[jboss-dev-forums] [Design the new POJO MicroContainer] - Security services deployer for the MC
david.lloyd@jboss.com
do-not-reply at jboss.com
Wed Jan 21 21:29:20 EST 2009
I've made another deployer. The purpose of this deployer is to support the injection of security-related entities (Ciphers, SecureRandoms, MessageDigests etc).
It lives in the sandbox here: http://anonsvn.jboss.org/repos/sandbox/david.lloyd/jboss-securityservice/trunk
To use it in a deployment, you'd do something like this (example taken from the XNIO SSH implementation in development):
| <security-service xmlns="urn:jboss:security-service:1.0">
|
| <!-- standard Diffie-Hellman key exchangers -->
|
| <secure-random name="SshSecureRandom" algorithm="SHA1PRNG"/>
|
| <diffie-hellman-parameter-spec name="OakleyGroup2">
| <generator value="2"/>
| <prime radix="16">
| FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1
| 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD
| EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245
| E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED
| EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381
| FFFFFFFF FFFFFFFF
| </prime>
| </diffie-hellman-parameter-spec>
|
| <diffie-hellman-parameter-spec name="OakleyGroup14">
| <generator value="2"/>
| <prime radix="16">
| FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1
| 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD
| EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245
| E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED
| EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D
| C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F
| 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D
| 670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B
| E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9
| DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510
| 15728E5A 8AACAA68 FFFFFFFF FFFFFFFF
| </prime>
| </diffie-hellman-parameter-spec>
|
| <key-factory kind="factory" name="DHKeyFactory" algorithm="DiffieHellman"/>
|
| <key-agreement kind="factory" name="DHKeyAgreement" algorithm="DiffieHellman"/>
|
| <key-pair-generator kind="factory" name="DHKeyPairGenerator" algorithm="DiffieHellman"/>
|
| <message-digest kind="factory" name="DHSHA1Digest" algorithm="SHA-1"/>
|
| <!-- SSH MAC algorithms -->
|
| <mac kind="factory" name="SshMac-hmac-sha1" algorithm="HmacSHA1"/>
|
| <mac kind="factory" name="SshMac-hmac-sha1-96" algorithm="HmacSHA1" truncate-length="96"/>
|
| <mac kind="factory" name="SshMac-hmac-md5" algorithm="HmacMD5"/>
|
| <mac kind="factory" name="SshMac-hmac-md5-96" algorithm="HmacMD5" truncate-length="96"/>
|
| <!-- SSH Ciphers -->
|
| <cipher kind="factory" name="SshCipher-DESede" algorithm="DESede/CBC/NoPadding"/>
| <cipher kind="factory" name="SshCipber-Blowfish" algorithm="Blowfish/CBC/NoPadding"/>
| <cipher kind="factory" name="SshCipher-AES" algorithm="AES/CBC/NoPadding"/>
| <cipher kind="factory" name="SshCipher-ARC4" algorithm="ARCFOUR/ECB/NoPadding"/>
| <!-- SSH public key algorithms -->
|
| <cipher kind="factory" name="SshCipher-rsa" algorithm="RSA"/>
|
| </security-service>
|
Then these things are available for injection as standard POJOs, which decouples the data (like the large primes) and the configuration (the ciphers etc.) from the application.
I can't really think of any way to justify sticking this in to the MC proper, but if anyone has any interest in any of this functionality, I'll be putting out a real release sometime before the XNIO SSH implementation is released...
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4203834#4203834
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4203834
More information about the jboss-dev-forums
mailing list