Examples of org.apache.geronimo.tomcat.util.SecurityHolder

• org.apache.geronimo.tomcat.util.SecurityHolder

        contextRealm.setAttribute("className", "org.apache.geronimo.tomcat.realm.TomcatJAASRealm");
        contextRealm.setAttribute("initParams", initParams);
        start(contextRealm);

        //Force a new realm name and ignore the application name
        SecurityHolder securityHolder = new SecurityHolder();
        securityHolder.setSecurityRealm(REALM_NAME);

        GBeanData app = new GBeanData(webModuleName, TomcatWebAppContext.GBEAN_INFO);
        app.setAttribute("webAppRoot", new File("target/var/catalina/webapps/war3/").toURI());
        app.setAttribute("webClassPath", new URI[]{});
        app.setAttribute("securityHolder", securityHolder);

        jaccBeanData.setAttribute("contextIdToPermissionsMap", contextIDToPermissionsMap);
        jaccBeanData.setAttribute("principalRoleMap", principalRoleMap);
        jaccBeanData.setAttribute("roleDesignates", roleDesignates);
        start(jaccBeanData);

        SecurityHolder securityHolder = new SecurityHolder();
        securityHolder.setChecked(checked);
        securityHolder.setExcluded(componentPermissions.getExcludedPermissions());
        securityHolder.setPolicyContextID(POLICY_CONTEXT_ID);
        securityHolder.setDefaultPrincipal(defaultPrincipal);
        securityHolder.setSecurityRealm("Geronimo");
        GBeanData app = new GBeanData(webModuleName, TomcatWebAppContext.GBEAN_INFO);
        app.setAttribute("classLoader", cl);
        app.setAttribute("webAppRoot", new File("target/var/catalina/webapps/war3/").toURI());
        app.setAttribute("webClassPath", new URI[]{});
        app.setAttribute("contextPriorityClassLoader", Boolean.FALSE);

            if (tomcatWebApp.isSetSecurityRealmName()) {
                if (earContext.getSecurityConfiguration() == null) {
                     throw new DeploymentException("You have specified a login security realm for the webapp " + webModuleName + " but no security configuration is supplied in the application plan");
                }

                SecurityHolder securityHolder = new SecurityHolder();
                securityHolder.setSecurityRealm(tomcatWebApp.getSecurityRealmName().trim());

                /**
                 * TODO - go back to commented version when possible.
                 */
                String policyContextID = webModuleName.getCanonicalName().replaceAll("[, :]", "_");
                securityHolder.setPolicyContextID(policyContextID);

                ComponentPermissions componentPermissions = buildSpecSecurityConfig(webApp, securityRoles, rolePermissions);
                securityHolder.setExcluded(componentPermissions.getExcludedPermissions());
                PermissionCollection checkedPermissions = new Permissions();
                for (Iterator iterator = rolePermissions.values().iterator(); iterator.hasNext();) {
                    PermissionCollection permissionsForRole = (PermissionCollection) iterator.next();
                    for (Enumeration iterator2 = permissionsForRole.elements(); iterator2.hasMoreElements();) {
                        Permission permission = (Permission) iterator2.nextElement();
                        checkedPermissions.add(permission);
                    }
                }
                securityHolder.setChecked(checkedPermissions);
                earContext.addSecurityContext(policyContextID, componentPermissions);
                DefaultPrincipal defaultPrincipal = earContext.getSecurityConfiguration().getDefaultPrincipal();
                securityHolder.setDefaultPrincipal(defaultPrincipal);
                if (defaultPrincipal != null) {
                    securityHolder.setSecurity(true);
                }

                webModuleData.setAttribute("securityHolder", securityHolder);
                webModuleData.setReferencePattern("RoleDesignateSource", earContext.getJaccManagerName());
            }

            throw new IllegalArgumentException("Invalid virtual host '" + virtualServer +"'.  Do you have a matching Host entry in the plan?");
        }

        //Get the security-realm-name if there is one
        String securityRealmName = null;
        SecurityHolder secHolder = ctx.getSecurityHolder();
        if (secHolder != null)
            securityRealmName = secHolder.getSecurityRealm();

        //Did we declare a GBean at the context level?
        if (ctx.getRealm() != null){
            Realm realm = ctx.getRealm();

            //Allow for the <security-realm-name> override from the
            //geronimo-web.xml file to be used if our Realm is a JAAS type
            if (securityRealmName != null){
                if (realm instanceof JAASRealm){
                    ((JAASRealm)realm).setAppName(securityRealmName);
                }
            }
            anotherCtxObj.setRealm(realm);
        } else {
            Realm realm = host.getRealm();
            //Check and see if we have a declared realm name and no match to a parent name
            if (securityRealmName != null){
                String parentRealmName = null;
                if (realm instanceof JAASRealm){
                    parentRealmName = ((JAASRealm)realm).getAppName();
                }

                //Do we have a match to a parent?
                if(!securityRealmName.equals(parentRealmName)){
                    //No...we need to create a default adapter

                    //Is the context requiring JACC?
                    if (secHolder.isSecurity()){
                        //JACC
                        realm = new TomcatGeronimoRealm();
                    } else {
                        //JAAS
                        realm = new TomcatJAASRealm();

            TransactionContextValve transactionValve = new TransactionContextValve(transactionContextManager);
            addValve(transactionValve);
        }

        //Set a PolicyContext Valve
        SecurityHolder securityHolder = ctx.getSecurityHolder();
        if (securityHolder != null) {
            if (securityHolder.getPolicyContextID() != null) {

                PolicyContext.setContextID(securityHolder.getPolicyContextID());

                /**
                 * Register our default subject with the ContextManager
                 */
                DefaultPrincipal defaultPrincipal = securityHolder.getDefaultPrincipal();
                if (defaultPrincipal != null) {
                    defaultSubject = ConfigurationUtil.generateDefaultSubject(defaultPrincipal, ctx.getWebClassLoader());
                    ContextManager.registerSubject(defaultSubject);
                    SubjectId id = ContextManager.getSubjectId(defaultSubject);
                    defaultSubject.getPrincipals().add(new IdentificationPrincipal(id));
                }

                PolicyContextValve policyValve = new PolicyContextValve(securityHolder.getPolicyContextID());
                addValve(policyValve);

                //This is definitely a hack, but I don't see a reasonable way to install the defaultSubject.
                //Obviously this won't work if there are permissions.  Setting the default subject if there are
                //permissions breaks authentication.
                boolean hasPermissions = securityHolder.getChecked().elements().hasMoreElements() ||
                        securityHolder.getExcluded().elements().hasMoreElements();
                Valve defaultSubjectValve;
                if (!hasPermissions && defaultSubject != null) {
                    defaultSubjectValve = new DefaultSubjectValve(defaultSubject);
                } else {
                    //this will clear the thread of any read subject added by some other web app

        if (host == null) {
            throw new IllegalArgumentException("Invalid virtual host '" + virtualServer + "'.  Do you have a matching Host entry in the plan?");
        }

        //Get the security-realm-name if there is one
        SecurityHolder secHolder = contextInfo.getSecurityHolder() == null? new SecurityHolder(): contextInfo.getSecurityHolder();

        //Did we declare a GBean at the context level?
//        if (contextInfo.getRealm() != null) {
//            Realm realm = contextInfo.getRealm();
//

            if (tomcatWebApp.isSetSecurityRealmName()) {
                if (earContext.getSecurityConfiguration() == null) {
                    throw new DeploymentException("You have specified a <security-realm-name> for the webapp " + moduleName + " but no <security> configuration (role mapping) is supplied in the Geronimo plan for the web application (or the Geronimo plan for the EAR if the web app is in an EAR)");
                }

                SecurityHolder securityHolder = new SecurityHolder();
                String securityRealmName = tomcatWebApp.getSecurityRealmName().trim();

                webModuleData.setReferencePattern("RunAsSource", (AbstractNameQuery)earContext.getGeneralData().get(ROLE_MAPPER_DATA_NAME));
                webModuleData.setReferencePattern("ConfigurationFactory", new AbstractNameQuery(null, Collections.singletonMap("name", securityRealmName), ConfigurationFactory.class.getName()));

                /**
                 * TODO - go back to commented version when possible.
                 */
                String policyContextID = moduleName.toString().replaceAll("[, :]", "_");
                securityHolder.setPolicyContextID(policyContextID);

                ComponentPermissions componentPermissions = buildSpecSecurityConfig(webApp);
                earContext.addSecurityContext(policyContextID, componentPermissions);
                //TODO WTF is this for?
                securityHolder.setSecurity(true);

                webModuleData.setAttribute("securityHolder", securityHolder);
                //local jaspic configuration
                if (tomcatWebApp.isSetAuthentication()) {
                    AuthenticationWrapper authType = new TomcatAuthenticationWrapper(tomcatWebApp.getAuthentication());

        if (enc != null) {
            interceptor = new ComponentContextBeforeAfter(interceptor, index++, enc);
        }

        //Set a PolicyContext BeforeAfter
        SecurityHolder securityHolder = ctx.getSecurityHolder();
        if (securityHolder != null) {

            // save the role designates for mapping servlets to their run-as roles
            runAsSource = securityHolder.getRunAsSource();

            if (securityHolder.getPolicyContextID() != null) {

                policyContextId = securityHolder.getPolicyContextID();
                PolicyContext.setContextID(policyContextId);
                /**
                 * Register our default subject with the ContextManager
                 */
                defaultSubject = securityHolder.getDefaultSubject();

                if (defaultSubject == null) {
                    defaultSubject = ContextManager.EMPTY;
                }

        PermissionCollection excludedPermissions = new Permissions();
        PermissionCollection uncheckedPermissions = new Permissions();
        ComponentPermissions componentPermissions = new ComponentPermissions(excludedPermissions, uncheckedPermissions, new HashMap());
        //Force a new realm name and ignore the application name
        SecurityHolder securityHolder = new SecurityHolder();
        securityHolder.setSecurity(false);//redundant: forces use of TomcatJAASRealm not TomcatGeronimoRealm
        securityHolder.setConfigurationFactory(this.realm);
        CredentialStore credentialStore = null;
        setUpSecureAppContext(new HashMap(),
                new HashMap(),
                componentPermissions,
                null,

            Map roleDesignates,
            Map principalRoleMap,
            ComponentPermissions componentPermissions
    ) throws Exception {

        SecurityHolder securityHolder = new SecurityHolder();
        securityHolder.setSecurity(true);
        securityHolder.setPolicyContextID(POLICY_CONTEXT_ID);
        return setUpSecureAppContext(roleDesignates,
                principalRoleMap,
                componentPermissions,
                null,
                securityHolder