Index: modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoIdentityResolver.java =================================================================== --- modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoIdentityResolver.java (revision 553650) +++ modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoIdentityResolver.java (working copy) @@ -35,12 +35,11 @@ return null; } - Set identificationPrincipals = subject.getPrincipals(IdentificationPrincipal.class); - if (identificationPrincipals.isEmpty()) { + Set ids = subject.getPrivateCredentials(ServerIdentityToken.class); + if (ids.isEmpty()) { return null; } - - IdentificationPrincipal principal = identificationPrincipals.iterator().next(); - return principal.getId(); + ServerIdentityToken id = ids.iterator().next(); + return id.getId(); } } Index: modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/ServerIdentityToken.java =================================================================== --- modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/ServerIdentityToken.java (revision 0) +++ modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/ServerIdentityToken.java (revision 0) @@ -0,0 +1,68 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +package org.apache.geronimo.openejb; + +import java.net.URI; + +import org.apache.geronimo.security.SubjectId; + +/** + * @version $Rev:$ $Date:$ + */ +public class ServerIdentityToken { + private final URI server; + private final SubjectId id; + + + public ServerIdentityToken(URI server, SubjectId id) { + this.server = server; + this.id = id; + } + + + public URI getServer() { + return server; + } + + public SubjectId getId() { + return id; + } + + + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + + ServerIdentityToken that = (ServerIdentityToken) o; + + if (id != null ? !id.equals(that.id) : that.id != null) return false; + if (server != null ? !server.equals(that.server) : that.server != null) return false; + + return true; + } + + public int hashCode() { + int result; + result = (server != null ? server.hashCode() : 0); + result = 31 * result + (id != null ? id.hashCode() : 0); + return result; + } +} Property changes on: modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/ServerIdentityToken.java ___________________________________________________________________ Name: svn:mime-type + text/plain Name: svn:keywords + Date Revision Name: svn:eol-style + native Index: modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoSecurityService.java =================================================================== --- modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoSecurityService.java (revision 553650) +++ modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoSecurityService.java (working copy) @@ -17,6 +17,18 @@ */ package org.apache.geronimo.openejb; +import java.lang.reflect.Method; +import java.security.AccessControlContext; +import java.security.AccessControlException; +import java.security.Permission; +import java.security.Principal; +import java.util.Properties; + +import javax.security.auth.Subject; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; +import javax.security.jacc.EJBMethodPermission; + import org.apache.geronimo.security.ContextManager; import org.apache.geronimo.security.SubjectId; import org.apache.openejb.InterfaceType; @@ -25,17 +37,6 @@ import org.apache.openejb.core.security.jaas.UsernamePasswordCallbackHandler; import org.apache.openejb.spi.SecurityService; -import javax.security.auth.Subject; -import javax.security.auth.login.LoginContext; -import javax.security.auth.login.LoginException; -import javax.security.jacc.EJBMethodPermission; -import java.lang.reflect.Method; -import java.security.AccessControlContext; -import java.security.AccessControlException; -import java.security.Permission; -import java.security.Principal; -import java.util.Properties; - /** * @version $Rev$ $Date$ */ @@ -44,7 +45,11 @@ } public Object login(String user, String pass) throws LoginException { - LoginContext context = new LoginContext("OpenEJB", new UsernamePasswordCallbackHandler(user, pass)); + return login("OpenEJB", user, pass); + } + + public Object login(String securityRealm, String user, String pass) throws LoginException { + LoginContext context = new LoginContext(securityRealm, new UsernamePasswordCallbackHandler(user, pass)); context.login(); Subject subject = context.getSubject(); @@ -90,7 +95,7 @@ InterfaceType type = deploymentInfo.getInterfaceType(method.getDeclaringClass()); - String name = (type == null)? null: type.getSpecName(); + String name = (type == null) ? null : type.getSpecName(); Permission permission = new EJBMethodPermission(ejbName, name, method); Index: modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenejbRemoteLoginModule.java =================================================================== --- modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenejbRemoteLoginModule.java (revision 0) +++ modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenejbRemoteLoginModule.java (revision 0) @@ -0,0 +1,88 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +package org.apache.geronimo.openejb; + +import java.util.Map; +import java.io.IOException; +import java.net.URI; + +import javax.security.auth.spi.LoginModule; +import javax.security.auth.Subject; +import javax.security.auth.login.LoginException; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.UnsupportedCallbackException; + +import org.apache.openejb.client.ClientSecurity; +import org.apache.openejb.client.ServerMetaData; +import org.apache.geronimo.security.SubjectId; + +/** + * @version $Rev:$ $Date:$ + */ +public class OpenejbRemoteLoginModule implements LoginModule { + private static final String SECURITY_REALM_KEY = "org.apache.geronimo.openejb.OpenejbRemoteLoginModule.RemoteSecurityRealm"; + private static final String SERVER_URI_KEY = "org.apache.geronimo.openejb.OpenejbRemoteLoginModule.ServerURI"; + + private Subject subject; + private CallbackHandler callbackHandler; + private String securityRealm; + private URI serverURI; + private SubjectId identity; + public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { + this.subject = subject; + this.callbackHandler = callbackHandler; + securityRealm = (String) options.get(SECURITY_REALM_KEY); + serverURI = URI.create((String) options.get(SERVER_URI_KEY)); + } + + public boolean login() throws LoginException { + Callback[] callbacks = new Callback[] {new NameCallback("username"), new PasswordCallback("passsword", false)}; + try { + callbackHandler.handle(callbacks); + } catch (IOException e) { + throw (LoginException)new LoginException("Could not execute callbacks").initCause(e); + } catch (UnsupportedCallbackException e) { + throw (LoginException)new LoginException("Could not execute callbacks").initCause(e); + } + String userName = ((NameCallback)callbacks[0]).getName(); + String password = new String(((PasswordCallback)callbacks[1]).getPassword()); + identity = (SubjectId) ClientSecurity.directAuthentication(securityRealm, userName, password, new ServerMetaData(serverURI)); + return true; + } + + public boolean commit() throws LoginException { + subject.getPrivateCredentials().add(new ServerIdentityToken(serverURI, identity)); + return true; + } + + public boolean abort() throws LoginException { + subject.getPrivateCredentials().remove(identity); + return true; + } + + public boolean logout() throws LoginException { + //TODO what? + return false; + } +} Property changes on: modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/OpenejbRemoteLoginModule.java ___________________________________________________________________ Name: svn:mime-type + text/plain Name: svn:keywords + Date Revision Name: svn:eol-style + native Index: modules/geronimo-openejb/pom.xml =================================================================== --- modules/geronimo-openejb/pom.xml (revision 553650) +++ modules/geronimo-openejb/pom.xml (working copy) @@ -71,6 +71,10 @@ stax stax-api + + org.apache.openjpa + openjpa-persistence-jdbc +