakarta-jetspeed-2/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java Index: PersistenceBrokerSSOProvider.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed-2/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- PersistenceBrokerSSOProvider.java 16 Nov 2004 19:08:47 -0000 1.1 +++ PersistenceBrokerSSOProvider.java 22 Nov 2004 06:13:31 -0000 1.2 @@ -29,11 +29,18 @@ import org.apache.jetspeed.sso.SSOContext; import org.apache.jetspeed.sso.SSOException; import org.apache.jetspeed.sso.SSOProvider; +import org.apache.jetspeed.sso.SSOSite; + + +import org.apache.jetspeed.sso.impl.SSOSiteImpl; +import org.apache.jetspeed.sso.impl.SSOPrincipalImpl; import org.apache.jetspeed.security.SecurityHelper; import org.apache.jetspeed.security.BasePrincipal; +import org.apache.jetspeed.security.om.InternalCredential; +import org.apache.jetspeed.security.om.InternalPrincipal; import org.apache.jetspeed.security.om.impl.InternalCredentialImpl; -import org.apache.jetspeed.security.om.impl.InternalPrincipalImpl; +import org.apache.jetspeed.security.spi.impl.DefaultPasswordCredentialImpl; import org.apache.ojb.broker.query.Criteria; import org.apache.ojb.broker.query.QueryByCriteria; @@ -67,17 +74,19 @@ */ public boolean hasSSOCredentials(Subject subject, String site) { // Initialization - SSOSiteImpl ssoSite = getSSOSiteObject(site); + SSOSite ssoSite = getSSOSiteObject(site); if ( ssoSite == null) + { return false; // no entry for site + } // Get the principal from the subject BasePrincipal principal = (BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class); String fullPath = principal.getFullPath(); // Filter the credentials for the given principals - InternalCredentialImpl credential = getCredential(ssoSite, fullPath); + InternalCredential credential = getCredential(ssoSite, fullPath); if (credential == null) return false; @@ -90,7 +99,7 @@ */ public void addBasicAuthenticationForSite(HttpServletRequest request, Subject subject, String site) throws SSOException { - // TODO Auto-generated method stub + // TODO Needs to be done for SSO Final } @@ -101,7 +110,7 @@ throws SSOException { // Initialization - SSOSiteImpl ssoSite = getSSOSiteObject(site); + SSOSite ssoSite = getSSOSiteObject(site); if ( ssoSite == null) throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE); // no entry for site @@ -111,7 +120,7 @@ String fullPath = principal.getFullPath(); // Filter the credentials for the given principals - InternalCredentialImpl credential = getCredential(ssoSite, fullPath); + InternalCredential credential = getCredential(ssoSite, fullPath); if ( credential == null) throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE); // no entry for site @@ -129,27 +138,34 @@ throws SSOException { // Check if the site already exists - SSOSiteImpl ssoSite = getSSOSiteObject(site); + SSOSite ssoSite = getSSOSiteObject(site); if (ssoSite == null) { // Create a new site ssoSite = new SSOSiteImpl(); ssoSite.setSiteURL(site); + ssoSite.setName(site); + ssoSite.setCertificateRequired(false); + ssoSite.setAllowUserSet(true); } // Get the Principal information String fullPath = ((BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class)).getFullPath(); - SSOPrincipalImpl principal = this.getPrincipalForPath(subject, fullPath); - - // New credential object - InternalCredentialImpl credential = new InternalCredentialImpl(); - ssoSite.addCredential(credential); + InternalPrincipal principal = this.getPrincipalForPath(subject, fullPath); - // Populate the credential information - credential.setValue(pwd); - credential.setPrincipalId(principal.getPrincipalId()); + if (principal == null) + throw new SSOException(SSOException.REQUESTED_PRINCIPAL_DOES_NOT_EXIST); + // New credential object + InternalCredentialImpl credential = + new InternalCredentialImpl(principal.getPrincipalId(), + pwd, 0, DefaultPasswordCredentialImpl.class.getName()); + + // Add credential to mapping table + ssoSite.addCredential(credential); + ssoSite.addPrincipal(principal); + // Update database and reset cache try { @@ -157,6 +173,7 @@ } catch (Exception e) { + e.printStackTrace(); throw new SSOException(SSOException.FAILED_STORING_SITE_INFO_IN_DB + e.toString() ); } @@ -170,8 +187,45 @@ */ public void removeCredentialsForSite(Subject subject, String site) throws SSOException { - // TODO Auto-generated method stub - + + //Get the site + SSOSite ssoSite = getSSOSiteObject(site); + if (ssoSite == null) + { + throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE); + } + + // Get the Principal information + String fullPath = ((BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class)).getFullPath(); + + InternalPrincipal principal = this.getPrincipalForPath(subject, fullPath); + + /* + * Should never happen except if the function gets invoked from outside the current credential store + */ + if (principal == null) + throw new SSOException(SSOException.REQUESTED_PRINCIPAL_DOES_NOT_EXIST); + + // New credential object + InternalCredential credential = getCredential(ssoSite, fullPath); + + // Remove credential and principal from mapping + ssoSite.removeCredential(credential); + ssoSite.removePrincipal(principal.getPrincipalId()); + + // Update database and reset cache + try + { + getPersistenceBrokerTemplate().store(ssoSite); + } + catch (Exception e) + { + e.printStackTrace(); + throw new SSOException(SSOException.FAILED_STORING_SITE_INFO_IN_DB + e.toString() ); + } + + // Clear cache + this.mapSite.clear(); } /* @@ -184,10 +238,10 @@ * Obtains the Site information including the credentials for a site (url). */ - private SSOSiteImpl getSSOSiteObject(String site) + private SSOSite getSSOSiteObject(String site) { //Initialization - SSOSiteImpl ssoSite = null; + SSOSite ssoSite = null; //Check if the site is in the map if (mapSite.containsKey(site) == false ) @@ -207,7 +261,7 @@ // Get the site from the collection. There should be only one entry (uniqueness) if (itSite.hasNext()) { - ssoSite = (SSOSiteImpl) itSite.next(); + ssoSite = (SSOSite) itSite.next(); } // Add it to the map @@ -221,7 +275,7 @@ } else { - ssoSite = (SSOSiteImpl)mapSite.get(site); + ssoSite = (SSOSite)mapSite.get(site); } return ssoSite; @@ -231,25 +285,29 @@ * getCredential * returns the credentials for a given user */ - private InternalCredentialImpl getCredential(SSOSiteImpl ssoSite, String fullPath) + private InternalCredential getCredential(SSOSite ssoSite, String fullPath) { long principalID = -1; - InternalCredentialImpl credential = null; - + InternalCredential credential = null; + /* Error checking * 1) should have at least one principal * 2) should have at least one credential * * If one of the above fails return null wich means that the user doesn't have credentials for that site */ - if ( ssoSite.getPrincipals() == null || ssoSite.getCredentials() == null) - return null; + Collection principals = ssoSite.getPrincipals(); + Collection credentials = ssoSite.getCredentials(); + if ( principals == null || credentials == null) + { + return null; + } // Iterate over the principals and extract the principal id for the given full path - Iterator itPrincipals = ssoSite.getPrincipals().iterator(); + Iterator itPrincipals = principals.iterator(); while (itPrincipals.hasNext() && principalID == -1 /*not found yet*/) { - InternalPrincipalImpl principal = (InternalPrincipalImpl)itPrincipals.next(); + InternalPrincipal principal = (InternalPrincipal)itPrincipals.next(); if ( principal != null && principal.getFullPath().compareToIgnoreCase(fullPath) == 0) { principalID = principal.getPrincipalId(); @@ -260,13 +318,16 @@ return null; // No principal found for that site // Last lookup to see if there are credentials for that user - Iterator itCredentials = ssoSite.getCredentials().iterator(); + Iterator itCredentials = credentials.iterator(); while (itCredentials.hasNext() && credential == null /*not found yet*/) { - InternalCredentialImpl cred = (InternalCredentialImpl)itCredentials.next(); + InternalCredential cred = (InternalCredential)itCredentials.next(); + if ( cred != null && cred.getPrincipalId() == principalID) { // Found credentials for Orincipals + // TODO: Remove debug + System.out.println("Found Credential: " + cred.getValue() + " for PrincipalID " + principalID); credential = cred; } } @@ -274,7 +335,7 @@ return credential; } - private SSOPrincipalImpl getPrincipalForPath(Subject subject, String fullPath) + private InternalPrincipal getPrincipalForPath(Subject subject, String fullPath) { Criteria filter = new Criteria(); filter.addEqualTo("fullPath", fullPath); @@ -288,7 +349,7 @@ // Get the site from the collection. There should be only one entry (uniqueness) if (itPrincipals.hasNext()) { - return (SSOPrincipalImpl) itPrincipals.next(); + return (InternalPrincipal) itPrincipals.next(); } } 1.3 +74 -3 jakarta-jetspeed-2/components/sso/src/test/org/apache/jetspeed/sso/TestSSOComponent.java Index: TestSSOComponent.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed-2/components/sso/src/test/org/apache/jetspeed/sso/TestSSOComponent.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- TestSSOComponent.java 18 Nov 2004 21:43:12 -0000 1.2 +++ TestSSOComponent.java 22 Nov 2004 06:13:31 -0000 1.3 @@ -15,13 +15,27 @@ package org.apache.jetspeed.sso; +import org.apache.jetspeed.security.SecurityException; +import org.apache.jetspeed.security.UserManager; +import org.apache.jetspeed.security.impl.UserPrincipalImpl; import org.apache.jetspeed.sso.SSOProvider; import junit.framework.Test; import junit.framework.TestSuite; +import javax.security.auth.Subject; + +import java.security.Principal; +import java.util.HashSet; +import java.util.Set; + + +import org.apache.jetspeed.sso.SSOException; +import java.lang.Exception; + import org.apache.jetspeed.components.util.DatasourceEnabledSpringTestCase; + /** * <p> * Unit testing for [EMAIL PROTECTED] Preferences}. @@ -31,9 +45,17 @@ */ public class TestSSOComponent extends DatasourceEnabledSpringTestCase { - + /** + * test url for this UnitTest + */ + static private String TEST_URL= "http://localhost/jetspeed"; + static private String TEST_USER= "joe"; + + /** The property manager. */ private static SSOProvider ssoBroker = null; + /** The user manager. */ + protected UserManager ums; /** * @see junit.framework.TestCase#setUp() @@ -45,6 +67,7 @@ try { ssoBroker = (SSOProvider) ctx.getBean("ssoProvider"); + ums = (UserManager) ctx.getBean("org.apache.jetspeed.security.UserManager"); } catch (Exception ex) { @@ -73,9 +96,57 @@ * Test user root. * </p> */ - public void testSSO() + public void testSSO() throws Exception { - // TODO: Test cases + // Create a user + try + { + ums.addUser(TEST_USER, "password"); + } + catch (SecurityException sex) + { + //assertTrue("user already exists. exception caught: " + sex, false); + } + + // Initialization + Principal principal = new UserPrincipalImpl(TEST_USER); + Set principals = new HashSet(); + principals.add(principal); + Subject subject = new Subject(true, principals, new HashSet(), new HashSet()); + + if ( ssoBroker.hasSSOCredentials(subject, TEST_URL) == false) + { + System.out.println("No SSO Credential for user:" + TEST_USER+ " site: " + TEST_URL); + + // Add credential + try + { + ssoBroker.addCredentialsForSite(subject, TEST_URL,"test"); + System.out.println("SSO Credential added for user:" + TEST_USER+ " site: " + TEST_URL); + } + catch(SSOException ssoex) + { + System.out.println("SSO Credential add FAILED for user:" + TEST_USER+ " site: " + TEST_URL); + ssoex.printStackTrace(); + throw new Exception(ssoex.getMessage()); + } + } + else + { + System.out.println("SSO Credential found for user:" + TEST_USER+ " site: " + TEST_URL); + } + + try + { + // Remove credential for Site + ssoBroker.removeCredentialsForSite(subject, TEST_URL); + System.out.println("SSO Credential removed for user:" + TEST_USER+ " site: " + TEST_URL); + } + catch(SSOException ssoex) + { + System.out.println("SSO Credential remove FAILED for user:" + TEST_USER+ " site: " + TEST_URL); + throw new Exception(ssoex.getMessage()); + } } /** 1.2 +197 -0 jakarta-jetspeed-2/components/sso/src/java/META-INF/sso-dao.xml Index: sso-dao.xml =================================================================== RCS file: /home/cvs/jakarta-jetspeed-2/components/sso/src/java/META-INF/sso-dao.xml,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- sso-dao.xml 16 Nov 2004 19:08:47 -0000 1.1 +++ sso-dao.xml 22 Nov 2004 06:13:31 -0000 1.2 @@ -8,6 +8,7 @@ <!-- ========================= BUSINESS OBJECT DEFINITIONS ========================= --> + <!-- SSO Implementation --> <bean id="PersistenceBrokerSSOProvider" class="org.apache.jetspeed.sso.impl.PersistenceBrokerSSOProvider" @@ -28,5 +29,201 @@ <ref bean="PersistenceBrokerSSOProvider"/> </property> + </bean> + + <!-- ************** Security SPI Handlers ************** --> + <!-- Security SPI: CommonQueries --> + <bean id="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl" + class="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl" + init-method="init" + > + <constructor-arg ><value>META-INF/security_repository.xml</value></constructor-arg> + </bean> + + <bean id="org.apache.jetspeed.security.spi.SecurityAccess" parent="baseTransactionProxy" + name="SecurityCommonQueries" > + <property name="proxyInterfaces"> + <value>org.apache.jetspeed.security.spi.SecurityAccess</value> + </property> + <property name="target"> + <ref bean="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"/> + </property> + <property name="transactionAttributes"> + <props> + <prop key="remove*">PROPAGATION_REQUIRED</prop> + <prop key="set*">PROPAGATION_REQUIRED</prop> + <prop key="*">PROPAGATION_SUPPORTS</prop> + </props> + </property> + </bean> + + <bean id="org.apache.jetspeed.security.spi.PasswordCredentialProvider" + class="org.apache.jetspeed.security.spi.impl.DefaultPasswordCredentialProvider"/> + + <bean id="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor" + class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialStateHandlingInterceptor"> + <!-- maxNumberOfAuthenticationFailures --> + <constructor-arg index="0"><value>3</value></constructor-arg> + <!-- maxLifeSpanInDays --> + <constructor-arg index="1"><value>7</value></constructor-arg> + </bean> + + <!-- Security SPI: CredentialHandler --> + <bean id="org.apache.jetspeed.security.spi.CredentialHandler" + class="org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler" + > + <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg> + <constructor-arg index="1"><ref bean="org.apache.jetspeed.security.spi.PasswordCredentialProvider"/></constructor-arg> + <constructor-arg index="2"><ref bean="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"/></constructor-arg> + </bean> + + <!-- Security SPI: UserSecurityHandler --> + <!-- The DefaultUSerSecurityHandler uses the raw SecurityAccessImpl so that it + may demarcate its own transactions --> + <bean id="org.apache.jetspeed.security.spi.UserSecurityHandlerImpl" + class="org.apache.jetspeed.security.spi.impl.DefaultUserSecurityHandler" + > + <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg> + </bean> + + <bean id="org.apache.jetspeed.security.spi.UserSecurityHandler" parent="baseTransactionProxy" + name="userSecurityHandler" > + <property name="proxyInterfaces"> + <value>org.apache.jetspeed.security.spi.UserSecurityHandler</value> + </property> + <property name="target"> + <ref bean="org.apache.jetspeed.security.spi.UserSecurityHandlerImpl"/> + </property> + <property name="transactionAttributes"> + <props> + <prop key="*">PROPAGATION_REQUIRED</prop> + </props> + </property> + </bean> + + <!-- Security SPI: RoleSecurityHandler --> + <bean id="org.apache.jetspeed.security.spi.RoleSecurityHandler" + class="org.apache.jetspeed.security.spi.impl.DefaultRoleSecurityHandler" + > + <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg> + </bean> + + <!-- Security SPI: GroupSecurityHandler --> + <bean id="org.apache.jetspeed.security.spi.GroupSecurityHandler" + class="org.apache.jetspeed.security.spi.impl.DefaultGroupSecurityHandler" + > + <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg> + </bean> + + <!-- Security SPI: SecurityMappingHandler --> + <bean id="org.apache.jetspeed.security.spi.SecurityMappingHandler" + class="org.apache.jetspeed.security.spi.impl.DefaultSecurityMappingHandler" + > + <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg> + <!-- Default role hierarchy strategy is by generalization. Add contructor-arg to change the strategy. --> + <!-- Default group hierarchy strategy is by generalization. Add contructor-arg to change the strategy. --> + </bean> + + <!-- ************** Security Providers ************** --> + <!-- Security: Default Authentication Provider --> + <bean id="org.apache.jetspeed.security.AuthenticationProvider" + class="org.apache.jetspeed.security.impl.AuthenticationProviderImpl" + > + <constructor-arg index="0"><value>DefaultAuthenticator</value></constructor-arg> + <constructor-arg index="1"><value>The default authenticator</value></constructor-arg> + <constructor-arg index="2"><value>login.conf</value></constructor-arg> + <constructor-arg index="3"><ref bean="org.apache.jetspeed.security.spi.CredentialHandler"/></constructor-arg> + <constructor-arg index="4"><ref bean="org.apache.jetspeed.security.spi.UserSecurityHandler"/></constructor-arg> + </bean> + + <!-- Security: Authentication Provider Proxy --> + <bean id="org.apache.jetspeed.security.AuthenticationProviderProxy" + class="org.apache.jetspeed.security.impl.AuthenticationProviderProxyImpl" + > + <constructor-arg > + <list> + <ref bean="org.apache.jetspeed.security.AuthenticationProvider"/> + </list> + </constructor-arg> + <constructor-arg ><value>DefaultAuthenticator</value></constructor-arg> + </bean> + + <!-- Security: Security Provider --> + <bean id="org.apache.jetspeed.security.SecurityProvider" + class="org.apache.jetspeed.security.impl.SecurityProviderImpl" + > + <constructor-arg ><ref bean="org.apache.jetspeed.security.AuthenticationProviderProxy"/></constructor-arg> + <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.RoleSecurityHandler"/></constructor-arg> + <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.GroupSecurityHandler"/></constructor-arg> + <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.SecurityMappingHandler"/></constructor-arg> + </bean> + + <!-- Security: User Manager --> + <bean id="org.apache.jetspeed.security.UserManager" + class="org.apache.jetspeed.security.impl.UserManagerImpl" + > + <constructor-arg ><ref bean="org.apache.jetspeed.security.SecurityProvider"/></constructor-arg> + </bean> + + <!-- Security: Group Manager --> + <bean id="org.apache.jetspeed.security.GroupManager" + class="org.apache.jetspeed.security.impl.GroupManagerImpl" + > + <constructor-arg ><ref bean="org.apache.jetspeed.security.SecurityProvider"/></constructor-arg> + </bean> + + <!-- Security: Role Manager --> + <bean id="org.apache.jetspeed.security.RoleManager" + class="org.apache.jetspeed.security.impl.RoleManagerImpl" + > + <constructor-arg ><ref bean="org.apache.jetspeed.security.SecurityProvider"/></constructor-arg> + </bean> + + <!-- ************** Login Module ************** --> + <!-- Security: Login Module Proxy --> + <bean id="org.apache.jetspeed.security.LoginModuleProxy" + class="org.apache.jetspeed.security.impl.LoginModuleProxyImpl" + > + <constructor-arg ><ref bean="org.apache.jetspeed.security.UserManager"/></constructor-arg> + </bean> + + + <!-- ************** Authorization ************** --> + <!-- Security: Permission Manager --> + <bean id="org.apache.jetspeed.security.impl.PermissionManagerImpl" + class="org.apache.jetspeed.security.impl.PermissionManagerImpl" /> + + <bean id="org.apache.jetspeed.security.PermissionManager" parent="baseTransactionProxy" + name="permissionManager" > + <property name="proxyInterfaces"> + <value>org.apache.jetspeed.security.PermissionManager</value> + </property> + <property name="target"> + <ref bean="org.apache.jetspeed.security.impl.PermissionManagerImpl"/> + </property> + <property name="transactionAttributes"> + <props> + <prop key="remove*">PROPAGATION_REQUIRED</prop> + <prop key="grant*">PROPAGATION_REQUIRED</prop> + <prop key="revoke*">PROPAGATION_REQUIRED</prop> + <prop key="grant*">PROPAGATION_REQUIRED</prop> + <prop key="add*">PROPAGATION_REQUIRED</prop> + <prop key="*">PROPAGATION_SUPPORTS</prop> + </props> + </property> + </bean> + + <!-- Security: RDBMS Policy implementation for JAAS --> + <bean id="org.apache.jetspeed.security.impl.RdbmsPolicy" + class="org.apache.jetspeed.security.impl.RdbmsPolicy" + > + <constructor-arg ><ref bean="org.apache.jetspeed.security.PermissionManager"/></constructor-arg> + </bean> + + <!-- Security: Authorization Provider --> + <bean id="org.apache.jetspeed.security.AuthorizationProvider" + class="org.apache.jetspeed.security.impl.AuthorizationProviderImpl" + > + <constructor-arg ><ref bean="org.apache.jetspeed.security.impl.RdbmsPolicy"/></constructor-arg> </bean> </beans> 1.2 +10 -14 jakarta-jetspeed-2/components/sso/src/java/META-INF/sso_repository.xml Index: sso_repository.xml =================================================================== RCS file: /home/cvs/jakarta-jetspeed-2/components/sso/src/java/META-INF/sso_repository.xml,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- sso_repository.xml 16 Nov 2004 19:08:47 -0000 1.1 +++ sso_repository.xml 22 Nov 2004 06:13:31 -0000 1.2 @@ -80,14 +80,14 @@ </field-descriptor> </class-descriptor> - + <!-- - S I T E --> <class-descriptor class="org.apache.jetspeed.sso.impl.SSOSiteImpl" proxy="dynamic" - table="SSOSite" + table="SSO_SITE" > <documentation>Represents the single sign on site</documentation> <field-descriptor @@ -123,44 +123,40 @@ > </field-descriptor> <field-descriptor - name="isRequireCertificate" - column="REQUIRE_CERTIFICATE" + name="isCertificateRequired" + column="REQUIRES_CERTIFICATE" jdbc-type="BIT" nullable="false" > </field-descriptor> - - <collection-descriptor + <collection-descriptor name="credentials" element-class-ref="org.apache.jetspeed.security.om.impl.InternalCredentialImpl" proxy="true" refresh="true" auto-retrieve="true" - auto-update="link" - auto-delete="link" + auto-update="object" + auto-delete="object" indirection-table="SSO_SITE_TO_CREDENTIALS" > <documentation>This is the reference to credentials.</documentation> <fk-pointing-to-this-class column="SITE_ID"/> <fk-pointing-to-element-class column="CREDENTIAL_ID"/> - <fk-pointing-to-element-class column="PRINCIPAL_ID"/> </collection-descriptor> - <collection-descriptor name="principals" element-class-ref="org.apache.jetspeed.sso.impl.SSOPrincipalImpl" - proxy="true" + proxy="true" refresh="true" auto-retrieve="true" auto-update="link" auto-delete="link" - indirection-table="SSO_SITE_TO_CREDENTIALS" + indirection-table="SSO_SITE_TO_PRINCIPALS" > - <documentation>This is the reference to credentials.</documentation> + <documentation>This is the reference to principals.</documentation> <fk-pointing-to-this-class column="SITE_ID"/> <fk-pointing-to-element-class column="PRINCIPAL_ID"/> </collection-descriptor> - </class-descriptor> </descriptor-repository>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]