[jboss-svn-commits] JBL Code SVN: r23434 - in labs/jbossesb/branches/JBESB_4_4_GA_CP/product: rosetta/src/org/jboss/soa/esb/listeners/message and 7 other directories.

Mon Oct 13 07:46:17 EDT 2008

Author: kevin.conner at jboss.com
Date: 2008-10-13 07:46:16 -0400 (Mon, 13 Oct 2008)
New Revision: 23434

Removed:
   labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/CertCallbackHandler.java
   labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/actions/
   labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractor.java
   labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/actions/
   labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractorUnitTest.java
   labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/webservice_producer_secured/
Modified:
   labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java
   labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java
   labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityServiceFactory.java
   labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecurityInfoExtractor.java
   labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/principals/User.java
Log:
Pre CR1 cleanup of security: JBESB-2115

Deleted: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/CertCallbackHandler.java
===================================================================

--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/CertCallbackHandler.java	2008-10-13 07:46:23 UTC (rev 23433)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/CertCallbackHandler.java	2008-10-13 11:46:16 UTC (rev 23434)
@@ -1,85 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- * 
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- * 
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- * 
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.internal.soa.esb.services.security;
-
-import java.io.IOException;
-import java.util.Map;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.ConfirmationCallback;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-
-import org.jboss.soa.esb.services.security.SecurityConfig;
-import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
-
-/**
- * 
- * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
- *
- */
-public class CertCallbackHandler implements EsbCallbackHandler
-{
-	private String keyStoreAlias;
-	private char[] keyPassword;
-	
-	public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException
-	{
-		for (int i = 0; i < callbacks.length; i++) 
-		{
-            if (callbacks[i] instanceof NameCallback) 
-            {
-                NameCallback nc = (NameCallback) callbacks[i];
-                nc.setName(keyStoreAlias);
-            }
-            if ( callbacks[i] instanceof ConfirmationCallback ) 
-            {
-                ConfirmationCallback cb = (ConfirmationCallback) callbacks[i];
-                cb.setSelectedIndex(ConfirmationCallback.OK);
-            }
-            else if (callbacks[i] instanceof PasswordCallback) 
-            {
-            	PasswordCallback passcb = (PasswordCallback) callbacks[i];
-            	passcb.setPassword(keyPassword);
-            }
-        }
-	}
-
-	public void setAuthenticationRequest(AuthenticationRequest authRequest) { }
-
-	public void setSecurityConfig(final SecurityConfig config)
-	{
-		if ( config != null )
-		{
-			Map<String, String> properties = config.getProperties();
-			//	get the alias for the certificate to look for.
-			this.keyStoreAlias = properties.get("alias");
-			
-			//	get password for key in keystore(this is the keys password, not the keystores.
-			String keyPass = properties.get("keyPassword");
-			if ( keyPass != null )
-    			this.keyPassword = keyPass.toCharArray();
-			
-			keyPass = null;
-		}
-	}
-}

Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java	2008-10-13 07:46:23 UTC (rev 23433)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java	2008-10-13 11:46:16 UTC (rev 23434)
@@ -47,10 +47,10 @@
 		if ( authRequest == null )
 			throw new IllegalStateException("No AuthenticationRequest has been set");
 		
-		log.debug("Nr of callback to handle : " + callbacks.length);
+		if (log.isDebugEnabled()) log.debug("Nr of callback to handle : " + callbacks.length);
 		for (int i = 0; i < callbacks.length; i++) 
 		{
-    		log.debug("Callback" + callbacks[i].getClass().getName());
+    		if (log.isDebugEnabled()) log.debug("Callback" + callbacks[i].getClass().getName());
             if (callbacks[i] instanceof NameCallback) 
             {
                 NameCallback nc = (NameCallback) callbacks[i];

Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java	2008-10-13 07:46:23 UTC (rev 23433)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java	2008-10-13 11:46:16 UTC (rev 23434)
@@ -378,7 +378,7 @@
             }
 			catch (final SecurityServiceException e)
             {
-			    LOGGER.error("Security exception: ", e);
+			    LOGGER.debug("Security exception: ", e);
 			    // just make sure the securityContext is null. This will trigger a new auth if security is enabled.
 			    securityContext = null;
             }
@@ -448,13 +448,13 @@
 		}
 		catch (final SecurityServiceException e)
 		{
-			LOGGER.error( "SecurityService exception : ", e);
+			LOGGER.debug( "SecurityService exception : ", e);
 			faultTo(callDetails, Factory.createErrorMessage(Factory.UNEXPECTED_ERROR, message, e));
 			return false;
 		}
 		catch (final ConfigurationException e)
 		{
-			LOGGER.error( "SecurityService exception : ", e);
+			LOGGER.debug( "SecurityService exception : ", e);
 			faultTo(callDetails, Factory.createErrorMessage(Factory.UNEXPECTED_ERROR, message, e));
 			return false;
 		}

Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityServiceFactory.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityServiceFactory.java	2008-10-13 07:46:23 UTC (rev 23433)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityServiceFactory.java	2008-10-13 11:46:16 UTC (rev 23434)
@@ -33,7 +33,7 @@
 
 	private SecurityServiceFactory() { }
 
-	public static SecurityService getSecurityService() throws ConfigurationException
+	public static synchronized SecurityService getSecurityService() throws ConfigurationException
 	{
 		if (instance != null)
 		{

Deleted: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractor.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractor.java	2008-10-13 07:46:23 UTC (rev 23433)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractor.java	2008-10-13 11:46:16 UTC (rev 23434)
@@ -1,72 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- * 
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- * 
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- * 
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.soa.esb.services.security.auth.http;
-
-import java.util.HashSet;
-import java.util.Set;
-import javax.servlet.http.HttpServletRequest;
-import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
-import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
-import org.jboss.soa.esb.services.security.auth.SecurityInfoExtractor;
-import org.jboss.soa.esb.services.security.principals.User;
-import org.jboss.util.Base64;
-
-/**
- * Extracts secuirty information from a HttpServletRequest
- * </p>
- * Supports BASIC authentication.
- * 
- * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
- *
- */
-public class HttpSecurityInfoExtractor implements SecurityInfoExtractor<HttpServletRequest>
-{
-
-	public AuthenticationRequest extractSecurityInfo(HttpServletRequest httpRequest)
-	{
-		final String authType = httpRequest.getAuthType();
-		if ( authType == null )
-			return null;
-		
-		Set<Object> credentials = new HashSet<Object>();
-		if ( authType.equals("BASIC")) 
-		{
-            String auth = httpRequest.getHeader("Authorization");
-            auth = auth.substring(auth.indexOf(" "));
-            // decode the Base64 encoded username:password 
-    		String decoded = new String( Base64.decode(auth) );
-            final int separator = decoded.indexOf(":");
-            final String username = decoded.substring(0,separator);
-            String pwd = decoded.substring(separator+1,decoded.length());
-			credentials.add( pwd.toCharArray() );
-			pwd = null;
-			decoded = null;
-    		return new AuthenticationRequestImpl.Builder(new User(username), credentials ).build();
-		}
-		if ( authType.equals("DIGEST"))
-		{
-			// not supported yet.
-		}
-		
-		return null;
-	}
-
-}

Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecurityInfoExtractor.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecurityInfoExtractor.java	2008-10-13 07:46:23 UTC (rev 23433)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/WSSecurityInfoExtractor.java	2008-10-13 11:46:16 UTC (rev 23434)
@@ -110,6 +110,10 @@
 		{
     		credentials.add(binaryToken.getKey());
 		}
+		if (credentials.isEmpty())
+		{
+			return null ;
+		}
 		return new AuthenticationRequestImpl.Builder(user, credentials ).build();
 	}
 

Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/principals/User.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/principals/User.java	2008-10-13 07:46:23 UTC (rev 23433)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/principals/User.java	2008-10-13 11:46:16 UTC (rev 23434)
@@ -50,7 +50,7 @@
 	
 	public String toString()
 	{
-		return "User [roleName=" + name + "]";
+		return "User [userName=" + name + "]";
 	}
 
 	@Override

Deleted: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractorUnitTest.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractorUnitTest.java	2008-10-13 07:46:23 UTC (rev 23433)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/http/HttpSecurityInfoExtractorUnitTest.java	2008-10-13 11:46:16 UTC (rev 23434)
@@ -1,373 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- * 
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- * 
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- * 
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.soa.esb.services.security.auth.http;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.security.Principal;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Locale;
-import java.util.Map;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-import junit.framework.JUnit4TestAdapter;
-
-import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
-import org.jboss.util.Base64;
-import org.junit.Test;
-
-/**
- * Unit test for {@link HttpSecurityInfoExtractor} 
- * <p>
- * 
- * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
- * @since 4.4
- */
-public class HttpSecurityInfoExtractorUnitTest
-{
-	private String username = "Bob";
-	private String password = "Kelso";
-	
-	@Test
-	public void extractSecurityInfo() throws IOException
-	{
-		HttpSecurityInfoExtractor extractor = new HttpSecurityInfoExtractor();
-		MockHttpServletRequest httpRequest = new MockHttpServletRequest();
-		httpRequest.setAuthType("BASIC");
-		String userNamePassword= username + ":" + password;
-		String base64Userpass = Base64.encodeBytes(userNamePassword.getBytes());
-		final String authString = "Basic " + base64Userpass;
-		
-		httpRequest.addHeader("Authorization", authString);
-		AuthenticationRequest authRequest = extractor.extractSecurityInfo(httpRequest);
-		
-		assertNotNull(authRequest); 
-		char[] passwd = (char[]) authRequest.getCredentials().iterator().next();
-		assertEquals(password, new String(passwd));
-		assertEquals(username, authRequest.getPrincipal().getName());
-	}
-	
-	public static junit.framework.Test suite()
-	{
-		return new JUnit4TestAdapter(HttpSecurityInfoExtractorUnitTest.class);
-	}
-	
-	private static class MockHttpServletRequest implements HttpServletRequest
-	{
-		private String authType;
-		private Map<String,String> headers = new HashMap<String,String>();
-		
-		public void setAuthType(String authType)
-		{
-			this.authType = authType;
-		}
-
-		public String getAuthType()
-		{
-			return authType;
-		}
-
-		public String getContextPath()
-		{
-			return null;
-		}
-
-		public Cookie[] getCookies()
-		{
-			return null;
-		}
-
-		public long getDateHeader(String arg0)
-		{
-			return 0;
-		}
-
-		public String getHeader(String header)
-		{
-			return headers.get(header);
-		}
-		public void addHeader(final String headerName, final String object)
-		{
-			headers.put(headerName, object);
-		}
-
-		public Enumeration getHeaderNames()
-		{
-			return null;
-		}
-
-		public Enumeration getHeaders(String arg0)
-		{
-			return null;
-		}
-
-		public int getIntHeader(String arg0)
-		{
-			return 0;
-		}
-
-		public String getMethod()
-		{
-			return null;
-		}
-
-		public String getPathInfo()
-		{
-			return null;
-		}
-
-		public String getPathTranslated()
-		{
-			return null;
-		}
-
-		public String getQueryString()
-		{
-			return null;
-		}
-
-		public String getRemoteUser()
-		{
-			return null;
-		}
-
-		public String getRequestURI()
-		{
-			return null;
-		}
-
-		public StringBuffer getRequestURL()
-		{
-			return null;
-		}
-
-		public String getRequestedSessionId()
-		{
-			return null;
-		}
-
-		public String getServletPath()
-		{
-			return null;
-		}
-
-		public HttpSession getSession()
-		{
-			return null;
-		}
-
-		public HttpSession getSession(boolean arg0)
-		{
-			return null;
-		}
-		
-		private Principal userPrincipal;
-
-		public void setUserPrincipal(Principal userPrincipal)
-		{
-			this.userPrincipal = userPrincipal;
-		}
-
-		public Principal getUserPrincipal()
-		{
-			return this.userPrincipal;
-		}
-
-		public boolean isRequestedSessionIdFromCookie()
-		{
-			return false;
-		}
-
-		public boolean isRequestedSessionIdFromURL()
-		{
-			return false;
-		}
-
-		public boolean isRequestedSessionIdFromUrl()
-		{
-			return false;
-		}
-
-		public boolean isRequestedSessionIdValid()
-		{
-			return false;
-		}
-
-		public boolean isUserInRole(String arg0)
-		{
-			return false;
-		}
-
-		public Object getAttribute(String arg0)
-		{
-			return null;
-		}
-
-		public Enumeration getAttributeNames()
-		{
-			return null;
-		}
-
-		public String getCharacterEncoding()
-		{
-			return null;
-		}
-
-		public int getContentLength()
-		{
-			return 0;
-		}
-
-		public String getContentType()
-		{
-			return null;
-		}
-
-		public ServletInputStream getInputStream() throws IOException
-		{
-			return null;
-		}
-
-		public String getLocalAddr()
-		{
-			return null;
-		}
-
-		public String getLocalName()
-		{
-			return null;
-		}
-
-		public int getLocalPort()
-		{
-			return 0;
-		}
-
-		public Locale getLocale()
-		{
-			return null;
-		}
-
-		public Enumeration getLocales()
-		{
-			return null;
-		}
-
-		public String getParameter(String arg0)
-		{
-			return null;
-		}
-
-		public Map getParameterMap()
-		{
-			return null;
-		}
-
-		public Enumeration getParameterNames()
-		{
-			return null;
-		}
-
-		public String[] getParameterValues(String arg0)
-		{
-			return null;
-		}
-
-		public String getProtocol()
-		{
-			return null;
-		}
-
-		public BufferedReader getReader() throws IOException
-		{
-			return null;
-		}
-
-		public String getRealPath(String arg0)
-		{
-			return null;
-		}
-
-		public String getRemoteAddr()
-		{
-			return null;
-		}
-
-		public String getRemoteHost()
-		{
-			return null;
-		}
-
-		public int getRemotePort()
-		{
-			return 0;
-		}
-
-		public RequestDispatcher getRequestDispatcher(String arg0)
-		{
-			return null;
-		}
-
-		public String getScheme()
-		{
-			return null;
-		}
-
-		public String getServerName()
-		{
-			return null;
-		}
-
-		public int getServerPort()
-		{
-			return 0;
-		}
-
-		public boolean isSecure()
-		{
-			return false;
-		}
-
-		public void removeAttribute(String arg0)
-		{
-		}
-
-		public void setAttribute(String arg0, Object arg1)
-		{
-		}
-
-		public void setCharacterEncoding(String arg0) throws UnsupportedEncodingException
-		{
-		}
-		
-	}
-
-}


