Author: shawkins
Date: 2012-07-19 20:58:49 -0400 (Thu, 19 Jul 2012)
New Revision: 4248
Modified:
trunk/build/kits/jboss-as7/docs/teiid/teiid-releasenotes.html
trunk/jboss-integration/src/main/java/org/teiid/jboss/Element.java
trunk/jboss-integration/src/main/java/org/teiid/jboss/TeiidSubsystemParser.java
trunk/jboss-integration/src/main/java/org/teiid/jboss/TransportAdd.java
trunk/jboss-integration/src/main/resources/org/teiid/jboss/i18n.properties
trunk/jboss-integration/src/test/resources/teiid-sample-config.xml
trunk/jboss-integration/src/test/resources/teiid-transport-config.txt
trunk/runtime/src/main/java/org/teiid/transport/SSLConfiguration.java
trunk/runtime/src/test/java/org/teiid/transport/TestCommSockets.java
Log:
TEIID-2108 fix for ssl mode setting
Modified: trunk/build/kits/jboss-as7/docs/teiid/teiid-releasenotes.html
===================================================================
--- trunk/build/kits/jboss-as7/docs/teiid/teiid-releasenotes.html 2012-07-19 20:28:45 UTC
(rev 4247)
+++ trunk/build/kits/jboss-as7/docs/teiid/teiid-releasenotes.html 2012-07-20 00:58:49 UTC
(rev 4248)
@@ -53,6 +53,7 @@
<li>Result set cache entries can now have updatable set to false to indicate that
updates should not purge the entry.
<li>Datatype default values have been corrected for Teiid built-in types. All
datatypes are now nullable by default, only character string types are case sensitive,
numeric types have radix 10, and length/precision/scale have been set appropriately.
<li>pg catalog and dynamic vdb created metadata will use a generated Teiid id
rather than a random UUID.
+ <li>transport ssl config no longer uses the enabled attribute. Use mode=disabled
to disable the usage of encryption.
<ul>
<h4>from 7.x</h4>
Modified: trunk/jboss-integration/src/main/java/org/teiid/jboss/Element.java
===================================================================
--- trunk/jboss-integration/src/main/java/org/teiid/jboss/Element.java 2012-07-19 20:28:45
UTC (rev 4247)
+++ trunk/jboss-integration/src/main/java/org/teiid/jboss/Element.java 2012-07-20 00:58:49
UTC (rev 4248)
@@ -22,10 +22,7 @@
package org.teiid.jboss;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.DEFAULT;
-import static
org.jboss.as.controller.descriptions.ModelDescriptionConstants.DESCRIPTION;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.REQUIRED;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.TYPE;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.*;
import java.util.HashMap;
import java.util.Map;
@@ -111,7 +108,6 @@
PG_MAX_LOB_SIZE_ALLOWED_ELEMENT("max-lob-size-in-bytes",
"pg-max-lob-size-in-bytes",
ModelType.INT, false, "5242880"),
//$NON-NLS-1$ //$NON-NLS-2$
SSL_ELEMENT("ssl"),
- SSL_ENABLE_ATTRIBUTE("enable", "ssl-enable", ModelType.BOOLEAN,
false, "false"),
SSL_MODE_ATTRIBUTE("mode", "ssl-mode", ModelType.STRING, false,
"login"),
SSL_AUTH_MODE_ATTRIBUTE("authentication-mode",
"ssl-authentication-mode", ModelType.STRING, false, "anonymous"),
SSL_SSL_PROTOCOL_ATTRIBUTE("ssl-protocol", "ssl-ssl-protocol",
ModelType.STRING, false, "SSLv3"),
Modified: trunk/jboss-integration/src/main/java/org/teiid/jboss/TeiidSubsystemParser.java
===================================================================
---
trunk/jboss-integration/src/main/java/org/teiid/jboss/TeiidSubsystemParser.java 2012-07-19
20:28:45 UTC (rev 4247)
+++
trunk/jboss-integration/src/main/java/org/teiid/jboss/TeiidSubsystemParser.java 2012-07-20
00:58:49 UTC (rev 4248)
@@ -21,11 +21,8 @@
*/
package org.teiid.jboss;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADD;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP_ADDR;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM;
-import static org.jboss.as.controller.parsing.ParseUtils.requireNoAttributes;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.*;
+import static org.jboss.as.controller.parsing.ParseUtils.*;
import java.util.ArrayList;
import java.util.Collections;
@@ -160,7 +157,6 @@
if (like(node, Element.SSL_ELEMENT)) {
writer.writeStartElement(Element.SSL_ELEMENT.getLocalName());
- writeAttribute(writer, Element.SSL_ENABLE_ATTRIBUTE, node);
writeAttribute(writer, Element.SSL_MODE_ATTRIBUTE, node);
writeAttribute(writer, Element.SSL_AUTH_MODE_ATTRIBUTE, node);
writeAttribute(writer, Element.SSL_SSL_PROTOCOL_ATTRIBUTE, node);
@@ -496,7 +492,6 @@
Element element = Element.forName(attrName, Element.SSL_ELEMENT);
switch(element) {
- case SSL_ENABLE_ATTRIBUTE:
case SSL_MODE_ATTRIBUTE:
case SSL_AUTH_MODE_ATTRIBUTE:
case SSL_SSL_PROTOCOL_ATTRIBUTE:
Modified: trunk/jboss-integration/src/main/java/org/teiid/jboss/TransportAdd.java
===================================================================
--- trunk/jboss-integration/src/main/java/org/teiid/jboss/TransportAdd.java 2012-07-19
20:28:45 UTC (rev 4247)
+++ trunk/jboss-integration/src/main/java/org/teiid/jboss/TransportAdd.java 2012-07-20
00:58:49 UTC (rev 4248)
@@ -21,11 +21,7 @@
*/
package org.teiid.jboss;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADD;
-import static
org.jboss.as.controller.descriptions.ModelDescriptionConstants.DESCRIPTION;
-import static
org.jboss.as.controller.descriptions.ModelDescriptionConstants.OPERATION_NAME;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP_ADDR;
-import static
org.jboss.as.controller.descriptions.ModelDescriptionConstants.REQUEST_PROPERTIES;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.*;
import java.util.Arrays;
import java.util.Collections;
@@ -83,7 +79,6 @@
Element.PG_MAX_LOB_SIZE_ALLOWED_ELEMENT,
- Element.SSL_ENABLE_ATTRIBUTE,
Element.SSL_MODE_ATTRIBUTE,
Element.SSL_AUTH_MODE_ATTRIBUTE,
Element.SSL_SSL_PROTOCOL_ATTRIBUTE,
@@ -246,15 +241,9 @@
socket.setOutputBufferSize(Element.TRANSPORT_OUT_BUFFER_SIZE_ATTRIBUTE.asInt(node));
}
- boolean sslEnabled = false;
SSLConfiguration ssl = new SSLConfiguration();
- ssl.setAuthenticationMode(SSLConfiguration.ANONYMOUS);
+ ssl.setMode(SSLConfiguration.DISABLED);
- if (Element.SSL_ENABLE_ATTRIBUTE.isDefined(node)) {
- ssl.setMode(Element.SSL_ENABLE_ATTRIBUTE.asString(node));
- sslEnabled = true;
- }
-
if (Element.SSL_MODE_ATTRIBUTE.isDefined(node)) {
ssl.setMode(Element.SSL_MODE_ATTRIBUTE.asString(node));
}
@@ -293,9 +282,7 @@
if (Element.SSL_TRUSTSTORE_PASSWORD_ATTRIBUTE.isDefined(node)) {
ssl.setTruststorePassword(Element.SSL_TRUSTSTORE_PASSWORD_ATTRIBUTE.asString(node));
}
- if (sslEnabled) {
- socket.setSSLConfiguration(ssl);
- }
+ socket.setSSLConfiguration(ssl);
return socket;
}
Modified: trunk/jboss-integration/src/main/resources/org/teiid/jboss/i18n.properties
===================================================================
--- trunk/jboss-integration/src/main/resources/org/teiid/jboss/i18n.properties 2012-07-19
20:28:45 UTC (rev 4247)
+++ trunk/jboss-integration/src/main/resources/org/teiid/jboss/i18n.properties 2012-07-20
00:58:49 UTC (rev 4248)
@@ -142,13 +142,12 @@
pg-max-lob-size-in-bytes.describe=Max LOB size in Postgres protocol, as streaming is not
supported
-ssl-enable.describe=Enable SSL.
ssl-mode.describe=can be one of disabled, login, or enabled \
disabled = no transport or message level security will be used; \
login = only the login traffic will be encrypted at a message level \
using 128 bit AES with an ephemerial DH key exchange. \
- No other config values are needed in this mode; \
- enabled = traffic will be secured using this configuration,if the client
supports SSL
+ No other config values are needed in this mode; and it only applies
to the JDBC transport \
+ enabled = traffic will be secured using this configuration, if the client
supports SSL
ssl-authentication-mode.describe=Authentication Mode (1-way, 2-way, anonymous)
ssl-ssl-protocol.describe=SSL protocol used
ssl-keymanagement-algorithm.describe=Use key management algorithm
Modified: trunk/jboss-integration/src/test/resources/teiid-sample-config.xml
===================================================================
--- trunk/jboss-integration/src/test/resources/teiid-sample-config.xml 2012-07-19 20:28:45
UTC (rev 4247)
+++ trunk/jboss-integration/src/test/resources/teiid-sample-config.xml 2012-07-20 00:58:49
UTC (rev 4248)
@@ -35,7 +35,7 @@
<transport name="odbc" protocol="pg"
socket-binding="teiid-odbc" max-socket-threads="1"
input-buffer-size="2" output-buffer-size="3">
<authentication security-domain="teiid-security,teiid-security2"
max-sessions-allowed="5000" sessions-expiration-timelimit="0"
krb5-domain="krb5"/>
<pg max-lob-size-in-bytes="5242880"/>
- <ssl enable="true" mode="login"
authentication-mode="1-way" ssl-protocol="ssl-protocol"
keymanagement-algorithm="algo">
+ <ssl mode="login" authentication-mode="1-way"
ssl-protocol="ssl-protocol" keymanagement-algorithm="algo">
<keystore name="keystore name" password="keystore
passs" type="keystore type"/>
<truststore name="truststore name" password="truststore
pass"/>
</ssl>
Modified: trunk/jboss-integration/src/test/resources/teiid-transport-config.txt
===================================================================
--- trunk/jboss-integration/src/test/resources/teiid-transport-config.txt 2012-07-19
20:28:45 UTC (rev 4247)
+++ trunk/jboss-integration/src/test/resources/teiid-transport-config.txt 2012-07-20
00:58:49 UTC (rev 4248)
@@ -56,15 +56,9 @@
"required" => false,
"default" => 5242880
},
- "ssl-enable" => {
- "type" => BOOLEAN,
- "description" => "Enable SSL.",
- "required" => false,
- "default" => false
- },
"ssl-mode" => {
"type" => STRING,
- "description" => "can be one of disabled, login, or enabled
disabled = no transport or message level security will be used; login = only the login
traffic will be encrypted at a message level using 128 bit AES with an ephemerial DH key
exchange. No other config values are needed in this mode; enabled = traffic will be
secured using this configuration,if the client supports SSL",
+ "description" => "can be one of disabled, login, or enabled
disabled = no transport or message level security will be used; login = only the login
traffic will be encrypted at a message level using 128 bit AES with an ephemerial DH key
exchange. No other config values are needed in this mode; and it only applies to the JDBC
transport enabled = traffic will be secured using this configuration, if the client
supports SSL",
"required" => false,
"default" => "login"
},
Modified: trunk/runtime/src/main/java/org/teiid/transport/SSLConfiguration.java
===================================================================
--- trunk/runtime/src/main/java/org/teiid/transport/SSLConfiguration.java 2012-07-19
20:28:45 UTC (rev 4247)
+++ trunk/runtime/src/main/java/org/teiid/transport/SSLConfiguration.java 2012-07-20
00:58:49 UTC (rev 4248)
@@ -41,7 +41,7 @@
public static final String TWOWAY = "2-way"; //$NON-NLS-1$
public static final String ANONYMOUS = "anonymous"; //$NON-NLS-1$
- public static final String LOGIN = "logIn"; //$NON-NLS-1$
+ public static final String LOGIN = "login"; //$NON-NLS-1$
public static final String DISABLED = "disabled"; //$NON-NLS-1$
public static final String ENABLED = "enabled"; //$NON-NLS-1$
@@ -100,11 +100,11 @@
}
public boolean isClientEncryptionEnabled() {
- return LOGIN.equals(mode);
+ return LOGIN.equalsIgnoreCase(mode);
}
public boolean isSslEnabled() {
- return ENABLED.equals(mode);
+ return ENABLED.equalsIgnoreCase(mode);
}
public String getMode() {
Modified: trunk/runtime/src/test/java/org/teiid/transport/TestCommSockets.java
===================================================================
--- trunk/runtime/src/test/java/org/teiid/transport/TestCommSockets.java 2012-07-19
20:28:45 UTC (rev 4247)
+++ trunk/runtime/src/test/java/org/teiid/transport/TestCommSockets.java 2012-07-20
00:58:49 UTC (rev 4248)
@@ -267,4 +267,13 @@
assertArrayEquals(new String[] {"x","y","z"},
config.getEnabledCipherSuitesAsArray());
}
+ @Test public void testAnonSSLMode() throws Exception {
+ SSLConfiguration config = new SSLConfiguration();
+ config.setMode("enabled");
+ assertFalse(config.isClientEncryptionEnabled());
+ assertTrue(config.isSslEnabled());
+ config.setMode("login");
+ assertTrue(config.isClientEncryptionEnabled());
+ }
+
}