Source Code of org.apache.geronimo.security.jacc.WebModuleConfiguration

/**
 *
 * Copyright 2003-2004 The Apache Software Foundation
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */

package org.apache.geronimo.security.jacc;

import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.util.HashSet;
import javax.security.jacc.PolicyConfiguration;

import noNamespace.PrincipalType;
import noNamespace.RealmType;
import noNamespace.RoleMappingsType;
import noNamespace.RoleType;
import noNamespace.SecurityType;
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoFactory;
import org.apache.geronimo.security.GeronimoSecurityException;
import org.apache.geronimo.security.RealmPrincipal;
import org.apache.geronimo.security.util.ConfigurationUtil;
import org.apache.geronimo.xbeans.j2ee.WebAppType;


/**
 * This es an GBean wrapper class that performs much of the utility work
 * needed to perform the translation of the web deployment descriptors
 * into equivalent security permissions.  These permissions are placed into
 * the appropriate <code>PolicyConfiguration</code> object as defined in the
 * JAAC spec.
 * <p/>
 * <p>It is expected that deployment tools will configure modules through
 * these utility MBeans and not directly access the
 * <code>PolicyConfiguration</code> objects.
 *
 * @version $Revision: 1.7 $ $Date: 2004/07/12 06:07:49 $
 * @see javax.security.jacc.PolicyConfiguration
 * @see "Java Authorization Contract for Containers", section 3.1.3
 */
public class WebModuleConfiguration extends AbstractModuleConfiguration {
    private WebAppType webApp;
    private SecurityType security;

    public WebModuleConfiguration(String contextId, WebAppType webApp, SecurityType security) {
        super(contextId);
        this.webApp = webApp;
        this.security = security;
    }

    /**
     * Translate the web deployment descriptors into equivalent security
     * permissions.  These permissions are placed into the appropriate
     * <code>PolicyConfiguration</code> object as defined in the JAAC spec.
     *
     * @throws org.apache.geronimo.security.GeronimoSecurityException if there is any violation of the semantics of
     * the security descriptor or the state of the module configuration.
     * @see javax.security.jacc.PolicyConfiguration
     * @see "Java Authorization Contract for Containers", section 3.1.3
     */
    public void doStart() {

        PolicyConfiguration configuration = getPolicyConfiguration();

        ConfigurationUtil.configure(configuration, webApp);
        setConfigured(true);

        //TODO not clear if schema allows/should allow security == null
        if (security != null) {
            RoleMappingsType roleMappings = security.getRoleMappings();
            if (roleMappings != null) {
                RoleType[] roles = roleMappings.getRoleArray();
                for (int i = 0; i < roles.length; i++) {
                    RoleType role = roles[i];
                    RealmType[] realms = role.getRealmArray();
                    for (int j = 0; j < realms.length; j++) {
                        RealmType realm = realms[j];
                        PrincipalType[] principals = realm.getPrincipalArray();
                        HashSet set = new HashSet();
                        for (int k = 0; k < principals.length; k++) {
                            PrincipalType principal = principals[k];
                            java.security.Principal p = null;
                            try {
                                Class clazz = Class.forName(principal.getClass1());
                                Constructor constructor = clazz.getDeclaredConstructor(new Class[]{String.class});
                                p = (java.security.Principal) constructor.newInstance(new Object[]{principal.getName()});
                                set.add(new RealmPrincipal(realm.getRealmName(), p));
                            } catch (InstantiationException e) {
                                throw new GeronimoSecurityException(e);
                            } catch (IllegalAccessException e) {
                                throw new GeronimoSecurityException(e);
                            } catch (ClassNotFoundException e) {
                                throw new GeronimoSecurityException(e);
                            } catch (NoSuchMethodException e) {
                                throw new GeronimoSecurityException(e);
                            } catch (InvocationTargetException e) {
                                throw new GeronimoSecurityException(e);
                            }
                        }
                        super.addRoleMapping(role.getRoleName(), set);
                    }
                }
            }
        }
    }


    private static final GBeanInfo GBEAN_INFO;

    static {
        GBeanInfoFactory infoFactory = new GBeanInfoFactory(WebModuleConfiguration.class, AbstractModuleConfiguration.GBEAN_INFO);
        //TODO make sure this attribute not backed by a getter or setter works.
        infoFactory.addAttribute("webApp", WebAppType.class, true);
        infoFactory.addAttribute("security", SecurityType.class, true);
        infoFactory.setConstructor(new String[]{"contextID", "webApp", "security"});
        GBEAN_INFO = infoFactory.getBeanInfo();
    }

    public static GBeanInfo getGBeanInfo() {
        return GBEAN_INFO;
    }

}