Author: indika
Date: Tue Oct 28 01:57:05 2008
New Revision: 708485
URL: http://svn.apache.org/viewvc?rev=708485&view=rev
Log:
add mean for secret manager
improvement of code in secret manager
Added:
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/mbean/
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/mbean/SecretManagerAdmin.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/mbean/SecretManagerAdminMbean.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretRepositoryProvider.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/filebased/
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/filebased/FileBaseSecretRepository.java
- copied, changed from r707628,
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/FileBaseSecretRepository.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/filebased/FileBaseSecretRepositoryProvider.java
Removed:
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/FileBaseSecretRepository.java
synapse/trunk/java/repository/conf/secret-manager.properties
Modified:
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/xml/AbstractDBMediatorFactory.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretManager.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretRepository.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/util/datasource/factory/DataSourceFactory.java
synapse/trunk/java/modules/tasks/pom.xml
Modified:
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/xml/AbstractDBMediatorFactory.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/xml/AbstractDBMediatorFactory.java?rev=708485&r1=708484&r2=708485&view=diff
==============================================================================
---
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/xml/AbstractDBMediatorFactory.java
(original)
+++
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/config/xml/AbstractDBMediatorFactory.java
Tue Oct 28 01:57:05 2008
@@ -29,6 +29,7 @@
import org.apache.synapse.util.datasource.InMemoryDataSourceRegistry;
import org.apache.synapse.util.datasource.DBPoolView;
import org.apache.synapse.util.MBeanRepository;
+import org.apache.synapse.security.secret.SecretManager;
import org.jaxen.JaxenException;
import javax.naming.Context;
@@ -184,7 +185,14 @@
// load the minimum required properties
ds.setDriverClassName(getValue(pool, DRIVER_Q));
ds.setUsername(getValue(pool, USER_Q));
- ds.setPassword(getValue(pool, PASS_Q));
+ String password = getValue(pool, PASS_Q);
+ SecretManager secretManager = SecretManager.getInstance();
+ if (secretManager.isInitialized()) {
+ password = secretManager.getSecret(password);
+ }
+ if (password != null && !"".equals(password)) {
+ ds.setPassword(password);
+ }
ds.setUrl(getValue(pool, URL_Q));
//save loaded properties for later
Added:
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/mbean/SecretManagerAdmin.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/mbean/SecretManagerAdmin.java?rev=708485&view=auto
==============================================================================
---
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/mbean/SecretManagerAdmin.java
(added)
+++
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/mbean/SecretManagerAdmin.java
Tue Oct 28 01:57:05 2008
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.synapse.security.mbean;
+
+import org.apache.synapse.security.secret.SecretManager;
+
+
+/**
+ *
+ */
+
+public class SecretManagerAdmin implements SecretManagerAdminMbean {
+
+ public void init(String identityStorePass, String identityKeyPass, String
trustStorePass) {
+
+ SecretManager secretManager = SecretManager.getInstance();
+ secretManager.init(identityStorePass, identityKeyPass, trustStorePass);
+ }
+}
Added:
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/mbean/SecretManagerAdminMbean.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/mbean/SecretManagerAdminMbean.java?rev=708485&view=auto
==============================================================================
---
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/mbean/SecretManagerAdminMbean.java
(added)
+++
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/mbean/SecretManagerAdminMbean.java
Tue Oct 28 01:57:05 2008
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.synapse.security.mbean;
+
+/**
+ *
+ */
+
+public interface SecretManagerAdminMbean {
+
+ public void init(String identityStorePass, String identityKeyPass, String
trustStorePass);
+}
Modified:
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretManager.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretManager.java?rev=708485&r1=708484&r2=708485&view=diff
==============================================================================
---
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretManager.java
(original)
+++
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretManager.java
Tue Oct 28 01:57:05 2008
@@ -10,10 +10,11 @@
import org.apache.synapse.security.definition.IdentityKeyStoreInformation;
import org.apache.synapse.security.definition.TrustKeyStoreInformation;
import
org.apache.synapse.security.definition.factory.KeyStoreInformationFactory;
-import org.apache.synapse.security.secret.repository.FileBaseSecretRepository;
import org.apache.synapse.security.wrappers.IdentityKeyStoreWrapper;
import org.apache.synapse.security.wrappers.TrustKeyStoreWrapper;
+import org.apache.synapse.security.mbean.SecretManagerAdmin;
import org.apache.synapse.util.MiscellaneousUtil;
+import org.apache.synapse.util.MBeanRegistrar;
import java.util.Properties;
@@ -33,17 +34,15 @@
/* Property key for secretRepositories*/
private final static String SECRET_REPOSITORIES = "secretRepositories";
/* Type of the secret repository */
- private final static String TYPE = "type";
+ private final static String PROVIDER = "provider";
private final static String DOT = ".";
- /* Secret Repository type - file */
- private final static String REPO_TYPE_FILE = "file";
/*Root Secret Repository */
private SecretRepository parentRepository;
/* True , if secret manage has been started up properly- need to have a at
least one Secret Repository*/
- private boolean initialize = false;
+ private boolean initialized = false;
public static SecretManager getInstance() {
return ourInstance;
@@ -56,12 +55,18 @@
* Initializes the Secret Manager .Paswords for both trusted and private
keyStores have to be
* provided separately due to security reasons
*
- * @param properties Configuration properties for manager except
passwords
* @param identityStorePass Password to access private keyStore
* @param identityKeyPass Password to access private or secret keys
* @param trustStorePass Password to access trusted KeyStore
*/
- public void init(Properties properties, String identityStorePass, String
identityKeyPass, String trustStorePass) {
+ public void init(String identityStorePass, String identityKeyPass, String
trustStorePass) {
+
+ if (initialized) {
+ if (log.isDebugEnabled()) {
+ log.debug("Secret Manager already has been started.");
+ }
+ return;
+ }
Properties keyStoreProperties =
SynapsePropertiesLoader.loadSynapseProperties();
if (keyStoreProperties == null) {
@@ -72,14 +77,15 @@
}
String configurationFile = MiscellaneousUtil.getProperty(
- properties, SECRET_MANAGER_CONF, DEFAULT_CONF_LOCATION);
+ keyStoreProperties, SECRET_MANAGER_CONF,
DEFAULT_CONF_LOCATION);
Properties configurationProperties =
MiscellaneousUtil.loadProperties(configurationFile);
if (configurationProperties == null ||
configurationProperties.isEmpty()) {
if (log.isDebugEnabled()) {
- log.debug("Configuration properties can not be loaded form : "
+ configurationFile);
+ log.debug("Configuration properties can not be loaded form : "
+
+ configurationFile + " Will use synapse properties");
}
- return;
+ configurationProperties = keyStoreProperties;
}
@@ -100,6 +106,30 @@
return;
}
+ boolean inValid = false;
+ if (identityStorePass == null || "".equals(identityStorePass)) {
+ if (log.isDebugEnabled()) {
+ log.debug("Identity KeyStore Password cannot be found.");
+ }
+ inValid = true;
+ }
+
+ if (identityKeyPass == null || "".equals(identityKeyPass)) {
+ if (log.isDebugEnabled()) {
+ log.debug("Identity Key Password cannot be found.");
+ }
+ }
+
+ if (trustStorePass == null || "".equals(trustStorePass)) {
+ if (log.isDebugEnabled()) {
+ log.debug("Trust Store Password cannot be null.");
+ }
+ if (inValid) {
+ handleException("Either Identity or Trust keystore password is
mandotory" +
+ " in order to initialized secret manager.");
+ }
+ }
+
//Create a KeyStore Information for private key entry KeyStore
IdentityKeyStoreInformation keyStoreInformation =
KeyStoreInformationFactory.createIdentityKeyStoreInformation(keyStoreProperties);
@@ -113,8 +143,8 @@
IdentityKeyStoreWrapper identityKeyStoreWrapper = new
IdentityKeyStoreWrapper();
identityKeyStoreWrapper.init(keyStoreInformation, identityKeyPass);
- TrustKeyStoreWrapper trustStoreWrapper = new TrustKeyStoreWrapper();
- trustStoreWrapper.init(trustInformation);
+ TrustKeyStoreWrapper trustKeyStoreWrapper = new TrustKeyStoreWrapper();
+ trustKeyStoreWrapper.init(trustInformation);
SecretRepository currentParent = null;
for (String secretRepo : repositories) {
@@ -125,39 +155,49 @@
sb.append(secretRepo);
String id = sb.toString();
sb.append(DOT);
- sb.append(TYPE);
+ sb.append(PROVIDER);
- String type = MiscellaneousUtil.getProperty(
+ String provider = MiscellaneousUtil.getProperty(
configurationProperties, sb.toString(), null);
- if (type == null || "".equals(type)) {
- handleException("Repository type cannot be null ");
+ if (provider == null || "".equals(provider)) {
+ handleException("Repository provider cannot be null ");
}
- if (REPO_TYPE_FILE.equals(type)) {
+ if (log.isDebugEnabled()) {
+ log.debug("Initiating a File Based Secret Repository");
+ }
- if (log.isDebugEnabled()) {
- log.debug("Initiating a File Based Secret Repository");
- }
+ try {
- SecretRepository secretRepository = new
FileBaseSecretRepository(
- identityKeyStoreWrapper, trustStoreWrapper);
- secretRepository.init(configurationProperties, id);
- if (parentRepository == null) {
- parentRepository = secretRepository;
- }
- secretRepository.setParent(currentParent);
- currentParent = secretRepository;
- initialize = true;
+ Class aClass =
getClass().getClassLoader().loadClass(provider.trim());
+ Object instance = aClass.newInstance();
- if (log.isDebugEnabled()) {
- log.debug("Successfully Initiate a File Based Secret
Repository");
+ if (instance instanceof SecretRepositoryProvider) {
+ SecretRepository secretRepository =
((SecretRepositoryProvider) instance).
+ getSecretRepository(identityKeyStoreWrapper,
trustKeyStoreWrapper);
+ secretRepository.init(configurationProperties, id);
+ if (parentRepository == null) {
+ parentRepository = secretRepository;
+ }
+ secretRepository.setParent(currentParent);
+ currentParent = secretRepository;
+ if (log.isDebugEnabled()) {
+ log.debug("Successfully Initiate a Secret Repository
provided by : " + provider);
+ }
+ } else {
+ handleException("Invalid class as SecretRepositoryProvider
: Class Name : " + provider);
}
- } else {
- log.warn("Unsupported secret repository type : " + type);
- }
+ } catch (ClassNotFoundException e) {
+ handleException("A Secret Provider cannot be found for class
name : " + provider);
+ } catch (IllegalAccessException e) {
+ handleException("Error creating a instance from class : " +
provider);
+ } catch (InstantiationException e) {
+ handleException("Error creating a instance from class : " +
provider);
+ }
}
-
+// registerMBean();
+ initialized = true;
}
/**
@@ -167,7 +207,7 @@
* @return If there is a secret , otherwise , alias itself
*/
public String getSecret(String alias) {
- if (!initialize || parentRepository == null) {
+ if (!initialized || parentRepository == null) {
if (log.isDebugEnabled()) {
log.debug("There is no secret repository. Returning alias
itself");
}
@@ -176,8 +216,22 @@
return parentRepository.getSecret(alias);
}
- private void handleException(String msg) {
+ public boolean isInitialized() {
+ return initialized;
+ }
+
+ public void shoutDown() {
+ this.parentRepository = null;
+ this.initialized = false;
+ }
+
+ private static void handleException(String msg) {
log.error(msg);
throw new SynapseException(msg);
}
+
+ private static void registerMBean() {
+ MBeanRegistrar mBeanRegistrar = MBeanRegistrar.getInstance();
+ mBeanRegistrar.registerMBean(new SecretManagerAdmin(),
"SecurityAdminServices", "SecretManagerAdmin");
+ }
}
Modified:
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretRepository.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretRepository.java?rev=708485&r1=708484&r2=708485&view=diff
==============================================================================
---
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretRepository.java
(original)
+++
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretRepository.java
Tue Oct 28 01:57:05 2008
@@ -17,7 +17,7 @@
/**
* Returns the secret of provided alias name . An alias represents the
logical name
- * for a lookup secret
+ * for a look up secret
*
* @param alias Alias name for look up a secret
* @return Secret if there is any , otherwise ,alias itself
Added:
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretRepositoryProvider.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretRepositoryProvider.java?rev=708485&view=auto
==============================================================================
---
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretRepositoryProvider.java
(added)
+++
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/SecretRepositoryProvider.java
Tue Oct 28 01:57:05 2008
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.synapse.security.secret;
+
+import org.apache.synapse.security.wrappers.IdentityKeyStoreWrapper;
+import org.apache.synapse.security.wrappers.TrustKeyStoreWrapper;
+
+
+/**
+ *
+ */
+public interface SecretRepositoryProvider {
+
+ public SecretRepository getSecretRepository(IdentityKeyStoreWrapper
identity, TrustKeyStoreWrapper trust);
+}
Copied:
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/filebased/FileBaseSecretRepository.java
(from r707628,
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/FileBaseSecretRepository.java)
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/filebased/FileBaseSecretRepository.java?p2=synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/filebased/FileBaseSecretRepository.java&p1=synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/FileBaseSecretRepository.java&r1=707628&r2=708485&rev=708485&view=diff
==============================================================================
---
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/FileBaseSecretRepository.java
(original)
+++
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/filebased/FileBaseSecretRepository.java
Tue Oct 28 01:57:05 2008
@@ -16,7 +16,7 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.synapse.security.secret.repository;
+package org.apache.synapse.security.secret.repository.filebased;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
Added:
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/filebased/FileBaseSecretRepositoryProvider.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/filebased/FileBaseSecretRepositoryProvider.java?rev=708485&view=auto
==============================================================================
---
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/filebased/FileBaseSecretRepositoryProvider.java
(added)
+++
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/secret/repository/filebased/FileBaseSecretRepositoryProvider.java
Tue Oct 28 01:57:05 2008
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.synapse.security.secret.repository.filebased;
+
+import org.apache.synapse.security.secret.SecretRepositoryProvider;
+import org.apache.synapse.security.secret.SecretRepository;
+import org.apache.synapse.security.wrappers.IdentityKeyStoreWrapper;
+import org.apache.synapse.security.wrappers.TrustKeyStoreWrapper;
+
+
+/**
+ *
+ */
+public class FileBaseSecretRepositoryProvider implements
SecretRepositoryProvider {
+
+ public SecretRepository getSecretRepository(IdentityKeyStoreWrapper
identity , TrustKeyStoreWrapper trust) {
+ return new FileBaseSecretRepository(identity,trust);
+ }
+}
Modified:
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/util/datasource/factory/DataSourceFactory.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/util/datasource/factory/DataSourceFactory.java?rev=708485&r1=708484&r2=708485&view=diff
==============================================================================
---
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/util/datasource/factory/DataSourceFactory.java
(original)
+++
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/util/datasource/factory/DataSourceFactory.java
Tue Oct 28 01:57:05 2008
@@ -24,6 +24,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.SynapseException;
+import org.apache.synapse.security.secret.SecretManager;
import org.apache.synapse.util.datasource.DataSourceInformation;
import javax.sql.DataSource;
@@ -64,6 +65,10 @@
String user = information.getUser();
String password = information.getPassword();
+ SecretManager secretManager = SecretManager.getInstance();
+ if (secretManager.isInitialized()) {
+ password = secretManager.getSecret(password);
+ }
int defaultTransactionIsolation =
information.getDefaultTransactionIsolation();
Modified: synapse/trunk/java/modules/tasks/pom.xml
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/tasks/pom.xml?rev=708485&r1=708484&r2=708485&view=diff
==============================================================================
--- synapse/trunk/java/modules/tasks/pom.xml (original)
+++ synapse/trunk/java/modules/tasks/pom.xml Tue Oct 28 01:57:05 2008
@@ -62,9 +62,13 @@
org.apache.synapse.task.*;-split-package:=merge-last,
</Export-Package>
<Import-Package>
+ org.apache.synapse.utils.*,
org.apache.commons.io,
org.quartz.*,
- javax.transaction.*
+ javax.transaction.*,
+ org.apache.axiom.*,
+ org.apache.commons.collections.*,
+ *;resolution:=optional,
</Import-Package>
<DynamicImport-Package>*</DynamicImport-Package>
</instructions>
