[gatein-issues] [JBoss JIRA] Commented: (GTNPORTAL-708) ExoDefaultSecurityTokenGenerator() contains a hard-coded path to the encryption key

Wed Feb 24 11:03:10 EST 2010

    [ https://jira.jboss.org/jira/browse/GTNPORTAL-708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12516373#action_12516373 ] 

Martin Podolinsky commented on GTNPORTAL-708:
---------------------------------------------

The issue has two parts.

* all methods using an encryption key must search for the key in the same directory provided by the J2EEServerInfo class

* the configuration directory provided by the J2EEServerInfo must exist, otherwise the current execution directory of the container will be used. Using same configuration directory for all GateIn stuff will be easily manageable after EXOJCR-536

> ExoDefaultSecurityTokenGenerator() contains a hard-coded path to the encryption key
> -----------------------------------------------------------------------------------
>
>                 Key: GTNPORTAL-708
>                 URL: https://jira.jboss.org/jira/browse/GTNPORTAL-708
>             Project: GateIn Portal
>          Issue Type: Bug
>          Components: Common integration
>    Affects Versions: 3.0.0-CR01
>         Environment: Deployed into EAP 5.0, Java 1.6, Linux
>            Reporter: Martin Podolinsky
>            Assignee: Martin Podolinsky
>             Fix For: 3.0.0-GA
>
>
> I've created the directory jboss-as/server/${server-config}/conf/exo-conf supposed to be a place for all exo related stuff. The directory is checked and provided by the org.exoplatform.container.monitor.jvm.J2EEServerInfo helper class. So with the directory created is a gadget encryption key (key.txt) properly generated created by the ExoContainerConfig class and everything looks fine. The problem appears when the ExoDefaultSecurityTokenGenerator comes into play, because it contains a hard-coded key name:
> this.containerKey = "key.txt";
> so further methods expect the file "key.txt" in the current AS execution directory, although it's generated in the exo-conf.
> Exception stack trace:
> *******************
> 11:03:06,742 ERROR [STDERR] java.io.FileNotFoundException: key.txt (No such file or directory)                                                                  
> 11:03:06,744 ERROR [STDERR]     at java.io.FileInputStream.open(Native Method)                                                                                  
> 11:03:06,744 ERROR [STDERR]     at java.io.FileInputStream.<init>(FileInputStream.java:106)                                                                     
> 11:03:06,744 ERROR [STDERR]     at org.apache.shindig.common.crypto.BasicBlobCrypter.<init>(BasicBlobCrypter.java:79)                                           
> 11:03:06,744 ERROR [STDERR]     at org.exoplatform.portal.gadget.core.ExoDefaultSecurityTokenGenerator.getBlobCrypter(ExoDefaultSecurityTokenGenerator.java:127)
> 11:03:06,744 ERROR [STDERR]     at org.exoplatform.portal.gadget.core.ExoDefaultSecurityTokenGenerator.createToken(ExoDefaultSecurityTokenGenerator.java:92)    
> 11:03:06,744 ERROR [STDERR]     at org.exoplatform.portal.gadget.core.ExoDefaultSecurityTokenGenerator.createToken(ExoDefaultSecurityTokenGenerator.java:122)   
> 11:03:06,744 ERROR [STDERR]     at org.exoplatform.portal.webui.application.GadgetUtil.createToken(GadgetUtil.java:119)                                         
> 11:03:06,744 ERROR [STDERR]     at org.exoplatform.portal.webui.application.UIGadget.getMetadata(UIGadget.java:210)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira