[jboss-svn-commits] JBL Code SVN: r23434 - in labs/jbossesb/branches/JBESB_4_4_GA_CP/product: rosetta/src/org/jboss/soa/esb/listeners/message and 7 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Mon Oct 13 07:46:17 EDT 2008
Author: kevin.conner at jboss.com
Date: 2008-10-13 07:46:16 -0400 (Mon, 13 Oct 2008)
New Revision: 23434
Removed:
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/CertCallbackHandler.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/actions/
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractor.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/actions/
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractorUnitTest.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/webservice_producer_secured/
Modified:
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityServiceFactory.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecurityInfoExtractor.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/principals/User.java
Log:
Pre CR1 cleanup of security: JBESB-2115
Deleted: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/CertCallbackHandler.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/CertCallbackHandler.java 2008-10-13 07:46:23 UTC (rev 23433)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/CertCallbackHandler.java 2008-10-13 11:46:16 UTC (rev 23434)
@@ -1,85 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.internal.soa.esb.services.security;
-
-import java.io.IOException;
-import java.util.Map;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.ConfirmationCallback;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-
-import org.jboss.soa.esb.services.security.SecurityConfig;
-import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
-
-/**
- *
- * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
- *
- */
-public class CertCallbackHandler implements EsbCallbackHandler
-{
- private String keyStoreAlias;
- private char[] keyPassword;
-
- public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException
- {
- for (int i = 0; i < callbacks.length; i++)
- {
- if (callbacks[i] instanceof NameCallback)
- {
- NameCallback nc = (NameCallback) callbacks[i];
- nc.setName(keyStoreAlias);
- }
- if ( callbacks[i] instanceof ConfirmationCallback )
- {
- ConfirmationCallback cb = (ConfirmationCallback) callbacks[i];
- cb.setSelectedIndex(ConfirmationCallback.OK);
- }
- else if (callbacks[i] instanceof PasswordCallback)
- {
- PasswordCallback passcb = (PasswordCallback) callbacks[i];
- passcb.setPassword(keyPassword);
- }
- }
- }
-
- public void setAuthenticationRequest(AuthenticationRequest authRequest) { }
-
- public void setSecurityConfig(final SecurityConfig config)
- {
- if ( config != null )
- {
- Map<String, String> properties = config.getProperties();
- // get the alias for the certificate to look for.
- this.keyStoreAlias = properties.get("alias");
-
- // get password for key in keystore(this is the keys password, not the keystores.
- String keyPass = properties.get("keyPassword");
- if ( keyPass != null )
- this.keyPassword = keyPass.toCharArray();
-
- keyPass = null;
- }
- }
-}
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java 2008-10-13 07:46:23 UTC (rev 23433)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java 2008-10-13 11:46:16 UTC (rev 23434)
@@ -47,10 +47,10 @@
if ( authRequest == null )
throw new IllegalStateException("No AuthenticationRequest has been set");
- log.debug("Nr of callback to handle : " + callbacks.length);
+ if (log.isDebugEnabled()) log.debug("Nr of callback to handle : " + callbacks.length);
for (int i = 0; i < callbacks.length; i++)
{
- log.debug("Callback" + callbacks[i].getClass().getName());
+ if (log.isDebugEnabled()) log.debug("Callback" + callbacks[i].getClass().getName());
if (callbacks[i] instanceof NameCallback)
{
NameCallback nc = (NameCallback) callbacks[i];
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java 2008-10-13 07:46:23 UTC (rev 23433)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java 2008-10-13 11:46:16 UTC (rev 23434)
@@ -378,7 +378,7 @@
}
catch (final SecurityServiceException e)
{
- LOGGER.error("Security exception: ", e);
+ LOGGER.debug("Security exception: ", e);
// just make sure the securityContext is null. This will trigger a new auth if security is enabled.
securityContext = null;
}
@@ -448,13 +448,13 @@
}
catch (final SecurityServiceException e)
{
- LOGGER.error( "SecurityService exception : ", e);
+ LOGGER.debug( "SecurityService exception : ", e);
faultTo(callDetails, Factory.createErrorMessage(Factory.UNEXPECTED_ERROR, message, e));
return false;
}
catch (final ConfigurationException e)
{
- LOGGER.error( "SecurityService exception : ", e);
+ LOGGER.debug( "SecurityService exception : ", e);
faultTo(callDetails, Factory.createErrorMessage(Factory.UNEXPECTED_ERROR, message, e));
return false;
}
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityServiceFactory.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityServiceFactory.java 2008-10-13 07:46:23 UTC (rev 23433)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityServiceFactory.java 2008-10-13 11:46:16 UTC (rev 23434)
@@ -33,7 +33,7 @@
private SecurityServiceFactory() { }
- public static SecurityService getSecurityService() throws ConfigurationException
+ public static synchronized SecurityService getSecurityService() throws ConfigurationException
{
if (instance != null)
{
Deleted: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractor.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractor.java 2008-10-13 07:46:23 UTC (rev 23433)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractor.java 2008-10-13 11:46:16 UTC (rev 23434)
@@ -1,72 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.soa.esb.services.security.auth.http;
-
-import java.util.HashSet;
-import java.util.Set;
-import javax.servlet.http.HttpServletRequest;
-import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
-import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
-import org.jboss.soa.esb.services.security.auth.SecurityInfoExtractor;
-import org.jboss.soa.esb.services.security.principals.User;
-import org.jboss.util.Base64;
-
-/**
- * Extracts secuirty information from a HttpServletRequest
- * </p>
- * Supports BASIC authentication.
- *
- * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
- *
- */
-public class HttpSecurityInfoExtractor implements SecurityInfoExtractor<HttpServletRequest>
-{
-
- public AuthenticationRequest extractSecurityInfo(HttpServletRequest httpRequest)
- {
- final String authType = httpRequest.getAuthType();
- if ( authType == null )
- return null;
-
- Set<Object> credentials = new HashSet<Object>();
- if ( authType.equals("BASIC"))
- {
- String auth = httpRequest.getHeader("Authorization");
- auth = auth.substring(auth.indexOf(" "));
- // decode the Base64 encoded username:password
- String decoded = new String( Base64.decode(auth) );
- final int separator = decoded.indexOf(":");
- final String username = decoded.substring(0,separator);
- String pwd = decoded.substring(separator+1,decoded.length());
- credentials.add( pwd.toCharArray() );
- pwd = null;
- decoded = null;
- return new AuthenticationRequestImpl.Builder(new User(username), credentials ).build();
- }
- if ( authType.equals("DIGEST"))
- {
- // not supported yet.
- }
-
- return null;
- }
-
-}
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecurityInfoExtractor.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecurityInfoExtractor.java 2008-10-13 07:46:23 UTC (rev 23433)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecurityInfoExtractor.java 2008-10-13 11:46:16 UTC (rev 23434)
@@ -110,6 +110,10 @@
{
credentials.add(binaryToken.getKey());
}
+ if (credentials.isEmpty())
+ {
+ return null ;
+ }
return new AuthenticationRequestImpl.Builder(user, credentials ).build();
}
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/principals/User.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/principals/User.java 2008-10-13 07:46:23 UTC (rev 23433)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/principals/User.java 2008-10-13 11:46:16 UTC (rev 23434)
@@ -50,7 +50,7 @@
public String toString()
{
- return "User [roleName=" + name + "]";
+ return "User [userName=" + name + "]";
}
@Override
Deleted: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractorUnitTest.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractorUnitTest.java 2008-10-13 07:46:23 UTC (rev 23433)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractorUnitTest.java 2008-10-13 11:46:16 UTC (rev 23434)
@@ -1,373 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.soa.esb.services.security.auth.http;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.security.Principal;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Locale;
-import java.util.Map;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-import junit.framework.JUnit4TestAdapter;
-
-import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
-import org.jboss.util.Base64;
-import org.junit.Test;
-
-/**
- * Unit test for {@link HttpSecurityInfoExtractor}
- * <p>
- *
- * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
- * @since 4.4
- */
-public class HttpSecurityInfoExtractorUnitTest
-{
- private String username = "Bob";
- private String password = "Kelso";
-
- @Test
- public void extractSecurityInfo() throws IOException
- {
- HttpSecurityInfoExtractor extractor = new HttpSecurityInfoExtractor();
- MockHttpServletRequest httpRequest = new MockHttpServletRequest();
- httpRequest.setAuthType("BASIC");
- String userNamePassword= username + ":" + password;
- String base64Userpass = Base64.encodeBytes(userNamePassword.getBytes());
- final String authString = "Basic " + base64Userpass;
-
- httpRequest.addHeader("Authorization", authString);
- AuthenticationRequest authRequest = extractor.extractSecurityInfo(httpRequest);
-
- assertNotNull(authRequest);
- char[] passwd = (char[]) authRequest.getCredentials().iterator().next();
- assertEquals(password, new String(passwd));
- assertEquals(username, authRequest.getPrincipal().getName());
- }
-
- public static junit.framework.Test suite()
- {
- return new JUnit4TestAdapter(HttpSecurityInfoExtractorUnitTest.class);
- }
-
- private static class MockHttpServletRequest implements HttpServletRequest
- {
- private String authType;
- private Map<String,String> headers = new HashMap<String,String>();
-
- public void setAuthType(String authType)
- {
- this.authType = authType;
- }
-
- public String getAuthType()
- {
- return authType;
- }
-
- public String getContextPath()
- {
- return null;
- }
-
- public Cookie[] getCookies()
- {
- return null;
- }
-
- public long getDateHeader(String arg0)
- {
- return 0;
- }
-
- public String getHeader(String header)
- {
- return headers.get(header);
- }
- public void addHeader(final String headerName, final String object)
- {
- headers.put(headerName, object);
- }
-
- public Enumeration getHeaderNames()
- {
- return null;
- }
-
- public Enumeration getHeaders(String arg0)
- {
- return null;
- }
-
- public int getIntHeader(String arg0)
- {
- return 0;
- }
-
- public String getMethod()
- {
- return null;
- }
-
- public String getPathInfo()
- {
- return null;
- }
-
- public String getPathTranslated()
- {
- return null;
- }
-
- public String getQueryString()
- {
- return null;
- }
-
- public String getRemoteUser()
- {
- return null;
- }
-
- public String getRequestURI()
- {
- return null;
- }
-
- public StringBuffer getRequestURL()
- {
- return null;
- }
-
- public String getRequestedSessionId()
- {
- return null;
- }
-
- public String getServletPath()
- {
- return null;
- }
-
- public HttpSession getSession()
- {
- return null;
- }
-
- public HttpSession getSession(boolean arg0)
- {
- return null;
- }
-
- private Principal userPrincipal;
-
- public void setUserPrincipal(Principal userPrincipal)
- {
- this.userPrincipal = userPrincipal;
- }
-
- public Principal getUserPrincipal()
- {
- return this.userPrincipal;
- }
-
- public boolean isRequestedSessionIdFromCookie()
- {
- return false;
- }
-
- public boolean isRequestedSessionIdFromURL()
- {
- return false;
- }
-
- public boolean isRequestedSessionIdFromUrl()
- {
- return false;
- }
-
- public boolean isRequestedSessionIdValid()
- {
- return false;
- }
-
- public boolean isUserInRole(String arg0)
- {
- return false;
- }
-
- public Object getAttribute(String arg0)
- {
- return null;
- }
-
- public Enumeration getAttributeNames()
- {
- return null;
- }
-
- public String getCharacterEncoding()
- {
- return null;
- }
-
- public int getContentLength()
- {
- return 0;
- }
-
- public String getContentType()
- {
- return null;
- }
-
- public ServletInputStream getInputStream() throws IOException
- {
- return null;
- }
-
- public String getLocalAddr()
- {
- return null;
- }
-
- public String getLocalName()
- {
- return null;
- }
-
- public int getLocalPort()
- {
- return 0;
- }
-
- public Locale getLocale()
- {
- return null;
- }
-
- public Enumeration getLocales()
- {
- return null;
- }
-
- public String getParameter(String arg0)
- {
- return null;
- }
-
- public Map getParameterMap()
- {
- return null;
- }
-
- public Enumeration getParameterNames()
- {
- return null;
- }
-
- public String[] getParameterValues(String arg0)
- {
- return null;
- }
-
- public String getProtocol()
- {
- return null;
- }
-
- public BufferedReader getReader() throws IOException
- {
- return null;
- }
-
- public String getRealPath(String arg0)
- {
- return null;
- }
-
- public String getRemoteAddr()
- {
- return null;
- }
-
- public String getRemoteHost()
- {
- return null;
- }
-
- public int getRemotePort()
- {
- return 0;
- }
-
- public RequestDispatcher getRequestDispatcher(String arg0)
- {
- return null;
- }
-
- public String getScheme()
- {
- return null;
- }
-
- public String getServerName()
- {
- return null;
- }
-
- public int getServerPort()
- {
- return 0;
- }
-
- public boolean isSecure()
- {
- return false;
- }
-
- public void removeAttribute(String arg0)
- {
- }
-
- public void setAttribute(String arg0, Object arg1)
- {
- }
-
- public void setCharacterEncoding(String arg0) throws UnsupportedEncodingException
- {
- }
-
- }
-
-}
More information about the jboss-svn-commits
mailing list