Package org.apache.geronimo.security.deployment

Source Code of org.apache.geronimo.security.deployment.SecurityBuilder

/**
*
* Copyright 2003-2004 The Apache Software Foundation
*
*  Licensed under the Apache License, Version 2.0 (the "License");
*  you may not use this file except in compliance with the License.
*  You may obtain a copy of the License at
*
*     http://www.apache.org/licenses/LICENSE-2.0
*
*  Unless required by applicable law or agreed to in writing, software
*  distributed under the License is distributed on an "AS IS" BASIS,
*  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*  See the License for the specific language governing permissions and
*  limitations under the License.
*/
package org.apache.geronimo.security.deployment;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.management.ObjectName;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;

import org.apache.geronimo.common.DeploymentException;
import org.apache.geronimo.gbean.GBeanData;
import org.apache.geronimo.security.RealmPrincipal;
import org.apache.geronimo.security.deploy.DefaultPrincipal;
import org.apache.geronimo.security.deploy.DistinguishedName;
import org.apache.geronimo.security.deploy.Principal;
import org.apache.geronimo.security.deploy.Realm;
import org.apache.geronimo.security.deploy.Role;
import org.apache.geronimo.security.deploy.Security;
import org.apache.geronimo.security.jaas.NamedUsernamePasswordCredential;
import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager;
import org.apache.geronimo.security.util.ConfigurationUtil;
import org.apache.geronimo.xbeans.geronimo.security.GerDefaultPrincipalType;
import org.apache.geronimo.xbeans.geronimo.security.GerDistinguishedNameType;
import org.apache.geronimo.xbeans.geronimo.security.GerNamedUsernamePasswordCredentialType;
import org.apache.geronimo.xbeans.geronimo.security.GerPrincipalType;
import org.apache.geronimo.xbeans.geronimo.security.GerRealmType;
import org.apache.geronimo.xbeans.geronimo.security.GerRoleMappingsType;
import org.apache.geronimo.xbeans.geronimo.security.GerRoleType;
import org.apache.geronimo.xbeans.geronimo.security.GerSecurityType;


/**
* @version $Rev:  $ $Date:  $
*/
public class SecurityBuilder {

    public static SecurityConfiguration buildSecurityConfiguration(GerSecurityType securityType) throws DeploymentException {
        Security security = buildSecurityConfig(securityType);
        return buildSecurityConfiguration(security);
    }

    public static SecurityConfiguration buildSecurityConfiguration(Security security) throws DeploymentException {
        Map roleDesignates = new HashMap();
        Map principalRoleMap = new HashMap();
        Map roleToPrincipalMap = new HashMap();
        buildRolePrincipalMap(security, roleDesignates, roleToPrincipalMap);
        invertMap(roleToPrincipalMap, principalRoleMap);
        SecurityConfiguration securityConfiguration = new SecurityConfiguration(principalRoleMap, roleDesignates, security.getDefaultPrincipal(), security.getDefaultRole(), security.isDoAsCurrentCaller(), security.isUseContextHandler());
        return securityConfiguration;
    }

    private static Map invertMap(Map roleToPrincipalMap, Map principalRoleMapping) {
        for (Iterator roles = roleToPrincipalMap.entrySet().iterator(); roles.hasNext();) {
            Map.Entry entry = (Map.Entry) roles.next();
            String role = (String) entry.getKey();
            Set principals = (Set) entry.getValue();
            for (Iterator iter = principals.iterator(); iter.hasNext();) {
                java.security.Principal principal = (java.security.Principal) iter.next();

                HashSet roleSet = (HashSet) principalRoleMapping.get(principal);
                if (roleSet == null) {
                    roleSet = new HashSet();
                    principalRoleMapping.put(principal, roleSet);
                }
                roleSet.add(role);
            }
        }
        return principalRoleMapping;
    }

    private static void buildRolePrincipalMap(Security security, Map roleDesignates, Map roleToPrincipalMap) throws DeploymentException {

        Iterator roleMappings = security.getRoleMappings().values().iterator();
        while (roleMappings.hasNext()) {
            Role role = (Role) roleMappings.next();

            String roleName = role.getRoleName();
            Subject roleDesignate = new Subject();
            Set principalSet = new HashSet();

            Iterator realms = role.getRealms().values().iterator();
            while (realms.hasNext()) {
                Realm realm = (Realm) realms.next();

                Iterator principals = realm.getPrincipals().iterator();
                while (principals.hasNext()) {
                    Principal principal = (Principal) principals.next();

                    RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(principal, realm.getRealmName());

                    if (realmPrincipal == null) throw new DeploymentException("Unable to create realm principal");

                    principalSet.add(realmPrincipal);
                    if (principal.isDesignatedRunAs()) roleDesignate.getPrincipals().add(realmPrincipal);
                }
            }

            for (Iterator names = role.getDNames().iterator(); names.hasNext();) {
                DistinguishedName dn = (DistinguishedName) names.next();

                X500Principal x500Principal = ConfigurationUtil.generateX500Principal(dn.getName());

                principalSet.add(x500Principal);
                if (dn.isDesignatedRunAs()) {
                    roleDesignate.getPrincipals().add(x500Principal);
                }
            }

            Set roleMapping = (Set) roleToPrincipalMap.get(roleName);
            if (roleMapping == null) {
                roleMapping = new HashSet();
                roleToPrincipalMap.put(roleName, roleMapping);
            }
            roleMapping.addAll(principalSet);

            if (roleDesignate.getPrincipals().size() > 0) {
                roleDesignates.put(roleName, roleDesignate);
            }
        }
    }

    private static Security buildSecurityConfig(GerSecurityType securityType) {
        Security security = null;

        if (securityType == null) {
            return null;
        }
        security = new Security();

        security.setDoAsCurrentCaller(securityType.getDoasCurrentCaller());
        security.setUseContextHandler(securityType.getUseContextHandler());
        if (securityType.isSetDefaultRole()) {
            security.setDefaultRole(securityType.getDefaultRole().trim());
        }

        if (securityType.isSetRoleMappings()) {
            GerRoleMappingsType roleMappingsType = securityType.getRoleMappings();
            for (int i = 0; i < roleMappingsType.sizeOfRoleArray(); i++) {
                GerRoleType roleType = roleMappingsType.getRoleArray(i);
                Role role = new Role();

                String roleName = roleType.getRoleName().trim();
                role.setRoleName(roleName);

                for (int j = 0; j < roleType.sizeOfRealmArray(); j++) {
                    GerRealmType realmType = roleType.getRealmArray(j);
                    String realmName = realmType.getRealmName().trim();
                    Realm realm = new Realm();

                    realm.setRealmName(realmName);

                    for (int k = 0; k < realmType.sizeOfPrincipalArray(); k++) {
                        realm.getPrincipals().add(buildPrincipal(realmType.getPrincipalArray(k)));
                    }

                    role.getRealms().put(realmName, realm);
                }

                for (int j = 0; j < roleType.sizeOfDistinguishedNameArray(); j++) {
                    GerDistinguishedNameType dnType = roleType.getDistinguishedNameArray(j);
                    DistinguishedName name = new DistinguishedName(dnType.getName());

                    name.setDesignatedRunAs(dnType.getDesignatedRunAs());

                    role.append(name);
                }

                security.getRoleMappings().put(roleName, role);
            }
        }

        security.setDefaultPrincipal(buildDefaultPrincipal(securityType.getDefaultPrincipal()));

        return security;
    }

    //used from app client builder
    public static DefaultPrincipal buildDefaultPrincipal(GerDefaultPrincipalType defaultPrincipalType) {
        DefaultPrincipal defaultPrincipal = new DefaultPrincipal();

        defaultPrincipal.setRealmName(defaultPrincipalType.getRealmName().trim());
        defaultPrincipal.setPrincipal(buildPrincipal(defaultPrincipalType.getPrincipal()));
        GerNamedUsernamePasswordCredentialType[] namedCredentials = defaultPrincipalType.getNamedUsernamePasswordCredentialArray();
        if (namedCredentials.length > 0) {
            Set defaultCredentialSet = new HashSet();
            for (int i = 0; i < namedCredentials.length; i++) {
                GerNamedUsernamePasswordCredentialType namedCredentialType = namedCredentials[i];
                NamedUsernamePasswordCredential namedCredential = new NamedUsernamePasswordCredential(namedCredentialType.getUsername(), namedCredentialType.getPassword().toCharArray(), namedCredentialType.getName());
                defaultCredentialSet.add(namedCredential);
            }
            defaultPrincipal.setNamedUserPasswordCredentials(defaultCredentialSet);
        }
        return defaultPrincipal;
    }

    //used from TSSConfigEditor
    public static Principal buildPrincipal(GerPrincipalType principalType) {
        Principal principal = new Principal();

        principal.setClassName(principalType.getClass1());
        principal.setPrincipalName(principalType.getName());
        principal.setDesignatedRunAs(principalType.isSetDesignatedRunAs());

        return principal;
    }

    public static GBeanData configureApplicationPolicyManager(ObjectName name, Map contextIDToPermissionsMap, SecurityConfiguration securityConfiguration) {
        GBeanData jaccBeanData = new GBeanData(name, ApplicationPolicyConfigurationManager.GBEAN_INFO);
        jaccBeanData.setAttribute("contextIdToPermissionsMap", contextIDToPermissionsMap);
        jaccBeanData.setAttribute("principalRoleMap", securityConfiguration.getPrincipalRoleMap());
        jaccBeanData.setAttribute("roleDesignates", securityConfiguration.getRoleDesignates());
        return jaccBeanData;
    }

}
TOP

Related Classes of org.apache.geronimo.security.deployment.SecurityBuilder

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.