http://git-wip-us.apache.org/repos/asf/incubator-taverna-server/blob/2c71f9a9/server-webapp/src/main/java/org/taverna/server/master/worker/SecurityContextDelegate.java ---------------------------------------------------------------------- diff --git a/server-webapp/src/main/java/org/taverna/server/master/worker/SecurityContextDelegate.java b/server-webapp/src/main/java/org/taverna/server/master/worker/SecurityContextDelegate.java deleted file mode 100644 index ff14986..0000000 --- a/server-webapp/src/main/java/org/taverna/server/master/worker/SecurityContextDelegate.java +++ /dev/null @@ -1,649 +0,0 @@ -/* - * Copyright (C) 2010-2012 The University of Manchester - * - * See the file "LICENSE" for license terms. - */ -package org.taverna.server.master.worker; - -import static java.lang.String.format; -import static java.util.Arrays.fill; -import static java.util.UUID.randomUUID; -import static org.taverna.server.master.defaults.Default.CERTIFICATE_FIELD_NAMES; -import static org.taverna.server.master.defaults.Default.CERTIFICATE_TYPE; -import static org.taverna.server.master.defaults.Default.CREDENTIAL_FILE_SIZE_LIMIT; -import static org.taverna.server.master.identity.WorkflowInternalAuthProvider.PREFIX; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.net.URI; -import java.rmi.RemoteException; -import java.security.GeneralSecurityException; -import java.security.Key; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import javax.annotation.Nullable; -import javax.security.auth.x500.X500Principal; -import javax.ws.rs.core.HttpHeaders; -import javax.ws.rs.core.UriBuilder; -import javax.xml.ws.handler.MessageContext; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContext; -import org.taverna.server.localworker.remote.ImplementationException; -import org.taverna.server.localworker.remote.RemoteSecurityContext; -import org.taverna.server.master.common.Credential; -import org.taverna.server.master.common.Trust; -import org.taverna.server.master.exceptions.FilesystemAccessException; -import org.taverna.server.master.exceptions.InvalidCredentialException; -import org.taverna.server.master.exceptions.NoDirectoryEntryException; -import org.taverna.server.master.interfaces.File; -import org.taverna.server.master.interfaces.TavernaSecurityContext; -import org.taverna.server.master.utils.UsernamePrincipal; - -/** - * Implementation of a security context. - * - * @author Donal Fellows - */ -public abstract class SecurityContextDelegate implements TavernaSecurityContext { - Log log = LogFactory.getLog("Taverna.Server.Worker"); - private final UsernamePrincipal owner; - private final List<Credential> credentials = new ArrayList<>(); - private final List<Trust> trusted = new ArrayList<>(); - private final RemoteRunDelegate run; - private final Object lock = new Object(); - final SecurityContextFactory factory; - - private transient Keystore keystore; - private transient Map<URI, String> uriToAliasMap; - - /** - * Initialise the context delegate. - * - * @param run - * What workflow run is this for? - * @param owner - * Who owns the workflow run? - * @param factory - * What class built this object? - */ - protected SecurityContextDelegate(RemoteRunDelegate run, - UsernamePrincipal owner, SecurityContextFactory factory) { - this.run = run; - this.owner = owner; - this.factory = factory; - } - - @Override - public SecurityContextFactory getFactory() { - return factory; - } - - @Override - public UsernamePrincipal getOwner() { - return owner; - } - - @Override - public Credential[] getCredentials() { - synchronized (lock) { - return credentials.toArray(new Credential[credentials.size()]); - } - } - - /** - * Get the human-readable name of a principal. - * - * @param principal - * The principal being decoded. - * @return A name. - */ - protected final String getPrincipalName(X500Principal principal) { - return factory.x500Utils.getName(principal, CERTIFICATE_FIELD_NAMES); - } - - /** - * Cause the current state to be flushed to the database. - */ - protected final void flushToDB() { - factory.db.flushToDisk(run); - } - - @Override - public void addCredential(Credential toAdd) { - synchronized (lock) { - int idx = credentials.indexOf(toAdd); - if (idx != -1) - credentials.set(idx, toAdd); - else - credentials.add(toAdd); - flushToDB(); - } - } - - @Override - public void deleteCredential(Credential toDelete) { - synchronized (lock) { - credentials.remove(toDelete); - flushToDB(); - } - } - - @Override - public Trust[] getTrusted() { - synchronized (lock) { - return trusted.toArray(new Trust[trusted.size()]); - } - } - - @Override - public void addTrusted(Trust toAdd) { - synchronized (lock) { - int idx = trusted.indexOf(toAdd); - if (idx != -1) - trusted.set(idx, toAdd); - else - trusted.add(toAdd); - flushToDB(); - } - } - - @Override - public void deleteTrusted(Trust toDelete) { - synchronized (lock) { - trusted.remove(toDelete); - flushToDB(); - } - } - - @Override - public abstract void validateCredential(Credential c) - throws InvalidCredentialException; - - @Override - public void validateTrusted(Trust t) throws InvalidCredentialException { - InputStream contentsAsStream; - if (t.certificateBytes != null && t.certificateBytes.length > 0) { - contentsAsStream = new ByteArrayInputStream(t.certificateBytes); - t.certificateFile = null; - } else if (t.certificateFile == null - || t.certificateFile.trim().isEmpty()) - throw new InvalidCredentialException( - "absent or empty certificateFile"); - else { - contentsAsStream = contents(t.certificateFile); - t.certificateBytes = null; - } - t.serverName = null; - if (t.fileType == null || t.fileType.trim().isEmpty()) - t.fileType = CERTIFICATE_TYPE; - t.fileType = t.fileType.trim(); - try { - t.loadedCertificates = CertificateFactory.getInstance(t.fileType) - .generateCertificates(contentsAsStream); - t.serverName = new ArrayList<>(t.loadedCertificates.size()); - for (Certificate c : t.loadedCertificates) - t.serverName.add(getPrincipalName(((X509Certificate) c) - .getSubjectX500Principal())); - } catch (CertificateException e) { - throw new InvalidCredentialException(e); - } catch (ClassCastException e) { - // Do nothing; truncates the list of server names - } - } - - @Override - public void initializeSecurityFromContext(SecurityContext securityContext) - throws Exception { - // This is how to get the info from Spring Security - Authentication auth = securityContext.getAuthentication(); - if (auth == null) - return; - auth.getPrincipal(); - // do nothing else in this implementation - } - - @Override - public void initializeSecurityFromSOAPContext(MessageContext context) { - // do nothing in this implementation - } - - @Override - public void initializeSecurityFromRESTContext(HttpHeaders context) { - // do nothing in this implementation - } - - private UriBuilder getUB() { - return factory.uriSource.getRunUriBuilder(run); - } - - private RunDatabaseDAO getDAO() { - return ((RunDatabase) factory.db).dao; - } - - @Nullable - private List<X509Certificate> getCerts(URI uri) throws IOException, - GeneralSecurityException { - return factory.certFetcher.getTrustsForURI(uri); - } - - private void installLocalPasswordCredential(List<Credential> credentials, - List<Trust> trusts) throws InvalidCredentialException, IOException, - GeneralSecurityException { - Credential.Password pw = new Credential.Password(); - pw.id = "run:self"; - pw.username = PREFIX + run.id; - pw.password = getDAO().getSecurityToken(run.id); - UriBuilder ub = getUB().segment("").fragment(factory.httpRealm); - pw.serviceURI = ub.build(); - validateCredential(pw); - log.info("issuing self-referential credential for " + pw.serviceURI); - credentials.add(pw); - List<X509Certificate> myCerts = getCerts(pw.serviceURI); - if (myCerts != null && myCerts.size() > 0) { - Trust t = new Trust(); - t.loadedCertificates = getCerts(pw.serviceURI); - trusts.add(t); - } - } - - /** - * Builds and transfers a keystore with suitable credentials to the back-end - * workflow execution engine. - * - * @throws GeneralSecurityException - * If the manipulation of the keystore, keys or certificates - * fails. - * @throws IOException - * If there are problems building the data (should not happen). - * @throws RemoteException - * If the conveyancing fails. - */ - @Override - public final void conveySecurity() throws GeneralSecurityException, - IOException, ImplementationException { - RemoteSecurityContext rc = run.run.getSecurityContext(); - - List<Trust> trusted = new ArrayList<>(this.trusted); - this.trusted.clear(); - List<Credential> credentials = new ArrayList<>(this.credentials); - this.credentials.clear(); - - try { - installLocalPasswordCredential(credentials, trusted); - } catch (Exception e) { - log.warn("failed to construct local credential: " - + "interaction service will fail", e); - } - - char[] password = null; - try { - password = generateNewPassword(); - - log.info("constructing merged keystore"); - Truststore truststore = new Truststore(password); - Keystore keystore = new Keystore(password); - Map<URI, String> uriToAliasMap = new HashMap<>(); - int trustedCount = 0, keyCount = 0; - - synchronized (lock) { - try { - for (Trust t : trusted) { - if (t == null || t.loadedCertificates == null) - continue; - for (Certificate cert : t.loadedCertificates) - if (cert != null) { - truststore.addCertificate(cert); - trustedCount++; - } - } - - this.uriToAliasMap = uriToAliasMap; - this.keystore = keystore; - for (Credential c : credentials) { - addCredentialToKeystore(c); - keyCount++; - } - } finally { - this.uriToAliasMap = null; - this.keystore = null; - credentials.clear(); - trusted.clear(); - flushToDB(); - } - } - - byte[] trustbytes = null, keybytes = null; - try { - trustbytes = truststore.serialize(); - keybytes = keystore.serialize(); - - // Now we've built the security information, ship it off... - - log.info("transfering merged truststore with " + trustedCount - + " entries"); - rc.setTruststore(trustbytes); - - log.info("transfering merged keystore with " + keyCount - + " entries"); - rc.setKeystore(keybytes); - } finally { - if (trustbytes != null) - fill(trustbytes, (byte) 0); - if (keybytes != null) - fill(keybytes, (byte) 0); - } - rc.setPassword(password); - - log.info("transferring serviceURL->alias map with " - + uriToAliasMap.size() + " entries"); - rc.setUriToAliasMap(uriToAliasMap); - } finally { - if (password != null) - fill(password, ' '); - } - - synchronized (lock) { - conveyExtraSecuritySettings(rc); - } - } - - /** - * Hook that allows additional information to be conveyed to the remote run. - * - * @param remoteSecurityContext - * The remote resource that information would be passed to. - * @throws IOException - * If anything goes wrong with the communication. - */ - protected void conveyExtraSecuritySettings( - RemoteSecurityContext remoteSecurityContext) throws IOException { - // Does nothing by default; overrideable - } - - /** - * @return A new password with a reasonable level of randomness. - */ - protected final char[] generateNewPassword() { - return randomUUID().toString().toCharArray(); - } - - /** - * Adds a credential to the current keystore. - * - * @param alias - * The alias to create within the keystore. - * @param c - * The key-pair. - * @throws KeyStoreException - */ - protected final void addKeypairToKeystore(String alias, Credential c) - throws KeyStoreException { - if (c.loadedKey == null) - throw new KeyStoreException("critical: credential was not verified"); - if (uriToAliasMap.containsKey(c.serviceURI)) - log.warn("duplicate URI in alias mapping: " + c.serviceURI); - keystore.addKey(alias, c.loadedKey, c.loadedTrustChain); - uriToAliasMap.put(c.serviceURI, alias); - } - - /** - * Adds a credential to the current keystore. - * - * @param c - * The credential to add. - * @throws KeyStoreException - */ - public abstract void addCredentialToKeystore(Credential c) - throws KeyStoreException; - - /** - * Read a file up to {@value #FILE_SIZE_LIMIT}kB in size. - * - * @param name - * The path name of the file, relative to the context run's - * working directory. - * @return A stream of the file's contents. - * @throws InvalidCredentialException - * If anything goes wrong. - */ - final InputStream contents(String name) throws InvalidCredentialException { - try { - File f = (File) factory.fileUtils.getDirEntry(run, name); - long size = f.getSize(); - if (size > CREDENTIAL_FILE_SIZE_LIMIT * 1024) - throw new InvalidCredentialException(CREDENTIAL_FILE_SIZE_LIMIT - + "kB limit hit"); - return new ByteArrayInputStream(f.getContents(0, (int) size)); - } catch (NoDirectoryEntryException | FilesystemAccessException e) { - throw new InvalidCredentialException(e); - } catch (ClassCastException e) { - throw new InvalidCredentialException("not a file", e); - } - } - - @Override - public Set<String> getPermittedDestroyers() { - return run.getDestroyers(); - } - - @Override - public void setPermittedDestroyers(Set<String> destroyers) { - run.setDestroyers(destroyers); - } - - @Override - public Set<String> getPermittedUpdaters() { - return run.getWriters(); - } - - @Override - public void setPermittedUpdaters(Set<String> updaters) { - run.setWriters(updaters); - } - - @Override - public Set<String> getPermittedReaders() { - return run.getReaders(); - } - - @Override - public void setPermittedReaders(Set<String> readers) { - run.setReaders(readers); - } - - /** - * Reinstall the credentials and the trust extracted from serialization to - * the database. - * - * @param credentials - * The credentials to reinstall. - * @param trust - * The trusted certificates to reinstall. - */ - void setCredentialsAndTrust(Credential[] credentials, Trust[] trust) { - synchronized (lock) { - this.credentials.clear(); - if (credentials != null) - for (Credential c : credentials) - try { - validateCredential(c); - this.credentials.add(c); - } catch (InvalidCredentialException e) { - log.warn("failed to revalidate credential: " + c, e); - } - this.trusted.clear(); - if (trust != null) - for (Trust t : trust) - try { - validateTrusted(t); - this.trusted.add(t); - } catch (InvalidCredentialException e) { - log.warn("failed to revalidate trust assertion: " + t, - e); - } - } - } - - static class SecurityStore { - private KeyStore ks; - private char[] password; - - SecurityStore(char[] password) throws GeneralSecurityException { - this.password = password.clone(); - ks = KeyStore.getInstance("UBER", "BC"); - try { - ks.load(null, this.password); - } catch (IOException e) { - throw new GeneralSecurityException( - "problem initializing blank truststore", e); - } - } - - final synchronized void setCertificate(String alias, Certificate c) - throws KeyStoreException { - if (ks == null) - throw new IllegalStateException("store already written"); - ks.setCertificateEntry(alias, c); - } - - final synchronized void setKey(String alias, Key key, Certificate[] trustChain) - throws KeyStoreException { - if (ks == null) - throw new IllegalStateException("store already written"); - ks.setKeyEntry(alias, key, password, trustChain); - } - - final synchronized byte[] serialize(boolean logIt) - throws GeneralSecurityException { - if (ks == null) - throw new IllegalStateException("store already written"); - try (ByteArrayOutputStream stream = new ByteArrayOutputStream()) { - ks.store(stream, password); - if (logIt) - LogFactory.getLog("Taverna.Server.Worker").debug( - "serialized UBER/BC truststore (size: " + ks.size() - + ") with password \"" - + new String(password) + "\""); - return stream.toByteArray(); - } catch (IOException e) { - throw new GeneralSecurityException( - "problem serializing keystore", e); - } finally { - ks = null; - fill(password, ' '); - } - } - - @Override - protected final void finalize() { - fill(password, ' '); - ks = null; - } - } - - /** - * A trust store that can only be added to or serialized. Only trusted - * certificates can be placed in it. - * - * @author Donal Fellows - */ - class Truststore extends SecurityStore { - Truststore(char[] password) throws GeneralSecurityException { - super(password); - } - - /** - * Add a trusted certificate to the truststore. No certificates can be - * added after the truststore is serialized. - * - * @param cert - * The certificate (typically belonging to a root CA) to add. - * @throws KeyStoreException - * If anything goes wrong. - */ - public void addCertificate(Certificate cert) throws KeyStoreException { - X509Certificate c = (X509Certificate) cert; - String alias = format("trustedcert#%s#%s#%s", - getPrincipalName(c.getSubjectX500Principal()), - getPrincipalName(c.getIssuerX500Principal()), - factory.x500Utils.getSerial(c)); - setCertificate(alias, c); - if (log.isDebugEnabled() && factory.logSecurityDetails) - log.debug("added cert with alias \"" + alias + "\" of type " - + c.getClass().getCanonicalName()); - } - - /** - * Get the byte serialization of this truststore. This can only be - * fetched exactly once. - * - * @return The serialization. - * @throws GeneralSecurityException - * If anything goes wrong. - */ - public byte[] serialize() throws GeneralSecurityException { - return serialize(log.isDebugEnabled() && factory.logSecurityDetails); - } - } - - /** - * A key store that can only be added to or serialized. Only keys can be - * placed in it. - * - * @author Donal Fellows - */ - class Keystore extends SecurityStore { - Keystore(char[] password) throws GeneralSecurityException { - super(password); - } - - /** - * Add a key to the keystore. No keys can be added after the keystore is - * serialized. - * - * @param alias - * The alias of the key. - * @param key - * The secret/private key to add. - * @param trustChain - * The trusted certificate chain of the key. Should be - * <tt>null</tt> for secret keys. - * @throws KeyStoreException - * If anything goes wrong. - */ - public void addKey(String alias, Key key, Certificate[] trustChain) - throws KeyStoreException { - setKey(alias, key, trustChain); - if (log.isDebugEnabled() && factory.logSecurityDetails) - log.debug("added key with alias \"" + alias + "\" of type " - + key.getClass().getCanonicalName()); - } - - /** - * Get the byte serialization of this keystore. This can only be fetched - * exactly once. - * - * @return The serialization. - * @throws GeneralSecurityException - * If anything goes wrong. - */ - public byte[] serialize() throws GeneralSecurityException { - return serialize(log.isDebugEnabled() && factory.logSecurityDetails); - } - } -} \ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-taverna-server/blob/2c71f9a9/server-webapp/src/main/java/org/taverna/server/master/worker/SecurityContextDelegateImpl.java ---------------------------------------------------------------------- diff --git a/server-webapp/src/main/java/org/taverna/server/master/worker/SecurityContextDelegateImpl.java b/server-webapp/src/main/java/org/taverna/server/master/worker/SecurityContextDelegateImpl.java deleted file mode 100644 index d36d2da..0000000 --- a/server-webapp/src/main/java/org/taverna/server/master/worker/SecurityContextDelegateImpl.java +++ /dev/null @@ -1,298 +0,0 @@ -/* - * Copyright (C) 2010-2012 The University of Manchester - * - * See the file "LICENSE" for license terms. - */ -package org.taverna.server.master.worker; - -import static java.lang.String.format; -import static javax.xml.ws.handler.MessageContext.HTTP_REQUEST_HEADERS; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.nio.charset.Charset; -import java.rmi.RemoteException; -import java.security.Key; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.UnrecoverableKeyException; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import java.util.List; -import java.util.Map; - -import javax.crypto.spec.SecretKeySpec; -import javax.ws.rs.core.HttpHeaders; -import javax.ws.rs.core.MultivaluedMap; -import javax.xml.ws.handler.MessageContext; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.taverna.server.localworker.remote.RemoteSecurityContext; -import org.taverna.server.master.common.Credential; -import org.taverna.server.master.exceptions.InvalidCredentialException; -import org.taverna.server.master.utils.UsernamePrincipal; -import org.taverna.server.master.utils.X500Utils; - -/** - * Factoring out of the part of the security context handling that actually - * deals with the different types of credentials. - * - * @author Donal Fellows - */ -class SecurityContextDelegateImpl extends SecurityContextDelegate { - private static final char USERNAME_PASSWORD_SEPARATOR = '\u0000'; - private static final String USERNAME_PASSWORD_KEY_ALGORITHM = "DUMMY"; - /** What passwords are encoded as. */ - private static final Charset UTF8 = Charset.forName("UTF-8"); - - private X500Utils x500Utils; - - /** - * Initialise the context delegate. - * - * @param run - * What workflow run is this for? - * @param owner - * Who owns the workflow run? - * @param factory - * What class built this object? - */ - protected SecurityContextDelegateImpl(RemoteRunDelegate run, - UsernamePrincipal owner, SecurityContextFactory factory) { - super(run, owner, factory); - this.x500Utils = factory.x500Utils; - } - - @Override - public void validateCredential(Credential c) - throws InvalidCredentialException { - try { - if (c instanceof Credential.Password) - validatePasswordCredential((Credential.Password) c); - else if (c instanceof Credential.KeyPair) - validateKeyCredential((Credential.KeyPair) c); - else - throw new InvalidCredentialException("unknown credential type"); - } catch (InvalidCredentialException e) { - throw e; - } catch (Exception e) { - throw new InvalidCredentialException(e); - } - } - - @Override - public void addCredentialToKeystore(Credential c) throws KeyStoreException { - try { - if (c instanceof Credential.Password) - addUserPassToKeystore((Credential.Password) c); - else if (c instanceof Credential.KeyPair) - addKeypairToKeystore((Credential.KeyPair) c); - else - throw new KeyStoreException("unknown credential type"); - } catch (KeyStoreException e) { - throw e; - } catch (Exception e) { - throw new KeyStoreException(e); - } - } - - // -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - /** - * Tests whether the given username+password credential descriptor is valid. - * If it is invalid, an exception will be thrown describing what the problem - * is. Validation mainly consists of listing what the username is. - * - * @param passwordDescriptor - * The credential descriptor to validate. - * @throws InvalidCredentialException - * If the username is empty. NB: the password may be empty! - * That's legal (if unwise). - */ - protected void validatePasswordCredential( - Credential.Password passwordDescriptor) - throws InvalidCredentialException { - if (passwordDescriptor.username == null - || passwordDescriptor.username.trim().isEmpty()) - throw new InvalidCredentialException("absent or empty username"); - if (passwordDescriptor.serviceURI == null) - throw new InvalidCredentialException("absent service URI"); - String keyToSave = passwordDescriptor.username - + USERNAME_PASSWORD_SEPARATOR + passwordDescriptor.password; - passwordDescriptor.loadedKey = encodeKey(keyToSave); - passwordDescriptor.loadedTrustChain = null; - } - - private static Key encodeKey(String key) { - return new SecretKeySpec(key.getBytes(UTF8), - USERNAME_PASSWORD_KEY_ALGORITHM); - } - - /** - * Adds a username/password credential pair to the current keystore. - * - * @param userpassCredential - * The username and password. - * @throws KeyStoreException - */ - protected void addUserPassToKeystore(Credential.Password userpassCredential) - throws KeyStoreException { - String alias = format("password#%s", - userpassCredential.serviceURI.toASCIIString()); - addKeypairToKeystore(alias, userpassCredential); - } - - // -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - /** - * Tests whether the given key-pair credential descriptor is valid. If it is - * invalid, an exception will be thrown describing what the problem is. - * - * @param keypairDescriptor - * The descriptor to validate. - * @throws InvalidCredentialException - * If the descriptor is invalid - * @throws KeyStoreException - * If we don't understand the keystore type or the contents of - * the keystore - * @throws NoSuchAlgorithmException - * If the keystore is of a known type but we can't comprehend - * its security - * @throws CertificateException - * If the keystore does not include enough information about the - * trust chain of the keypair - * @throws UnrecoverableKeyException - * If we can't get the key out of the keystore - * @throws IOException - * If we can't read the keystore for prosaic reasons (e.g., file - * absent) - */ - protected void validateKeyCredential(Credential.KeyPair keypairDescriptor) - throws InvalidCredentialException, KeyStoreException, - NoSuchAlgorithmException, CertificateException, IOException, - UnrecoverableKeyException { - if (keypairDescriptor.credentialName == null - || keypairDescriptor.credentialName.trim().isEmpty()) - throw new InvalidCredentialException( - "absent or empty credentialName"); - - InputStream contentsAsStream; - if (keypairDescriptor.credentialBytes != null - && keypairDescriptor.credentialBytes.length > 0) { - contentsAsStream = new ByteArrayInputStream( - keypairDescriptor.credentialBytes); - keypairDescriptor.credentialFile = null; - } else if (keypairDescriptor.credentialFile == null - || keypairDescriptor.credentialFile.trim().isEmpty()) - throw new InvalidCredentialException( - "absent or empty credentialFile"); - else { - contentsAsStream = contents(keypairDescriptor.credentialFile); - keypairDescriptor.credentialBytes = new byte[0]; - } - if (keypairDescriptor.fileType == null - || keypairDescriptor.fileType.trim().isEmpty()) - keypairDescriptor.fileType = KeyStore.getDefaultType(); - keypairDescriptor.fileType = keypairDescriptor.fileType.trim(); - - KeyStore ks = KeyStore.getInstance(keypairDescriptor.fileType); - char[] password = keypairDescriptor.unlockPassword.toCharArray(); - ks.load(contentsAsStream, password); - - try { - keypairDescriptor.loadedKey = ks.getKey( - keypairDescriptor.credentialName, password); - } catch (UnrecoverableKeyException ignored) { - keypairDescriptor.loadedKey = ks.getKey( - keypairDescriptor.credentialName, new char[0]); - } - if (keypairDescriptor.loadedKey == null) - throw new InvalidCredentialException( - "no such credential in key store"); - keypairDescriptor.loadedTrustChain = ks - .getCertificateChain(keypairDescriptor.credentialName); - if (keypairDescriptor.loadedTrustChain == null - || keypairDescriptor.loadedTrustChain.length == 0) - throw new InvalidCredentialException( - "could not establish trust chain for credential"); - } - - /** - * Adds a key-pair to the current keystore. - * - * @param c - * The key-pair. - * @throws KeyStoreException - */ - protected void addKeypairToKeystore(Credential.KeyPair c) - throws KeyStoreException { - X509Certificate subjectCert = (X509Certificate) c.loadedTrustChain[0]; - String alias = format("keypair#%s#%s#%s", - getPrincipalName(subjectCert.getSubjectX500Principal()), - getPrincipalName(subjectCert.getIssuerX500Principal()), - x500Utils.getSerial(subjectCert)); - addKeypairToKeystore(alias, c); - } -} - -/** - * Special subclass that adds support for HELIO project security tokens. - * - * @author Donal Fellows - */ -class HelioSecurityContextDelegateImpl extends SecurityContextDelegateImpl { - /** - * Initialise the context delegate. - * - * @param run - * What workflow run is this for? - * @param owner - * Who owns the workflow run? - * @param factory - * What class built this object? - */ - protected HelioSecurityContextDelegateImpl(RemoteRunDelegate run, - UsernamePrincipal owner, SecurityContextFactory factory) { - super(run, owner, factory); - } - - private Log log = LogFactory.getLog("Taverna.Server.Worker"); - /** The name of the HTTP header holding the CIS token. */ - private static final String HELIO_CIS_TOKEN = "X-Helio-CIS"; - private transient String helioToken; - - @Override - public void initializeSecurityFromSOAPContext(MessageContext context) { - // does nothing - @SuppressWarnings("unchecked") - Map<String, List<String>> headers = (Map<String, List<String>>) context - .get(HTTP_REQUEST_HEADERS); - if (factory.supportHelioToken && headers.containsKey(HELIO_CIS_TOKEN)) - helioToken = headers.get(HELIO_CIS_TOKEN).get(0); - } - - @Override - public void initializeSecurityFromRESTContext(HttpHeaders context) { - // does nothing - MultivaluedMap<String, String> headers = context.getRequestHeaders(); - if (factory.supportHelioToken && headers.containsKey(HELIO_CIS_TOKEN)) - helioToken = headers.get(HELIO_CIS_TOKEN).get(0); - } - - @Override - protected void conveyExtraSecuritySettings(RemoteSecurityContext rc) - throws RemoteException { - try { - if (factory.supportHelioToken && helioToken != null) { - if (factory.logSecurityDetails) - log.info("transfering HELIO CIS token: " + helioToken); - rc.setHelioToken(helioToken); - } - } finally { - helioToken = null; - } - } -} http://git-wip-us.apache.org/repos/asf/incubator-taverna-server/blob/2c71f9a9/server-webapp/src/main/java/org/taverna/server/master/worker/SecurityContextFactory.java ---------------------------------------------------------------------- diff --git a/server-webapp/src/main/java/org/taverna/server/master/worker/SecurityContextFactory.java b/server-webapp/src/main/java/org/taverna/server/master/worker/SecurityContextFactory.java deleted file mode 100644 index cbccf34..0000000 --- a/server-webapp/src/main/java/org/taverna/server/master/worker/SecurityContextFactory.java +++ /dev/null @@ -1,154 +0,0 @@ -/* - * Copyright (C) 2011-2012 The University of Manchester - * - * See the file "LICENSE" for license terms. - */ -package org.taverna.server.master.worker; - -import static java.security.Security.addProvider; -import static java.security.Security.getProvider; -import static java.security.Security.removeProvider; -import static org.apache.commons.logging.LogFactory.getLog; -import static org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME; - -import java.io.Serializable; - -import javax.annotation.PostConstruct; -import javax.annotation.PreDestroy; - -import org.apache.commons.logging.Log; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.springframework.beans.factory.annotation.Required; -import org.springframework.beans.factory.annotation.Value; -import org.taverna.server.master.interfaces.TavernaRun; -import org.taverna.server.master.interfaces.UriBuilderFactory; -import org.taverna.server.master.utils.CertificateChainFetcher; -import org.taverna.server.master.utils.FilenameUtils; -import org.taverna.server.master.utils.UsernamePrincipal; -import org.taverna.server.master.utils.X500Utils; - -/** - * Singleton factory. Really is a singleton (and is also very trivial); the - * singleton-ness is just about limiting the number of instances of this around - * even when lots of serialization is going on. - * - * @see Serializable - * @author Donal Fellows - */ -public class SecurityContextFactory implements - org.taverna.server.master.interfaces.SecurityContextFactory { - private static final long serialVersionUID = 12345678987654321L; - private static SecurityContextFactory instance; - transient RunDBSupport db; - transient FilenameUtils fileUtils; - transient X500Utils x500Utils; - transient UriBuilderFactory uriSource; - transient CertificateChainFetcher certFetcher; - transient String httpRealm; - private transient PasswordIssuer passwordIssuer; - private transient BouncyCastleProvider provider; - - /** - * Whether to support HELIO CIS tokens. - */ - @Value("${helio.cis.enableTokenPassing}") - boolean supportHelioToken; - - /** - * Whether to log the details of security (passwords, etc). - */ - @Value("${log.security.details}") - boolean logSecurityDetails; - - private Log log() { - return getLog("Taverna.Server.Worker.Security"); - } - - private void installAsInstance(SecurityContextFactory handle) { - instance = handle; - } - - @PreDestroy - void removeAsSingleton() { - installAsInstance(null); - try { - if (provider != null) - removeProvider(provider.getName()); - } catch (SecurityException e) { - log().warn( - "failed to remove BouncyCastle security provider; " - + "might be OK if configured in environment", e); - } - } - - @PostConstruct - void setAsSingleton() { - installAsInstance(this); - if (getProvider(PROVIDER_NAME) == null) - try { - provider = new BouncyCastleProvider(); - if (addProvider(provider) == -1) - provider = null; - } catch (SecurityException e) { - log().warn( - "failed to install BouncyCastle security provider; " - + "might be OK if already configured", e); - provider = null; - } - } - - @Required - public void setRunDatabase(RunDBSupport db) { - this.db = db; - } - - @Required - public void setCertificateFetcher(CertificateChainFetcher fetcher) { - this.certFetcher = fetcher; - } - - @Required - public void setFilenameConverter(FilenameUtils fileUtils) { - this.fileUtils = fileUtils; - } - - @Required - public void setX500Utils(X500Utils x500Utils) { - this.x500Utils = x500Utils; - } - - @Required - public void setUriSource(UriBuilderFactory uriSource) { - this.uriSource = uriSource; - } - - @Required - public void setHttpRealm(String realm) { - this.httpRealm = realm; //${http.realmName} - } - - @Required - public void setPasswordIssuer(PasswordIssuer issuer) { - this.passwordIssuer = issuer; - } - - @Override - public SecurityContextDelegate create(TavernaRun run, - UsernamePrincipal owner) throws Exception { - Log log = log(); - if (log.isDebugEnabled()) - log.debug("constructing security context delegate for " + owner); - RemoteRunDelegate rrd = (RemoteRunDelegate) run; - return new HelioSecurityContextDelegateImpl(rrd, owner, this); - } - - private Object readResolve() { - if (instance == null) - installAsInstance(this); - return instance; - } - - public String issueNewPassword() { - return passwordIssuer.issue(); - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-taverna-server/blob/2c71f9a9/server-webapp/src/main/java/org/taverna/server/master/worker/SimpleFormattedCompletionNotifier.java ---------------------------------------------------------------------- diff --git a/server-webapp/src/main/java/org/taverna/server/master/worker/SimpleFormattedCompletionNotifier.java b/server-webapp/src/main/java/org/taverna/server/master/worker/SimpleFormattedCompletionNotifier.java deleted file mode 100644 index 793d291..0000000 --- a/server-webapp/src/main/java/org/taverna/server/master/worker/SimpleFormattedCompletionNotifier.java +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (C) 2010-2011 The University of Manchester - * - * See the file "LICENSE" for license terms. - */ -package org.taverna.server.master.worker; - -import static org.taverna.server.master.defaults.Default.NOTIFY_MESSAGE_FORMAT; - -import java.text.MessageFormat; - -import org.springframework.beans.factory.annotation.Required; - -/** - * Completion notifier that sends messages by email. - * - * @author Donal Fellows - */ -public class SimpleFormattedCompletionNotifier implements CompletionNotifier { - @Required - public void setName(String name) { - this.name = name; - } - - /** - * @param subject - * The subject of the notification email. - */ - @Required - public void setSubject(String subject) { - this.subject = subject; - } - - /** - * @param messageFormat - * The template for the body of the message to send. Parameter #0 - * will be substituted with the ID of the job, and parameter #1 - * will be substituted with the exit code. - */ - public void setMessageFormat(String messageFormat) { - this.format = new MessageFormat(messageFormat); - } - - private String name; - private String subject; - private MessageFormat format = new MessageFormat(NOTIFY_MESSAGE_FORMAT); - - @Override - public String makeCompletionMessage(String name, RemoteRunDelegate run, - int code) { - return format.format(new Object[] { name, code }); - } - - @Override - public String makeMessageSubject(String name, RemoteRunDelegate run, - int code) { - return subject; - } - - @Override - public String getName() { - return name; - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-taverna-server/blob/2c71f9a9/server-webapp/src/main/java/org/taverna/server/master/worker/VelocityCompletionNotifier.java ---------------------------------------------------------------------- diff --git a/server-webapp/src/main/java/org/taverna/server/master/worker/VelocityCompletionNotifier.java b/server-webapp/src/main/java/org/taverna/server/master/worker/VelocityCompletionNotifier.java deleted file mode 100644 index cf67853..0000000 --- a/server-webapp/src/main/java/org/taverna/server/master/worker/VelocityCompletionNotifier.java +++ /dev/null @@ -1,105 +0,0 @@ -package org.taverna.server.master.worker; - -import java.io.StringWriter; - -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; -import org.springframework.beans.factory.annotation.Required; -import org.taverna.server.master.common.version.Version; -import org.taverna.server.master.exceptions.NoListenerException; -import org.taverna.server.master.interfaces.Listener; -import org.taverna.server.master.interfaces.UriBuilderFactory; - -public class VelocityCompletionNotifier implements CompletionNotifier { - private String subject; - private VelocityEngine engine; - private Template template; - private String name; - private String templateName; - private UriBuilderFactory ubf; - - @Override - public String getName() { - return name; - } - - /** - * @param subject - * The subject of the notification email. - */ - @Required - public void setSubject(String subject) { - this.subject = subject; - } - - /** - * @param engine - * The configured Apache Velocity engine. - */ - @Required - public void setVelocityEngine(VelocityEngine engine) { - this.engine = engine; - } - - /** - * @param uriBuilderFactory - * The configured URI builder factory. - */ - @Required - public void setUriBuilderFactory(UriBuilderFactory uriBuilderFactory) { - this.ubf = uriBuilderFactory; - } - - /** - * @param name - * The name of the template. - */ - @Required - public void setName(String name) { - this.name = name; - this.templateName = getClass().getName() + "_" + name + ".vtmpl"; - } - - private Template getTemplate() { - if (template == null) - synchronized(this) { - if (template == null) - template = engine.getTemplate(templateName); - } - return template; - } - - @Override - public String makeCompletionMessage(String name, RemoteRunDelegate run, - int code) { - VelocityContext ctxt = new VelocityContext(); - ctxt.put("id", name); - ctxt.put("uriBuilder", ubf.getRunUriBuilder(run)); - ctxt.put("name", run.getName()); - ctxt.put("creationTime", run.getCreationTimestamp()); - ctxt.put("startTime", run.getStartTimestamp()); - ctxt.put("finishTime", run.getFinishTimestamp()); - ctxt.put("expiryTime", run.getExpiry()); - ctxt.put("serverVersion", Version.JAVA); - for (Listener l : run.getListeners()) - if (l.getName().equals("io")) { - for (String p : l.listProperties()) - try { - ctxt.put("prop_" + p, l.getProperty(p)); - } catch (NoListenerException e) { - // Ignore... - } - break; - } - StringWriter sw = new StringWriter(); - getTemplate().merge(ctxt, sw); - return sw.toString(); - } - - @Override - public String makeMessageSubject(String name, RemoteRunDelegate run, - int code) { - return subject; - } -} http://git-wip-us.apache.org/repos/asf/incubator-taverna-server/blob/2c71f9a9/server-webapp/src/main/java/org/taverna/server/master/worker/WorkerModel.java ---------------------------------------------------------------------- diff --git a/server-webapp/src/main/java/org/taverna/server/master/worker/WorkerModel.java b/server-webapp/src/main/java/org/taverna/server/master/worker/WorkerModel.java deleted file mode 100644 index 1abe617..0000000 --- a/server-webapp/src/main/java/org/taverna/server/master/worker/WorkerModel.java +++ /dev/null @@ -1,203 +0,0 @@ -/* - * Copyright (C) 2010-2013 The University of Manchester - * - * See the file "LICENSE" for license terms. - */ -package org.taverna.server.master.worker; - -import java.net.URI; -import java.util.List; - -import org.taverna.server.master.common.Status; - -/** - * Profile of the getters and setters in a worker system. Ensures that the - * persisted state matches the public view on the state model at least fairly - * closely. - * - * @author Donal Fellows - */ -public interface WorkerModel extends PolicyLimits { - - /** - * @param defaultLifetime - * how long a workflow run should live by default, in minutes. - */ - public abstract void setDefaultLifetime(int defaultLifetime); - - /** - * @return how long a workflow run should live by default, in minutes. - */ - public abstract int getDefaultLifetime(); - - /** - * @param maxRuns - * the maximum number of extant workflow runs - */ - public abstract void setMaxRuns(int maxRuns); - - /** - * @param factoryProcessNamePrefix - * the prefix used for factory processes in RMI - */ - public abstract void setFactoryProcessNamePrefix( - String factoryProcessNamePrefix); - - /** - * @return the prefix used for factory processes in RMI - */ - public abstract String getFactoryProcessNamePrefix(); - - /** - * @param executeWorkflowScript - * the script to run to actually run a workflow - */ - public abstract void setExecuteWorkflowScript(String executeWorkflowScript); - - /** - * @return the script to run to actually run a workflow - */ - public abstract String getExecuteWorkflowScript(); - - /** - * @param extraArgs - * the extra arguments to pass into the workflow runner - */ - public abstract void setExtraArgs(String[] extraArgs); - - /** - * @return the extra arguments to pass into the workflow runner - */ - public abstract String[] getExtraArgs(); - - /** - * @param waitSeconds - * the number of seconds to wait for subprocesses to start - */ - public abstract void setWaitSeconds(int waitSeconds); - - /** - * @return the number of seconds to wait for subprocesses to start - */ - public abstract int getWaitSeconds(); - - /** - * @param sleepMS - * milliseconds to wait between polling for a started - * subprocess's status - */ - public abstract void setSleepMS(int sleepMS); - - /** - * @return milliseconds to wait between polling for a started subprocess's - * status - */ - public abstract int getSleepMS(); - - /** - * @param serverWorkerJar - * the full path name of the file system access worker - * subprocess's implementation JAR - */ - public abstract void setServerWorkerJar(String serverWorkerJar); - - /** - * @return the full path name of the file system access worker subprocess's - * implementation JAR - */ - public abstract String getServerWorkerJar(); - - /** - * @param javaBinary - * the full path name to the Java binary to use - */ - public abstract void setJavaBinary(String javaBinary); - - /** - * @return the full path name to the Java binary to use - */ - public abstract String getJavaBinary(); - - /** - * @param registryPort - * what port is the RMI registry on - */ - public abstract void setRegistryPort(int registryPort); - - /** - * @return what port is the RMI registry on - */ - public abstract int getRegistryPort(); - - /** - * @param registryHost - * what host (network interface) is the RMI registry on - */ - public abstract void setRegistryHost(String registryHost); - - /** - * @return what host (network interface) is the RMI registry on - */ - public abstract String getRegistryHost(); - - /** - * @param serverForkerJar - * the full path name of the impersonation engine's - * implementation JAR - */ - public abstract void setServerForkerJar(String serverForkerJar); - - /** - * @return the full path name of the impersonation engine's implementation - * JAR - */ - public abstract String getServerForkerJar(); - - /** - * @param passwordFile - * the full path name of a file containing a password to use with - * sudo (or empty for none) - */ - public abstract void setPasswordFile(String passwordFile); - - /** - * @return the full path name of a file containing a password to use with - * sudo (or empty for none) - */ - public abstract String getPasswordFile(); - - /** - * @param operatingLimit - * the maximum number of runs in the - * {@linkplain Status#Operating operating} state at once - */ - public abstract void setOperatingLimit(int operatingLimit); - - @Override - void setPermittedWorkflowURIs(List<URI> permittedWorkflows); - - /** - * @return the full path name of the RMI registry subprocess's - * implementation JAR - */ - String getRegistryJar(); - - /** - * @param rmiRegistryJar - * the full path name of the RMI registry subprocess's - * implementation JAR - */ - void setRegistryJar(String rmiRegistryJar); - - /** - * @return whether a run should generate provenance information by default - */ - boolean getGenerateProvenance(); - - /** - * @param generateProvenance - * whether a run should generate provenance information by - * default - */ - void setGenerateProvenance(boolean generateProvenance); -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-taverna-server/blob/2c71f9a9/server-webapp/src/main/java/org/taverna/server/master/worker/package-info.java ---------------------------------------------------------------------- diff --git a/server-webapp/src/main/java/org/taverna/server/master/worker/package-info.java b/server-webapp/src/main/java/org/taverna/server/master/worker/package-info.java deleted file mode 100644 index 6007f88..0000000 --- a/server-webapp/src/main/java/org/taverna/server/master/worker/package-info.java +++ /dev/null @@ -1,10 +0,0 @@ -/* - * Copyright (C) 2013 The University of Manchester - * - * See the file "LICENSE" for license terms. - */ -/** - * A Taverna Server back-end that works by forking off workflow executors. - */ -package org.taverna.server.master.worker; - http://git-wip-us.apache.org/repos/asf/incubator-taverna-server/blob/2c71f9a9/server-webapp/src/main/replacementscripts/executeworkflow.bat ---------------------------------------------------------------------- diff --git a/server-webapp/src/main/replacementscripts/executeworkflow.bat b/server-webapp/src/main/replacementscripts/executeworkflow.bat deleted file mode 100644 index c678855..0000000 --- a/server-webapp/src/main/replacementscripts/executeworkflow.bat +++ /dev/null @@ -1,25 +0,0 @@ -@ECHO OFF - -REM Taverna startup script - -REM distribution directory -set TAVERNA_HOME=%~dp0 - -REM 300 MB memory, 140 MB for classes -set ARGS=-Xmx300m -XX:MaxPermSize=140m - -REM Taverna system properties -set ARGS=%ARGS% "-Draven.profile=file:%TAVERNA_HOME%conf/current-profile.xml" -set ARGS=%ARGS% -Djava.system.class.loader=net.sf.taverna.raven.prelauncher.BootstrapClassLoader -set ARGS=%ARGS% -Draven.launcher.app.main=net.sf.taverna.t2.commandline.CommandLineLauncher -set ARGS=%ARGS% -Draven.launcher.show_splashscreen=false -set ARGS=%ARGS% -Djava.awt.headless=true -set ARGS=%ARGS% "-Dtaverna.startup=%TAVERNA_HOME%." -IF NOT x%RAVEN_APPHOME%==x SET ARGS=%ARGS% "-Draven.launcher.app.home=%RAVEN_APPHOME%" -IF NOT x%TAVERNA_RUN_ID%==x SET ARGS=%ARGS% "-Dtaverna.runid=%TAVERNA_RUN_ID%" -IF NOT x%INTERACTION_HOST%==x SET ARGS=%ARGS% "-Dtaverna.interaction.host=%INTERACTION_HOST%" -IF NOT x%INTERACTION_PORT%==x SET ARGS=%ARGS% "-Dtaverna.interaction.port=%INTERACTION_PORT%" -IF NOT x%INTERACTION_WEBDAV%==x SET ARGS=%ARGS% "-Dtaverna.interaction.webdav_path=%INTERACTION_WEBDAV%" -IF NOT x%INTERACTION_FEED%==x SET ARGS=%ARGS% "-Dtaverna.interaction.feed_path=%INTERACTION_FEED%" - -java %ARGS% -jar "%TAVERNA_HOME%lib\prelauncher-2.3.jar" %* http://git-wip-us.apache.org/repos/asf/incubator-taverna-server/blob/2c71f9a9/server-webapp/src/main/replacementscripts/executeworkflow.sh ---------------------------------------------------------------------- diff --git a/server-webapp/src/main/replacementscripts/executeworkflow.sh b/server-webapp/src/main/replacementscripts/executeworkflow.sh deleted file mode 100644 index e9e1d36..0000000 --- a/server-webapp/src/main/replacementscripts/executeworkflow.sh +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/sh - -set -e - -# 300 MB memory, 140 MB for classes -memlimit=-Xmx300m -permsize=-XX:MaxPermSize=140m - -## Parse the command line to extract the pieces to move around to before or -## after the JAR filename... -pre=-Djava.awt.headless=true -post= -for arg -do - case $arg in - -JXmx*) memlimit=`echo $arg | sed 's/-JX/-X/'` ;; - -JXX:MaxPermSize=*) permsize=`echo $arg | sed 's/-JXX/-XX/'` ;; - -J*) pre="$pre `echo $arg | sed 's/-J/-/'`" ;; - -D*) pre="$pre $arg" ;; - *) post="$post \"$arg\"" ;; - esac -done -if test "xx" = "x${post}x"; then - echo "Missing arguments! Bug in argument processing?" >&2 - exit 1 -fi -eval set x $post -shift - -## resolve links - $0 may be a symlink -prog="$0" - -real_path() { - readlink -m "$1" 2>/dev/null || python -c 'import os,sys;print os.path.realpath(sys.argv[1])' "$1" -} - -realprog=`real_path "$prog"` -taverna_home=`dirname "$realprog"` -javabin=java -if test -x "$JAVA_HOME/bin/java"; then - javabin="$JAVA_HOME/bin/java" -fi -APPHOME_PROP= -if test x != "x$TAVERNA_APPHOME"; then - APPHOME_PROP="-Dtaverna.app.home=$TAVERNA_APPHOME" -fi -RUNID_PROP= -if test x != "x$TAVERNA_RUN_ID"; then - RUNID_PROP="-Dtaverna.runid=$TAVERNA_RUN_ID" -fi -INTERACTION_PROPS=-Dtaverna.interaction.ignore_requests=true -if test x != "x$INTERACTION_HOST"; then - INTERACTION_PROPS="$INTERACTION_PROPS -Dtaverna.interaction.host=$INTERACTION_HOST" - INTERACTION_PROPS="$INTERACTION_PROPS -Dtaverna.interaction.port=$INTERACTION_PORT" - INTERACTION_PROPS="$INTERACTION_PROPS -Dtaverna.interaction.webdav_path=$INTERACTION_WEBDAV" - INTERACTION_PROPS="$INTERACTION_PROPS -Dtaverna.interaction.feed_path=$INTERACTION_FEED" - if test x != "x$INTERACTION_PUBLISH"; then - INTERACTION_PROPS="$INTERACTION_PROPS -Dtaverna.interaction.publishAddressOverride=$INTERACTION_PUBLISH" - fi -fi - -MainClass=net.sf.taverna.t2.commandline.CommandLineLauncher - -echo "pid:$$" -exec "$javabin" $memlimit $permsize \ - "-Dlog4j.configuration=file://$taverna_home/conf/log4j.properties " \ - "-Djava.util.logging.config.file=$taverna_home/conf/logging.properties " \ - "-Dtaverna.app.startup=$taverna_home" -Dtaverna.interaction.ignore_requests=true \ - $APPHOME_PROP $RUNID_PROP $INTERACTION_PROPS -Djava.awt.headless=true \ - -Dcom.sun.net.ssl.enableECC=false -Djsse.enableSNIExtension=false $pre \ - -jar "$taverna_home/lib/taverna-command-line-0.1.1.jar" \ - ${1+"$@"} http://git-wip-us.apache.org/repos/asf/incubator-taverna-server/blob/2c71f9a9/server-webapp/src/main/resources/admin.html ---------------------------------------------------------------------- diff --git a/server-webapp/src/main/resources/admin.html b/server-webapp/src/main/resources/admin.html deleted file mode 100644 index a80a783..0000000 --- a/server-webapp/src/main/resources/admin.html +++ /dev/null @@ -1,240 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd";> -<html> -<head> -<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> -<title>Taverna Server ${project.version} Administration Interface</title> -<link id="admin" href="admin" /> -<script type="text/javascript" src="admin/static/jquery-1.8.0.min.js"></script> -<script type="text/javascript" src="admin/static/jquery-ui-1.8.23.custom.min.js"></script> -<script type="text/javascript" src="admin/static/admin.js"></script> -<link href="admin/static/jquery-ui-1.8.23.custom.css" rel="stylesheet" type="text/css" /> - -</head> -<body> -<img height="70" style="float:left" src="admin/static/t2cogs.png"> -<h1>Taverna Server ${project.version} Administration Interface</h1> -<br clear="left"/> -<div id="body"> -<ul> - <li><a href="#t-global">Global Settings</a></li> - <li><a href="#t-users">Users</a></li> - <li><a href="#t-workflows">Workflows</a></li> - <li><a href="#t-usage">Usage Records</a></li> - <li><a href="#t-worker">Local Worker Configuration</a></li> -</ul> - -<div id="t-global"> -<label title="The number of invocations of the main interface webapp that have been done. Be aware that one service call can result in many invocations due to resource resolution." for="invokationCount">Invocation Count:</label> -<span title="The number of invocations of the main interface webapp that have been done. Be aware that one service call can result in many invocations due to resource resolution." id="invokationCount">0</span> -<br> -<label title="The number of runs that currently exist." for="runCount">Run Count:</label> -<span title="The number of runs that currently exist." id="runCount">0</span> -<br> -<label title="The number of runs that are currently operating." for="operatingCount">Operating Run Count:</label> -<span title="The number of runs that are currently operating." id="operatingCount">0</span> -<br> -<label title="Whether workflow runs should create provenance traces by default. Users can explicitly override this." for="generateProvenance">Generate Provenance by Default</label> -<input type="checkbox" id="generateProvenance" /> -<br> -<label title="The time it took for the back-end engine to start up, in seconds. Should usually be short." for="startupTime">Back-End Startup Time (seconds):</label> -<span title="The time it took for the back-end engine to start up, in seconds. Should usually be short." id="startupTime">0</span> -<br> -<label title="The exit code from the last time the back-end was shut down. Blank if the back end has never been shut down while the current webapp instance is running (i.e., since the last boot of the container)." for="lastExitCode">Back-End Last Exit Code:</label> -<span title="The exit code from the last time the back-end was shut down. Blank if the back end has never been shut down while the current webapp instance is running (i.e., since the last boot of the container)." id="lastExitCode"></span> -<p> -<label title="Whether new workflow runs should be created. Disabling this does not prevent existing runs from executing." for="allowNew">Allow New Runs</label> -<input type="checkbox" id="allowNew" /> -<label title="Whether to record the workflows being run by users. Very noisy due to length of workflow documents, occasionally useful." for="logWorkflows">Log Executed Workflows</label> -<input type="checkbox" id="logWorkflows" /> -<label title="Whether to record exceptions generated by users in the code (as well as converting them to faults and error responses). Useful for debugging, but noisy." for="logFaults">Log User Exceptions</label> -<input type="checkbox" id="logFaults" /> -<p> -<label title="The maximum number of workflow runs that can exist at once, in any state." for="runLimit">Maximum Simultaneous Existing Workflow Runs</label> -<input title="The maximum number of workflow runs that can exist at once, in any state." id="runLimit" size="3" /> -<br> -<label title="The maximum number of workflow runs that can be executing at once." for="operatingLimit">Maximum Simultaneous Executing Workflow Runs</label> -<input title="The maximum number of workflow runs that can be executing at once." id="operatingLimit" size="3" /> -<br> -<label title="How long to allow a workflow to execute for by default (clients can change this), in minutes." for="defaultLifetime">Default Run Lifetime (minutes)</label> -<input title="How long to allow a workflow to execute for by default (clients can change this), in minutes." id="defaultLifetime" size="7" /> -</div><!-- t-global --> - -<div id="t-users"> -<table id="userList"> - <tr><th>Username<th>System Username</tr> -</table> -<h3>Add a user</h3> -<table border=1> - <tr> - <td><label title="The user name to create." for="newUsername">Username</label> - <td><input title="The user name to create." size=12 id="newUsername" /> - </tr> - <tr> - <td><label title="The password to use for the user." for="newPassword">Password</label> - <td><input title="The password to use for the user." size=12 id="newPassword" type="password"/> - </tr> - <tr> - <td><label title="The system account to run the user's workflows in; leave blank for the default." for="newSysID">System ID</label> - <td><input title="The system account to run the user's workflows in; leave blank for the default." size=12 id="newSysID" /> - </tr> - <tr><td colspan=2> - <label title="Whether to allow this user to log in at all." for="newEnabled">Enabled</label> - <input type="checkbox" id="newEnabled" /> - <label title="Whether the user has administrative privileges (can see all workflow runs, can access the administration page)." for="newAdmin">Admin</label> - <input type="checkbox" id="newAdmin" /> - </td></tr> - <tr><td colspan=2> - <button id="makeNewUser">Create a new user</button> - </td></tr> -</table> -</div><!-- t-users --> - -<div id="t-workflows"> -<label title="Workflow URIs to limit execution to." for="workflows">Workflow URIs (one per line)</label> -<br> -<textarea title="Workflow URIs to limit execution to." rows="5" cols="60" id="workflows"></textarea> -<p> -<button id="saveWorkflows">Save</button> <button id="refreshWorkflows">Refresh</button> <button id="emptyWorkflows">Empty URIs list</button> -</div> - -<div id="t-usage"> -Download <a href="#" id="ur">usage records</a> (warning: may be slow!) -<p> -<label title="The name of a file to write usage records to. Note that this file will end up containing many XML documents concatenated together; it is up to you to split them up as necessary. Each record is only written as it is generated; this does not produce historic data." for="usageRecordDumpFile">Usage Record Dump File</label> -<input title="The name of a file to write usage records to. Note that this file will end up containing many XML documents concatenated together; it is up to you to split them up as necessary. Each record is only written as it is generated; this does not produce historic data." id="usageRecordDumpFile" size="50" /> -</div><!-- t-usage --> - -<div id="t-worker"> - <div id="a-worker"> - - <h3><a href="#">Subprocess Implementation Control</a></h3> - <div> - <table> - <tr> - <td> <label title="The full path of the Java executable to use. Normally set correct by default." for="javaBinary">Java Executable (for subprocesses):</label> </td> - <td> <input title="The full path of the Java executable to use. Normally set correct by default." id="javaBinary" size="80" /> </td> - </tr> - <tr> - <td> <label title="The full path of the secure subprocess fork engine to use. Normally set correct by default." for="serverForkerJar">Subprocess Factory JAR:</label> </td> - <td> <input title="The full path of the secure subprocess fork engine to use. Normally set correct by default." id="serverForkerJar" size="80" /> </td> - </tr> - <tr> - <td> <label title="The full path of a file containing the credentials to use with sudo. Leave blank to use a password-less connection (see documentation for how to configure)." for="runasPasswordFile">File with password for sudo:</label> </td> - <td> <input title="The full path of a file containing the credentials to use with sudo. Leave blank to use a password-less connection (see documentation for how to configure)." id="runasPasswordFile" size="80" /> </td> - </tr> - <tr> - <td> <label title="The full path of the user filesystem access and workflow initiation engine to use. Normally set correct by default." for="serverWorkerJar">User Filesystem Access JAR:</label> </td> - <td> <input title="The full path of the user filesystem access and workflow initiation engine to use. Normally set correct by default." id="serverWorkerJar" size="80" /> </td> - </tr> - <tr> - <td> <label title="The full path of the workflow engine executable. Normally set correctly by default." for="executeWorkflowScript">Workflow Engine Executable:</label> </td> - <td> <input title="The full path of the workflow engine executable. Normally set correctly by default." id="executeWorkflowScript" size="80" /> </td> - </tr> - </table> - </div> - - <h3><a href="#">Worker Registration Control</a></h3> - <div> - <label title="The machine hosting the RMI registry. WARNING: changing this will probably break your configuration! Contact the myGrid team for help before adjusting!" for="registryHost">Registry Host</label> - <input title="The machine hosting the RMI registry. WARNING: changing this will probably break your configuration! Contact the myGrid team for help before adjusting!" id="registryHost" size="20" /> - <label title="The port number the RMI registry. WARNING: changing this will probably break your configuration! Contact the myGrid team for help before adjusting!" for="registryPort">Port</label> - <input title="The port number the RMI registry. WARNING: changing this will probably break your configuration! Contact the myGrid team for help before adjusting!" id="registryPort" size="5" /> - <br> - <label title="The full path of the RMI registry implementation JAR file. WARNING: changing this will probably break your configuration! Contact the myGrid team for help before adjusting!" for="registryJar">RMI Registry JAR</label> - <input title="The full path of the RMI registry implementation JAR file. WARNING: changing this will probably break your configuration! Contact the myGrid team for help before adjusting!" id="registryJar" size="80" /> - <br> - <label title="The time to wait (in seconds) for the back-end processes to boot and register themselves with the RMI registry. Busy machines may need a longer value here." for="registrationWaitSeconds">Time to wait for registration (seconds)</label> - <input title="The time to wait (in seconds) for the back-end processes to boot and register themselves with the RMI registry. Busy machines may need a longer value here." id="registrationWaitSeconds" size="5" /> - <br> - <label title="How long to wait (in milliseconds) between probes to the registry to detect the registration of a back-end process." for="registrationPollMillis">Time to wait between polling to - detect registration (milliseconds)</label> - <input title="How long to wait (in milliseconds) between probes to the registry to detect the registration of a back-end process." id="registrationPollMillis" size="5" /> - </div> - - <h3><a href="#">System User/Factory ID Mapping</a></h3> - <div> - <table title="The mapping of system user IDs to factory identifiers (used in the RMI registry). Note that this is read-only." id="factoryProcessMapping" border="1"> - </table> - </div> - - <h3><a href="#">Extra Workflow Engine Configuration</a></h3> - <div> - <h4>System Properties</h4> - <table id="extraArguments-prop"> - <tr><td></td><td><button title="Add a system property to pass to the back-end engine." id="extra-prop-add">Add System Property</button></td></tr> - </table> - <h4>Environment Variables</h4> - <table id="extraArguments-env"> - <tr><td></td><td><button title="Add an environment variable to pass to the back-end engine." id="extra-env-add">Add Environment Variable</button></td></tr> - </table> - <h4>Java Runtime Configuration</h4> - <table id="extraArguments-runtime"> - <tr><td></td><td><button title="Add a Java runtime parameter (e.g., Xmx=400m to set the memory usage limit to 400MB) to pass to the back-end engine. Note the lack of a leading '-' character!" id="extra-run-add">Add Runtime Configuration</button></td></tr> - </table> - </div> - - </div><!-- a-worker --> -</div><!-- t-worker --> - -</div> - -<hr> -<address>Donal Fellows / University of Manchester</address> - -<!-- DIALOG BOXES --> -<div id="dialog-confirm" title="Delete user?" style="display: none"> - <p> - <span class="ui-icon ui-icon-alert" style="float:left; margin:0 7px 20px 0;"></span> - This user will be permanently deleted from the system. Are you sure? - </p> -</div> - -<div id="dialog-password" title="Change password?" style="display: none"> - <p> - <span class="ui-icon ui-icon-alert" style="float:left; margin:0 7px 20px 0;"></span> - This will permanently change the user's password. Make sure you wish - to do this. - </p> - <p> - <input title="New password" id="change-password" type="password" size="12" /> - <br> - Please repeat it to be sure... - <br> - <input title="New password (again)" id="change-password2" type="password" size="12" /> - </p> -</div> - -<div id="dialog-environment" title="Set environment variable?" style="display: none"> - <p> - <span class="ui-icon ui-icon-alert" style="float:left; margin:0 7px 20px 0;"></span> - Set an environment variable to be passed to the workflow engine. - </p> - <p> - <input title="Environment variable name" id="env-key" size="15" /> = - <input title="Environment variable value" id="env-value" size="20" /> - </p> -</div> - -<div id="dialog-runtime" title="Set runtime configuration?" style="display: none"> - <p> - <span class="ui-icon ui-icon-alert" style="float:left; margin:0 7px 20px 0;"></span> - Set a runtime parameter (e.g., -Xmx400m for a 400MB memory limit) for the Java runtime. - </p> - <p> - <input title="Java runtime configuration parameter" id="runtime-value" size="20" /> - </p> -</div> - -<div id="dialog-property" title="Set runtime property?" style="display: none"> - <p> - <span class="ui-icon ui-icon-alert" style="float:left; margin:0 7px 20px 0;"></span> - Set a configuration property for the Java runtime. - </p> - <p> - <input title="System property name" id="prop-key" size="15" /> = - <input title="System property value" id="prop-value" size="20" /> - </p> -</div> - -</body> -</html> http://git-wip-us.apache.org/repos/asf/incubator-taverna-server/blob/2c71f9a9/server-webapp/src/main/resources/capabilities.properties ---------------------------------------------------------------------- diff --git a/server-webapp/src/main/resources/capabilities.properties b/server-webapp/src/main/resources/capabilities.properties deleted file mode 100644 index 2b4844f..0000000 --- a/server-webapp/src/main/resources/capabilities.properties +++ /dev/null @@ -1,38 +0,0 @@ -# This is currently a hand-curated list. This sucks! - -######## --- PLATFORM --- ######## -http\://ns.taverna.org.uk/2013/software/taverna = 2.5 - -######## --- OUTPUTS/PROVENANCE --- ######## -http\://ns.taverna.org.uk/2013/bundle/run = 1.0 -http\://ns.taverna.org.uk/2013/provenance/prov = 1.0 - -######## --- ACTIVITIES --- ######## -http\://ns.taverna.org.uk/2010/activity/nested-workflow = 1.5 -http\://ns.taverna.org.uk/2010/activity/apiconsumer = 1.5 -http\://ns.taverna.org.uk/2010/activity/beanshell = 1.5 -http\://ns.taverna.org.uk/2010/activity/localworker = 1.5 -http\://ns.taverna.org.uk/2010/activity/biomart = 1.5 -http\://ns.taverna.org.uk/2010/activity/biomoby/object = 1.5 -http\://ns.taverna.org.uk/2010/activity/biomoby/service = 1.5 -http\://ns.taverna.org.uk/2010/activity/rshell = 1.5 -http\://ns.taverna.org.uk/2010/activity/soaplab = 1.5 -http\://ns.taverna.org.uk/2010/activity/spreadsheet-import = 1.5 -http\://ns.taverna.org.uk/2010/activity/constant = 1.5 -http\://ns.taverna.org.uk/2010/activity/component = 1.5 -http\://ns.taverna.org.uk/2010/activity/wsdl = 1.5 -http\://ns.taverna.org.uk/2010/activity/wsdl/xml-splitter/in = 1.5 -http\://ns.taverna.org.uk/2010/activity/wsdl/xml-splitter/out = 1.5 -http\://ns.taverna.org.uk/2010/activity/tool = 1.5 -http\://ns.taverna.org.uk/2010/activity/rest = 1.5 -http\://ns.taverna.org.uk/2010/activity/xpath = 1.5 -http\://ns.taverna.org.uk/2010/activity/webdav = 1.5 -http\://ns.taverna.org.uk/2010/activity/interaction = 1.5 - -######## --- DISPATCH LAYERS --- ######## -http\://ns.taverna.org.uk/2010/scufl2/taverna/dispatchlayer/ErrorBounce = 1.5 -http\://ns.taverna.org.uk/2010/scufl2/taverna/dispatchlayer/Failover = 1.5 -http\://ns.taverna.org.uk/2010/scufl2/taverna/dispatchlayer/Invoke = 1.5 -http\://ns.taverna.org.uk/2010/scufl2/taverna/dispatchlayer/Loop = 1.5 -http\://ns.taverna.org.uk/2010/scufl2/taverna/dispatchlayer/Parallelize = 1.5 -http\://ns.taverna.org.uk/2010/scufl2/taverna/dispatchlayer/Retry = 1.5 \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-taverna-server/blob/2c71f9a9/server-webapp/src/main/resources/log4j.properties ---------------------------------------------------------------------- diff --git a/server-webapp/src/main/resources/log4j.properties b/server-webapp/src/main/resources/log4j.properties deleted file mode 100644 index ea0ea12..0000000 --- a/server-webapp/src/main/resources/log4j.properties +++ /dev/null @@ -1,39 +0,0 @@ -log4j.rootLogger=info, R -log4j.category.DataNucleus.Query=warn -#log4j.category.DataNucleus.Datastore.Schema=debug -#log4j.logger.org.springframework.security=DEBUG -#log4j.category.Taverna=debug - -log4j.appender.R=org.apache.log4j.RollingFileAppender -log4j.appender.R.File=${catalina.home}/logs/tavserv.out -log4j.appender.R.MaxFileSize=10MB -log4j.appender.R.MaxBackupIndex=30 -log4j.appender.R.layout=org.apache.log4j.PatternLayout -log4j.appender.R.layout.ConversionPattern=%d{yyyyMMdd'T'HHmmss.SSS} %-5p %c{1} %C{1} - %m%n - -#log4j.category.Taverna=INFO, A1 -#log4j.category.Taverna.Server.LocalWorker.RunDB=INFO -#log4j.category.Taverna.Server.Webapp=INFO -#log4j.category.Taverna.Server.LocalWorker.Policy=INFO -#log4j.category.Taverna.Server.LocalWorker.Security=INFO -## Swallow Derby's messages -#log4j.category.Derby=WARN, B2 -## Will you _shut up_, DataNucleus! <hits with rolled-up newspaper> -#log4j.category.DataNucleus=WARN, B2 -##log4j.category.DataNucleus.SchemaTool=DEBUG -##log4j.category.DataNucleus.Datastore.Schema=DEBUG -##log4j.category.DataNucleus.Datastore.Native=DEBUG -##log4j.logger.org.springframework.security=DEBUG, B2 -#log4j.category.org.springframework=INFO, B2 -#log4j.category.org.apache.cxf=INFO, B2 -#log4j.category.org.apache.cxf.jaxrs.utils.JAXRSUtils=INFO -#log4j.category.eu.medsea=INFO, B2 -#log4j.category.org.apache.axiom=INFO, B2 -## Appender for Taverna Server components -#log4j.appender.A1=org.apache.log4j.ConsoleAppender -#log4j.appender.A1.layout=org.apache.log4j.PatternLayout -#log4j.appender.A1.layout.ConversionPattern=%d{yyyyMMdd'T'HHmmss.SSS} %-5p %c{1} %C{1} - %m%n -## Appender for Framework components -#log4j.appender.B2=org.apache.log4j.ConsoleAppender -#log4j.appender.B2.layout=org.apache.log4j.PatternLayout -#log4j.appender.B2.layout.ConversionPattern=%d{yyyyMMdd'T'HHmmss.SSS} %-5p %c{1} - %m%n http://git-wip-us.apache.org/repos/asf/incubator-taverna-server/blob/2c71f9a9/server-webapp/src/main/resources/security.policy ---------------------------------------------------------------------- diff --git a/server-webapp/src/main/resources/security.policy b/server-webapp/src/main/resources/security.policy deleted file mode 100644 index 1ec4166..0000000 --- a/server-webapp/src/main/resources/security.policy +++ /dev/null @@ -1,3 +0,0 @@ -grant { - permission java.security.AllPermission "*:*"; -};
