[esb-issues] [JBoss JIRA] Commented: (JBESB-2121) Replace crypto util with sealed object

Kevin Conner (JIRA) jira-events at lists.jboss.org
Fri Oct 17 03:55:20 EDT 2008 

    [ https://jira.jboss.org/jira/browse/JBESB-2121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12434195#action_12434195 ] 

Kevin Conner commented on JBESB-2121:
-------------------------------------

> Yes, this is intentional. The requirement here is that the correct credentials exist in the keystores and that the ESBs have these in common.

I believe it was intentional, but was not what I thought you were doing :)

> The reason is that the subject is used when executing the pipeline.

But why the credentials?  The only aspect used for the authorisation are the Principals associated with the subject and not its credentials.

> Yes, that is correct. But this has sort of been a moving target and this was not always the case.

Well, lets make sure it isn't moving any more and make it explicit.  The introduction of the encryption appears to have removed one ability.

> I'm really not sure anymore what should be passed between the ESB and what requirements we have for interoperability :(
> So I definitely think that we should talk and see if we can get the requirements set and then take it from there.

Definitely, lets get together and flesh everything out once and for all.

> Replace crypto util with sealed object
> --------------------------------------
>
>                 Key: JBESB-2121
>                 URL: https://jira.jboss.org/jira/browse/JBESB-2121
>             Project: JBoss ESB
>          Issue Type: Task
>      Security Level: Public(Everyone can see) 
>          Components: Security
>    Affects Versions: 4.4 CP1
>            Reporter: Kevin Conner
>            Assignee: Daniel Bevenius
>             Fix For: 4.4 CP1
>
>
> The crypto util classes are used to encrypt the SecurityContext but we should be able to use a SealedObject.
> The util also relies on having a keystore configured but it would be sufficient to have the key(s) automatically generated on startup and use this to encrypt the session information.
> Another issue with the class is that the encrypt/decrypt methods repeatedly encrypt the serialised data in chunks but the encrypt/decrypt sizes are very dependent on the block cipher in use (currently RSA).  If the configuration specifies a different cipher then this is likely to fail.  If we can move to a SealedObject then this should no longer be an issue.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the esb-issues mailing list