This is the relevant code segment:
public static KeyStoreManager getInstance(UserRegistry userRegistry){
CarbonUtils.checkSecurity();
String tenantId = "0";
if (userRegistry != null) {
tenantId = new Integer(userRegistry.getTenantId()).toString();
}
if (!mtKeyStoreManagers.containsKey(tenantId)) {
mtKeyStoreManagers.put(tenantId, new
KeyStoreManager(userRegistry));
}
return mtKeyStoreManagers.get(tenantId);
}
So, let's say a tenant requires to access its keystore. The above method
will throw a Sec exception since the tenant code is not signed. So, may be
we should not allow null userRegistry or change the code to do the security
check only if it is null;
if (userRegistry == null) {
CarbonUtils.checkSecurity();
}
Azeez
On Sun, Jun 6, 2010 at 5:46 PM, Thilina Mahesh Buddhika
<[email protected]>wrote:
>
>
> On Sun, Jun 6, 2010 at 5:28 PM, Afkham Azeez <[email protected]> wrote:
>
>> Since you pass in the proper registry, I guess it is already secured.
>
>
> This method is already secured. :-)
>
> There was a security risk, as we are allowing 'null' for registry value
> which will use the gov. registry of Tenant 0.
>
> Thanks,
> Thilina
>
>
>>
>> Azeez
>>
>>
>> On Sun, Jun 6, 2010 at 5:28 PM, Afkham Azeez <[email protected]> wrote:
>>
>>> BTW, don't forget to secure that method.
>>>
>>> Azeez
>>>
>>>
>>> On Sun, Jun 6, 2010 at 4:25 PM, Thilina Mahesh Buddhika <
>>> [email protected]> wrote:
>>>
>>>> Hi,
>>>>
>>>> It is required to pass a governance system registry instance to get a
>>>> KeyStoreManager instance. If you pass a 'null', then it will pick the
>>>> tenant
>>>> 0 governance system registry instance. If it is not the requirement, then
>>>> you will have to pass the governance system registry instance of that
>>>> particular tenant.
>>>>
>>>> I will fix the java doc. of KeyStoreManager class.
>>>>
>>>> Thanks,
>>>> Thilina
>>>>
>>>>
>>>> On Sun, Jun 6, 2010 at 12:24 PM, Afkham Azeez <[email protected]> wrote:
>>>>
>>>>> Doesn't the Java doc of KeyStoreManager.getInstance mention this? If
>>>>> not, that needs to be fixed first.
>>>>>
>>>>> Azeez
>>>>>
>>>>>
>>>>> On Sun, Jun 6, 2010 at 8:38 AM, Srinath Perera <[email protected]>wrote:
>>>>>
>>>>>> Which registry to pass in to KeyStoreManager.getInstance(..)? Is it
>>>>>> system registry or user registry? Is following look ok
>>>>>>
>>>>>>
>>>>>> KeyStoreManager.getInstance(SolrServiceComponet.getRegService().getConfigUserRegistry());
>>>>>>
>>>>>> Thanks
>>>>>> Srinath
>>>>>> --
>>>>>> ============================
>>>>>> Srinath Perera, Ph.D.
>>>>>> WSO2 Inc. http://wso2.com
>>>>>> Blog: http://srinathsview.blogspot.com/
>>>>>>
>>>>>> _______________________________________________
>>>>>> Carbon-dev mailing list
>>>>>> [email protected]
>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Afkham Azeez
>>>>> Senior Software Architect & Product Manager, WSO2 WSAS; WSO2, Inc.;
>>>>> http://wso2.com, Lean . Enterprise . Middleware
>>>>> Member; Apache Software Foundation; http://www.apache.org/
>>>>> email: [email protected] cell: +94 77 3320919
>>>>> blog: http://blog.afkham.org
>>>>> twitter: http://twitter.com/afkham_azeez
>>>>> linked-in: http://lk.linkedin.com/in/afkhamazeez
>>>>>
>>>>> _______________________________________________
>>>>> Carbon-dev mailing list
>>>>> [email protected]
>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Thilina Mahesh Buddhika
>>>> Senior Software Engineer
>>>>
>>>> WSO2 Inc. ; http://wso2.com
>>>> lean . enterprise . middleware
>>>>
>>>> phone : +94 77 44 88 727
>>>> blog : http://blog.thilinamb.com
>>>>
>>>> _______________________________________________
>>>> Carbon-dev mailing list
>>>> [email protected]
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Afkham Azeez
>>> Senior Software Architect & Product Manager, WSO2 WSAS; WSO2, Inc.;
>>> http://wso2.com, Lean . Enterprise . Middleware
>>> Member; Apache Software Foundation; http://www.apache.org/
>>> email: [email protected] cell: +94 77 3320919
>>> blog: http://blog.afkham.org
>>> twitter: http://twitter.com/afkham_azeez
>>> linked-in: http://lk.linkedin.com/in/afkhamazeez
>>>
>>
>>
>>
>> --
>> Afkham Azeez
>> Senior Software Architect & Product Manager, WSO2 WSAS; WSO2, Inc.;
>> http://wso2.com, Lean . Enterprise . Middleware
>> Member; Apache Software Foundation; http://www.apache.org/
>> email: [email protected] cell: +94 77 3320919
>> blog: http://blog.afkham.org
>> twitter: http://twitter.com/afkham_azeez
>> linked-in: http://lk.linkedin.com/in/afkhamazeez
>>
>> _______________________________________________
>> Carbon-dev mailing list
>> [email protected]
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>>
>
>
> --
> Thilina Mahesh Buddhika
> Senior Software Engineer
> WSO2 Inc. ; http://wso2.com
> lean . enterprise . middleware
>
> phone : +94 77 44 88 727
> blog : http://blog.thilinamb.com
>
> _______________________________________________
> Carbon-dev mailing list
> [email protected]
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
--
Afkham Azeez
Senior Software Architect & Product Manager, WSO2 WSAS; WSO2, Inc.;
http://wso2.com, Lean . Enterprise . Middleware
Member; Apache Software Foundation; http://www.apache.org/
email: [email protected] cell: +94 77 3320919
blog: http://blog.afkham.org
twitter: http://twitter.com/afkham_azeez
linked-in: http://lk.linkedin.com/in/afkhamazeez
_______________________________________________
Carbon-dev mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
