[jboss-svn-commits] JBL Code SVN: r22707 - in labs/jbossesb/branches/JBESB_4_4_GA_CP/product: etc/schemas/xml and 31 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Fri Sep 12 05:01:30 EDT 2008
Author: beve
Date: 2008-09-12 05:01:29 -0400 (Fri, 12 Sep 2008)
New Revision: 22707
Added:
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/install/conf/privateKeyStore
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/install/conf/publicKeyStore
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/PrivateCryptoUtil.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/PublicCryptoUtil.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/util/
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/util/CryptoUtil.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/PrivateCryptoUtilUnitTest.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/privateKeyStore
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/webservice/no-security-properties.xml
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/webservice/publicKeyStore
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/webservice/security-properties.xml
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/PublicCryptoUtilUnitTest.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/publicKeyStore
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/publish_as_webservice/publicKeyStore
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/build.xml
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/deployment.xml
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jbm-queue-service.xml
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jbmq-queue-service.xml
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jboss-esb.xml
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jbossesb-properties.xml
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jndi.properties
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/juddi.properties
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/lib/
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/log4j.xml
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/publicKeyStore
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/readme.txt
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/jboss/
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/jboss/soa/
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/jboss/soa/esb/
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/jboss/soa/esb/samples/
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/jboss/soa/esb/samples/quickstart/
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/jboss/soa/esb/samples/quickstart/securitybasic/
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/jboss/soa/esb/samples/quickstart/securitybasic/HttpClient.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/jboss/soa/esb/samples/quickstart/securitybasic/MyListenerAction.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/jboss/soa/esb/samples/quickstart/securitybasic/test/
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/jboss/soa/esb/samples/quickstart/securitybasic/test/SendEsbMessage.java
Modified:
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/build-distr.xml
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/etc/schemas/xml/jbossesb-1.0.1.xsd
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/install/conf/jbossesb-properties.xml
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/webservice/BaseWebService.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/client/ServiceInvoker.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/common/Configuration.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/common/Environment.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerTagNames.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/gateway/JBossRemotingGatewayListener.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfig.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigUtil.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/actions/JBossSecurityPropagator.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/AuthenticationRequest.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/security-properties.xml
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/webservice/BaseWebServiceUnitTest.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityConfigUtilUnitTest.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/actions/JBossSecurityPropagatorUnitTest.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/security-properties.xml
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/publish_as_webservice/jboss-esb.xml
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/publish_as_webservice/jbossesb-properties.xml
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/publish_as_webservice/src/org/jboss/soa/esb/samples/quickstart/publishAsWebservice/test/SendEsbMessage.java
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/webservice_producer_secured/jboss-esb.xml
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/webservice_producer_secured/src/org/jboss/soa/esb/samples/quickstart/webserviceproducersecured/PrintSubjectAction.java
Log:
Work for:
https://jira.jboss.org/jira/browse/JBESB-2007 "Add automatic authorisation into the pipeline"
https://jira.jboss.org/jira/browse/JBESB-2008 "Security context propagation"
https://jira.jboss.org/jira/browse/JBESB-2009 "Improve authentication processing in the ESB"
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/build-distr.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/build-distr.xml 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/build-distr.xml 2008-09-12 09:01:29 UTC (rev 22707)
@@ -81,6 +81,8 @@
<include name="esb.juddi.xml"/>
<include name="actionArtifactMap.properties"/>
<include name="jaas.login"/>
+ <include name="privateKeyStore"/>
+ <include name="publicKeyStore"/>
</fileset>
<fileset dir="${installation.files.dir}/jUDDI-registry">
<include name="juddi-ds.xml"/>
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/etc/schemas/xml/jbossesb-1.0.1.xsd
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/etc/schemas/xml/jbossesb-1.0.1.xsd 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/etc/schemas/xml/jbossesb-1.0.1.xsd 2008-09-12 09:01:29 UTC (rev 22707)
@@ -426,6 +426,13 @@
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
+ <xsd:attribute name="rolesAllowed" type="xsd:string" use="optional">
+ <xsd:annotation>
+ <xsd:documentation xml:lang="en">
+ Specifies one or more logical roles that are allowed to acccess the service.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
<xsd:attribute name="moduleName" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation xml:lang="en">
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/install/conf/jbossesb-properties.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/install/conf/jbossesb-properties.xml 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/install/conf/jbossesb-properties.xml 2008-09-12 09:01:29 UTC (rev 22707)
@@ -41,6 +41,19 @@
<property name="org.jboss.soa.esb.services.security.implementationClass" value="org.jboss.internal.soa.esb.services.security.JaasSecurityService"/>
<property name="org.jboss.soa.esb.services.security.callbackHandler" value="org.jboss.internal.soa.esb.services.security.UserPassCallbackHandler"/>
<property name="org.jboss.soa.esb.services.security.configUrl" value="/jaas.login"/>
+
+ <property name="org.jboss.soa.esb.services.security.privateKeystore" value="/privateKeyStore"/>
+ <property name="org.jboss.soa.esb.services.security.privateKeystorePassword" value="testKeystorePassword"/>
+ <property name="org.jboss.soa.esb.services.security.privateKeyAlias" value="testAlias"/>
+ <property name="org.jboss.soa.esb.services.security.privateKeyPassword" value="testPassword"/>
+ <property name="org.jboss.soa.esb.services.security.privateKeyTransformation" value="RSA/ECB/PKCS1Padding"/>
+
+ <property name="org.jboss.soa.esb.services.security.publicKeystore" value="/publicKeyStore"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeystorePassword" value="testKeystorePassword"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeyAlias" value="testAlias"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeyPassword" value="testPassword"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeyTransformation" value="RSA/ECB/PKCS1Padding"/>
+
</properties>
<properties name="registry">
<property name="org.jboss.soa.esb.registry.queryManagerURI" value="org.apache.juddi.registry.local.InquiryService#inquire"/>
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/install/conf/privateKeyStore
===================================================================
(Binary files differ)
Property changes on: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/install/conf/privateKeyStore
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/install/conf/publicKeyStore
===================================================================
(Binary files differ)
Property changes on: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/install/conf/publicKeyStore
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -2,17 +2,17 @@
* JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
* LLC, and individual contributors by the @authors tag. See the copyright.txt
* in the distribution for a full listing of individual contributors.
- *
+ *
* This is free software; you can redistribute it and/or modify it under the
* terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
- *
+ *
* This software is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
- *
+ *
* You should have received a copy of the GNU Lesser General Public License
* along with this software; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
@@ -23,6 +23,7 @@
import java.net.URL;
import java.security.Principal;
import java.security.Security;
+import java.util.List;
import java.util.Properties;
import java.util.Set;
@@ -32,8 +33,6 @@
import org.apache.log4j.Logger;
import org.jboss.internal.soa.esb.assertion.AssertArgument;
-import org.jboss.security.RunAsIdentity;
-import org.jboss.security.SecurityAssociation;
import org.jboss.soa.esb.ConfigurationException;
import org.jboss.soa.esb.common.Configuration;
import org.jboss.soa.esb.common.Environment;
@@ -61,8 +60,8 @@
* <property name="org.jboss.soa.esb.services.security.callbackHandler" value="org.jboss.internal.soa.esb.services.security.UserPassCallbackHandler"/>
* <property name="org.jboss.soa.esb.services.security.configUrl" value="/jaas.login"/>
* </properties>
- * </pre>}
- *
+ * </pre>}
+ *
* @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
* @Since 4.4
*/
@@ -72,47 +71,47 @@
* Property name for login config urls.
*/
private static final String LOGIN_CONFIG_URL_PREFIX = "login.config.url.";
-
+
/*
* Callback handler implementation name
*/
private String callbackHandlerClassName;
- /*
- * Original login configuration e.g JBoss AS login configuration
+ /*
+ * Original login configuration e.g JBoss AS login configuration
*/
private javax.security.auth.login.Configuration containerConfig;
-
+
/*
* Custom login configuration
*/
private javax.security.auth.login.Configuration configuration;
-
+
private final Logger log = Logger.getLogger(JaasSecurityService.class);
/**
* Performs authentication of the passed in SecurityContext.
* </p>
- *
+ *
* This method will first try to authenticate the authRequest by using a custom <br>
* javax.security.auth.login.Configuration, which would be the case where the <br>
- * login module name specified exists in a jaas.login file.
+ * login module name specified exists in a jaas.login file.
* <br>
* If the login module name cannot be found in jaas.login then this method will <br>
* fall back and try to authenticate using a an underlying Configuration. This would <br>
* be the case when running in an appserver for instance.
- *
+ *
* @param config - the security configuration. Properties from jboss-esb.xml
* @param securityContext - the security context to be used.
* @param authRequest - the authentication request to be processed.
- * @throws SecurityServiceException
+ * @throws SecurityServiceException
* @throws LoginException if the authentication fails
*/
public void authenticate(final SecurityConfig config, SecurityContext securityContext, final AuthenticationRequest authRequest) throws SecurityServiceException
{
AssertArgument.isNotNull(securityContext, "securityContext");
AssertArgument.isNotNull(config, "config");
-
+
LoginContext loginContext;
final String runAs = config.getRunAs();
try
@@ -128,30 +127,46 @@
// fall back and try using the orginal configuration(for example jboss login-config.xml)
loginContext = new LoginContext(config.getModuleName(), securityContext.getSubject(), callbackHandler, containerConfig);
}
-
- // invoke the login process
+
+ // invoke the login process
loginContext.login();
-
+
+ final Subject subject = securityContext.getSubject();
+
// add a runAs group if specified
- addRunAs(runAs, securityContext.getSubject());
- }
+ addRunAs(runAs, subject);
+
+ // check that the caller belongs to one of the allowed roles
+ List<String> rolesAllowed = config.getRolesAllowed();
+ if (!rolesAllowed.isEmpty())
+ {
+ boolean checkRolesAllowed = checkRolesAllowed(config.getRolesAllowed(), securityContext);
+ if (!checkRolesAllowed)
+ {
+ throw new SecurityServiceException("Caller did not belong to any of the rolesAllowed " + config.getRolesAllowed());
+ }
+ }
+ }
catch (final LoginException e)
{
throw new SecurityServiceException("Exception while trying to login:", e);
- }
-
- final Subject subject = securityContext.getSubject();
- final Principal principal = getPrincipal(subject);
- // associate the subject with jboss security
- SecurityAssociation.pushSubjectContext(subject, principal, subject.getPublicCredentials());
-
- // associate the runAs role with jboss security
- if ( runAs != null )
- {
- SecurityAssociation.pushRunAsIdentity(new RunAsIdentity(runAs, principal.getName()));
}
+
}
-
+
+ private boolean checkRolesAllowed(final List<String> rolesAllowed, SecurityContext securityContext)
+ {
+ for (String roleName : rolesAllowed)
+ {
+ boolean isInRole = securityContext.isCallerInRole(roleName);
+ if (isInRole)
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
/**
* Determines if the passed in Subject has the role specified in the context.
* @return true - if the callers has the role
@@ -166,7 +181,7 @@
}
return false;
}
-
+
/**
* Configures by reading the value of the property 'org.jboss.soa.esb.services.security.configUrl'
* from jbossesb-properties, is one exists.
@@ -181,7 +196,7 @@
{
log.warn("Could not locate a security configuration");
}
-
+
final Properties securityProperties = Configuration.getSecurityServiceProperies();
final String loginConfigUrl = securityProperties.getProperty(Environment.SECURITY_SERVICE_CONFIG_URL);
if ( loginConfigUrl != null )
@@ -195,11 +210,11 @@
}
addLoginConfig(loginUrl);
}
-
+
// get a EsbCallbackHandler if one is configured in jbossesb-properties.xml
callbackHandlerClassName = securityProperties.getProperty(Environment.SECURITY_SERVICE_CALLBACK_HANLDER_CLASS);
}
-
+
public void logout(SecurityConfig config)
{
// NoOp
@@ -236,16 +251,16 @@
* }</pre><br>
* After an instance has been created its {@link EsbCallbackHandler#setAuthenticationRequest(AuthenticationRequest)} method is called
* which gives the callback handler access to the authentication information.
- *
+ *
* @param config - the security configuration information(from jboss-esb.xml)
* @param authRequest - the authentication request information
* @return EsbCallbackHandler - new instance with authReqeust set or null if no callback handler has been specified in either jboss-esb.xml or jbossesb-properties.xml
* @throws SecurityServiceException - if an EsbCallbackHandler has specified in the configuration but the implementation cannot be created.
*/
- private EsbCallbackHandler createCallbackHandler( final SecurityConfig config, final AuthenticationRequest authRequest ) throws SecurityServiceException
+ private EsbCallbackHandler createCallbackHandler( final SecurityConfig config, final AuthenticationRequest authRequest ) throws SecurityServiceException
{
EsbCallbackHandler callbackHandler = null;
-
+
// check if a callbackhandler was specified in jboss-esb.xml
String callbackImpl = config.getCallbackHandler();
if ( callbackImpl == null )
@@ -253,7 +268,7 @@
// use the global callbackhandler that can be specified in jbossesb-properties.xml(optional)
callbackImpl = callbackHandlerClassName;
}
-
+
if ( callbackImpl != null )
{
callbackHandler = createNewInstance(callbackImpl);
@@ -271,7 +286,7 @@
{
throw new ConfigurationException("Could not locate the login config file at Url [" + loginConfigUrl + "]");
}
-
+
int urlIndex = 1;
boolean loginUrlRegistered = false;
String registeredLoginUrl;
@@ -287,7 +302,7 @@
urlIndex++;
}
}
-
+
if (!loginUrlRegistered)
{
log.info("Adding file [ " + loginConfigUrl + "] as [" + LOGIN_CONFIG_URL_PREFIX + urlIndex + "]");
@@ -295,12 +310,12 @@
setConfiguration(new ConfigFile());
}
}
-
+
private synchronized javax.security.auth.login.Configuration getConfiguration()
{
return configuration;
}
-
+
private synchronized void setConfiguration(final javax.security.auth.login.Configuration configuration)
{
this.configuration = configuration;
@@ -331,26 +346,26 @@
}
}
- private <T extends EsbCallbackHandler> T createNewInstance( final String className ) throws SecurityServiceException
+ private <T extends EsbCallbackHandler> T createNewInstance( final String className ) throws SecurityServiceException
{
try
{
@SuppressWarnings("unchecked")
Class<T> forName = ClassUtil.forName(className, getClass());
return forName.newInstance();
- }
+ }
catch (final ClassNotFoundException e)
{
throw new SecurityServiceException("ClassNotFoundException while trying to create an impl of [" + className + "]", e);
- }
+ }
catch (final InstantiationException e)
{
throw new SecurityServiceException("InstantiationException while trying to create an impl of [" + className + "]", e);
- }
+ }
catch (final IllegalAccessException e)
{
throw new SecurityServiceException("IllegalAccess while trying to create an impl of [" + className + "]", e);
}
}
-
+
}
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/PrivateCryptoUtil.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/PrivateCryptoUtil.java (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/services/security/PrivateCryptoUtil.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,253 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.internal.soa.esb.services.security;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+
+import org.apache.log4j.Logger;
+import org.jboss.soa.esb.common.Configuration;
+import org.jboss.soa.esb.common.Environment;
+import org.jboss.soa.esb.services.security.SecurityServiceException;
+import org.jboss.soa.esb.services.security.util.CryptoUtil;
+import org.jboss.soa.esb.util.ClassUtil;
+
+/**
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
+public enum PrivateCryptoUtil
+{
+ INSTANCE;
+
+ private final Logger log = Logger.getLogger(PrivateCryptoUtil.class);
+ private Key key;
+ private PublicKey publicKey;
+ private String transformation;
+
+ private PrivateCryptoUtil()
+ {
+ try
+ {
+ init();
+ }
+ catch (final Exception e)
+ {
+ throw new IllegalStateException(e.getMessage(), e);
+ }
+ }
+
+ private void init() throws SecurityServiceException
+ {
+ String keystorePath = Configuration.getSecurityServicePrivateKeystore();
+ if (keystorePath == null)
+ {
+ throw new SecurityServiceException("No private keystore was specified in jbossesb-properites.xml. Add '" + Environment.SECURITY_SERVICE_PRIVATE_KEYSTORE + "'");
+ }
+ else
+ {
+ try
+ {
+ String keystoreType = Configuration.getSecurityServicePrivateKeystoreType();
+ if (keystoreType == null)
+ {
+ keystoreType = KeyStore.getDefaultType();
+ }
+ String keystorePassword = Configuration.getSecurityServicePrivateKeystorePassword();
+ String privateKeyAlias = Configuration.getSecurityServicePrivateKeyAlias();
+ String privateKeyPass = Configuration.getSecurityServicePrivateKeyPassword();
+
+ try
+ {
+ KeyStore keystore = KeyStore.getInstance(keystoreType);
+ InputStream in = ClassUtil.getResourceAsStream(keystorePath, this.getClass());
+ if (in == null)
+ {
+ throw new SecurityServiceException("Could not locate public keystore using '" + keystorePath + "'");
+ }
+
+ // load the keystore contents
+ keystore.load(in, keystorePassword.toCharArray());
+ key = keystore.getKey(privateKeyAlias, privateKeyPass.toCharArray());
+ Certificate certificate = keystore.getCertificate(privateKeyAlias);
+ publicKey = certificate.getPublicKey();
+
+ // "algorithm/mode/padding" or defaults to "algorithm"
+ transformation = Configuration.getSecurityServicePrivateKeyTransformation();
+ if (transformation == null)
+ {
+ this.transformation = key.getAlgorithm();
+ }
+ }
+ finally
+ {
+ keystorePassword = null;
+ privateKeyAlias = null;
+ privateKeyPass = null;
+ }
+ }
+ catch (final KeyStoreException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ catch (final NoSuchAlgorithmException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ catch (final CertificateException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ catch (final IOException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ catch (final UnrecoverableKeyException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ }
+ }
+
+ private static byte[] getBytes(final Serializable ser) throws IOException
+ {
+ ByteArrayOutputStream bout = new ByteArrayOutputStream();
+ ObjectOutputStream oout = new ObjectOutputStream(bout);
+ oout.writeObject(ser);
+ return bout.toByteArray();
+ }
+
+ public byte[] encrypt(final Serializable object) throws SecurityServiceException
+ {
+ ByteArrayInputStream plainInStream;
+ try
+ {
+ plainInStream = new ByteArrayInputStream(getBytes(object));
+ }
+ catch (final IOException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+
+ ByteArrayOutputStream encryptedOutStream = new ByteArrayOutputStream();
+
+ try
+ {
+ byte[] buf = new byte[100];
+ int bufLength;
+ while ( (bufLength = plainInStream.read(buf)) != -1)
+ {
+ byte[] tmp = CryptoUtil.encrypt(copyBytes(buf,bufLength),publicKey, transformation);
+ encryptedOutStream.write(tmp);
+ encryptedOutStream.flush();
+ }
+ return encryptedOutStream.toByteArray();
+ }
+ catch (final IOException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ }
+
+ public Serializable decrypt(final byte[] bytes) throws SecurityServiceException
+ {
+ ByteArrayInputStream encryptedBytesInStream = new ByteArrayInputStream(bytes);
+
+ ByteArrayOutputStream decryptedBytesOutStream = new ByteArrayOutputStream();
+
+ byte[] decryptBytes = null;
+ try
+ {
+ byte[] buf = new byte[128];
+ int bufLenth;
+ while ( (bufLenth = encryptedBytesInStream.read(buf)) != -1)
+ {
+ byte[] tmp = CryptoUtil.decrypt( copyBytes(buf,bufLenth),(PrivateKey)key, transformation);
+ decryptedBytesOutStream.write(tmp);
+ decryptedBytesOutStream.flush();
+ decryptBytes = decryptedBytesOutStream.toByteArray();
+ }
+ }
+ catch (final IOException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ finally
+ {
+ try { decryptedBytesOutStream.close(); } catch (IOException ignore) { log.error(ignore.getMessage(),ignore); }
+ }
+
+ return toSerializable(decryptBytes);
+ }
+
+ private Serializable toSerializable(final byte[] decryptBytes) throws SecurityServiceException
+ {
+ ObjectInputStream inputStream = null;
+ try
+ {
+ inputStream = new ObjectInputStream(new ByteArrayInputStream(decryptBytes));
+ return (Serializable) inputStream.readObject();
+ }
+ catch (final IOException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ catch (final ClassNotFoundException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ finally
+ {
+ try { inputStream.close(); } catch (IOException ignore) { log.error(ignore.getMessage(), ignore); }
+ }
+ }
+
+ private static byte[] copyBytes(byte[] bytes, int length)
+ {
+ if (bytes.length == length)
+ {
+ return bytes;
+ }
+
+ byte[] newBytes = new byte[length];
+ for (int i = 0; i < length; i++)
+ {
+ newBytes[i] = bytes[i];
+ }
+ return newBytes;
+ }
+
+}
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/webservice/BaseWebService.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/webservice/BaseWebService.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/internal/soa/esb/webservice/BaseWebService.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -24,6 +24,7 @@
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.PrintWriter;
+import java.io.Serializable;
import java.io.StringWriter;
import java.util.Iterator;
@@ -50,7 +51,9 @@
import org.jboss.soa.esb.message.Fault;
import org.jboss.soa.esb.message.Message;
import org.jboss.soa.esb.message.format.MessageFactory;
+import org.jboss.soa.esb.services.security.PublicCryptoUtil;
import org.jboss.soa.esb.services.security.SecurityService;
+import org.jboss.soa.esb.services.security.SecurityServiceException;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
import org.jboss.soa.esb.services.security.auth.ws.WSSecuritySoapExtractor;
import org.w3c.dom.Document;
@@ -65,21 +68,21 @@
public abstract class BaseWebService implements Provider<SOAPMessage>
{
private static final QName SERVER_FAULT_QN = new QName("http://schemas.xmlsoap.org/soap/envelope/", "Server") ;
-
+
private static final boolean RETURN_STACK_TRACES ;
private static final Logger LOGGER = Logger.getLogger(BaseWebService.class);
-
+
protected final ServiceInvoker serviceInvoker ;
-
- private WSSecuritySoapExtractor securityExtractor;
-
+
+ private final WSSecuritySoapExtractor securityExtractor;
+
protected BaseWebService(final String category, final String name)
throws MessageDeliverException
{
serviceInvoker = new ServiceInvoker(category, name) ;
securityExtractor = new WSSecuritySoapExtractor();
}
-
+
public SOAPMessage invoke(final SOAPMessage request)
{
final Message esbReq = MessageFactory.getInstance().getMessage() ;
@@ -109,15 +112,15 @@
found = true ;
}
}
-
+
if (!found)
{
throw new SOAPException("Could not find SOAPElement in SOAPBody") ;
}
-
+
// extract security information from SOAP and set on esb message
- extractSecurityInfo(request, esbReq);
-
+ addAuthRequestToMessage(request, esbReq);
+
final Message esbRes = deliverMessage(esbReq) ;
if (esbRes != null)
{
@@ -127,7 +130,7 @@
throw new SOAPException("Null response from service") ;
}
final String soapRes = input.toString();
-
+
final Document respDoc = YADOMUtil.parseStream(new ByteArrayInputStream(soapRes.getBytes()),
false, false, true);
final SOAPMessage response = javax.xml.soap.MessageFactory.newInstance().createMessage();
@@ -159,7 +162,7 @@
final QName faultCode = (QName)body.get(Fault.DETAIL_CODE_CONTENT) ;
final String faultDescription = (String)body.get(Fault.DETAIL_DESCRIPTION_CONTENT) ;
final String faultDetail = (String)body.get(Fault.DETAIL_DETAIL_CONTENT) ;
-
+
if (faultCode != null)
{
faultMsg = javax.xml.soap.MessageFactory.newInstance().createMessage() ;
@@ -186,7 +189,7 @@
}
}
}
-
+
if (faultMsg == null)
{
faultMsg = generateFault(ex) ;
@@ -199,7 +202,7 @@
}
}
}
-
+
private SOAPMessage generateFault(final Throwable th)
throws SOAPException
{
@@ -219,19 +222,27 @@
}
return faultMsg ;
}
-
- private void extractSecurityInfo(final SOAPMessage from, final Message to)
+
+ private void addAuthRequestToMessage(final SOAPMessage from, final Message to) throws SecurityServiceException
{
final AuthenticationRequest authRequest = securityExtractor.extractSecurityInfo(from);
- if ( authRequest != null )
+ if (authRequest != null)
{
- to.getProperties().setProperty( SecurityService.AUTH_REQUEST, authRequest );
+ byte[] encrypted = PublicCryptoUtil.INSTANCE.encrypt((Serializable) authRequest);
+ if (encrypted != null)
+ {
+ to.getProperties().setProperty(SecurityService.AUTH_REQUEST, encrypted);
+ }
+ else
+ {
+ LOGGER.warn("No public keystore has been configured which means that the authentication request cannot be encrypted. Please configure jbossesb-properties.xml with a publickey store.");
+ }
}
}
-
+
protected abstract Message deliverMessage(final Message request)
throws Exception ;
-
+
static
{
final PropertyManager propertyManager = ModulePropertyManager.getPropertyManager(ModulePropertyManager.TRANSPORTS_MODULE) ;
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/client/ServiceInvoker.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/client/ServiceInvoker.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/client/ServiceInvoker.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -23,6 +23,8 @@
import java.util.Date;
import java.util.List;
+import javax.crypto.SealedObject;
+
import org.apache.log4j.Logger;
import org.jboss.internal.soa.esb.addressing.helpers.EPRHelper;
import org.jboss.internal.soa.esb.assertion.AssertArgument;
@@ -56,6 +58,8 @@
import org.jboss.soa.esb.services.persistence.RedeliverStore;
import org.jboss.soa.esb.services.registry.RegistryException;
import org.jboss.soa.esb.services.registry.ServiceNotFoundException;
+import org.jboss.soa.esb.services.security.SecurityContext;
+import org.jboss.soa.esb.services.security.SecurityService;
import org.jboss.soa.esb.util.ClassUtil;
/**
@@ -64,10 +68,10 @@
* Manages loading of {@link EPR EPRs}, {@link Courier} selection and
* message delivery. Provides a unified/simplified interface for message
* delivery.
- *
+ *
* The ServiceInvoker will cache entries from the registry for the relevant
* service. This cache will be refreshed under the following conditions:
- *
+ *
* (i) all of the entries fail on a delivery attempt.
* (ii) the cache times out (see property org.jboss.soa.esb.registry.cache.life): default is
* 60 seconds.
@@ -79,19 +83,19 @@
public static final String INTERNAL_SERVICE_CATEGORY = "JBossESB-Internal";
public static final String DEAD_LETTER_SERVICE_NAME = "DeadLetterService";
public static final String DELIVER_TO = "org.jboss.soa.esb.deliver.to";
-
+
/*
* Remove (suspected) dead EPRs.
*/
-
+
private static boolean removeDeadEprs;
-
+
/*
* Throw an exception on delivery failure rather than retry?
*/
-
+
private static boolean exceptionOnDeliveryFailure;
-
+
/**
* Class logger.
*/
@@ -113,13 +117,13 @@
*/
private ServiceClusterInfo serviceClusterInfo;
/**
- *
+ *
*/
private Date expirationDate;
/**
- *
+ *
*/
- private long registryCacheLife;
+ private final long registryCacheLife;
/**
* Dead letter channel Service invoker.
*/
@@ -137,7 +141,7 @@
public ServiceInvoker(Service service) throws MessageDeliverException {
this(service, null) ;
}
-
+
/**
* Public constructor.
*
@@ -201,9 +205,9 @@
&& !service.equals(dlqService)) {
//Send a copy to the DLQ, no retries for syncDeliveries
message.getProperties().setProperty(DELIVER_TO, service);
-
+
logger.info("Delivering message ["+message.getHeader()+"] to DLQ.");
-
+
deliverToDeadLetterService(message);
}
throw mde;
@@ -219,7 +223,7 @@
* @param message The message to be delivered.
* @throws MessageDeliverException Failed to deliver message, after trying all available EPRs.
*/
- public void deliverAsync(Message message) throws MessageDeliverException
+ public void deliverAsync(Message message) throws MessageDeliverException
{
AssertArgument.isNotNull(message, "message");
// Not interested in a reply
@@ -233,7 +237,7 @@
message.getProperties().setProperty(DELIVER_TO, service);
try {
logger.info("Delivering message ["+message.getHeader()+"] to RDLVRQ.");
-
+
deliverToDeadLetterService(message);
} finally {
message.getProperties().remove(MessageStore.CLASSIFICATION);
@@ -265,7 +269,7 @@
if (dlQueueInvoker == null) {
dlQueueInvoker = new ServiceInvoker(dlqService);
}
-
+
dlQueueInvoker.deliverAsync(message);
}
}
@@ -292,14 +296,14 @@
while (staleEPRCache) {
if ((serviceClusterInfo.getEPRs().size() == 0) || (new Date().after(expirationDate))) {
loadServiceClusterInfo();
-
+
if (initialPass && (serviceClusterInfo.getEPRs().size() == 0)) // zero from a previous send
{
/*
* We need to check to see if this instance used up all of it's attempts to deliver
* in a previous deliver or we'll only refresh the cache once per subsequent send
* because we will have exhausted the EPRs in the cache, i.e., size==0.
- *
+ *
* When the instance is originally created we do an initial cache fetch. Until this
* check, that cache fetch was not being done again after a complete failure. Unlikely
* to cause problems anyway, but possible.
@@ -315,6 +319,11 @@
while ((epr = loadBalancer.chooseEPR(serviceClusterInfo)) != null) {
try
{
+ byte[] encrypted = SecurityContext.getContext();
+ if (encrypted != null)
+ {
+ message.getProperties().setProperty(SecurityService.CONTEXT, encrypted);
+ }
replyMessage = eprInvoker.attemptDelivery(message, epr);
if (replyMessage != null) {
if (Type.isFaultMessage(replyMessage)) {
@@ -324,22 +333,22 @@
return replyMessage;
} else {
logger.info("Unresponsive EPR: " + epr+" for message: "+message.getHeader());
-
+
serviceClusterInfo.removeDeadEPR(epr);
-
+
/*
* So far we've only removed the EPR from the cache. Should we
* also remove it from the registry?
*/
-
+
if (removeDeadEprs)
RegistryUtil.unregister(service.getCategory(), service.getName(), epr);
-
+
/*
* If the message property is set to fail immediately, or the global property is set,
* then don't do retries even if there are other EPRs in the list.
*/
-
+
if (("true".equals(message.getProperties().getProperty(Environment.EXCEPTION_ON_DELIVERY_FAILURE, "false")) || exceptionOnDeliveryFailure))
throw new MessageDeliverException("Failed to deliver message ["+message.getHeader()+"] to Service [" + service + "]. Told not to retry.");
}
@@ -347,9 +356,9 @@
catch (MalformedEPRException ex) // so we can differentiate failure modes, since returning null is limiting
{
logger.info("Invalid EPR for service (probably ESB-unaware): ignoring for message: "+message.getHeader());
-
+
serviceClusterInfo.removeDeadEPR(epr);
-
+
/*
* DO NOT remove from the registry - it is not dead!!
*/
@@ -497,9 +506,9 @@
logger.debug("Courier lookup failed for EPR [" + targetEPR + "] for Service [" + service + "] and Message ["+message.getHeader()+"].", e);
} catch (MalformedEPRException e) {
// probably an ESB-unaware EPR in the registry!!
-
+
logger.info("Badly formed EPR [" + targetEPR + "] for Service [" + service + "] and Message ["+message.getHeader()+"]." + e.getMessage());
-
+
throw e;
} catch (Throwable t) {
logger.warn("Unexpected exception during Courier lookup for EPR [" + targetEPR + "] for Service [" + service + "] and Message ["+message.getHeader()+"].", t);
@@ -544,32 +553,32 @@
throw e;
} catch (final CourierServiceBindException e) {
// meant to be masked by the SI fail-over
-
+
logger.debug("Caught service lookup exception for EPR [" + targetEPR + "] and Service [" + service + "] and Message ["+message.getHeader()+"]. " + e.getMessage());
-
+
// could be stale EPR, so move on to next entry in registry.
} catch (final CourierMarshalUnmarshalException e) {
logger.warn("Courier indicated (un)marshal related error "+e+" during delivery to EPR [" + targetEPR + "] for Service [" + service + "] and Message ["+message.getHeader()+"]. " + e.getMessage());
-
+
throw new MessageDeliverException("Caught (un)marshal related exception during attempted send/receive.", e);
} catch (final CourierTransportException e) {
// meant to be masked by the SI fail-over
-
+
logger.debug("Courier indicated transport related error "+e+" during send/receive with EPR [" + targetEPR + "] for Service [" + service + "] and Message ["+message.getHeader()+"]. " + e.getMessage());
} catch (CourierException e) {
// probable config error. Log it and move on to next EPR/service entry.
-
+
logger.warn("Possible configuration error while using Courier for EPR [" + targetEPR + "] and Service [" + service + "] and Message ["+message.getHeader()+"]. " + e.getMessage());
} catch (MalformedEPRException e) {
// Hmmmm???... Can this really happen? The Courier has already been created. Haven't we already validated the EPR during the Courier lookup (above)??
logger.error("Unexpected error. Badly formed EPR [" + targetEPR + "] for Service [" + service + "]. But the EPR has already been validated!!");
-
+
throw e;
} catch (Throwable t) {
logger.error("Unexpected throwable during attempted message delivery using Courier for EPR [" + targetEPR + "] for Service [" + service + "] and Message ["+message.getHeader()+"].", t);
-
+
// we don't know what state we're in so better to bail-out now!
-
+
throw new MessageDeliverException("Caught unexpected throwable during send. Bailing-out!", t);
} finally {
CourierUtil.cleanCourier(courier);
@@ -584,11 +593,11 @@
return null;
}
}
-
+
static
{
String pruneDead = ModulePropertyManager.getPropertyManager(ModulePropertyManager.CORE_MODULE).getProperty(Environment.REMOVE_DEAD_EPR, "false");
-
+
if ("true".equalsIgnoreCase(pruneDead))
{
removeDeadEprs = true;
@@ -597,9 +606,9 @@
{
removeDeadEprs = false;
}
-
+
String exceptionOnFailure = ModulePropertyManager.getPropertyManager(ModulePropertyManager.CORE_MODULE).getProperty(Environment.EXCEPTION_ON_DELIVERY_FAILURE, "false");
-
+
if ("true".equalsIgnoreCase(exceptionOnFailure))
{
exceptionOnDeliveryFailure = true;
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/common/Configuration.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/common/Configuration.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/common/Configuration.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -41,7 +41,7 @@
public class Configuration
{
private static Logger _logger = Logger.getLogger(Configuration.class);
-
+
private static KeyValuePair[] s_oaKV = new KeyValuePair[]
{
new KeyValuePair(Environment.SMTP_HOST, getSmtpHost()),
@@ -130,31 +130,31 @@
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.CORE_MODULE).getProperty(Environment.JNDI_SERVER_URL,
Environment.DEFAULT_HOST);
}
-
+
public static String getJndiServerContextFactory()
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.CORE_MODULE).getProperty(Environment.JNDI_SERVER_CONTEXT_FACTORY,
Environment.DEFAULT_JNDI_CONTEXT_FACTORY);
}
-
+
public static String getJndiServerPkgPrefix()
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.CORE_MODULE).getProperty(Environment.JNDI_SERVER_PKG_PREFIX,
Environment.DEFAULT_JNDI_PKG_PREFIX);
}
-
+
public static String getLoadBalancerPolicy()
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.CORE_MODULE).getProperty(Environment.LOAD_BALANCER_POLICY,
Environment.DEFAULT_LOAD_BALANCER_POLICY);
}
-
+
public static String getRedeliveryDlsOn()
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.CORE_MODULE).getProperty(Environment.REDELIVER_DLS_SERVICE_ON,
Environment.DEFAULT_REDELIVER_DLS_ON);
}
-
+
public static String getRegistryCacheLife()
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.CORE_MODULE).getProperty(Environment.REGISTRY_CACHE_LIFE_MILLIS,
@@ -217,27 +217,27 @@
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.REGISTRY_MODULE).getProperty(Environment.REGISTRY_PASSWORD);
}
-
+
public static String getRegistrySemanticEquivalences()
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.REGISTRY_MODULE).getProperty(Environment.REGISTRY_SEMANTIC_EQUIVALENCES);
}
-
+
public static String getRegistryPostalAddressScheme()
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.REGISTRY_MODULE).getProperty(Environment.REGISTRY_POSTAL_ADDRESS_SCHEME);
}
-
+
public static String getRegistrySecurityAuthenticationMethod()
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.REGISTRY_MODULE).getProperty(Environment.REGISTRY_SECURITY_AUTHENTICATION_METHOD);
}
-
+
public static String getRegistryUDDIMaxRows()
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.REGISTRY_MODULE).getProperty(Environment.REGISTRY_UDDI_MAX_ROWS);
}
-
+
public static String getParamRepositoryImplClass()
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.CORE_MODULE).getProperty(Environment.PARAMS_REPOS_IMPL_CLASS);
@@ -255,93 +255,93 @@
org.jboss.soa.esb.services.DefaultEncryptionFactory.class
.getName());
}
-
+
public static String getStoreUrl()
{
String property = ModulePropertyManager.getPropertyManager(ModulePropertyManager.DBSTORE_MODULE).getProperty(Environment.MSG_STORE_DB_CONNECTION_URL);
return property;
}
-
+
public static String getStoreDriver()
{
String property = ModulePropertyManager.getPropertyManager(ModulePropertyManager.DBSTORE_MODULE).getProperty(Environment.MSG_STORE_DB_JDBC_DRIVER);
return property;
- }
-
+ }
+
public static String getStorePwd()
{
String property = ModulePropertyManager.getPropertyManager(ModulePropertyManager.DBSTORE_MODULE).getProperty(Environment.MSG_STORE_DB_CONNECTION_PWD);
return property;
}
-
+
public static String getStoreUser()
{
String property = ModulePropertyManager.getPropertyManager(ModulePropertyManager.DBSTORE_MODULE).getProperty(Environment.MSG_STORE_DB_CONNECTION_USER);
return property;
}
-
+
public static String getStorePoolInitialSize()
{
String property = ModulePropertyManager.getPropertyManager(ModulePropertyManager.DBSTORE_MODULE).getProperty(Environment.MSG_STORE_DB_POOL_INITIAL_SIZE);
return property;
}
-
+
public static String getStorePoolMinSize()
{
String property = ModulePropertyManager.getPropertyManager(ModulePropertyManager.DBSTORE_MODULE).getProperty(Environment.MSG_STORE_DB_POOL_MIN_SIZE);
return property;
}
-
+
public static String getStorePoolMaxSize()
{
String property = ModulePropertyManager.getPropertyManager(ModulePropertyManager.DBSTORE_MODULE).getProperty(Environment.MSG_STORE_DB_POOL_MAX_SIZE);
return property;
}
-
+
public static String getStorePoolTestTable()
{
String property = ModulePropertyManager.getPropertyManager(ModulePropertyManager.DBSTORE_MODULE).getProperty(Environment.MSG_STORE_DB_POOL_TEST_TABLE);
return property;
}
-
+
public static String getStorePoolTimeoutMillis()
{
String property = ModulePropertyManager.getPropertyManager(ModulePropertyManager.DBSTORE_MODULE).getProperty(Environment.MSG_STORE_DB_POOL_TIMEOUT_MILLIS);
return property;
}
-
+
public static String getStoreDBConnectionManager()
{
String property = ModulePropertyManager.getPropertyManager(ModulePropertyManager.DBSTORE_MODULE).getProperty(Environment.MSG_STORE_DB_CONN_MANAGER);
return property;
}
-
+
public static String getStoreDBDatasourceName()
{
String property = ModulePropertyManager.getPropertyManager(ModulePropertyManager.DBSTORE_MODULE).getProperty(Environment.MSG_STORE_DB_DATASOURCE_NAME);
return property;
}
-
+
public static String getJcrStoreJNDIPath()
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.DBSTORE_MODULE).getProperty(Environment.MSG_STORE_JCR_JNDI_PATH);
}
-
+
public static String getJcrStoreUsername()
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.DBSTORE_MODULE).getProperty(Environment.MSG_STORE_JCR_USERNAME);
}
-
+
public static String getJcrStorePassword()
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.DBSTORE_MODULE).getProperty(Environment.MSG_STORE_JCR_PASSWORD);
}
-
+
public static String getJcrStoreRootNodePath()
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.DBSTORE_MODULE).getProperty(Environment.MSG_STORE_JCR_ROOT_NODE_PATH);
}
-
+
/**
* Get the registry interceptor class names
* @return Registry interceptor Class names.
@@ -352,7 +352,7 @@
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.REGISTRY_MODULE).getProperty(Environment.REGISTRY_INTERCEPTORS,
InVMRegistryInterceptor.class.getName());
}
-
+
/**
* Get the maximum cache size for the caching registry.
* @return The maximum cache size.
@@ -361,7 +361,7 @@
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.REGISTRY_MODULE).getProperty(Environment.REGISTRY_CACHE_MAX_SIZE) ;
}
-
+
/**
* Get the validity period for the caching registry.
* @return The cache validity period.
@@ -370,7 +370,7 @@
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.REGISTRY_MODULE).getProperty(Environment.REGISTRY_CACHE_VALIDITY_PERIOD) ;
}
-
+
/**
* Construct a naming context based on the connection details outlined
* in the named configuration module/section.
@@ -381,23 +381,24 @@
* <li><b>{@link Context#INITIAL_CONTEXT_FACTORY}</b>: Value defaults to "{@link Environment#JBOSS_INITIAL_CONTEXT_FACTORY}".</li>
* <li><b>{@link Context#URL_PKG_PREFIXES}</b>: Value defaults to "{@link Environment#JBOSS_URL_PKG_PREFIX}".</li>
* </ol>
- *
+ *
* @param contextModuleName Conficuration module/section name.
* @return The context instance.
* @throws ConfigurationException Unable to connect to context.
- *
+ *
* @deprecated {@link org.jboss.soa.esb.helpers.NamingContextPool}
*/
- public static Context getNamingContext(String contextModuleName) throws ConfigurationException {
+ @Deprecated
+ public static Context getNamingContext(String contextModuleName) throws ConfigurationException {
final Properties environment = getProperties(contextModuleName) ;
-
+
try {
return new InitialContext(environment) ;
} catch (final NamingException ne) {
throw new ConfigurationException("Failed to create JNDI context [" + contextModuleName + "].");
}
}
-
+
private static Properties getProperties(final String contextModuleName)
{
final String providerUrl = ModulePropertyManager.getPropertyManager(contextModuleName).getProperty(Context.PROVIDER_URL, Environment.JBOSS_PROVIDER_URL);
@@ -409,7 +410,7 @@
environment.setProperty(Context.URL_PKG_PREFIXES, urlPackagePrefix);
return environment ;
}
-
+
/**
* Lookup the JMS Connection Factory based on the connection details outlined
* in the named configuration module/section.
@@ -421,10 +422,10 @@
* <li><b>{@link Context#URL_PKG_PREFIXES}</b>: Value defaults to "{@link Environment#JBOSS_URL_PKG_PREFIX}".</li>
* <li><b>javax.jms.ConnectionFactory</b>: Value defaults to "".</li>
* </ol>
- *
+ *
* @param jmsConnectionFactoryModuleName Configuration module/section name.
* @return The JMS ConnectionFactory instance.
- * @throws ConfigurationException Lookup failed either because it was unable to
+ * @throws ConfigurationException Lookup failed either because it was unable to
* lookup the context, or the ConnectionFactory lookup failed.
*/
public static ConnectionFactory getJmsConnectionFactory(String jmsConnectionFactoryModuleName) throws ConfigurationException {
@@ -434,7 +435,7 @@
try {
String connectionFactoryRuntime = ModulePropertyManager.getPropertyManager(jmsConnectionFactoryModuleName).getProperty(ConnectionFactory.class.getName(), "ConnectionFactory");
ConnectionFactory factory = null;
-
+
try {
factory = (ConnectionFactory) context.lookup(connectionFactoryRuntime);
} catch (NamingException e) {
@@ -450,27 +451,94 @@
throw new ConfigurationException("Unexpected exception while accessing naming context pool", nce) ;
}
}
-
+
/**
- * The SecurityService Implememtation Class
- *
+ * The SecurityService Implememtation Class
+ *
* @return String the fully qualified name of the ServiceService implementation class
*/
public static String getSecurityServiceImplementationClass()
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.SECURITY_MODULE).getProperty(Environment.SECURITY_SERVICE_IMPEMENTATION_CLASS);
}
-
+
public static String getSecurityServiceConfigUrl()
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.SECURITY_MODULE).getProperty(Environment.SECURITY_SERVICE_CONFIG_URL);
}
-
+
+ /*
+ * Private Keystore getters
+ */
+ public static String getSecurityServicePrivateKeystore()
+ {
+ return ModulePropertyManager.getPropertyManager(ModulePropertyManager.SECURITY_MODULE).getProperty(Environment.SECURITY_SERVICE_PRIVATE_KEYSTORE);
+ }
+
+ public static String getSecurityServicePrivateKeyAlias()
+ {
+ return ModulePropertyManager.getPropertyManager(ModulePropertyManager.SECURITY_MODULE).getProperty(Environment.SECURITY_SERVICE_PRIVATE_KEY_ALIAS);
+ }
+
+ public static String getSecurityServicePrivateKeyPassword()
+ {
+ return ModulePropertyManager.getPropertyManager(ModulePropertyManager.SECURITY_MODULE).getProperty(Environment.SECURITY_SERVICE_PRIVATE_KEY_PASS);
+ }
+
+ public static String getSecurityServicePrivateKeystorePassword()
+ {
+ return ModulePropertyManager.getPropertyManager(ModulePropertyManager.SECURITY_MODULE).getProperty(Environment.SECURITY_SERVICE_PRIVATE_KEYSTORE_PASS);
+ }
+
+ public static String getSecurityServicePrivateKeystoreType()
+ {
+ return ModulePropertyManager.getPropertyManager(ModulePropertyManager.SECURITY_MODULE).getProperty(Environment.SECURITY_SERVICE_PRIVATE_KEYSTORE_TYPE);
+ }
+
+ public static String getSecurityServicePrivateKeyTransformation()
+ {
+ return ModulePropertyManager.getPropertyManager(ModulePropertyManager.SECURITY_MODULE).getProperty(Environment.SECURITY_SERVICE_PRIVATE_KEY_TRANSFORMATION);
+ }
+
+ /*
+ * Public Keystore getters
+ */
+
+ public static String getSecurityServicePublicKeystore()
+ {
+ return ModulePropertyManager.getPropertyManager(ModulePropertyManager.SECURITY_MODULE).getProperty(Environment.SECURITY_SERVICE_PUBLIC_KEYSTORE);
+ }
+
+ public static String getSecurityServicePublicKeyAlias()
+ {
+ return ModulePropertyManager.getPropertyManager(ModulePropertyManager.SECURITY_MODULE).getProperty(Environment.SECURITY_SERVICE_PUBLIC_KEY_ALIAS);
+ }
+
+ public static String getSecurityServicePublicKeyPassword()
+ {
+ return ModulePropertyManager.getPropertyManager(ModulePropertyManager.SECURITY_MODULE).getProperty(Environment.SECURITY_SERVICE_PUBLIC_KEY_PASS);
+ }
+
+ public static String getSecurityServicePublicKeyTransformation()
+ {
+ return ModulePropertyManager.getPropertyManager(ModulePropertyManager.SECURITY_MODULE).getProperty(Environment.SECURITY_SERVICE_PUBLIC_KEY_TRANSFORMATION);
+ }
+
+ public static String getSecurityServicePublicKeystorePassword()
+ {
+ return ModulePropertyManager.getPropertyManager(ModulePropertyManager.SECURITY_MODULE).getProperty(Environment.SECURITY_SERVICE_PUBLIC_KEYSTORE_PASS);
+ }
+
+ public static String getSecurityServicePublicKeystoreType()
+ {
+ return ModulePropertyManager.getPropertyManager(ModulePropertyManager.SECURITY_MODULE).getProperty(Environment.SECURITY_SERVICE_PUBLIC_KEYSTORE_TYPE);
+ }
+
public static String getSecurityServiceCallbackHandlerImplClass()
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.SECURITY_MODULE).getProperty(Environment.SECURITY_SERVICE_CALLBACK_HANLDER_CLASS);
}
-
+
public static Properties getSecurityServiceProperies()
{
return ModulePropertyManager.getPropertyManager(ModulePropertyManager.SECURITY_MODULE).getProperties();
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/common/Environment.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/common/Environment.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/common/Environment.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -28,9 +28,9 @@
{
File, FTP, JMS, SQL, Hibernate;
}
-
+
public static final String PROPERTIES_FILE = "org.jboss.soa.esb.propertyFile";
-
+
/**
* Binding properties
*/
@@ -47,14 +47,14 @@
public static final String SMTP_PORT = "org.jboss.soa.esb.mail.smtp.port";
public static final String SMTP_FROM = "org.jboss.soa.esb.mail.smtp.from";
public static final String SMTP_AUTH = "org.jboss.soa.esb.mail.smtp.auth";
-
+
public static final String FTP_LOCALDIR = "org.jboss.soa.esb.ftp.localdir";
public static final String FTP_REMOTEDIR = "org.jboss.soa.esb.ftp.remotedir";
public static final String FTP_SOCKET_TIMEOUT = "org.jboss.soa.esb.ftp.timeout";
-
+
public static final String JMS_CONNECTION_POOL_SIZE = "org.jboss.soa.esb.jms.connectionPool";
public static final String JMS_SESSION_SLEEP = "org.jboss.soa.esb.jms.sessionSleep";
-
+
public static final String WS_RETURN_STACK_TRACE = "org.jboss.soa.esb.ws.returnStackTrace";
public static final String WS_TIMEOUT = "org.jboss.soa.esb.ws.timeout" ;
/*
@@ -72,12 +72,12 @@
public static final String REGISTRY_CACHE_LIFE_MILLIS = "org.jboss.soa.esb.registry.cache.life";
public static final String REMOVE_DEAD_EPR = "org.jboss.soa.esb.failure.detect.removeDeadEPR";
public static final String EXCEPTION_ON_DELIVERY_FAILURE = "org.jboss.soa.esb.exceptionOnDeliverFailure";
-
- /**
- * The Registry Query Manager URI defines the endPoint where registry queries can be made.
+
+ /**
+ * The Registry Query Manager URI defines the endPoint where registry queries can be made.
*/
public static final String REGISTRY_QUERY_MANAGER_URI = "org.jboss.soa.esb.registry.queryManagerURI";
- /**
+ /**
* The Registry Lifecycle Manager URI defines the endPoint where service information can be published to.
*/
public static final String REGISTRY_LIFECYCLE_MANAGER_URI = "org.jboss.soa.esb.registry.lifeCycleManagerURI";
@@ -85,7 +85,7 @@
* The Registry Implementation class, a light wrapper class.
*/
public static final String REGISTRY_IMPEMENTATION_CLASS = "org.jboss.soa.esb.registry.implementationClass";
- /**
+ /**
* The Registry Factory Class setting specifies which JAXR implementation should be used.
*/
public static final String REGISTRY_FACTORY_CLASS = "org.jboss.soa.esb.registry.factoryClass";
@@ -97,12 +97,12 @@
* The password for the registry user.
*/
public static final String REGISTRY_PASSWORD = "org.jboss.soa.esb.registry.password";
- /**
+ /**
* The Registry Scout Transport Class property defines which communication protocol Scout should use to communicate
* with the UDDI registry. Note that this parameter is Scout specific.
*/
public static final String REGISTRY_SCOUT_TRANSPORT_CLASS = "org.jboss.soa.esb.scout.proxy.transportClass";
- /**
+ /**
* Property that holds directory to use with the helper EPRManager class.
*/
public static final String REGISTRY_FILE_HELPER_DIR = "org.jboss.soa.esb.registry.file.directory";
@@ -122,7 +122,7 @@
* Property that holds the max number of rows the UDDI should return on searches.
*/
public static final String REGISTRY_UDDI_MAX_ROWS = "org.jboss.soa.esb.registry.uddi.maxRows";
-
+
/**
* The Registry interceptor class names.
*/
@@ -163,63 +163,63 @@
public static final String MSG_STORE_DB_POOL_TIMEOUT_MILLIS = "org.jboss.soa.esb.persistence.db.pool.timeout.millis";
public static final String MSG_STORE_DB_CONN_MANAGER = "org.jboss.soa.esb.persistence.db.conn.manager";
public static final String MSG_STORE_DB_DATASOURCE_NAME = "org.jboss.soa.esb.persistence.db.datasource.name";
-
+
/*
* JcrMessageStore Persistence Store properties.
*/
- public static final String MSG_STORE_JCR_JNDI_PATH = "org.jboss.soa.esb.persistence.jcr.jndi.path";
- public static final String MSG_STORE_JCR_USERNAME = "org.jboss.soa.esb.persistence.jcr.username";
- public static final String MSG_STORE_JCR_PASSWORD = "org.jboss.soa.esb.persistence.jcr.password";
- public static final String MSG_STORE_JCR_ROOT_NODE_PATH = "org.jboss.soa.esb.persistence.jcr.root.node.path";
-
+ public static final String MSG_STORE_JCR_JNDI_PATH = "org.jboss.soa.esb.persistence.jcr.jndi.path";
+ public static final String MSG_STORE_JCR_USERNAME = "org.jboss.soa.esb.persistence.jcr.username";
+ public static final String MSG_STORE_JCR_PASSWORD = "org.jboss.soa.esb.persistence.jcr.password";
+ public static final String MSG_STORE_JCR_ROOT_NODE_PATH = "org.jboss.soa.esb.persistence.jcr.root.node.path";
+
/*
* Some message metadata properties.
*/
-
+
public static final String TRANSPORT_TYPE = "org.jboss.soa.esb.message.transport.type";
public static final String MESSAGE_SOURCE = "org.jboss.soa.esb.message.source";
public static final String MESSAGE_ENTRY_TIME = "org.jboss.soa.esb.message.time.dob"; // time born
public static final String MESSAGE_EXIT_TIME = "org.jboss.soa.esb.message.time.dod"; // time died
public static final String MESSAGE_BYTE_SIZE = "org.jboss.soa.esb.message.byte.size"; // size
-
+
/** Message property name for original filename */
-
+
public static final String ORIGINAL_FILE_NAME_MSG_PROP = "org.jboss.soa.esb.gateway.original.file.name";
public static final String ORIGINAL_QUEUE_NAME_MSG_PROP = "org.jboss.soa.esb.gateway.original.queue.name";
public static final String ORIGINAL_URL_PROP = "org.jboss.soa.esb.gateway.original.url";
-
+
/*
* Some gateway attachment names.
*/
-
+
public static final String ORIGINAL_FILE = "org.jboss.soa.esb.gateway.file";
public static final String GATEWAY_CONFIG = "org.jboss.soa.esb.gateway.config";
-
+
/*
* Some JMS specific message element names.
*/
-
+
public static final String JMS_MESSAGE_ID = "org.jboss.soa.esb.message.transport.jms.messageID";
public static final String JMS_NATIVE_MESSAGE_TYPE = "org.jboss.soa.esb.message.transport.jms.nativeMessageType"; // Text or Object
-
+
/*
* Filter properties should be identified by:
- *
+ *
* org.jboss.soa.esb.filter.<number>
- *
+ *
* and will be called in increasing order of <number>. Same <number> may be
* called arbitrarily.
*/
public static final String FILTER_NAME = "org.jboss.soa.esb.filter";
-
+
/*
* Some specific out-of-the-box filter configuration options.
*/
-
+
public static final String MESSAGE_TRACE = "org.jboss.soa.esb.messagetrace"; // on or off
public static final String PER_MESSAGE_TRACE = "org.jboss.soa.esb.permessagetrace"; // on or off
-
+
/**
* The SecurityService Implementation class
*/
@@ -227,7 +227,23 @@
public static final String SECURITY_SERVICE_CALLBACK_HANLDER_CLASS = "org.jboss.soa.esb.services.security.callbackHandler";
public static final String SECURITY_SERVICE_CALLBACK = "org.jboss.soa.esb.services.security.callback_";
public static final String SECURITY_SERVICE_CONFIG_URL = "org.jboss.soa.esb.services.security.configUrl";
-
+ public static final String SECURITY_SERVICE_SEAL_ALGORITHM = "org.jboss.soa.esb.services.security.sealAlgorithm";
+ public static final String SECURITY_SERVICE_SEAL_KEYSIZE = "org.jboss.soa.esb.services.security.sealKeySize";
+
+ public static final String SECURITY_SERVICE_PRIVATE_KEYSTORE = "org.jboss.soa.esb.services.security.privateKeystore";
+ public static final String SECURITY_SERVICE_PRIVATE_KEYSTORE_TYPE = "org.jboss.soa.esb.services.security.privateKeystoreType";
+ public static final String SECURITY_SERVICE_PRIVATE_KEYSTORE_PASS = "org.jboss.soa.esb.services.security.privateKeystorePassword";
+ public static final String SECURITY_SERVICE_PRIVATE_KEY_ALIAS = "org.jboss.soa.esb.services.security.privateKeyAlias";
+ public static final String SECURITY_SERVICE_PRIVATE_KEY_PASS = "org.jboss.soa.esb.services.security.privateKeyPassword";
+ public static final String SECURITY_SERVICE_PRIVATE_KEY_TRANSFORMATION = "org.jboss.soa.esb.services.security.privateKeyTransformation";
+
+ public static final String SECURITY_SERVICE_PUBLIC_KEYSTORE = "org.jboss.soa.esb.services.security.publicKeystore";
+ public static final String SECURITY_SERVICE_PUBLIC_KEYSTORE_TYPE = "org.jboss.soa.esb.services.security.publicKeystoreType";
+ public static final String SECURITY_SERVICE_PUBLIC_KEYSTORE_PASS = "org.jboss.soa.esb.services.security.publicKeystorePassword";
+ public static final String SECURITY_SERVICE_PUBLIC_KEY_ALIAS = "org.jboss.soa.esb.services.security.publicKeyAlias";
+ public static final String SECURITY_SERVICE_PUBLIC_KEY_PASS = "org.jboss.soa.esb.services.security.publicKeyPassword";
+ public static final String SECURITY_SERVICE_PUBLIC_KEY_TRANSFORMATION = "org.jboss.soa.esb.services.security.publicKeyTransformation";
+
// Configuration options for the Naming Context pooling.
/**
* The maximum pool size.
@@ -242,15 +258,15 @@
*/
public static final String NAMING_CONTEXT_RETRY_COUNT = "org.jboss.soa.esb.namingcontext.retrycount" ;
/**
- * The JBoss JNDI provider URL.
+ * The JBoss JNDI provider URL.
*/
public static final String JBOSS_PROVIDER_URL = "localhost";
/**
- * The JBoss JNDI initial context factory.
+ * The JBoss JNDI initial context factory.
*/
public static final String JBOSS_INITIAL_CONTEXT_FACTORY = "org.jnp.interfaces.NamingContextFactory";
/**
- * The JBoss JNDI URL package prefix.
+ * The JBoss JNDI URL package prefix.
*/
public static final String JBOSS_URL_PKG_PREFIX = ""; //"org.jboss.naming:org.jnp.interfaces"
}
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerTagNames.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerTagNames.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerTagNames.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -21,13 +21,13 @@
*/
/**
* Contains tag names as they can be used in the configuration.
- *
+ *
*/
package org.jboss.soa.esb.listeners;
import org.jboss.soa.esb.addressing.eprs.JDBCEpr;
-public class ListenerTagNames
+public class ListenerTagNames
{
/** EPRs */
public static final String EPR_TAG = "EPR";
@@ -54,15 +54,15 @@
public static final String TARGET_SERVICE_NAME_TAG = "target-service-name";
public static final String GATEWAY_CLASS_TAG = "gatewayClass";
public static final String IS_GATEWAY_TAG = "is-gateway";
-
+
/** Listeners */
public static final String LISTENER_CLASS_TAG = "listenerClass";
public static final String TRANSACTED_TAG = "transacted";
public static final String ROLLBACK_ON_PIPELINE_FAULTS = "rollbackOnPipelineFaults";
-
+
/** Deployment */
public static final String DEPLOYMENT_NAME_TAG = "deployment";
-
+
/** ActionProcessingPipeline */
public static final String MEP_ATTRIBUTE_TAG = "mep";
public static final String IN_XSD_ATTRIBUTE_TAG = "inXsd";
@@ -84,10 +84,11 @@
public static final String CONFIG_POLICY_FILE_TAG = "file";
public static final String RUN_AS_TAG = "runAs";
public static final String USE_CALLERS_IDENTIDY_TAG = "useCallersIdentity";
+ public static final String ROLES_ALLOWED = "rolesAllowed";
public static final String MODULE_NAME_TAG = "moduleName";
public static final String CALLBACK_HANDLER_TAG = "callbackHandler";
-
-
+
+
public static final String MEP_ONE_WAY = "OneWay" ;
public static final String MEP_REQUEST_RESPONSE = "RequestResponse" ;
@@ -108,7 +109,7 @@
/** Poller tagnames */
public static final String POLL_LATENCY_SECS_TAG = "pollLatencySeconds";
-
+
/** File Actions */
public static final String FILE_INPUT_DIR_TAG = "inputDir";
public static final String FILE_INPUT_SFX_TAG = "inputSuffix";
@@ -119,17 +120,17 @@
public static final String FILE_POST_SFX_TAG = "postSuffix";
public static final String FILE_POST_DEL_TAG = "postDelete";
public static final String FILE_POST_RENAME_TAG = "postRename";
-
+
/** Hibernate related */
public static final String HIBERNATE_OBJECT_DATA_TAG = "hibernateObject";
-
+
public static final String HIBERNATE_INTERCEPTOR_STATE = "hibernateInterceptorState";
public static final String HIBERNATE_INTERCEPTOR_ID = "hibernateInterceptorId";
public static final String HIBERNATE_INTERCEPTOR_TYPES = "hibernateInterceptorTypes";
public static final String HIBERNATE_INTERCEPTOR_NEWVALUES = "hibernateInterceptorNewValues";
public static final String HIBERNATE_INTERCEPTOR_OLDVALUES = "hibernateInterceptorOldValues";
public static final String HIBERNATE_INTERCEPTOR_PROPERTYNAMES = "hibernateInterceptorPropertyNames";
-
+
/** SQL related */
public static final String SQL_ROW_DATA_TAG = "sqlRowData";
public static final String SQL_TABLE_NAME_TAG = "tableName";
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/gateway/JBossRemotingGatewayListener.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/gateway/JBossRemotingGatewayListener.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/gateway/JBossRemotingGatewayListener.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -49,13 +49,17 @@
import org.jboss.soa.esb.message.body.content.BytesBody;
import org.jboss.soa.esb.services.registry.RegistryException;
import org.jboss.soa.esb.services.registry.RegistryFactory;
+import org.jboss.soa.esb.services.security.PublicCryptoUtil;
import org.jboss.soa.esb.services.security.SecurityService;
+import org.jboss.soa.esb.services.security.SecurityServiceException;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
import org.jboss.soa.esb.services.security.auth.http.JbrHttpSecurityInfoExtractor;
import org.jboss.soa.esb.services.security.auth.ws.WSSecurityInfoExtractor;
import org.jboss.soa.esb.util.ClassUtil;
import javax.management.MBeanServer;
+
+import java.io.Serializable;
import java.net.InetAddress;
import java.net.URI;
import java.net.URISyntaxException;
@@ -118,7 +122,7 @@
/**
* Connector configuration.
*/
- private Map<String, String> connectorConfig = new HashMap<String, String>();
+ private final Map<String, String> connectorConfig = new HashMap<String, String>();
/**
* Server URI.
*/
@@ -134,11 +138,11 @@
/**
* Service category to which this listener is associated.
*/
- private String serviceCategory;
+ private final String serviceCategory;
/**
* Service name to which this listener is associated.
*/
- private String serviceName;
+ private final String serviceName;
/**
* Listener endpoint EPR.
*/
@@ -150,7 +154,7 @@
/**
* Asynchronous response.
*/
- private String asyncResponse;
+ private final String asyncResponse;
/**
* Install our own marshaller/unmarshaller for HTTP.
@@ -206,10 +210,11 @@
* ***************************************************************************
*
* AbstractManagedLifecycle methods...
- *
+ *
* ****************************************************************************
*/
+ @Override
protected void doInitialise() throws ManagedLifecycleException {
if (isInitialised()) {
throw new ManagedLifecycleException("Unexpected request to initialise JBoss Remoting Gateway listener '" + getConfig().getName() + "'. Gateway already initialised.");
@@ -226,6 +231,7 @@
initialised = true;
}
+ @Override
protected void doStart() throws ManagedLifecycleException {
if (!isInitialised()) {
throw new ManagedLifecycleException("Unexpected request to start JBoss Remoting Gateway listener '" + getConfig().getName() + "'. Gateway not initialised.");
@@ -247,6 +253,7 @@
}
}
+ @Override
protected void doStop() throws ManagedLifecycleException {
if (!isStarted()) {
throw new ManagedLifecycleException("Unexpected request to stop JBoss Remoting Gateway listener '" + getConfig().getName() + "'. Gateway not running.");
@@ -302,6 +309,7 @@
}
}
+ @Override
protected void doDestroy() throws ManagedLifecycleException {
}
@@ -479,7 +487,8 @@
public static class JBossRemotingMessageComposer<T extends InvocationRequest> extends AbstractMessageComposer<T> {
private MessagePayloadProxy payloadProxy;
-
+
+ @Override
public void setConfiguration(ConfigTree config) {
super.setConfiguration(config);
payloadProxy = new MessagePayloadProxy(config,
@@ -489,10 +498,12 @@
payloadProxy.setNullSetPayloadHandling(NullPayloadHandling.LOG);
}
+ @Override
protected MessagePayloadProxy getPayloadProxy() {
return payloadProxy;
}
+ @Override
@SuppressWarnings("unchecked")
protected void populateMessage(Message message, T invocationRequest) throws MessageDeliverException {
@@ -501,22 +512,31 @@
// Copy the request properties onto the message...
Map properties = invocationRequest.getRequestPayload();
-
-
+
+
if (properties != null) {
// Extract any jbr http security information that may exist
AuthenticationRequest authRequest = new JbrHttpSecurityInfoExtractor().extractSecurityInfo(properties);
-
+
// Extract any ws security information that may exist
if ( authRequest == null ) {
authRequest = new WSSecurityInfoExtractor().extractSecurityInfo((String) invocationRequest.getParameter());
}
-
+
if ( authRequest != null ) {
- message.getProperties().setProperty(SecurityService.AUTH_REQUEST, authRequest);
+ try {
+ byte[] encrypted = PublicCryptoUtil.INSTANCE.encrypt((Serializable) authRequest);
+ if (encrypted != null) {
+ message.getProperties().setProperty(SecurityService.AUTH_REQUEST, encrypted);
+ } else {
+ logger.warn("No public keystore has been configured which means that the authentication request cannot be encrypted. Please configure jbossesb-properties.xml with a publickey store.");
+ }
+ } catch (final SecurityServiceException e) {
+ throw new MessageDeliverException(e.getMessage(), e);
+ }
}
-
-
+
+
// Purposely not iterating over the Map.Entry Set because there's
// a bug in the Map impl used by JBossRemoting. Not all the
// "values" are actually in the Map.Entry set. Some of them are handled
@@ -531,6 +551,7 @@
}
}
+ @Override
public Object decompose(Message message, T invocationRequest) throws MessageDeliverException {
Properties properties = message.getProperties();
String propertyNames[] = properties.getNames();
@@ -549,7 +570,7 @@
responseMap.put(header.getName(), header.getValue());
}
}
-
+
return super.decompose(message, invocationRequest);
}
}
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -27,8 +27,10 @@
import java.util.concurrent.atomic.AtomicBoolean;
import javax.security.auth.Subject;
+import javax.xml.validation.Schema;
import org.apache.log4j.Logger;
+import org.jboss.internal.soa.esb.services.security.PrivateCryptoUtil;
import org.jboss.internal.soa.esb.util.XMLHelper;
import org.jboss.soa.esb.ConfigurationException;
import org.jboss.soa.esb.actions.ActionLifecycle;
@@ -52,6 +54,7 @@
import org.jboss.soa.esb.message.Message;
import org.jboss.soa.esb.message.Properties;
import org.jboss.soa.esb.services.persistence.MessageStore;
+import org.jboss.soa.esb.services.security.PublicCryptoUtil;
import org.jboss.soa.esb.services.security.SecurityConfig;
import org.jboss.soa.esb.services.security.SecurityConfigUtil;
import org.jboss.soa.esb.services.security.SecurityContext;
@@ -62,11 +65,9 @@
import org.jboss.soa.esb.util.ClassUtil;
import org.xml.sax.SAXException;
-import javax.xml.validation.Schema;
-
/**
* Action Processing Pipeline. <p/> Runs a list of action classes on a message
- *
+ *
* @author <a
* href="mailto:schifest at heuristica.com.ar">schifest at heuristica.com.ar</a>
* @author kevin
@@ -89,7 +90,7 @@
* The active flag.
*/
private final AtomicBoolean active = new AtomicBoolean(false);
-
+
/**
* The request XSD.
*/
@@ -100,30 +101,30 @@
private final Schema responseSchema ;
/**
- *
+ *
*/
- private ServiceMessageCounter serviceMessageCounter;
-
+ private final ServiceMessageCounter serviceMessageCounter;
+
/**
* The transactional flag.
*/
private boolean transactional ;
-
+
/**
* The flag indicating an action pipeline for a one way MEP.
*/
- private boolean oneWay ;
-
+ private final boolean oneWay ;
+
/**
* The flag indicating whether we are using implicit or explicit processing.
*/
- private boolean defaultProcessing ;
+ private final boolean defaultProcessing ;
private SecurityConfig securityConf;
-
+
/**
* public constructor
- *
+ *
* @param config
* The pipeline configuration.
*/
@@ -158,7 +159,7 @@
{
throw new ConfigurationException("Unrecognised action MEP: " + mep) ;
}
-
+
final boolean validate = config.getBooleanAttribute(ListenerTagNames.VALIDATE_ATTRIBUTE_TAG, false) ;
if (validate)
{
@@ -192,7 +193,7 @@
}
this.oneWay = oneWay ;
this.defaultProcessing = defaultProcessing ;
-
+
final ConfigTree[] actionList = config
.getChildren(ListenerTagNames.ACTION_ELEMENT_TAG);
@@ -205,7 +206,7 @@
serviceMessageCounter = new ServiceMessageCounter(config);
serviceMessageCounter.registerMBean();
-
+
for (final ConfigTree actionConfig : actionList)
{
final String actionClassTag = actionConfig
@@ -292,7 +293,7 @@
}
processors = processorList
.toArray(new ActionPipelineProcessor[processorList.size()]);
-
+
ConfigTree[] securityConfigs = config.getChildren( ListenerTagNames.SECURITY_TAG );
if (securityConfigs.length > 0)
{
@@ -306,7 +307,7 @@
/**
* Handle the initialisation of the pipeline
- *
+ *
* @throws ConfigurationException
* For errors during initialisation.
*/
@@ -329,7 +330,7 @@
}
}
active.set(true);
-
+
}
/**
@@ -343,7 +344,7 @@
/**
* Process the specified message.
- *
+ *
* @param message
* The current message.
* @return true if the processing was successful, false otherwise.
@@ -377,50 +378,62 @@
faultTo(callDetails, Factory.createErrorMessage(Factory.NOT_ENABLED, message, null));
long procTime = System.nanoTime() - start;
- DeliveryObservableLogger.getInstance().logMessage(new MessageStatusBean(procTime, message,
+ DeliveryObservableLogger.getInstance().logMessage(new MessageStatusBean(procTime, message,
MessageStatusBean.MESSAGE_FAILED));
-
+
return false;
}
}
-
+
private boolean processPipelineSecured(final Message message)
{
final Call callDetails = new Call() ;
callDetails.copy(message.getHeader().getCall()) ;
-
- /*
- * If the gateway or another service passed a security context, use that context for authentication.
- * A SecurityContext's subject will only contain Principal(given that they are serializable), but a Principal
- * might represent an id or a SSO Token that can be used for authentication.
- * If a SubjectContext does not exist then create one to drive the authentication.
- */
- SecurityContext securityContext = SecurityContext.getContext(message);
- LOGGER.debug("Security Context before authentication : " + securityContext);
-
- if ( securityContext == null )
+
+ SecurityContext securityContext = null;
+ try
{
- securityContext = new SecurityContext();
+ boolean authenticate = true;
+ // get the security context from the message is one exists, else create a new one.
+ byte[] bytes = (byte[]) message.getProperties().getProperty(SecurityService.CONTEXT);
+ if (bytes != null)
+ {
+ try
+ {
+ // try to un-seal the object. Will be successful if from this vm.
+ securityContext = (SecurityContext) PrivateCryptoUtil.INSTANCE.decrypt(bytes);
+ // the security context was sealed from this jvm. Don't need to authenticate again.
+ authenticate = false;
+ }
+ catch(final SecurityServiceException e)
+ {
+ LOGGER.warn("The security context was not sealed from this JVM. Will try to re-authenticate the user",e);
+ }
+ }
+ else
+ {
+ securityContext = new SecurityContext();
+ }
+
+ if (authenticate)
+ {
+ // get the authentication request if one exists.
+ byte[] encrypted = (byte[]) message.getProperties().getProperty(SecurityService.AUTH_REQUEST);
+ AuthenticationRequest authRequest = (AuthenticationRequest) PublicCryptoUtil.INSTANCE.decrypt(encrypted);
+
+ // perform the authentication
+ SecurityServiceFactory.getSecurityService().authenticate(securityConf, securityContext, authRequest);
+
+ // seal the security context add as a thread local
+ SecurityContext.setSecurityContext(PrivateCryptoUtil.INSTANCE.encrypt(securityContext));
+ }
}
-
- try
- {
- // get the authentication request if one exists.
- AuthenticationRequest authRequest = (AuthenticationRequest) message.getProperties().getProperty( SecurityService.AUTH_REQUEST );
-
- // perform the authentication
- SecurityServiceFactory.getSecurityService().authenticate(securityConf, securityContext, authRequest);
-
- // add the security context to the message
- message.getProperties().setProperty( SecurityService.CONTEXT, securityContext );
-
- }
catch (final SecurityServiceException e)
{
LOGGER.error( "Authentication exception : ", e);
faultTo(callDetails, Factory.createErrorMessage(Factory.UNEXPECTED_ERROR, message, e));
return false;
- }
+ }
catch (final ConfigurationException e)
{
LOGGER.error( "Authentication exception : ", e);
@@ -429,22 +442,27 @@
}
finally
{
- // always remove the authentication request as it contains sensitive information
- message.getProperties().remove( SecurityService.AUTH_REQUEST );
+ // always remove the authentication request and security context as they contains sensitive information
+ message.getProperties().remove(SecurityService.AUTH_REQUEST);
+ message.getProperties().remove(SecurityService.CONTEXT);
}
-
- PrivilegedAction<Boolean> action = new PrivilegedAction<Boolean>()
+
+ PrivilegedAction<Boolean> action = new PrivilegedAction<Boolean>()
{
public Boolean run()
{
return processPipeline(message);
}
};
-
+
Boolean processResult = (Boolean) Subject.doAsPrivileged(securityContext.getSubject(), action, null);
+
+ // unset the security context from the thread local
+ SecurityContext.setSecurityContext(null);
+
return processResult.booleanValue();
}
-
+
private boolean processPipeline(final Message message)
{
long start = System.nanoTime();
@@ -472,7 +490,7 @@
final Message[] messages = new Message[numProcessors];
Message currentMessage = message;
-
+
for (int count = 0; count < numProcessors; count++)
{
final ActionPipelineProcessor processor = processors[count];
@@ -481,7 +499,7 @@
try
{
LOGGER.debug("executing processor " + count+ " "+processor+" "+message.getHeader());
-
+
currentMessage = processor.process(currentMessage);
if (currentMessage == null)
@@ -502,9 +520,9 @@
* Is this an application specific error? If so, try to return
* the error message to the identified recipient.
*/
-
+
final boolean throwRuntime = transactional && (ex instanceof RuntimeException) ;
-
+
if (ex instanceof ActionProcessingFaultException)
{
ActionProcessingFaultException fault = (ActionProcessingFaultException) ex;
@@ -524,9 +542,9 @@
long procTime = System.nanoTime() - start;
serviceMessageCounter.update(new ActionStatusBean(procTime, count, message,
ActionStatusBean.ACTION_FAILED));
- DeliveryObservableLogger.getInstance().logMessage(new MessageStatusBean(procTime, message,
+ DeliveryObservableLogger.getInstance().logMessage(new MessageStatusBean(procTime, message,
MessageStatusBean.MESSAGE_FAILED));
-
+
if (throwRuntime)
{
throw (RuntimeException)ex ;
@@ -565,23 +583,23 @@
{
notifySuccess(messages);
long procTime = System.nanoTime() - start;
- DeliveryObservableLogger.getInstance().logMessage(new MessageStatusBean(procTime, message,
+ DeliveryObservableLogger.getInstance().logMessage(new MessageStatusBean(procTime, message,
MessageStatusBean.MESSAGE_SENT));
result = true;
}
}
-
+
if (validationFailure != null)
{
final MessageValidationException mve = new MessageValidationException(validationFailure) ;
faultTo(callDetails, Factory.createErrorMessage(Factory.VALIDATION_FAILURE, message, mve));
long procTime = System.nanoTime() - start;
- DeliveryObservableLogger.getInstance().logMessage(new MessageStatusBean(procTime, message,
+ DeliveryObservableLogger.getInstance().logMessage(new MessageStatusBean(procTime, message,
MessageStatusBean.MESSAGE_FAILED));
}
return result ;
}
-
+
/**
* Set the transactional flag for this pipeline.
* @param transactional true if running within a transaction, false otherwise.
@@ -590,7 +608,7 @@
{
this.transactional = transactional ;
}
-
+
/**
* Get the transactional flag for this pipeline.
* @return true if running within a transaction, false otherwise.
@@ -602,7 +620,7 @@
/**
* Send the reply.
- *
+ *
* @param callDetails
* the call details for the original request.
* @param message
@@ -628,7 +646,7 @@
/**
* Send the fault message to the EPR.
- *
+ *
* @param callDetails
* the call details for the original request.
* @param faultToAddress
@@ -653,7 +671,7 @@
messageTo(faultToEPR, message, MessageType.fault);
}
}
-
+
/**
* Sent the message to the DLQ service.
* @param callDetails The original call details.
@@ -671,7 +689,7 @@
try
{
final ServiceInvoker serviceInvoker = new ServiceInvoker(ServiceInvoker.dlqService) ;
-
+
serviceInvoker.deliverAsync(message) ;
}
catch (final MessageDeliverException mde)
@@ -720,7 +738,7 @@
/**
* Handle the destruction of the pipeline from the specified position.
- *
+ *
* @param initialPosition
* The initial position to begin destruction.
*/
@@ -745,7 +763,7 @@
/**
* Notify the processors of an error during processing.
- *
+ *
* @param initialPosition
* The position of the first processor to notify.
* @param ex
@@ -775,7 +793,7 @@
/**
* Notify the processors of a successful pipeline process.
- *
+ *
* @param messages
* The messages associated with the processors.
*/
@@ -801,5 +819,5 @@
}
}
}
-
+
}
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/PublicCryptoUtil.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/PublicCryptoUtil.java (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/PublicCryptoUtil.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,264 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+
+import org.apache.log4j.Logger;
+import org.jboss.soa.esb.common.Configuration;
+import org.jboss.soa.esb.common.Environment;
+import org.jboss.soa.esb.services.security.util.CryptoUtil;
+import org.jboss.soa.esb.util.ClassUtil;
+
+/**
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
+public enum PublicCryptoUtil
+{
+ INSTANCE;
+
+ private final Logger log = Logger.getLogger(PublicCryptoUtil.class);
+ private Key key;
+ private PublicKey publicKey;
+ private String transformation;
+ private boolean isSecurityConfigured;
+
+ private PublicCryptoUtil()
+ {
+ try
+ {
+ init();
+ }
+ catch (final Exception e)
+ {
+ throw new IllegalStateException("Unknown algorithm:", e);
+ }
+ }
+
+ private void init() throws SecurityServiceException
+ {
+ String keystorePath = Configuration.getSecurityServicePublicKeystore();
+ if (keystorePath == null)
+ {
+ log.info("No public keystore was specified in jbossesb-properites.xml. Add '" + Environment.SECURITY_SERVICE_PUBLIC_KEYSTORE + "'");
+ }
+ else
+ {
+ isSecurityConfigured = true;
+ try
+ {
+ String keystoreType = Configuration.getSecurityServicePublicKeystoreType();
+ if (keystoreType == null)
+ {
+ keystoreType = KeyStore.getDefaultType();
+ }
+ String keystorePassword = Configuration.getSecurityServicePublicKeystorePassword();
+ String privateKeyAlias = Configuration.getSecurityServicePublicKeyAlias();
+ String privateKeyPass = Configuration.getSecurityServicePublicKeyPassword();
+
+ try
+ {
+ KeyStore keystore = KeyStore.getInstance(keystoreType);
+ InputStream in = ClassUtil.getResourceAsStream(keystorePath, this.getClass());
+ if (in == null)
+ {
+ throw new SecurityServiceException("Could not locate public keystore using '" + keystorePath + "'");
+ }
+
+ // load the keystore contents
+ keystore.load(in, keystorePassword.toCharArray());
+ key = keystore.getKey(privateKeyAlias, privateKeyPass.toCharArray());
+ Certificate certificate = keystore.getCertificate(privateKeyAlias);
+ publicKey = certificate.getPublicKey();
+
+ // "algorithm/mode/padding" or defaults to "algorithm"
+ transformation = Configuration.getSecurityServicePublicKeyTransformation();
+ if (transformation == null)
+ {
+ this.transformation = key.getAlgorithm();
+ }
+ }
+ finally
+ {
+ keystorePassword = null;
+ privateKeyAlias = null;
+ privateKeyPass = null;
+ }
+ }
+ catch (final KeyStoreException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ catch (final NoSuchAlgorithmException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ catch (final CertificateException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ catch (final IOException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ catch (final UnrecoverableKeyException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ }
+ }
+
+ private static byte[] getBytes(final Serializable ser) throws IOException
+ {
+ ByteArrayOutputStream bout = new ByteArrayOutputStream();
+ ObjectOutputStream oout = new ObjectOutputStream(bout);
+ oout.writeObject(ser);
+ return bout.toByteArray();
+ }
+
+ public byte[] encrypt(final Serializable object) throws SecurityServiceException
+ {
+ if (!isSecurityConfigured)
+ {
+ return null;
+ }
+
+ ByteArrayInputStream plainInStream;
+ try
+ {
+ plainInStream = new ByteArrayInputStream(getBytes(object));
+ }
+ catch (final IOException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+
+ ByteArrayOutputStream encryptedOutStream = new ByteArrayOutputStream();
+
+ try
+ {
+ byte[] buf = new byte[100];
+ int bufLength;
+ while ( (bufLength = plainInStream.read(buf)) != -1)
+ {
+ byte[] tmp = CryptoUtil.encrypt(copyBytes(buf,bufLength),publicKey, transformation);
+ encryptedOutStream.write(tmp);
+ encryptedOutStream.flush();
+ }
+ return encryptedOutStream.toByteArray();
+ }
+ catch (final IOException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ }
+
+ public Serializable decrypt(final byte[] bytes) throws SecurityServiceException
+ {
+ if (!isSecurityConfigured)
+ {
+ return null;
+ }
+ ByteArrayInputStream encryptedBytesInStream = new ByteArrayInputStream(bytes);
+
+ ByteArrayOutputStream decryptedBytesOutStream = new ByteArrayOutputStream();
+
+ byte[] decryptBytes = null;
+ try
+ {
+ byte[] buf = new byte[128];
+ int bufLenth;
+ while ( (bufLenth = encryptedBytesInStream.read(buf)) != -1)
+ {
+ byte[] tmp = CryptoUtil.decrypt( copyBytes(buf,bufLenth),(PrivateKey)key, transformation);
+ decryptedBytesOutStream.write(tmp);
+ decryptedBytesOutStream.flush();
+ decryptBytes = decryptedBytesOutStream.toByteArray();
+ }
+ }
+ catch (final IOException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ finally
+ {
+ try { decryptedBytesOutStream.close(); } catch (IOException ignore) { log.error(ignore.getMessage(),ignore); }
+ }
+
+ return toSerializable(decryptBytes);
+ }
+
+ private Serializable toSerializable(final byte[] decryptBytes) throws SecurityServiceException
+ {
+ ObjectInputStream inputStream = null;
+ try
+ {
+ inputStream = new ObjectInputStream(new ByteArrayInputStream(decryptBytes));
+ return (Serializable) inputStream.readObject();
+ }
+ catch (final IOException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ catch (final ClassNotFoundException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ finally
+ {
+ try { inputStream.close(); } catch (IOException ignore) { log.error(ignore.getMessage(), ignore); }
+ }
+ }
+
+ private static byte[] copyBytes(byte[] bytes, int length)
+ {
+ if (bytes.length == length)
+ {
+ return bytes;
+ }
+
+ byte[] newBytes = new byte[length];
+ for (int i = 0; i < length; i++)
+ {
+ newBytes[i] = bytes[i];
+ }
+ return newBytes;
+ }
+
+
+}
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfig.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfig.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfig.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -2,17 +2,17 @@
* JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
* LLC, and individual contributors by the @authors tag. See the copyright.txt
* in the distribution for a full listing of individual contributors.
- *
+ *
* This is free software; you can redistribute it and/or modify it under the
* terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
- *
+ *
* This software is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
- *
+ *
* You should have received a copy of the GNU Lesser General Public License
* along with this software; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
@@ -20,55 +20,45 @@
*/
package org.jboss.soa.esb.services.security;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
/**
* This class is indended to security related configuration properties.
- *
+ *
* @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
* @since 4.4
*/
public class SecurityConfig
{
- private String runAs;
- private String useCallerIdentity;
- private String moduleName;
+ private final String runAs;
+ private final List<String> rolesAllowed;
+ private final String useCallerIdentity;
+ private final String moduleName;
private final String callbackHandler;
private Map<String,String> properties = new HashMap<String,String>();
-
+
private SecurityConfig(
- final String runAs,
- final String useCallerIdentity,
+ final String runAs,
+ final List<String> rolesAllowed,
+ final String useCallerIdentity,
final String moduleName,
final String callbackHandler,
final Map<String,String> properties)
- {
+ {
this.runAs = runAs;
+ this.rolesAllowed = rolesAllowed;
this.useCallerIdentity = useCallerIdentity;
this.moduleName = moduleName;
this.callbackHandler= callbackHandler;
this.properties = properties;
}
-
- /**
- *
- * @param runAs - run as the specified role
- * @param useCallerIdentity - use the callers identity
- * @param moduleName - index into the jaas configuration policy file
- * @return <code>SecurityConfigInfo</code>
- */
- public static SecurityConfig createSecurityInfo(
- final String runAs,
- final String useCallerIdentity,
- final String moduleName,
- final String callbackHandler,
- final Map<String,String> properties)
- {
- return new SecurityConfig(runAs, useCallerIdentity, moduleName, callbackHandler, properties);
- }
-
+
public String getCallbackHandler()
{
return callbackHandler;
@@ -82,18 +72,12 @@
{
return useCallerIdentity;
}
-
+
public String getModuleName()
{
return moduleName;
}
- @Override
- public String toString()
- {
- return "[SecurityConfigInfo : runAs=" + runAs + ", useCallerIdentity=" + useCallerIdentity + ", moduleName=" + moduleName + ", callbackHandler=" + callbackHandler +", properties=" + properties +"]";
- }
-
public boolean hasRunAs()
{
return runAs != null;
@@ -103,5 +87,89 @@
{
return properties;
}
-
+
+ public List<String> getRolesAllowed()
+ {
+ return rolesAllowed;
+ }
+
+ @Override
+ public String toString()
+ {
+ return "[SecurityConfigInfo : runAs=" + runAs + ", useCallerIdentity=" + useCallerIdentity + ", moduleName=" + moduleName + ", callbackHandler=" + callbackHandler +", properties=" + properties +", rolesAllowed=" + rolesAllowed + "]";
+ }
+
+ public static class Builder
+ {
+ private String runAs;
+ private String rolesAllowed;
+ private String useCallerIdentity;
+ private final String moduleName;
+ private String callbackHandler;
+ private final Map<String,String> properties = new HashMap<String,String>();
+
+ public Builder(final String moduleName)
+ {
+ this.moduleName = moduleName;
+ }
+
+ public Builder runAs(final String runAs)
+ {
+ this.runAs = runAs;
+ return this;
+ }
+
+ public Builder rolesAllowed(final String rolesAllowed)
+ {
+ this.rolesAllowed = rolesAllowed;
+ return this;
+ }
+
+ public Builder useCallerIdentity(final String useCallerIdentity)
+ {
+ this.useCallerIdentity = useCallerIdentity;
+ return this;
+ }
+
+ public Builder callBackhandler(final String callbackHandler)
+ {
+ this.callbackHandler = callbackHandler;
+ return this;
+ }
+
+ public Builder property(final String name, final String value)
+ {
+ properties.put(name, value);
+ return this;
+ }
+
+ public SecurityConfig build()
+ {
+ final List<String> rolesAllowedList = new ArrayList<String>();
+ if ( rolesAllowed != null )
+ {
+ String[] split = rolesAllowed.split(",");
+ List<String> asList = Arrays.asList(split);
+ for (String roleName : asList)
+ {
+ if ( !"".equals(roleName))
+ rolesAllowedList.add(roleName.trim());
+ }
+ }
+
+ final List<String> unmodifiableRoles = Collections.unmodifiableList(rolesAllowedList);
+ final Map<String,String> unmodifiableProperties = Collections.unmodifiableMap(properties);
+ SecurityConfig securityConfig = new SecurityConfig(
+ runAs,
+ unmodifiableRoles,
+ useCallerIdentity,
+ moduleName,
+ callbackHandler,
+ unmodifiableProperties);
+
+ return securityConfig;
+ }
+
+ }
+
}
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigUtil.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigUtil.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigUtil.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -2,17 +2,17 @@
* JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
* LLC, and individual contributors by the @authors tag. See the copyright.txt
* in the distribution for a full listing of individual contributors.
- *
+ *
* This is free software; you can redistribute it and/or modify it under the
* terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
- *
+ *
* This software is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
- *
+ *
* You should have received a copy of the GNU Lesser General Public License
* along with this software; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
@@ -25,14 +25,15 @@
import org.jboss.soa.esb.helpers.ConfigTree;
import org.jboss.soa.esb.listeners.ListenerTagNames;
+import org.jboss.soa.esb.services.security.SecurityConfig.Builder;
/**
* This util class provides methods to extract information from a security
* configuration. <p/>
- *
+ *
* @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
* @since 4.4.
- *
+ *
*/
public class SecurityConfigUtil
{
@@ -40,19 +41,23 @@
public static SecurityConfig createSecurityConfig(final ConfigTree securityFragment)
{
- final String runAs = securityFragment.getAttribute(ListenerTagNames.RUN_AS_TAG);
- final String useCallersIdentity = securityFragment.getAttribute(ListenerTagNames.USE_CALLERS_IDENTIDY_TAG);
final String moduleName = securityFragment.getAttribute(ListenerTagNames.MODULE_NAME_TAG);
- final String callbackHandler = securityFragment.getAttribute(ListenerTagNames.CALLBACK_HANDLER_TAG);
+
+ Builder builder = new SecurityConfig.Builder(moduleName);
+ builder.runAs(securityFragment.getAttribute(ListenerTagNames.RUN_AS_TAG));
+ builder.useCallerIdentity(securityFragment.getAttribute(ListenerTagNames.USE_CALLERS_IDENTIDY_TAG));
+ builder.rolesAllowed(securityFragment.getAttribute(ListenerTagNames.ROLES_ALLOWED));
+ builder.callBackhandler(securityFragment.getAttribute(ListenerTagNames.CALLBACK_HANDLER_TAG));
+
final Map<String,String> properties = new HashMap<String, String>();
ConfigTree[] children = securityFragment.getChildren("property");
for (ConfigTree configTree : children)
{
String propertyName = configTree.getAttribute("name");
String propertyValue = configTree.getAttribute("value");
- properties.put(propertyName, propertyValue);
+ System.out.println(propertyName + " " + propertyValue);
+ builder.property(propertyName, propertyValue);
}
-
- return SecurityConfig.createSecurityInfo(runAs, useCallersIdentity, moduleName, callbackHandler, properties);
+ return builder.build();
}
}
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -2,17 +2,17 @@
* JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
* LLC, and individual contributors by the @authors tag. See the copyright.txt
* in the distribution for a full listing of individual contributors.
- *
+ *
* This is free software; you can redistribute it and/or modify it under the
* terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
- *
+ *
* This software is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
- *
+ *
* You should have received a copy of the GNU Lesser General Public License
* along with this software; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
@@ -21,26 +21,24 @@
package org.jboss.soa.esb.services.security;
import static org.jboss.soa.esb.services.security.principals.Group.ROLES_GROUP_NAME;
+
import java.io.Serializable;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.Set;
-
import javax.security.auth.Subject;
-import org.jboss.soa.esb.message.Message;
-
/**
- * Security Context contains security related information that
+ * Security Context contains security related information that
* is not sensitive.
* <p/>
* Note that even though a Subject object instance is serialiable,
* its private and public credentials are not(they are transient).
- * Also not that the Principal interface is not serializable but
+ * Also not that the Principal interface is not serializable but
* all implemenations should be.
- *
+ *
* @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
* @since 4.4
*
@@ -48,29 +46,42 @@
public final class SecurityContext implements Serializable
{
private static final long serialVersionUID = 1L;
-
- private Subject subject;
-
+
+ private static transient ThreadLocal<byte[]> context = new ThreadLocal<byte[]>();
+
+ public static byte[] getContext()
+ {
+ return context.get();
+ }
+
+ public static void setSecurityContext(final byte[] encrypted)
+ {
+ context.set(encrypted);
+ }
+
+ private final Subject subject;
+
public SecurityContext()
{
subject = new Subject();
}
-
+
public SecurityContext(Subject subject)
{
this.subject = subject;
}
-
+
public Subject getSubject()
{
return subject;
}
-
- public String toString()
+
+ @Override
+ public String toString()
{
return "SecurityContext [" + subject + "]";
}
-
+
public boolean isCallerInRole( final String roleName )
{
Set<Principal> principals = subject.getPrincipals();
@@ -89,26 +100,16 @@
{
return true;
}
- }
+ }
}
}
}
return false;
}
-
+
public Set<? extends Principal> getPrincipals()
{
return subject.getPrincipals();
}
-
- /**
- * Will retrieve the SecurityContext from the passed in Message.
- * @param message - the message from which the SecurityContext should be retreieved
- * @return SecuirtyContext - the currently set SecurityContext or null if none has been set.
- */
- public static SecurityContext getContext( final Message message )
- {
- return (SecurityContext) message.getProperties().getProperty( SecurityService.CONTEXT );
- }
-
+
}
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -2,17 +2,17 @@
* JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
* LLC, and individual contributors by the @authors tag. See the copyright.txt
* in the distribution for a full listing of individual contributors.
- *
+ *
* This is free software; you can redistribute it and/or modify it under the
* terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
- *
+ *
* This software is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
- *
+ *
* You should have received a copy of the GNU Lesser General Public License
* along with this software; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
@@ -31,10 +31,10 @@
/**
* This interface represents a Security service.
* <p/>
- *
+ *
* @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
* @since 4.4
- *
+ *
*/
public interface SecurityService
{
@@ -42,42 +42,43 @@
* Constant intended for usage as a key in different types of maps.
*/
String CONTEXT = "org.jboss.soa.esb.services.security.context";
+
String AUTH_REQUEST = "org.jboss.soa.esb.services.security.authRequest";
-
+
/**
* Configure the security serivce for usage. This should take care of
* reading any needed configurations required by the security system.
- *
+ *
* @throws ConfigurationException
*/
void configure() throws ConfigurationException;
-
+
/**
* Authenticates a subject.
- *
+ *
* @param securityContext - the security context to authenticate
* @throws LoginException - if the authentication was not sucessful
*/
void authenticate(final SecurityConfig securityConfig, final SecurityContext securityContext, final AuthenticationRequest authRequest) throws SecurityServiceException;
-
+
/**
* Determines if the subject contains the passed in role in it's
* set of Principals.
- *
+ *
* @param subject - the Subject instance belonging to the caller.
* @param context - the principal instance representing the role to check for.
- * @return true - if the caller has the role of
+ * @return true - if the caller has the role of
*/
boolean isCallerInRole(final Subject subject, final Principal role);
-
+
/**
* Logout and clean up of any security state.
- *
+ *
* @param securityContext
* @throws LoginException
*/
void logout(final SecurityConfig securityConfig);
-
+
/**
* Refresh the security configuration
*/
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/actions/JBossSecurityPropagator.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/actions/JBossSecurityPropagator.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/actions/JBossSecurityPropagator.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -2,17 +2,17 @@
* JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
* LLC, and individual contributors by the @authors tag. See the copyright.txt
* in the distribution for a full listing of individual contributors.
- *
+ *
* This is free software; you can redistribute it and/or modify it under the
* terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
- *
+ *
* This software is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
- *
+ *
* You should have received a copy of the GNU Lesser General Public License
* along with this software; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
@@ -20,6 +20,7 @@
*/
package org.jboss.soa.esb.services.security.actions;
+import java.security.AccessController;
import java.security.Principal;
import javax.security.auth.Subject;
@@ -28,51 +29,48 @@
import org.jboss.security.SecurityAssociation;
import org.jboss.soa.esb.actions.BeanConfiguredAction;
import org.jboss.soa.esb.message.Message;
-import org.jboss.soa.esb.services.security.SecurityContext;
-import org.jboss.soa.esb.services.security.SecurityService;
/**
- * JBossSecurityPropagator is an ESB action that can be used to
+ * JBossSecurityPropagator is an ESB action that can be used to
* propagate security information to JBoss Application Server(JBossAS).
* </p>
- * This action can be placed before an action that calls out the a
+ * This action can be placed before an action that calls out the a
* JBossAS instance, for example an EJB call.
- *
+ *
* Example config:
* <pre>{@code
* <action name="propagate" class="org.jboss.soa.esb.services.security.actions.JBossSecurityPropagator">
* <property name="runAs" value="adminRole"/>
* </action>
* }</pre>
- *
+ *
* @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
*
*/
public class JBossSecurityPropagator implements BeanConfiguredAction
{
private String runAs;
-
+
public Message process(final Message message)
{
- final SecurityContext securityContext = (SecurityContext) message.getProperties().getProperty( SecurityService.CONTEXT );
- if ( securityContext != null )
+ final Subject subject = Subject.getSubject(AccessController.getContext());
+ if(subject != null )
{
- final Subject subject = securityContext.getSubject();
final Principal principal = getPrincipal(subject);
-
+
// associate the subject with jboss security
SecurityAssociation.pushSubjectContext(subject, principal, subject.getPublicCredentials());
-
+
if ( runAs != null )
{
// associate the runAs role with jboss security
SecurityAssociation.pushRunAsIdentity(new RunAsIdentity(runAs, principal.getName()));
}
-
+
}
return message;
}
-
+
public void setRunAs(String runAs)
{
this.runAs = runAs;
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/AuthenticationRequest.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/AuthenticationRequest.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/auth/AuthenticationRequest.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -2,17 +2,17 @@
* JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
* LLC, and individual contributors by the @authors tag. See the copyright.txt
* in the distribution for a full listing of individual contributors.
- *
+ *
* This is free software; you can redistribute it and/or modify it under the
* terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
- *
+ *
* This software is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
- *
+ *
* You should have received a copy of the GNU Lesser General Public License
* along with this software; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
@@ -29,7 +29,7 @@
* information between gateways and ESB services.
* The information will be extracted from the specific transport that
* the gateway uses.
- *
+ *
* @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
* @since 4.4
*
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/util/CryptoUtil.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/util/CryptoUtil.java (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/src/org/jboss/soa/esb/services/security/util/CryptoUtil.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,121 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.util;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+
+import org.jboss.soa.esb.services.security.SecurityServiceException;
+
+/**
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
+public final class CryptoUtil
+{
+ private CryptoUtil() {}
+
+ public static byte[] decrypt(final byte[] bytes, final PrivateKey key, final String transformation) throws SecurityServiceException
+ {
+ try
+ {
+ final Cipher cipher = Cipher.getInstance(transformation);
+ cipher.init(Cipher.DECRYPT_MODE, key);
+ return cipher.doFinal(bytes);
+ }
+ catch (final NoSuchAlgorithmException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ catch (final NoSuchPaddingException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ catch (final InvalidKeyException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ catch (final IllegalBlockSizeException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ catch (final BadPaddingException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ }
+
+ public static byte[] encrypt(byte[] text, PublicKey key, String transformation) throws SecurityServiceException
+ {
+ try
+ {
+ final Cipher cipher = Cipher.getInstance(transformation);
+ cipher.init(Cipher.ENCRYPT_MODE, key);
+ return cipher.doFinal(text);
+ }
+ catch (final NoSuchAlgorithmException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ catch (final NoSuchPaddingException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ catch (InvalidKeyException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ catch (IllegalBlockSizeException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ catch (BadPaddingException e)
+ {
+ throw new SecurityServiceException(e.getMessage(), e);
+ }
+ }
+
+ public static byte[] copyBytes(final byte[] bytes, final int length)
+ {
+ byte[] newArr = null;
+ if (bytes.length == length)
+ {
+ newArr = bytes;
+ } else
+ {
+ newArr = new byte[length];
+ for (int i = 0; i < length; i++)
+ {
+ newArr[i] = bytes[i];
+ }
+ }
+ return newArr;
+ }
+
+}
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -2,17 +2,17 @@
* JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
* LLC, and individual contributors by the @authors tag. See the copyright.txt
* in the distribution for a full listing of individual contributors.
- *
+ *
* This is free software; you can redistribute it and/or modify it under the
* terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
- *
+ *
* This software is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
- *
+ *
* You should have received a copy of the GNU Lesser General Public License
* along with this software; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
@@ -40,6 +40,7 @@
import org.jboss.soa.esb.services.security.SecurityService;
import org.jboss.soa.esb.services.security.SecurityServiceException;
import org.jboss.soa.esb.services.security.TestPrincipal;
+import org.jboss.soa.esb.services.security.SecurityConfig.Builder;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
import org.jboss.soa.esb.services.security.principals.Group;
@@ -52,81 +53,101 @@
/**
* Unit test for {@link SecurityServiceImpl}
* <p/>
- *
+ *
* @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
* @since 4.4
*/
public class JaasSecurityServiceUnitTest
{
- private SecurityService service = new JaasSecurityService();
- private Subject subject = new Subject();
- private String jbossEsbProperties;
-
+ private final SecurityService service = new JaasSecurityService();
+ private final Subject subject = new Subject();
+ private String jbossEsbProperties;
+
@Test
public void authenticateUserpassword() throws ConfigurationException, SecurityServiceException
{
final String userName = "testUser";
final String password = "testPassword";
- SecurityConfig configInfo = SecurityConfig.createSecurityInfo(null, null, "UserPassLogin", "org.jboss.internal.soa.esb.services.security.UserPassCallbackHandler", null);
+ Builder builder = new SecurityConfig.Builder("UserPassLogin");
+ builder.callBackhandler("org.jboss.internal.soa.esb.services.security.UserPassCallbackHandler");
+ SecurityConfig configInfo = builder.build();
TestPrincipal principal = new TestPrincipal(userName);
Set<Object> credentials = new HashSet<Object>();
credentials.add(password);
-
+
AuthenticationRequest authRequest = new AuthenticationRequestImpl.Builder(principal, credentials).bulid();
SecurityContext context = new SecurityContext(subject);
service.configure();
service.authenticate(configInfo, context, authRequest);
-
+
Set<TestPrincipal> principals = subject.getPrincipals( TestPrincipal.class );
assertEquals( 1, principals.size() );
assertEquals( userName, principals.iterator().next().getName() );
}
-
+
@Test
public void authenticateWithRole() throws ConfigurationException, SecurityServiceException
{
- SecurityConfig configInfo = SecurityConfig.createSecurityInfo("adminRole", null, "SuccessfulLogin", null, null);
+ Builder builder = new SecurityConfig.Builder("SuccessfulLogin");
+ builder.runAs("adminRole");
+ SecurityConfig configInfo = builder.build();
SecurityContext context = new SecurityContext(subject);
service.authenticate(configInfo, context, null);
Set<Principal> principals = subject.getPrincipals( Principal.class );
assertEquals( 2, principals.size() );
}
-
+
@Test
public void authenticateWithExistingRole() throws ConfigurationException, SecurityServiceException
{
- SecurityConfig configInfo = SecurityConfig.createSecurityInfo("adminRole", null, "SuccessfulLogin", null, null);
+ Builder builder = new SecurityConfig.Builder("SuccessfulLogin");
+ builder.runAs("adminRole");
+ SecurityConfig configInfo = builder.build();
Group group = new Group("Roles");
group.addMember(new Role("adminRole1"));
-
+
subject.getPrincipals().add(group);
-
+
SecurityContext context = new SecurityContext(subject);
service.authenticate(configInfo, context, null);
-
+
Set<Principal> principals = subject.getPrincipals( Principal.class );
assertEquals( 2, principals.size() );
}
-
+
@Test
- public void isCallerInRole() throws SecurityServiceException
+ public void isCallerInRole() throws SecurityServiceException
{
final String roleName = "adminRole";
- SecurityConfig configInfo = SecurityConfig.createSecurityInfo(roleName, null, "SuccessfulLogin", null, null);
+ Builder builder = new SecurityConfig.Builder("SuccessfulLogin");
+ builder.runAs(roleName);
+ SecurityConfig configInfo = builder.build();
SecurityContext context = new SecurityContext(subject);
service.authenticate(configInfo, context, null);
assertTrue( service.isCallerInRole(subject, new Role(roleName)));
}
-
+
@Test ( expected = SecurityServiceException.class )
public void loginFailure() throws ConfigurationException, SecurityServiceException
{
- SecurityConfig configInfo = SecurityConfig.createSecurityInfo(null, null, "FailureLogin", null, null);
+ Builder builder = new SecurityConfig.Builder("FailureLogin");
+ SecurityConfig configInfo = builder.build();
SecurityContext context = new SecurityContext(subject);
service.authenticate( configInfo, context, null );
}
-
+
@Test
+ public void rolesAllowed() throws ConfigurationException, SecurityServiceException
+ {
+ Builder builder = new SecurityConfig.Builder("SuccessfulLogin");
+ builder.runAs("esbRole");
+ builder.rolesAllowed("esbRole");
+ SecurityConfig configInfo = builder.build();
+ SecurityContext context = new SecurityContext(subject);
+ service.authenticate( configInfo, context, null );
+ }
+
+ @Test
public void refresh() throws SecurityServiceException
{
Runnable runnable = new Runnable()
@@ -144,22 +165,23 @@
t2.start();
}
}
-
+
private void threadLogin()
{
- SecurityConfig configInfo = SecurityConfig.createSecurityInfo(null, null, "SuccessfulLogin", null, null);
+ Builder builder = new SecurityConfig.Builder("SuccessfulLogin");
+ SecurityConfig configInfo = builder.build();
SecurityContext context = new SecurityContext(new Subject());
service.refreshSecurityConfig();
try
{
service.authenticate( configInfo, context, null );
- }
+ }
catch (SecurityServiceException e)
{
fail(e.getMessage());
}
}
-
+
@Before
public void setup() throws ConfigurationException
{
@@ -168,17 +190,17 @@
System.setProperty(Environment.PROPERTIES_FILE, "abs://" + resource.getFile());
service.configure();
}
-
+
@After
public void tearDown()
{
if ( jbossEsbProperties != null )
System.setProperty(Environment.PROPERTIES_FILE, jbossEsbProperties);
}
-
+
public static junit.framework.Test suite()
{
return new JUnit4TestAdapter( JaasSecurityServiceUnitTest.class );
}
-
+
}
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/PrivateCryptoUtilUnitTest.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/PrivateCryptoUtilUnitTest.java (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/PrivateCryptoUtilUnitTest.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,89 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.internal.soa.esb.services.security;
+
+import static org.junit.Assert.*;
+import static org.junit.Assert.assertEquals;
+
+import java.io.IOException;
+import java.io.Serializable;
+import java.net.URL;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.Security;
+
+import javax.crypto.SealedObject;
+
+import junit.framework.JUnit4TestAdapter;
+
+import org.jboss.soa.esb.ConfigurationException;
+import org.jboss.soa.esb.common.Environment;
+import org.jboss.soa.esb.services.security.SecurityServiceException;
+import org.jboss.soa.esb.util.ClassUtil;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * Unit test for PrivateCryptoUtil.
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
+public class PrivateCryptoUtilUnitTest
+{
+ private String jbossEsbProperties;
+
+ @Test
+ public void encryptAndDecrypt() throws SecurityServiceException
+ {
+ String object = "some texti: dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd";
+ byte[] encrypted = PrivateCryptoUtil.INSTANCE.encrypt(object);
+ assertFalse(object.equals(new String(encrypted)));
+
+ Serializable plainObject = PrivateCryptoUtil.INSTANCE.decrypt(encrypted);
+ assertEquals(object, plainObject);
+ }
+
+ @Before
+ public void setup() throws ConfigurationException
+ {
+ jbossEsbProperties = System.getProperty(Environment.PROPERTIES_FILE);
+ URL resource = ClassUtil.getResource("security-properties.xml", getClass());
+ System.setProperty(Environment.PROPERTIES_FILE, "abs://" + resource.getFile());
+ }
+
+ @After
+ public void tearDown()
+ {
+ if ( jbossEsbProperties != null )
+ {
+ System.setProperty(Environment.PROPERTIES_FILE, jbossEsbProperties);
+ }
+ }
+
+ public static junit.framework.Test suite()
+ {
+ return new JUnit4TestAdapter(PrivateCryptoUtilUnitTest.class);
+ }
+
+}
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/privateKeyStore
===================================================================
(Binary files differ)
Property changes on: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/privateKeyStore
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/security-properties.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/security-properties.xml 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/security-properties.xml 2008-09-12 09:01:29 UTC (rev 22707)
@@ -41,6 +41,12 @@
<property name="org.jboss.soa.esb.services.security.implementationClass" value="org.jboss.internal.soa.esb.services.security.JaasSecurityService"/>
<property name="org.jboss.soa.esb.services.security.callbackHandler" value="org.jboss.internal.soa.esb.services.security.UserPassCallbackHandler"/>
<property name="org.jboss.soa.esb.services.security.configUrl" value="jaas.login"/>
+
+ <property name="org.jboss.soa.esb.services.security.privateKeystore" value="privateKeyStore"/>
+ <property name="org.jboss.soa.esb.services.security.privateKeystorePassword" value="testKeystorePassword"/>
+ <property name="org.jboss.soa.esb.services.security.privateKeyAlias" value="testAlias"/>
+ <property name="org.jboss.soa.esb.services.security.privateKeyPassword" value="testPassword"/>
+
</properties>
<properties name="registry">
<property name="org.jboss.soa.esb.registry.queryManagerURI" value="org.apache.juddi.registry.local.InquiryService#inquire"/>
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/webservice/BaseWebServiceUnitTest.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/webservice/BaseWebServiceUnitTest.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/webservice/BaseWebServiceUnitTest.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -2,17 +2,17 @@
* JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
* LLC, and individual contributors by the @authors tag. See the copyright.txt
* in the distribution for a full listing of individual contributors.
- *
+ *
* This is free software; you can redistribute it and/or modify it under the
* terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
- *
+ *
* This software is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
- *
+ *
* You should have received a copy of the GNU Lesser General Public License
* along with this software; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
@@ -25,6 +25,7 @@
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
+import java.net.URL;
import java.security.cert.X509Certificate;
import javax.xml.parsers.ParserConfigurationException;
@@ -38,19 +39,25 @@
import org.jboss.internal.soa.esb.services.registry.MockRegistry;
import org.jboss.soa.esb.ConfigurationException;
import org.jboss.soa.esb.addressing.EPR;
+import org.jboss.soa.esb.common.Environment;
import org.jboss.soa.esb.listeners.message.MessageDeliverException;
import org.jboss.soa.esb.message.Message;
+import org.jboss.soa.esb.services.security.PublicCryptoUtil;
import org.jboss.soa.esb.services.security.SecurityService;
+import org.jboss.soa.esb.services.security.SecurityServiceException;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
import org.jboss.soa.esb.services.security.auth.ws.WSTestUtil;
+import org.jboss.soa.esb.util.ClassUtil;
+import org.junit.After;
import org.junit.AfterClass;
+import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.xml.sax.SAXException;
/**
* Unittest for {@link BaseWebService}
- *
+ *
* @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
*
*/
@@ -59,38 +66,45 @@
private static String serviceCategory = "cat";
private static String serviceName = "name";
private static MockCourier mockCourier;
-
+ private String jbossEsbProperties;
+
@Test
- public void invokeWithBinarySecurityTokenHeader() throws ParserConfigurationException, SAXException, IOException, SOAPException, MessageDeliverException
+ public void invokeWithBinarySecurityTokenHeader() throws ParserConfigurationException, SAXException, IOException, SOAPException, MessageDeliverException, SecurityServiceException
{
SOAPMessage soap = WSTestUtil.createMessage("soap-keys-example.xml", BaseWebServiceUnitTest.class);
MockBaseWebService service = new MockBaseWebService(serviceCategory, serviceName);
service.invoke(soap);
-
+
Message esbMessage = service.getEsbMessage();
- AuthenticationRequest authRequest = (AuthenticationRequest) esbMessage.getProperties().getProperty( SecurityService.AUTH_REQUEST );
+ byte[] encrypted = (byte[]) esbMessage.getProperties().getProperty( SecurityService.AUTH_REQUEST );
+ assertNotNull("AuthRequest should have been encrypted", encrypted );
+
+ AuthenticationRequest authRequest = (AuthenticationRequest) PublicCryptoUtil.INSTANCE.decrypt(encrypted);
assertNotNull( authRequest );
assertTrue(authRequest.getCredentials().size() == 1 );
assertTrue(authRequest.getCredentials().iterator().next() instanceof X509Certificate );
}
-
+
@Test
- public void invokeWithUsernameTokenHeader() throws ParserConfigurationException, SAXException, IOException, SOAPException, MessageDeliverException
+ public void invokeWithUsernameTokenHeader() throws ParserConfigurationException, SAXException, IOException, SOAPException, MessageDeliverException, SecurityServiceException
{
SOAPMessage soap = WSTestUtil.createMessage("soap-userpass-example.xml", BaseWebServiceUnitTest.class);
MockBaseWebService service = new MockBaseWebService(serviceCategory, serviceName);
service.invoke(soap);
-
+
Message esbMessage = service.getEsbMessage();
- AuthenticationRequest authRequest = (AuthenticationRequest) esbMessage.getProperties().getProperty( SecurityService.AUTH_REQUEST );
+ byte[] encrypted = (byte[]) esbMessage.getProperties().getProperty( SecurityService.AUTH_REQUEST );
+ assertNotNull("AuthRequest should have been encrypted", encrypted );
+
+ AuthenticationRequest authRequest = (AuthenticationRequest) PublicCryptoUtil.INSTANCE.decrypt(encrypted);
assertNotNull( authRequest );
assertEquals("Clark", authRequest.getPrincipal().getName());
assertTrue(authRequest.getCredentials().size() == 1 );
assertTrue(authRequest.getCredentials().iterator().next() instanceof char[] );
}
-
+
@BeforeClass
- public static void setup() throws ConfigurationException, URISyntaxException
+ public static void classSetup() throws ConfigurationException, URISyntaxException
{
MockCourierFactory.install();
MockRegistry.install();
@@ -98,14 +112,29 @@
mockCourier = new MockCourier(true);
MockRegistry.register(serviceCategory, serviceName, epr, mockCourier);
}
-
+
@AfterClass
- public static void tearDown()
+ public static void classTearDown()
{
MockRegistry.uninstall();
MockCourierFactory.uninstall();
}
-
+
+ @Before
+ public void setup() throws ConfigurationException
+ {
+ jbossEsbProperties = System.getProperty(Environment.PROPERTIES_FILE);
+ URL resource = ClassUtil.getResource("security-properties.xml", getClass());
+ System.setProperty(Environment.PROPERTIES_FILE, "abs://" + resource.getFile());
+ }
+
+ @After
+ public void tearDown()
+ {
+ if ( jbossEsbProperties != null )
+ System.setProperty(Environment.PROPERTIES_FILE, jbossEsbProperties);
+ }
+
public static junit.framework.Test suite()
{
return new JUnit4TestAdapter(BaseWebServiceUnitTest.class);
@@ -114,22 +143,22 @@
private class MockBaseWebService extends BaseWebService
{
private Message esbMessage;
-
+
public Message getEsbMessage()
{
return esbMessage;
}
-
+
protected MockBaseWebService(String category, String name) throws MessageDeliverException
{
super(category, name);
}
-
+
@Override
protected Message deliverMessage(Message request) throws Exception
{
this.esbMessage = request;
-
+
return request;
}
}
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/webservice/no-security-properties.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/webservice/no-security-properties.xml (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/webservice/no-security-properties.xml 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ JBoss, Home of Professional Open Source
+ Copyright 2006, JBoss Inc., and others contributors as indicated
+ by the @authors tag. All rights reserved.
+ See the copyright.txt in the distribution for a
+ full listing of individual contributors.
+ This copyrighted material is made available to anyone wishing to use,
+ modify, copy, or redistribute it subject to the terms and conditions
+ of the GNU Lesser General Public License, v. 2.1.
+ This program is distributed in the hope that it will be useful, but WITHOUT A
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ You should have received a copy of the GNU Lesser General Public License,
+ v.2.1 along with this distribution; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301, USA.
+
+ (C) 2005-2006,
+ @author JBoss Inc.
+-->
+<!-- $Id: jbossesb-unittest-properties.xml $ -->
+<!--
+ These options are described in the JBossESB manual.
+ Defaults are provided here for convenience only.
+
+ Please read through this file prior to using the system, and consider
+ updating the specified entries.
+-->
+<esb
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:noNamespaceSchemaLocation="jbossesb-1_0.xsd">
+ <properties name="core">
+ <property name="org.jboss.soa.esb.jndi.server.context.factory" value="org.jnp.interfaces.NamingContextFactory"/>
+ <property name="org.jboss.soa.esb.jndi.server.url" value="${jboss.esb.bind.address}:1099"/>
+ <property name="org.jboss.soa.esb.persistence.connection.factory" value="org.jboss.internal.soa.esb.persistence.format.MessageStoreFactoryImpl"/>
+ <property name="org.jboss.soa.esb.loadbalancer.policy" value="org.jboss.soa.esb.listeners.ha.RoundRobin"/>
+ <property name="jboss.esb.invm.scope.default" value="NONE"/>
+ </properties>
+ <properties name="registry">
+ <property name="org.jboss.soa.esb.registry.queryManagerURI" value="org.apache.juddi.registry.local.InquiryService#inquire"/>
+ <property name="org.jboss.soa.esb.registry.lifeCycleManagerURI" value="org.apache.juddi.registry.local.PublishService#publish"/>
+ <property name="org.jboss.soa.esb.registry.implementationClass" value="org.jboss.internal.soa.esb.services.registry.JAXRRegistryImpl"/>
+ <property name="org.jboss.soa.esb.registry.factoryClass" value="org.apache.ws.scout.registry.ConnectionFactoryImpl"/>
+ <property name="org.jboss.soa.esb.registry.user" value="jbossesb"/>
+ <property name="org.jboss.soa.esb.registry.password" value="password"/>
+ <!-- the following parameter is scout specific to set the type of communication between scout and the UDDI (embedded, rmi, soap) -->
+ <property name="org.jboss.soa.esb.scout.proxy.transportClass" value="org.apache.ws.scout.transport.LocalTransport"/>
+ </properties>
+ <properties name="transports" depends="core">
+ <property name="org.jboss.soa.esb.mail.smtp.host" value="localhost"/>
+ <property name="org.jboss.soa.esb.mail.smtp.user" value="jbossesb"/>
+ <property name="org.jboss.soa.esb.mail.smtp.password" value=""/>
+ <property name="org.jboss.soa.esb.mail.smtp.port" value="25"/>
+ <property name="org.jboss.soa.esb.mail.smtp.auth" value="true"/>
+ <property name="org.jboss.soa.esb.ftp.localdir" value="/tmp"/>
+ <property name="org.jboss.soa.esb.ftp.remotedir" value="/tmp"/>
+ <property name="org.jboss.soa.esb.jms.connectionPool" value="20"/>
+ <property name="org.jboss.soa.esb.jms.sessionSleep" value="30"/>
+ </properties>
+ <properties name="connection">
+ <property name="min-pool-size" value="5"/>
+ <property name="max-pool=size" value="10"/>
+ <property name="blocking-timeout-millis" value="5000"/>
+ <property name="abandoned-connection-timeout" value="10000"/>
+ <property name="abandoned-connection-time-interval" value="30000"/>
+ </properties>
+ <properties name="dbstore">
+
+ <!-- connection manager type -->
+ <!-- <property name="org.jboss.soa.esb.persistence.db.conn.manager" value="org.jboss.internal.soa.esb.persistence.manager.StandaloneConnectionManager"/> -->
+ <property name="org.jboss.soa.esb.persistence.db.conn.manager" value="org.jboss.internal.soa.esb.persistence.manager.J2eeConnectionManager"/>
+
+ <!-- this property is only used if using the j2ee connection manager -->
+ <property name="org.jboss.soa.esb.persistence.db.datasource.name" value="java:/JBossESBDS"/>
+
+ <!-- standalone connection pooling settings -->
+ <property name="org.jboss.soa.esb.persistence.db.connection.url" value="jdbc:hsqldb:hsql://localhost:9001/"/>
+ <property name="org.jboss.soa.esb.persistence.db.jdbc.driver" value="org.hsqldb.jdbcDriver"/>
+ <property name="org.jboss.soa.esb.persistence.db.user" value="sa"/>
+ <property name="org.jboss.soa.esb.persistence.db.pwd" value=""/>
+ <property name="org.jboss.soa.esb.persistence.db.pool.initial.size" value="2"/>
+ <property name="org.jboss.soa.esb.persistence.db.pool.min.size" value="2"/>
+ <property name="org.jboss.soa.esb.persistence.db.pool.max.size" value="5"/>
+ <!--table managed by pool to test for valid connections - created by pool automatically -->
+ <property name="org.jboss.soa.esb.persistence.db.pool.test.table" value="pooltest"/>
+ <property name="org.jboss.soa.esb.persistence.db.pool.timeout.millis" value="5000"/>
+
+ </properties>
+ <properties name="filters">
+ <property name="org.jboss.soa.esb.filter.1" value="org.jboss.internal.soa.esb.message.filter.MetaDataFilter"/>
+ <property name="org.jboss.soa.esb.filter.2" value="org.jboss.internal.soa.esb.message.filter.GatewayFilter"/>
+ </properties>
+</esb>
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/webservice/publicKeyStore
===================================================================
(Binary files differ)
Property changes on: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/webservice/publicKeyStore
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/webservice/security-properties.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/webservice/security-properties.xml (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/internal/soa/esb/webservice/security-properties.xml 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ JBoss, Home of Professional Open Source
+ Copyright 2006, JBoss Inc., and others contributors as indicated
+ by the @authors tag. All rights reserved.
+ See the copyright.txt in the distribution for a
+ full listing of individual contributors.
+ This copyrighted material is made available to anyone wishing to use,
+ modify, copy, or redistribute it subject to the terms and conditions
+ of the GNU Lesser General Public License, v. 2.1.
+ This program is distributed in the hope that it will be useful, but WITHOUT A
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ You should have received a copy of the GNU Lesser General Public License,
+ v.2.1 along with this distribution; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301, USA.
+
+ (C) 2005-2006,
+ @author JBoss Inc.
+-->
+<!-- $Id: jbossesb-unittest-properties.xml $ -->
+<!--
+ These options are described in the JBossESB manual.
+ Defaults are provided here for convenience only.
+
+ Please read through this file prior to using the system, and consider
+ updating the specified entries.
+-->
+<esb
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:noNamespaceSchemaLocation="jbossesb-1_0.xsd">
+ <properties name="core">
+ <property name="org.jboss.soa.esb.jndi.server.context.factory" value="org.jnp.interfaces.NamingContextFactory"/>
+ <property name="org.jboss.soa.esb.jndi.server.url" value="${jboss.esb.bind.address}:1099"/>
+ <property name="org.jboss.soa.esb.persistence.connection.factory" value="org.jboss.internal.soa.esb.persistence.format.MessageStoreFactoryImpl"/>
+ <property name="org.jboss.soa.esb.loadbalancer.policy" value="org.jboss.soa.esb.listeners.ha.RoundRobin"/>
+ <property name="jboss.esb.invm.scope.default" value="NONE"/>
+ </properties>
+ <properties name="security">
+ <property name="org.jboss.soa.esb.services.security.implementationClass" value="org.jboss.internal.soa.esb.services.security.JaasSecurityService"/>
+ <property name="org.jboss.soa.esb.services.security.callbackHandler" value="org.jboss.internal.soa.esb.services.security.UserPassCallbackHandler"/>
+ <property name="org.jboss.soa.esb.services.security.configUrl" value="jaas.login"/>
+
+ <property name="org.jboss.soa.esb.services.security.publicKeystore" value="publicKeyStore"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeystorePassword" value="testKeystorePassword"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeyAlias" value="testAlias"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeyPassword" value="testPassword"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeyTransformation" value="RSA/ECB/PKCS1Padding"/>
+ </properties>
+ <properties name="registry">
+ <property name="org.jboss.soa.esb.registry.queryManagerURI" value="org.apache.juddi.registry.local.InquiryService#inquire"/>
+ <property name="org.jboss.soa.esb.registry.lifeCycleManagerURI" value="org.apache.juddi.registry.local.PublishService#publish"/>
+ <property name="org.jboss.soa.esb.registry.implementationClass" value="org.jboss.internal.soa.esb.services.registry.JAXRRegistryImpl"/>
+ <property name="org.jboss.soa.esb.registry.factoryClass" value="org.apache.ws.scout.registry.ConnectionFactoryImpl"/>
+ <property name="org.jboss.soa.esb.registry.user" value="jbossesb"/>
+ <property name="org.jboss.soa.esb.registry.password" value="password"/>
+ <!-- the following parameter is scout specific to set the type of communication between scout and the UDDI (embedded, rmi, soap) -->
+ <property name="org.jboss.soa.esb.scout.proxy.transportClass" value="org.apache.ws.scout.transport.LocalTransport"/>
+ </properties>
+ <properties name="transports" depends="core">
+ <property name="org.jboss.soa.esb.mail.smtp.host" value="localhost"/>
+ <property name="org.jboss.soa.esb.mail.smtp.user" value="jbossesb"/>
+ <property name="org.jboss.soa.esb.mail.smtp.password" value=""/>
+ <property name="org.jboss.soa.esb.mail.smtp.port" value="25"/>
+ <property name="org.jboss.soa.esb.mail.smtp.auth" value="true"/>
+ <property name="org.jboss.soa.esb.ftp.localdir" value="/tmp"/>
+ <property name="org.jboss.soa.esb.ftp.remotedir" value="/tmp"/>
+ <property name="org.jboss.soa.esb.jms.connectionPool" value="20"/>
+ <property name="org.jboss.soa.esb.jms.sessionSleep" value="30"/>
+ </properties>
+ <properties name="connection">
+ <property name="min-pool-size" value="5"/>
+ <property name="max-pool=size" value="10"/>
+ <property name="blocking-timeout-millis" value="5000"/>
+ <property name="abandoned-connection-timeout" value="10000"/>
+ <property name="abandoned-connection-time-interval" value="30000"/>
+ </properties>
+ <properties name="dbstore">
+
+ <!-- connection manager type -->
+ <!-- <property name="org.jboss.soa.esb.persistence.db.conn.manager" value="org.jboss.internal.soa.esb.persistence.manager.StandaloneConnectionManager"/> -->
+ <property name="org.jboss.soa.esb.persistence.db.conn.manager" value="org.jboss.internal.soa.esb.persistence.manager.J2eeConnectionManager"/>
+
+ <!-- this property is only used if using the j2ee connection manager -->
+ <property name="org.jboss.soa.esb.persistence.db.datasource.name" value="java:/JBossESBDS"/>
+
+ <!-- standalone connection pooling settings -->
+ <property name="org.jboss.soa.esb.persistence.db.connection.url" value="jdbc:hsqldb:hsql://localhost:9001/"/>
+ <property name="org.jboss.soa.esb.persistence.db.jdbc.driver" value="org.hsqldb.jdbcDriver"/>
+ <property name="org.jboss.soa.esb.persistence.db.user" value="sa"/>
+ <property name="org.jboss.soa.esb.persistence.db.pwd" value=""/>
+ <property name="org.jboss.soa.esb.persistence.db.pool.initial.size" value="2"/>
+ <property name="org.jboss.soa.esb.persistence.db.pool.min.size" value="2"/>
+ <property name="org.jboss.soa.esb.persistence.db.pool.max.size" value="5"/>
+ <!--table managed by pool to test for valid connections - created by pool automatically -->
+ <property name="org.jboss.soa.esb.persistence.db.pool.test.table" value="pooltest"/>
+ <property name="org.jboss.soa.esb.persistence.db.pool.timeout.millis" value="5000"/>
+
+ </properties>
+ <properties name="filters">
+ <property name="org.jboss.soa.esb.filter.1" value="org.jboss.internal.soa.esb.message.filter.MetaDataFilter"/>
+ <property name="org.jboss.soa.esb.filter.2" value="org.jboss.internal.soa.esb.message.filter.GatewayFilter"/>
+ </properties>
+</esb>
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/PublicCryptoUtilUnitTest.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/PublicCryptoUtilUnitTest.java (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/PublicCryptoUtilUnitTest.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,94 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+
+import java.io.IOException;
+import java.io.Serializable;
+import java.net.URL;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.Security;
+
+import junit.framework.JUnit4TestAdapter;
+
+import org.jboss.soa.esb.ConfigurationException;
+import org.jboss.soa.esb.common.Environment;
+import org.jboss.soa.esb.util.ClassUtil;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * Unit test for PublicCryptoUtil.
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
+public class PublicCryptoUtilUnitTest
+{
+ private String jbossEsbProperties;
+
+ @Test
+ public void encryptAndDecrypt() throws SecurityServiceException, InvalidKeyException, NoSuchAlgorithmException, IOException, ClassNotFoundException
+ {
+ String object = "some textaalddddddddddddddaldkfjlakjfafadlalkfdalfjkfladsjfalkfjfljsafkjalkfjjafjlkafjfjjfaadlasajfkafkjalalfkjakljdljfajfjajfljalkfjlafljalsjfjj";
+ byte[] encrypted = PublicCryptoUtil.INSTANCE.encrypt(object);
+ assertFalse(object.equals(new String(encrypted)));
+
+ Serializable unsealedObject = PublicCryptoUtil.INSTANCE.decrypt(encrypted);
+ assertEquals(object, unsealedObject);
+ }
+
+ @SuppressWarnings("unused")
+ private void dumpSecurityProviders()
+ {
+ Provider[] providers = Security.getProviders();
+ for (Provider provider : providers)
+ {
+ System.out.println(provider.getServices());
+ }
+ }
+
+ @Before
+ public void setup() throws ConfigurationException
+ {
+ jbossEsbProperties = System.getProperty(Environment.PROPERTIES_FILE);
+ URL resource = ClassUtil.getResource("security-properties.xml", getClass());
+ System.setProperty(Environment.PROPERTIES_FILE, "abs://" + resource.getFile());
+ }
+
+ @After
+ public void tearDown()
+ {
+ if ( jbossEsbProperties != null )
+ System.setProperty(Environment.PROPERTIES_FILE, jbossEsbProperties);
+ }
+
+ public static junit.framework.Test suite()
+ {
+ return new JUnit4TestAdapter(PublicCryptoUtilUnitTest.class);
+ }
+
+}
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityConfigUtilUnitTest.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityConfigUtilUnitTest.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityConfigUtilUnitTest.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -2,17 +2,17 @@
* JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
* LLC, and individual contributors by the @authors tag. See the copyright.txt
* in the distribution for a full listing of individual contributors.
- *
+ *
* This is free software; you can redistribute it and/or modify it under the
* terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
- *
+ *
* This software is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
- *
+ *
* You should have received a copy of the GNU Lesser General Public License
* along with this software; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
@@ -35,24 +35,24 @@
/**
* Unit test for {@link SecurityConfigUtil}
- *
+ *
* @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
- *
+ *
*/
public class SecurityConfigUtilUnitTest
{
- private String runAs = "kalle";
-
+ private final String runAs = "kalle";
+
@Test
public void createSecurityConfigInfoWithAuth()
{
final ConfigTree securityFragment = createSecurityFragment(runAs, null, null);
-
+
SecurityConfig securityInfo = SecurityConfigUtil.createSecurityConfig(securityFragment);
assertEquals(runAs, securityInfo.getRunAs());
assertNull(securityInfo.getUseCallerIdentity());
}
-
+
@Test
public void createSecurityConfigInfoWithoutAuth()
{
@@ -61,7 +61,7 @@
assertEquals(runAs, securityInfo.getRunAs());
assertNull(securityInfo.getUseCallerIdentity());
}
-
+
@Test
public void createSecurityConfigInfoWithUseCallersIdentity()
{
@@ -70,7 +70,7 @@
SecurityConfig securityInfo = SecurityConfigUtil.createSecurityConfig(securityFragment);
assertEquals(callersIdentity, securityInfo.getUseCallerIdentity());
}
-
+
@Test
public void createSecurityConfigInfoWithModuleName()
{
@@ -79,7 +79,7 @@
SecurityConfig securityInfo = SecurityConfigUtil.createSecurityConfig(securityFragment);
assertEquals(moduleName, securityInfo.getModuleName());
}
-
+
@Test
public void hasRunAs()
{
@@ -87,7 +87,7 @@
SecurityConfig securityInfo = SecurityConfigUtil.createSecurityConfig(securityFragment);
assertTrue(securityInfo.hasRunAs());
}
-
+
@Test
public void properties()
{
@@ -95,16 +95,26 @@
SecurityConfig securityInfo = SecurityConfigUtil.createSecurityConfig(securityFragment);
Map<String, String> properties = securityInfo.getProperties();
assertNotNull( properties );
+ assertEquals("kalle", properties.get("alias"));
}
-
+
+ @Test
+ public void rolesAllowed()
+ {
+ final ConfigTree securityFragment = createSecurityFragment(runAs, "role1, role2, ", null, null, null );
+ SecurityConfig securityInfo = SecurityConfigUtil.createSecurityConfig(securityFragment);
+ assertTrue(securityInfo.getRolesAllowed().contains("role1"));
+ assertTrue(securityInfo.getRolesAllowed().contains("role2"));
+ }
+
public static junit.framework.Test suite()
{
return new JUnit4TestAdapter(SecurityConfigUtilUnitTest.class);
}
-
+
private ConfigTree createSecurityFragment(
- final String runAs,
- final String callerIdentity,
+ final String runAs,
+ final String callerIdentity,
final String moduleName)
{
final ConfigTree securityElement = new ConfigTree(ListenerTagNames.SECURITY_TAG);
@@ -113,18 +123,33 @@
securityElement.setAttribute(ListenerTagNames.MODULE_NAME_TAG, moduleName);
return securityElement;
}
-
+
private ConfigTree createSecurityFragment(
- final String runAs,
- final String callerIdentity,
+ final String runAs,
+ final String callerIdentity,
final String moduleName,
final String alias)
{
final ConfigTree securityElement = createSecurityFragment(runAs, callerIdentity, moduleName);
- ConfigTree property = new ConfigTree("property", securityElement);
- property.setAttribute("name", "alias");
- property.setAttribute("value", alias);
+ if ( alias != null )
+ {
+ ConfigTree property = new ConfigTree("property", securityElement);
+ property.setAttribute("name", "alias");
+ property.setAttribute("value", alias);
+ }
return securityElement;
}
+ private ConfigTree createSecurityFragment(
+ final String runAs,
+ final String rolesAllowed,
+ final String callerIdentity,
+ final String moduleName,
+ final String alias)
+ {
+ final ConfigTree securityElement = createSecurityFragment(runAs, callerIdentity, moduleName, alias);
+ securityElement.setAttribute("rolesAllowed", rolesAllowed);
+ return securityElement;
+ }
+
}
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/actions/JBossSecurityPropagatorUnitTest.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/actions/JBossSecurityPropagatorUnitTest.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/actions/JBossSecurityPropagatorUnitTest.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -2,17 +2,17 @@
* JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
* LLC, and individual contributors by the @authors tag. See the copyright.txt
* in the distribution for a full listing of individual contributors.
- *
+ *
* This is free software; you can redistribute it and/or modify it under the
* terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
- *
+ *
* This software is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
- *
+ *
* You should have received a copy of the GNU Lesser General Public License
* along with this software; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
@@ -22,13 +22,13 @@
import static org.junit.Assert.*;
+import java.security.PrivilegedAction;
+
import javax.security.auth.Subject;
import org.jboss.security.SecurityAssociation;
import org.jboss.soa.esb.message.Message;
import org.jboss.soa.esb.message.format.MessageFactory;
-import org.jboss.soa.esb.services.security.SecurityContext;
-import org.jboss.soa.esb.services.security.SecurityService;
import org.jboss.soa.esb.services.security.principals.User;
import org.junit.Test;
@@ -37,7 +37,7 @@
/**
* Unittest for {@link JBossSecurityPropagator}
* </p>
- *
+ *
* @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
*
*/
@@ -46,22 +46,26 @@
@Test
public void process()
{
- JBossSecurityPropagator propagator = new JBossSecurityPropagator();
+ final JBossSecurityPropagator propagator = new JBossSecurityPropagator();
propagator.setRunAs("adminRole");
- Message message = MessageFactory.getInstance().getMessage();
+ final Message message = MessageFactory.getInstance().getMessage();
Subject subject = new Subject();
subject.getPrincipals().add(new User("testUser"));
-
- SecurityContext securityContext = new SecurityContext(subject);
- message.getProperties().setProperty( SecurityService.CONTEXT, securityContext );
-
- propagator.process(message);
-
+
+ PrivilegedAction<Message> action = new PrivilegedAction<Message>()
+ {
+ public Message run()
+ {
+ return propagator.process(message);
+ }
+ };
+
+ Message processResult = (Message) Subject.doAsPrivileged(subject, action, null);
+ assertNull(processResult.getProperties().getProperty("org.jboss.soa.esb.services.security.context"));
Subject jbossSubject = SecurityAssociation.getSubject();
- System.out.println(jbossSubject);
assertEquals( subject, jbossSubject);
}
-
+
public static junit.framework.Test suite()
{
return new JUnit4TestAdapter(JBossSecurityPropagatorUnitTest.class);
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/publicKeyStore
===================================================================
(Binary files differ)
Property changes on: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/publicKeyStore
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/security-properties.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/security-properties.xml 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/rosetta/tests/src/org/jboss/soa/esb/services/security/security-properties.xml 2008-09-12 09:01:29 UTC (rev 22707)
@@ -31,37 +31,43 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="jbossesb-1_0.xsd">
<properties name="core">
- <property name="org.jboss.soa.esb.jndi.server.type" value="jboss"/>
- <property name="org.jboss.soa.esb.jndi.server.url" value="localhost"/>
+ <property name="org.jboss.soa.esb.jndi.server.context.factory" value="org.jnp.interfaces.NamingContextFactory"/>
+ <property name="org.jboss.soa.esb.jndi.server.url" value="${jboss.esb.bind.address}:1099"/>
<property name="org.jboss.soa.esb.persistence.connection.factory" value="org.jboss.internal.soa.esb.persistence.format.MessageStoreFactoryImpl"/>
+ <property name="org.jboss.soa.esb.loadbalancer.policy" value="org.jboss.soa.esb.listeners.ha.RoundRobin"/>
<property name="jboss.esb.invm.scope.default" value="NONE"/>
</properties>
<properties name="security">
<property name="org.jboss.soa.esb.services.security.implementationClass" value="org.jboss.internal.soa.esb.services.security.JaasSecurityService"/>
+ <property name="org.jboss.soa.esb.services.security.callbackHandler" value="org.jboss.internal.soa.esb.services.security.UserPassCallbackHandler"/>
<property name="org.jboss.soa.esb.services.security.configUrl" value="jaas.login"/>
+
+ <property name="org.jboss.soa.esb.services.security.publicKeystore" value="publicKeyStore"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeystorePassword" value="testKeystorePassword"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeyAlias" value="testAlias"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeyPassword" value="testPassword"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeyTransformation" value="RSA/ECB/PKCS1Padding"/>
</properties>
- <properties name="registry">
- <property name="org.jboss.soa.esb.registry.queryManagerURI"
- value="jnp://localhost:1099/InquiryService?org.apache.juddi.registry.rmi.Inquiry#inquire"/>
- <property name="org.jboss.soa.esb.registry.lifeCycleManagerURI"
- value="jnp://localhost:1099/PublishService?org.apache.juddi.registry.rmi.Publish#publish" />
- <property name="org.jboss.soa.esb.registry.implementationClass"
- value="org.jboss.internal.soa.esb.services.registry.JAXRRegistryImpl"/>
- <property name="org.jboss.soa.esb.registry.factoryClass"
- value="org.apache.ws.scout.registry.ConnectionFactoryImpl"/>
- <property name="org.jboss.soa.esb.registry.user"
- value="jbossesb"/>
- <property name="org.jboss.soa.esb.registry.password"
- value="password"/>
+ <properties name="registry">
+ <property name="org.jboss.soa.esb.registry.queryManagerURI" value="org.apache.juddi.registry.local.InquiryService#inquire"/>
+ <property name="org.jboss.soa.esb.registry.lifeCycleManagerURI" value="org.apache.juddi.registry.local.PublishService#publish"/>
+ <property name="org.jboss.soa.esb.registry.implementationClass" value="org.jboss.internal.soa.esb.services.registry.JAXRRegistryImpl"/>
+ <property name="org.jboss.soa.esb.registry.factoryClass" value="org.apache.ws.scout.registry.ConnectionFactoryImpl"/>
+ <property name="org.jboss.soa.esb.registry.user" value="jbossesb"/>
+ <property name="org.jboss.soa.esb.registry.password" value="password"/>
<!-- the following parameter is scout specific to set the type of communication between scout and the UDDI (embedded, rmi, soap) -->
- <property name="org.jboss.soa.esb.scout.proxy.transportClass"
- value="org.apache.ws.scout.transport.RMITransport"/>
+ <property name="org.jboss.soa.esb.scout.proxy.transportClass" value="org.apache.ws.scout.transport.LocalTransport"/>
</properties>
<properties name="transports" depends="core">
<property name="org.jboss.soa.esb.mail.smtp.host" value="localhost"/>
<property name="org.jboss.soa.esb.mail.smtp.user" value="jbossesb"/>
<property name="org.jboss.soa.esb.mail.smtp.password" value=""/>
<property name="org.jboss.soa.esb.mail.smtp.port" value="25"/>
+ <property name="org.jboss.soa.esb.mail.smtp.auth" value="true"/>
+ <property name="org.jboss.soa.esb.ftp.localdir" value="/tmp"/>
+ <property name="org.jboss.soa.esb.ftp.remotedir" value="/tmp"/>
+ <property name="org.jboss.soa.esb.jms.connectionPool" value="20"/>
+ <property name="org.jboss.soa.esb.jms.sessionSleep" value="30"/>
</properties>
<properties name="connection">
<property name="min-pool-size" value="5"/>
@@ -71,20 +77,29 @@
<property name="abandoned-connection-time-interval" value="30000"/>
</properties>
<properties name="dbstore">
+
+ <!-- connection manager type -->
+ <!-- <property name="org.jboss.soa.esb.persistence.db.conn.manager" value="org.jboss.internal.soa.esb.persistence.manager.StandaloneConnectionManager"/> -->
+ <property name="org.jboss.soa.esb.persistence.db.conn.manager" value="org.jboss.internal.soa.esb.persistence.manager.J2eeConnectionManager"/>
+
+ <!-- this property is only used if using the j2ee connection manager -->
+ <property name="org.jboss.soa.esb.persistence.db.datasource.name" value="java:/JBossESBDS"/>
+
+ <!-- standalone connection pooling settings -->
<property name="org.jboss.soa.esb.persistence.db.connection.url" value="jdbc:hsqldb:hsql://localhost:9001/"/>
<property name="org.jboss.soa.esb.persistence.db.jdbc.driver" value="org.hsqldb.jdbcDriver"/>
- <property name="org.jboss.soa.esb.persistence.db.user" value="sa"/>
- <property name="org.jboss.soa.esb.persistence.db.pwd" value=""/>
+ <property name="org.jboss.soa.esb.persistence.db.user" value="sa"/>
+ <property name="org.jboss.soa.esb.persistence.db.pwd" value=""/>
<property name="org.jboss.soa.esb.persistence.db.pool.initial.size" value="2"/>
- <property name="org.jboss.soa.esb.persistence.db.pool.min.size" value="2"/>
- <property name="org.jboss.soa.esb.persistence.db.pool.max.size" value="5"/>
+ <property name="org.jboss.soa.esb.persistence.db.pool.min.size" value="2"/>
+ <property name="org.jboss.soa.esb.persistence.db.pool.max.size" value="5"/>
<!--table managed by pool to test for valid connections - created by pool automatically -->
- <property name="org.jboss.soa.esb.persistence.db.pool.test.table" value="pooltest"/>
- <!-- # of milliseconds to timeout waiting for a connection from pool -->
+ <property name="org.jboss.soa.esb.persistence.db.pool.test.table" value="pooltest"/>
<property name="org.jboss.soa.esb.persistence.db.pool.timeout.millis" value="5000"/>
- <property name="org.jboss.soa.esb.persistence.db.conn.manager" value="org.jboss.internal.soa.esb.persistence.manager.StandaloneConnectionManager"/>
+
+ </properties>
+ <properties name="filters">
+ <property name="org.jboss.soa.esb.filter.1" value="org.jboss.internal.soa.esb.message.filter.MetaDataFilter"/>
+ <property name="org.jboss.soa.esb.filter.2" value="org.jboss.internal.soa.esb.message.filter.GatewayFilter"/>
</properties>
- <properties name="messagerouting">
- <property name="org.jboss.soa.esb.routing.cbrClass" value="org.jboss.internal.soa.esb.services.routing.cbr.JBossRulesRouter"/>
- </properties>
</esb>
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/publish_as_webservice/jboss-esb.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/publish_as_webservice/jboss-esb.xml 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/publish_as_webservice/jboss-esb.xml 2008-09-12 09:01:29 UTC (rev 22707)
@@ -19,7 +19,7 @@
category="ESBServiceSample"
name="HelloWorldPubService"
description="Hello world ESB Service">
- <security moduleName="messaging" />
+ <security moduleName="messaging" rolesAllowed="adminRole,esbrole" />
<listeners>
<jms-listener name="helloWorld"
@@ -27,7 +27,7 @@
maxThreads="1"
/>
</listeners>
- <actions inXsd="/request.xsd" outXsd="/response.xsd" faultXsd="/fault.xsd" webservice="security">
+ <actions inXsd="/request.xsd" outXsd="/response.xsd" faultXsd="/fault.xsd" webservice="none">
<action name="action" class="org.jboss.soa.esb.samples.quickstart.publishAsWebservice.ESBWSListenerAction" process="displayMessage"/>
</actions>
</service>
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/publish_as_webservice/jbossesb-properties.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/publish_as_webservice/jbossesb-properties.xml 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/publish_as_webservice/jbossesb-properties.xml 2008-09-12 09:01:29 UTC (rev 22707)
@@ -36,6 +36,13 @@
<property name="org.jboss.soa.esb.persistence.connection.factory" value="org.jboss.internal.soa.esb.persistence.format.MessageStoreFactoryImpl"/>
<property name="jboss.esb.invm.scope.default" value="NONE"/>
</properties>
+ <properties name="security">
+ <property name="org.jboss.soa.esb.services.security.publicKeystore" value="/publicKeyStore"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeystorePassword" value="testKeystorePassword"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeyAlias" value="testAlias"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeyPassword" value="testPassword"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeyTransformation" value="RSA/ECB/PKCS1Padding"/>
+ </properties>
<properties name="registry">
<property name="org.jboss.soa.esb.registry.queryManagerURI"
value="jnp://localhost:1099/InquiryService?org.apache.juddi.registry.rmi.Inquiry#inquire"/>
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/publish_as_webservice/publicKeyStore
===================================================================
(Binary files differ)
Property changes on: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/publish_as_webservice/publicKeyStore
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/publish_as_webservice/src/org/jboss/soa/esb/samples/quickstart/publishAsWebservice/test/SendEsbMessage.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/publish_as_webservice/src/org/jboss/soa/esb/samples/quickstart/publishAsWebservice/test/SendEsbMessage.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/publish_as_webservice/src/org/jboss/soa/esb/samples/quickstart/publishAsWebservice/test/SendEsbMessage.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -23,6 +23,7 @@
package org.jboss.soa.esb.samples.quickstart.publishAsWebservice.test;
import java.util.Set;
+import java.io.Serializable;
import java.util.HashSet;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
import org.jboss.soa.esb.message.Message;
@@ -32,6 +33,7 @@
import org.jboss.soa.esb.services.security.principals.User;
import org.jboss.soa.esb.client.ServiceInvoker;
import org.jboss.soa.esb.couriers.FaultMessageException;
+import org.jboss.soa.esb.services.security.PublicCryptoUtil;
/**
* Standalone class with to send ESB messages to a 'known' [category,name].
@@ -62,7 +64,7 @@
AuthenticationRequest authRequest = new AuthenticationRequestImpl.Builder().username(args[3]).password(args[4].toCharArray()).bulid();
// set the authentication request on the message
- esbMessage.getProperties().setProperty( SecurityService.AUTH_REQUEST, authRequest );
+ esbMessage.getProperties().setProperty(SecurityService.AUTH_REQUEST, PublicCryptoUtil.INSTANCE.encrypt((Serializable) authRequest));
final String message = "<say:sayHi xmlns:say=\"http://www.jboss.org/sayHi\"><say:arg0>" + args[2] + "</say:arg0></say:sayHi>" ;
esbMessage.getBody().add(message);
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/build.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/build.xml (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/build.xml 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,40 @@
+<project name="Quickstart_SecurityBasic" default="run" basedir=".">
+
+ <description>
+ ${ant.project.name}
+ ${line.separator}
+ </description>
+
+ <property name="username" value="esbuser" />
+ <property name="password" value="esbpassword" />
+
+ <!-- Import the base Ant build script... -->
+ <import file="../conf/base-build.xml"/>
+
+ <target name="runtest" depends="compile"
+ description="sends a HTTP request to the JBossRemoting gateway">
+ <echo>Http Client</echo>
+ <java fork="yes" classname="org.jboss.soa.esb.samples.quickstart.securitybasic.HttpClient" failonerror="true">
+ <arg value="http"/>
+ <arg value="localhost"/>
+ <arg value="9888"/>
+ <arg value="${username}"/>
+ <arg value="${password}"/>
+ <classpath refid="exec-classpath"/>
+ </java>
+ </target>
+
+ <target name="sendesb" depends="compile" description="send esb Message to esb service">
+ <echo>Send esb message to esb service and get response</echo>
+ <java fork="yes" classname="org.jboss.soa.esb.samples.quickstart.securitybasic.test.SendEsbMessage" failonerror="true">
+ <arg value="Security"/> <!-- service category -->
+ <arg value="SimpleListenerSecured"/> <!-- service name -->
+ <arg value="Hello Secured World"/> <!-- Message text -->
+ <arg value="esbuser"/> <!-- username text -->
+ <arg value="esbpassword"/> <!-- password text -->
+ <classpath refid="exec-classpath"/>
+ </java>
+ </target>
+
+
+</project>
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/deployment.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/deployment.xml (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/deployment.xml 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,5 @@
+<jbossesb-deployment>
+ <depends>jboss.esb.quickstart.destination:service=Queue,name=quickstart_securitybasic_Request_esb</depends>
+ <depends>jboss.esb.quickstart.destination:service=Queue,name=quickstart_securitybasic_Request2_esb</depends>
+ <depends>jboss.esb.quickstart.destination:service=Queue,name=quickstart_securitybasic_Request_gw</depends>
+</jbossesb-deployment>
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jbm-queue-service.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jbm-queue-service.xml (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jbm-queue-service.xml 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <mbean code="org.jboss.jms.server.destination.QueueService"
+ name="jboss.esb.quickstart.destination:service=Queue,name=quickstart_securitybasic_Request_esb"
+ xmbean-dd="xmdesc/Queue-xmbean.xml">
+ <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
+ <depends>jboss.messaging:service=PostOffice</depends>
+ </mbean>
+ <mbean code="org.jboss.jms.server.destination.QueueService"
+ name="jboss.esb.quickstart.destination:service=Queue,name=quickstart_securitybasic_Request_gw"
+ xmbean-dd="xmdesc/Queue-xmbean.xml">
+ <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
+ <depends>jboss.messaging:service=PostOffice</depends>
+ </mbean>
+ <mbean code="org.jboss.jms.server.destination.QueueService"
+ name="jboss.esb.quickstart.destination:service=Queue,name=quickstart_securitybasic_Request_esb_reply"
+ xmbean-dd="xmdesc/Queue-xmbean.xml">
+ <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
+ <depends>jboss.messaging:service=PostOffice</depends>
+ </mbean>
+
+ <mbean code="org.jboss.jms.server.destination.QueueService"
+ name="jboss.esb.quickstart.destination:service=Queue,name=quickstart_securitybasic_Request2_esb"
+ xmbean-dd="xmdesc/Queue-xmbean.xml">
+ <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
+ <depends>jboss.messaging:service=PostOffice</depends>
+ </mbean>
+
+
+</server>
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jbmq-queue-service.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jbmq-queue-service.xml (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jbmq-queue-service.xml 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <mbean code="org.jboss.mq.server.jmx.Queue"
+ name="jboss.esb.quickstart.destination:service=Queue,name=quickstart_securitybasic_Request_esb">
+ <depends optional-attribute-name="DestinationManager">
+ jboss.mq:service=DestinationManager
+ </depends>
+ </mbean>
+ <mbean code="org.jboss.mq.server.jmx.Queue"
+ name="jboss.esb.quickstart.destination:service=Queue,name=quickstart_securitybasic_Request_gw">
+ <depends optional-attribute-name="DestinationManager">
+ jboss.mq:service=DestinationManager
+ </depends>
+ </mbean>
+ <mbean code="org.jboss.mq.server.jmx.Queue"
+ name="jboss.esb.quickstart.destination:service=Queue,name=quickstart_securitybasic_Request_esb_reply">
+ <depends optional-attribute-name="DestinationManager">
+ jboss.mq:service=DestinationManager
+ </depends>
+ </mbean>
+ <mbean code="org.jboss.mq.server.jmx.Queue"
+ name="jboss.esb.quickstart.destination:service=Queue,name=quickstart_securitybasic_Request2_esb">
+ <depends optional-attribute-name="DestinationManager">
+ jboss.mq:service=DestinationManager
+ </depends>
+ </mbean>
+
+</server>
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jboss-esb.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jboss-esb.xml (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jboss-esb.xml 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,92 @@
+<?xml version = "1.0" encoding = "UTF-8"?>
+<jbossesb xmlns="http://anonsvn.labs.jboss.com/labs/jbossesb/trunk/product/etc/schemas/xml/jbossesb-1.0.1.xsd" parameterReloadSecs="5">
+
+ <providers>
+ <jms-provider name="JMSProvider" connection-factory="ConnectionFactory">
+ <jms-bus busid="quickstartGwChannel">
+ <jms-message-filter dest-type="QUEUE" dest-name="queue/quickstart_securitybasic_Request_gw" />
+ </jms-bus>
+ <jms-bus busid="quickstartEsbChannel">
+ <jms-message-filter dest-type="QUEUE" dest-name="queue/quickstart_securitybasic_Request_esb" />
+ </jms-bus>
+ <jms-bus busid="quickstartEsbChannel2">
+ <jms-message-filter dest-type="QUEUE" dest-name="queue/quickstart_securitybasic_Request2_esb" />
+ </jms-bus>
+
+ </jms-provider>
+ <jbr-provider name="JBR-Http" protocol="http" host="localhost">
+ <jbr-bus busid="Http-1" port="9888" />
+ </jbr-provider>
+ </providers>
+
+ <services>
+ <service category="Security" name="SimpleListenerSecured" description="Hello World">
+ <security moduleName="messaging"/>
+
+ <listeners>
+ <jms-listener name="JMS-Gateway" busidref="quickstartGwChannel" maxThreads="1" is-gateway="true" />
+ <jms-listener name="helloWorld" busidref="quickstartEsbChannel" maxThreads="1" />
+
+ <jbr-listener name="Http-Gateway" busidref="Http-1" is-gateway="true">
+ <property name="synchronous" value="false"/>
+ </jbr-listener>
+
+ </listeners>
+
+ <actions mep="OneWay">
+ <action name="debug" class="org.jboss.soa.esb.actions.SystemPrintln">
+ <property name="printfull" value="false"/>
+ <property name="message" value="In Service1"/>
+ </action>
+ <action name="action1" class="org.jboss.soa.esb.samples.quickstart.securitybasic.MyListenerAction" process="displayMessage"/>
+
+ <!-- The next action is for Continuous Integration testing -->
+ <action name="testStore" class="org.jboss.soa.esb.actions.TestMessageStore"/>
+
+ <!-- Route to the "Service 2" -->
+ <action name="routeAction" class="org.jboss.soa.esb.actions.StaticRouter">
+ <property name="destinations">
+ <route-to service-category="Security" service-name="Service2"/>
+ </property>
+ </action>
+
+ </actions>
+ </service>
+
+ <service category="Security" name="Service2" description="Service 2">
+ <security moduleName="messaging" />
+ <listeners>
+ <jms-listener name="helloWorld" busidref="quickstartEsbChannel2" maxThreads="1" />
+ </listeners>
+ <actions mep="OneWay">
+ <action name="action1" class="org.jboss.soa.esb.actions.SystemPrintln">
+ <property name="printfull" value="false"/>
+ <property name="message" value="In Service2"/>
+ </action>
+ <action name="action2" class="org.jboss.soa.esb.samples.quickstart.securitybasic.MyListenerAction" process="displayMessage"/>
+
+ <!-- Route to the "Service 3"
+ <action name="routeAction" class="org.jboss.soa.esb.actions.StaticRouter">
+ <property name="destinations">
+ <route-to service-category="Security" service-name="Service3"/>
+ </property>
+ </action> -->
+ </actions>
+ </service>
+
+ <service category="Security" name="Service3" description="Service 3" invmScope="GLOBAL">
+ <security moduleName="messaging" runAs="adminRole"/>
+ <actions mep="OneWay">
+
+ <action name="propagate" class="org.jboss.soa.esb.services.security.actions.JBossSecurityPropagator">
+ <property name="runAs" value="adminRole"/>
+ </action>
+
+ </actions>
+
+ </service>
+
+
+ </services>
+
+</jbossesb>
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jbossesb-properties.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jbossesb-properties.xml (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jbossesb-properties.xml 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ JBoss, Home of Professional Open Source
+ Copyright 2006, JBoss Inc., and others contributors as indicated
+ by the @authors tag. All rights reserved.
+ See the copyright.txt in the distribution for a
+ full listing of individual contributors.
+ This copyrighted material is made available to anyone wishing to use,
+ modify, copy, or redistribute it subject to the terms and conditions
+ of the GNU Lesser General Public License, v. 2.1.
+ This program is distributed in the hope that it will be useful, but WITHOUT A
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ You should have received a copy of the GNU Lesser General Public License,
+ v.2.1 along with this distribution; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301, USA.
+
+ (C) 2005-2006,
+ @author JBoss Inc.
+-->
+<!-- $Id: jbossesb-unittest-properties.xml $ -->
+<!--
+ These options are described in the JBossESB manual.
+ Defaults are provided here for convenience only.
+
+ Please read through this file prior to using the system, and consider
+ updating the specified entries.
+-->
+<esb
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:noNamespaceSchemaLocation="jbossesb-1_0.xsd">
+ <properties name="core">
+ <property name="org.jboss.soa.esb.jndi.server.type" value="jboss"/>
+ <property name="org.jboss.soa.esb.jndi.server.url" value="localhost"/>
+ <property name="org.jboss.soa.esb.persistence.connection.factory" value="org.jboss.internal.soa.esb.persistence.format.MessageStoreFactoryImpl"/>
+ <property name="jboss.esb.invm.scope.default" value="NONE"/>
+ </properties>
+ <properties name="security">
+ <property name="org.jboss.soa.esb.services.security.implementationClass" value="org.jboss.internal.soa.esb.services.security.OpenSSOSecuritySerivce"/>
+ <property name="org.jboss.soa.esb.services.security.configUrl" value="/AMConfig.properties"/>
+
+ <property name="org.jboss.soa.esb.services.security.publicKeystore" value="/publicKeyStore"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeystorePassword" value="testKeystorePassword"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeyAlias" value="testAlias"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeyPassword" value="testPassword"/>
+ <property name="org.jboss.soa.esb.services.security.publicKeyTransformation" value="RSA/ECB/PKCS1Padding"/>
+
+ </properties>
+ <properties name="registry">
+ <property name="org.jboss.soa.esb.registry.queryManagerURI"
+ value="jnp://localhost:1099/InquiryService?org.apache.juddi.registry.rmi.Inquiry#inquire"/>
+ <property name="org.jboss.soa.esb.registry.lifeCycleManagerURI"
+ value="jnp://localhost:1099/PublishService?org.apache.juddi.registry.rmi.Publish#publish" />
+ <property name="org.jboss.soa.esb.registry.implementationClass"
+ value="org.jboss.internal.soa.esb.services.registry.JAXRRegistryImpl"/>
+ <property name="org.jboss.soa.esb.registry.factoryClass"
+ value="org.apache.ws.scout.registry.ConnectionFactoryImpl"/>
+ <property name="org.jboss.soa.esb.registry.user"
+ value="jbossesb"/>
+ <property name="org.jboss.soa.esb.registry.password"
+ value="password"/>
+ <!-- the following parameter is scout specific to set the type of communication between scout and the UDDI (embedded, rmi, soap) -->
+ <property name="org.jboss.soa.esb.scout.proxy.transportClass"
+ value="org.apache.ws.scout.transport.RMITransport"/>
+ </properties>
+ <properties name="transports" depends="core">
+ <property name="org.jboss.soa.esb.mail.smtp.host" value="localhost"/>
+ <property name="org.jboss.soa.esb.mail.smtp.user" value="jbossesb"/>
+ <property name="org.jboss.soa.esb.mail.smtp.password" value=""/>
+ <property name="org.jboss.soa.esb.mail.smtp.port" value="25"/>
+ </properties>
+ <properties name="connection">
+ <property name="min-pool-size" value="5"/>
+ <property name="max-pool=size" value="10"/>
+ <property name="blocking-timeout-millis" value="5000"/>
+ <property name="abandoned-connection-timeout" value="10000"/>
+ <property name="abandoned-connection-time-interval" value="30000"/>
+ </properties>
+ <properties name="dbstore">
+ <property name="org.jboss.soa.esb.persistence.db.connection.url" value="jdbc:hsqldb:hsql://localhost:9001/"/>
+ <property name="org.jboss.soa.esb.persistence.db.jdbc.driver" value="org.hsqldb.jdbcDriver"/>
+ <property name="org.jboss.soa.esb.persistence.db.user" value="sa"/>
+ <property name="org.jboss.soa.esb.persistence.db.pwd" value=""/>
+ <property name="org.jboss.soa.esb.persistence.db.pool.initial.size" value="2"/>
+ <property name="org.jboss.soa.esb.persistence.db.pool.min.size" value="2"/>
+ <property name="org.jboss.soa.esb.persistence.db.pool.max.size" value="5"/>
+ <!--table managed by pool to test for valid connections - created by pool automatically -->
+ <property name="org.jboss.soa.esb.persistence.db.pool.test.table" value="pooltest"/>
+ <!-- # of milliseconds to timeout waiting for a connection from pool -->
+ <property name="org.jboss.soa.esb.persistence.db.pool.timeout.millis" value="5000"/>
+ <property name="org.jboss.soa.esb.persistence.db.conn.manager" value="org.jboss.internal.soa.esb.persistence.manager.StandaloneConnectionManager"/>
+ </properties>
+ <properties name="messagerouting">
+ <property name="org.jboss.soa.esb.routing.cbrClass" value="org.jboss.internal.soa.esb.services.routing.cbr.JBossRulesRouter"/>
+ </properties>
+</esb>
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jndi.properties
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jndi.properties (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/jndi.properties 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,5 @@
+java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
+java.naming.provider.url=jnp://localhost:1099
+java.naming.factory.url.pkgs=org.jboss.naming
+java.naming.factory.url.pkgs=org.jnp.interfaces
+
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/juddi.properties
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/juddi.properties (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/juddi.properties 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,69 @@
+# jUDDI Registry Properties (used by RegistryServer)
+# see http://www.juddi.org for more information
+
+# The UDDI Operator Name
+juddi.operatorName = jUDDI.org
+
+# The i18n locale default codes
+juddi.i18n.languageCode = en
+juddi.i18n.countryCode = US
+
+# The UDDI DiscoveryURL Prefix
+juddi.discoveryURL = http://localhost:8080/juddi/uddiget.jsp?
+
+# The UDDI Operator Contact Email Address
+juddi.operatorEmailAddress = admin at juddi.org
+
+# The maximum name size and maximum number
+# of name elements allows in several of the
+# FindXxxx and SaveXxxx UDDI functions.
+juddi.maxNameLength=255
+juddi.maxNameElementsAllowed=5
+
+# The maximum number of UDDI artifacts allowed
+# per publisher. A value of '-1' indicates any
+# number of artifacts is valid (These values can be
+# overridden at the individual publisher level).
+juddi.maxBusinessesPerPublisher=25
+juddi.maxServicesPerBusiness=20
+juddi.maxBindingsPerService=10
+juddi.maxTModelsPerPublisher=100
+
+# jUDDI Authentication module to use
+juddi.auth = org.apache.juddi.auth.DefaultAuthenticator
+
+# jUDDI DataStore module currently to use
+juddi.dataStore = org.apache.juddi.datastore.jdbc.JDBCDataStore
+
+# use a dataSource (if set to false a direct
+# jdbc connection will be used.
+juddi.isUseDataSource=false
+juddi.jdbcDriver=com.mysql.jdbc.Driver
+juddi.jdbcUrl=jdbc:mysql://localhost:3306/juddi
+juddi.jdbcUsername=root
+juddi.jdbcPassword=admin
+# jUDDI DataSource to use
+# juddi.dataSource=java:comp/env/jdbc/MySqlDS
+
+# jUDDI UUIDGen implementation to use
+juddi.uuidgen = org.apache.juddi.uuidgen.DefaultUUIDGen
+
+# jUDDI Cryptor implementation to use
+juddi.cryptor = org.apache.juddi.cryptor.DefaultCryptor
+
+# jUDDI Validator to use
+juddi.validator=org.apache.juddi.validator.DefaultValidator
+
+# jUDDI Proxy Properties (used by RegistryProxy)
+juddi.proxy.adminURL = http://localhost:8080/juddi/admin
+juddi.proxy.inquiryURL = http://localhost:8080/juddi/inquiry
+juddi.proxy.publishURL = http://localhost:8080/juddi/publish
+juddi.proxy.transportClass = org.apache.juddi.proxy.AxisTransport
+juddi.proxy.securityProvider = com.sun.net.ssl.internal.ssl.Provider
+juddi.proxy.protocolHandler = com.sun.net.ssl.internal.www.protocol
+
+# JNDI settings (used by RMITransport)
+java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
+java.naming.provider.url=jnp://localhost:1099
+java.naming.factory.url.pkgs=org.jboss.naming
+
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/log4j.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/log4j.xml (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/log4j.xml 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+
+<!-- ===================================================================== -->
+<!-- -->
+<!-- Log4j Configuration -->
+<!-- -->
+<!-- ===================================================================== -->
+
+<!-- $Id: log4j.xml,v 1.26.2.5 2005/09/15 09:31:02 dimitris Exp $ -->
+
+<!--
+ | For more configuration infromation and examples see the Jakarta Log4j
+ | owebsite: http://jakarta.apache.org/log4j
+ -->
+
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
+
+ <!-- ============================== -->
+ <!-- Append messages to the console -->
+ <!-- ============================== -->
+
+ <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
+ <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
+ <param name="Target" value="System.out"/>
+ <param name="Threshold" value="INFO"/>
+
+ <layout class="org.apache.log4j.PatternLayout">
+ <!-- The default pattern: Date Priority [Category] Message\n -->
+ <param name="ConversionPattern" value="%d{ABSOLUTE} %-5p [%t][%c{1}] %m%n"/>
+ </layout>
+ </appender>
+
+ <!-- ================================= -->
+ <!-- Preserve messages in a local file -->
+ <!-- ================================= -->
+
+ <!-- A size based file rolling appender -->
+ <appender name="FILE" class="org.jboss.logging.appender.RollingFileAppender">
+ <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
+ <param name="File" value="./listener.log"/>
+ <param name="Append" value="false"/>
+ <param name="MaxFileSize" value="500KB"/>
+ <param name="MaxBackupIndex" value="1"/>
+
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d %-5p [%t][%c] %m%n"/>
+ </layout>
+ </appender>
+
+ <!-- ================ -->
+ <!-- Limit categories -->
+ <!-- ================ -->
+
+ <category name="org.jboss">
+ <priority value="WARN"/>
+ </category>
+ <category name="org.jboss.soa.esb">
+ <priority value="ERROR"/>
+ </category>
+ <category name="org.jboss.internal.soa.esb">
+ <priority value="ERROR"/>
+ </category>
+ <category name="org.apache">
+ <priority value="ERROR"/>
+ </category>
+ <category name="quickstart">
+ <priority value="DEBUG"/>
+ </category>
+ <!-- ======================= -->
+ <!-- Setup the Root category -->
+ <!-- ======================= -->
+
+ <root>
+ <appender-ref ref="CONSOLE"/>
+ <appender-ref ref="FILE"/>
+ </root>
+
+</log4j:configuration>
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/publicKeyStore
===================================================================
(Binary files differ)
Property changes on: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/publicKeyStore
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/readme.txt
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/readme.txt (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/readme.txt 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,20 @@
+Overview:
+=========
+ This quickstart demonstrates basic security in JBossESB.
+ 1. 'ant runtest' will send a HTTP request to a JBossRemoting Gatway
+ 2. 'ant sendesb' will invoke the Service directly using the ServiceInvoker
+
+Running this quickstart:
+========================
+ Please refer to 'ant help-quickstarts' for prerequisites about the quickstarts
+ and a more detailed descripton of the different ways to run the quickstarts.
+
+To Run '.esb' archive mode with JBossAS-server:
+===========================
+ 1. Type 'ant deploy'.
+ 2. Type 'ant runtest'
+ 3. Type 'ant sendesb'
+
+What to look for in this quickstart
+===================================
+
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/jboss/soa/esb/samples/quickstart/securitybasic/HttpClient.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/jboss/soa/esb/samples/quickstart/securitybasic/HttpClient.java (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/jboss/soa/esb/samples/quickstart/securitybasic/HttpClient.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,84 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.samples.quickstart.securitybasic;
+
+import org.jboss.remoting.Client;
+import org.jboss.remoting.InvokerLocator;
+import org.jboss.remoting.transport.http.HTTPMetadataConstants;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class HttpClient
+{
+ // Default locator values
+ private static String transport = "http";
+ private static String host = "localhost";
+ private static int port = 5400;
+ private static String username;
+ private static String password;
+
+ public void makeInvocation(String locatorURI) throws Throwable
+ {
+ InvokerLocator locator = new InvokerLocator(locatorURI);
+ System.out.println("Calling remoting server with locator uri of: " + locatorURI);
+
+ Client remotingClient = new Client(locator);
+ remotingClient.connect();
+
+ Map metadata = new HashMap();
+ metadata.put("TYPE", "POST");
+ metadata.put("http.basic.username", username);
+ metadata.put("http.basic.password", password);
+ remotingClient.invokeOneway( "Message payload example(just a String) ", metadata );
+
+ System.out.println("Sent http post to server.");
+ Integer responseCode = (Integer) metadata.get(HTTPMetadataConstants.RESPONSE_CODE);
+ String responseMessage = (String) metadata.get(HTTPMetadataConstants.RESPONSE_CODE_MESSAGE);
+ System.out.println("Response code from server: " + responseCode);
+ System.out.println("Response message from server: " + responseMessage);
+ remotingClient.disconnect();
+
+ }
+
+ public static void main(String[] args)
+ {
+ if(args != null && args.length == 5)
+ {
+ transport = args[0];
+ host = args[1];
+ port = Integer.parseInt(args[2]);
+ username = args[3];
+ password = args[4];
+ }
+ String locatorURI = transport + "://" + host + ":" + port;
+ HttpClient client = new HttpClient();
+ try
+ {
+ client.makeInvocation(locatorURI);
+ }
+ catch(Throwable e)
+ {
+ e.printStackTrace();
+ }
+ }
+}
+
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/jboss/soa/esb/samples/quickstart/securitybasic/MyListenerAction.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/jboss/soa/esb/samples/quickstart/securitybasic/MyListenerAction.java (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/jboss/soa/esb/samples/quickstart/securitybasic/MyListenerAction.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,56 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2006, JBoss Inc., and others contributors as indicated
+ * by the @authors tag. All rights reserved.
+ * See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ * This copyrighted material is made available to anyone wishing to use,
+ * modify, copy, or redistribute it subject to the terms and conditions
+ * of the GNU Lesser General Public License, v. 2.1.
+ * This program is distributed in the hope that it will be useful, but WITHOUT A
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ * You should have received a copy of the GNU Lesser General Public License,
+ * v.2.1 along with this distribution; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02110-1301, USA.
+ *
+ * (C) 2005-2006,
+ * @author JBoss Inc.
+ */
+package org.jboss.soa.esb.samples.quickstart.securitybasic;
+
+import java.net.URL;
+import java.io.File;
+import java.io.FilePermission;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.CodeSource;
+import java.security.Permissions;
+import java.security.PermissionCollection;
+import java.security.Policy;
+
+import javax.security.auth.Subject;
+
+import org.jboss.soa.esb.ConfigurationException;
+import org.jboss.soa.esb.actions.AbstractActionLifecycle;
+import org.jboss.soa.esb.helpers.ConfigTree;
+import org.jboss.soa.esb.message.Message;
+
+public class MyListenerAction extends AbstractActionLifecycle
+{
+
+ protected ConfigTree config;
+
+ public MyListenerAction(ConfigTree config) throws ConfigurationException
+ {
+ this.config = config;
+ }
+
+ public Message displayMessage(Message message) throws Exception
+ {
+ System.out.println("Subject in MyListenerAction : " + Subject.getSubject(AccessController.getContext()));
+ return message;
+ }
+
+}
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/jboss/soa/esb/samples/quickstart/securitybasic/test/SendEsbMessage.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/jboss/soa/esb/samples/quickstart/securitybasic/test/SendEsbMessage.java (rev 0)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/security_basic/src/org/jboss/soa/esb/samples/quickstart/securitybasic/test/SendEsbMessage.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -0,0 +1,80 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2006, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.soa.esb.samples.quickstart.securitybasic.test;
+
+import java.util.Set;
+import java.io.Serializable;
+import java.util.HashSet;
+import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
+import org.jboss.soa.esb.message.Message;
+import org.jboss.soa.esb.message.format.MessageFactory;
+import org.jboss.soa.esb.services.security.SecurityService;
+import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
+import org.jboss.soa.esb.services.security.principals.User;
+import org.jboss.soa.esb.client.ServiceInvoker;
+import org.jboss.soa.esb.couriers.FaultMessageException;
+import org.jboss.soa.esb.services.security.PublicCryptoUtil;
+
+/**
+ * Standalone class with to send ESB messages to a 'known' [category,name].
+ * <p/> arg0 - service category
+ * <br/>arg1 - service name
+ * <br/>arg2 - Text of message to send
+ * <br/>arg3 - username
+ * <br/>arg4 - password
+ *
+ * @since Version 4.0
+ *
+ */
+public class SendEsbMessage
+{
+ public static void main(String args[]) throws Exception
+ {
+// Setting the ConnectionFactory such that it will use scout
+ System.setProperty("javax.xml.registry.ConnectionFactoryClass","org.apache.ws.scout.registry.ConnectionFactoryImpl");
+
+ if (args.length < 5)
+ {
+ System.out.println("Usage SendEsbMessage <category> <name> <text to send> <username> <password>");
+ }
+ Message esbMessage = MessageFactory.getInstance().getMessage();
+
+ // create an AuthenticationRequest
+ AuthenticationRequest authRequest = new AuthenticationRequestImpl.Builder().username(args[3]).password(args[4].toCharArray()).bulid();
+
+ // set the authentication request on the message
+ esbMessage.getProperties().setProperty(SecurityService.AUTH_REQUEST, PublicCryptoUtil.INSTANCE.encrypt((Serializable) authRequest));
+
+ final String message = args[2];
+ esbMessage.getBody().add(message);
+
+ ServiceInvoker invoker = new ServiceInvoker(args[0], args[1]);
+
+ try {
+ invoker.deliverAsync(esbMessage);
+ }catch(Exception ex) {
+ ex.printStackTrace();
+ }
+ System.exit(0);
+ }
+}
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/webservice_producer_secured/jboss-esb.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/webservice_producer_secured/jboss-esb.xml 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/webservice_producer_secured/jboss-esb.xml 2008-09-12 09:01:29 UTC (rev 22707)
@@ -26,7 +26,7 @@
<services>
<service category="MyServiceCategory" name="MyWSProducerService" description="WS Frontend speaks natively to the ESB">
- <security moduleName="CertLogin" runAs="adminRole" callbackHandler="org.jboss.internal.soa.esb.services.security.CertCallbackHandler">
+ <security moduleName="CertLogin" runAs="adminRole" rolesAllowed="adminRole,users" callbackHandler="org.jboss.internal.soa.esb.services.security.CertCallbackHandler">
<property name="alias" value="jbossesb"/>
<property name="keyPassword" value="jbossesb"/>
</security>
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/webservice_producer_secured/src/org/jboss/soa/esb/samples/quickstart/webserviceproducersecured/PrintSubjectAction.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/webservice_producer_secured/src/org/jboss/soa/esb/samples/quickstart/webserviceproducersecured/PrintSubjectAction.java 2008-09-12 08:38:39 UTC (rev 22706)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/samples/quickstarts/webservice_producer_secured/src/org/jboss/soa/esb/samples/quickstart/webserviceproducersecured/PrintSubjectAction.java 2008-09-12 09:01:29 UTC (rev 22707)
@@ -50,6 +50,7 @@
public Message process(Message message) throws Exception
{
+ System.out.println("SecurityContext " + message.getProperties().getProperty("org.jboss.soa.esb.services.security.context"));
System.out.println("Subject : " + Subject.getSubject(AccessController.getContext()));
return message;
}
More information about the jboss-svn-commits
mailing list