Author: lresende
Date: Thu Feb 26 04:29:11 2009
New Revision: 748006
URL: http://svn.apache.org/viewvc?rev=748006&view=rev
Log:
Adding support to enable SSL when using binding-http using Confidentiality
policy intent
Added:
tuscany/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/SecurityContext.java
(with props)
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java
(with props)
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java
(with props)
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/java/launch/LaunchSSL.java
(with props)
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/resources/store-ssl.composite
(with props)
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/resources/tuscany.keyStore
Modified:
tuscany/branches/sca-java-1.x/modules/binding-http-runtime/src/main/java/org/apache/tuscany/sca/binding/http/provider/HTTPServiceBindingProvider.java
tuscany/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/ExtensibleServletHost.java
tuscany/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/ServletHost.java
tuscany/branches/sca-java-1.x/modules/host-jetty/src/main/java/org/apache/tuscany/sca/http/jetty/JettyServer.java
tuscany/branches/sca-java-1.x/modules/host-tomcat/src/main/java/org/apache/tuscany/sca/http/tomcat/TomcatServer.java
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityPolicyDefinitionsProvider.java
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
tuscany/branches/sca-java-1.x/samples/store-secure/pom.xml
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/resources/definitions.xml
Modified:
tuscany/branches/sca-java-1.x/modules/binding-http-runtime/src/main/java/org/apache/tuscany/sca/binding/http/provider/HTTPServiceBindingProvider.java
URL:
http://svn.apache.org/viewvc/tuscany/branches/sca-java-1.x/modules/binding-http-runtime/src/main/java/org/apache/tuscany/sca/binding/http/provider/HTTPServiceBindingProvider.java?rev=748006&r1=748005&r2=748006&view=diff
==============================================================================
---
tuscany/branches/sca-java-1.x/modules/binding-http-runtime/src/main/java/org/apache/tuscany/sca/binding/http/provider/HTTPServiceBindingProvider.java
(original)
+++
tuscany/branches/sca-java-1.x/modules/binding-http-runtime/src/main/java/org/apache/tuscany/sca/binding/http/provider/HTTPServiceBindingProvider.java
Thu Feb 26 04:29:11 2009
@@ -19,15 +19,21 @@
package org.apache.tuscany.sca.binding.http.provider;
+import java.util.List;
+
import javax.servlet.Servlet;
import org.apache.tuscany.sca.binding.http.HTTPBinding;
+import org.apache.tuscany.sca.host.http.SecurityContext;
import org.apache.tuscany.sca.host.http.ServletHost;
import org.apache.tuscany.sca.interfacedef.InterfaceContract;
import org.apache.tuscany.sca.interfacedef.Operation;
import org.apache.tuscany.sca.invocation.InvocationChain;
import org.apache.tuscany.sca.invocation.Invoker;
import org.apache.tuscany.sca.invocation.MessageFactory;
+import org.apache.tuscany.sca.policy.PolicySet;
+import org.apache.tuscany.sca.policy.PolicySetAttachPoint;
+import org.apache.tuscany.sca.policy.confidentiality.ConfidentialityPolicy;
import org.apache.tuscany.sca.provider.ServiceBindingProvider;
import org.apache.tuscany.sca.runtime.RuntimeComponent;
import org.apache.tuscany.sca.runtime.RuntimeComponentService;
@@ -118,7 +124,29 @@
if (!servletMapping.endsWith("*")) {
servletMapping += "*";
}
- servletHost.addServletMapping(servletMapping, servlet);
+
+
+ SecurityContext securityContext = new SecurityContext();
+
+ // find out which policies are active
+ if (binding instanceof PolicySetAttachPoint) {
+ List<PolicySet> policySets =
((PolicySetAttachPoint)binding).getApplicablePolicySets();
+ for (PolicySet ps : policySets) {
+ for (Object p : ps.getPolicies()) {
+ if (ConfidentialityPolicy.class.isInstance(p)) {
+ ConfidentialityPolicy confidentialityPolicy =
(ConfidentialityPolicy)p;
+
+ securityContext.setSSLEnabled(true);
+
securityContext.setSSLProperties(confidentialityPolicy.toProperties());
+ } else {
+ // etc. check for other types of policy being present
+ }
+ }
+ }
+ }
+
+
+ servletHost.addServletMapping(servletMapping, servlet,
securityContext);
}
public void stop() {
Modified:
tuscany/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/ExtensibleServletHost.java
URL:
http://svn.apache.org/viewvc/tuscany/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/ExtensibleServletHost.java?rev=748006&r1=748005&r2=748006&view=diff
==============================================================================
---
tuscany/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/ExtensibleServletHost.java
(original)
+++
tuscany/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/ExtensibleServletHost.java
Thu Feb 26 04:29:11 2009
@@ -68,6 +68,16 @@
// For now just select the first one
getDefaultServletHost().addServletMapping(uri, servlet);
}
+
+ public void addServletMapping(String uri, Servlet servlet, SecurityContext
securityContext) throws ServletMappingException {
+ if (servletHosts.getServletHosts().isEmpty()) {
+ throw new ServletMappingException("No servlet host available");
+ }
+
+ // TODO implement selection of the correct Servlet host based on the
mapping
+ // For now just select the first one
+ getDefaultServletHost().addServletMapping(uri, servlet,
securityContext);
+ }
public Servlet getServletMapping(String uri) throws
ServletMappingException {
if (servletHosts.getServletHosts().isEmpty()) {
Added:
tuscany/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/SecurityContext.java
URL:
http://svn.apache.org/viewvc/tuscany/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/SecurityContext.java?rev=748006&view=auto
==============================================================================
---
tuscany/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/SecurityContext.java
(added)
+++
tuscany/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/SecurityContext.java
Thu Feb 26 04:29:11 2009
@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.tuscany.sca.host.http;
+
+import java.util.Properties;
+
+/**
+ * A class to store policy context to enable Security QoS to
+ * HTTP binding
+ */
+public class SecurityContext {
+ private boolean isSSLEnabled = false;
+ private Properties sslProperties;
+
+ public boolean isSSLEnabled() {
+ return isSSLEnabled;
+ }
+
+ public void setSSLEnabled(boolean value) {
+ this.isSSLEnabled = value;
+ }
+
+ public Properties getSSLProperties() {
+ return sslProperties;
+ }
+
+ public void setSSLProperties(Properties sslProperties) {
+ this.sslProperties = sslProperties;
+ }
+}
Propchange:
tuscany/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/SecurityContext.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
tuscany/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/SecurityContext.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified:
tuscany/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/ServletHost.java
URL:
http://svn.apache.org/viewvc/tuscany/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/ServletHost.java?rev=748006&r1=748005&r2=748006&view=diff
==============================================================================
---
tuscany/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/ServletHost.java
(original)
+++
tuscany/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/ServletHost.java
Thu Feb 26 04:29:11 2009
@@ -60,6 +60,19 @@
void addServletMapping(String uri, Servlet servlet) throws
ServletMappingException;
/**
+ * Add a mapping for an instance of a Servlet. This requests that the
+ * Servlet container direct all requests to the designated mapping to the
+ * supplied Servlet instance. SecurityContext can be passed to enable
+ * QoS services such as Confidentiality (SSL) and
Authentication/Authorization
+ *
+ * @param uri the URI-mapping for the Servlet
+ * @param servlet the Servlet that should be invoked
+ * @param securityContext the SecurityContext to enable QoS services
+ * @throws ServletMappingException
+ */
+ void addServletMapping(String uri, Servlet servlet, SecurityContext
securityContext) throws ServletMappingException;
+
+ /**
* Remove a Servlet mapping. This directs the Servlet container not to
direct
* any more requests to a previously registered Servlet.
*
Modified:
tuscany/branches/sca-java-1.x/modules/host-jetty/src/main/java/org/apache/tuscany/sca/http/jetty/JettyServer.java
URL:
http://svn.apache.org/viewvc/tuscany/branches/sca-java-1.x/modules/host-jetty/src/main/java/org/apache/tuscany/sca/http/jetty/JettyServer.java?rev=748006&r1=748005&r2=748006&view=diff
==============================================================================
---
tuscany/branches/sca-java-1.x/modules/host-jetty/src/main/java/org/apache/tuscany/sca/http/jetty/JettyServer.java
(original)
+++
tuscany/branches/sca-java-1.x/modules/host-jetty/src/main/java/org/apache/tuscany/sca/http/jetty/JettyServer.java
Thu Feb 26 04:29:11 2009
@@ -41,6 +41,7 @@
import javax.servlet.ServletException;
import org.apache.tuscany.sca.host.http.DefaultResourceServlet;
+import org.apache.tuscany.sca.host.http.SecurityContext;
import org.apache.tuscany.sca.host.http.ServletHost;
import org.apache.tuscany.sca.host.http.ServletMappingException;
import org.apache.tuscany.sca.work.WorkScheduler;
@@ -66,7 +67,7 @@
private final Object joinLock = new Object();
private String trustStore;
- private String truststorePassword;
+ private String trustStorePassword;
private String keyStore;
private String keyStorePassword;
@@ -77,6 +78,7 @@
private boolean sendServerVersion;
private WorkScheduler workScheduler;
private int defaultPort = 8080;
+ private int defaultSSLPort = 443;
/**
* Represents a port and the server that serves it.
@@ -113,7 +115,7 @@
AccessController.doPrivileged(new PrivilegedAction<Object>() {
public Object run() {
trustStore = System.getProperty("javax.net.ssl.trustStore");
- truststorePassword =
System.getProperty("javax.net.ssl.trustStorePassword");
+ trustStorePassword =
System.getProperty("javax.net.ssl.trustStorePassword");
keyStore = System.getProperty("javax.net.ssl.keyStore");
keyStorePassword =
System.getProperty("javax.net.ssl.keyStorePassword");
@@ -155,14 +157,24 @@
}
}
- private void configureSSL(SslSocketConnector connector) {
+ private void configureSSL(SslSocketConnector connector, SecurityContext
securityContext) {
connector.setProtocol("TLS");
+
+ if (securityContext != null) {
+ keyStoreType =
securityContext.getSSLProperties().getProperty("javax.net.ssl.keyStoreType",
KeyStore.getDefaultType());
+ keyStore =
securityContext.getSSLProperties().getProperty("javax.net.ssl.keyStore");
+ keyStorePassword =
securityContext.getSSLProperties().getProperty("javax.net.ssl.keyStorePassword");
+
+ trustStoreType =
securityContext.getSSLProperties().getProperty("javax.net.ssl.trustStoreType",
KeyStore.getDefaultType());
+ trustStore =
securityContext.getSSLProperties().getProperty("javax.net.ssl.trustStore");
+ trustStorePassword =
securityContext.getSSLProperties().getProperty("javax.net.ssl.trustStorePassword");
+ }
connector.setKeystore(keyStore);
connector.setKeyPassword(keyStorePassword);
connector.setKeystoreType(keyStoreType);
connector.setTruststore(trustStore);
- connector.setTrustPassword(truststorePassword);
+ connector.setTrustPassword(trustStorePassword);
connector.setTruststoreType(trustStoreType);
connector.setPassword(keyStorePassword);
@@ -173,16 +185,30 @@
}
public void addServletMapping(String suri, Servlet servlet) throws
ServletMappingException {
+ addServletMapping(suri, servlet, null);
+ }
+
+ public void addServletMapping(String suri, Servlet servlet, final
SecurityContext securityContext) throws ServletMappingException {
URI uri = URI.create(suri);
// Get the URI scheme and port
- String scheme = uri.getScheme();
- if (scheme == null) {
- scheme = "http";
+ String scheme = null;
+ if(securityContext != null && securityContext.isSSLEnabled()) {
+ scheme = "https";
+ } else {
+ scheme = uri.getScheme();
+ if (scheme == null) {
+ scheme = "http";
+ }
}
+
int portNumber = uri.getPort();
if (portNumber == -1) {
- portNumber = defaultPort;
+ if ("http".equals(scheme)) {
+ portNumber = defaultPort;
+ } else {
+ portNumber = defaultPort;
+ }
}
// Get the port object associated with the given port number
@@ -198,7 +224,7 @@
// httpConnector.setPort(portNumber);
SslSocketConnector sslConnector = new SslSocketConnector();
sslConnector.setPort(portNumber);
- configureSSL(sslConnector);
+ configureSSL(sslConnector, securityContext);
server.setConnectors(new Connector[] {sslConnector});
} else {
SelectChannelConnector selectConnector = new
SelectChannelConnector();
Modified:
tuscany/branches/sca-java-1.x/modules/host-tomcat/src/main/java/org/apache/tuscany/sca/http/tomcat/TomcatServer.java
URL:
http://svn.apache.org/viewvc/tuscany/branches/sca-java-1.x/modules/host-tomcat/src/main/java/org/apache/tuscany/sca/http/tomcat/TomcatServer.java?rev=748006&r1=748005&r2=748006&view=diff
==============================================================================
---
tuscany/branches/sca-java-1.x/modules/host-tomcat/src/main/java/org/apache/tuscany/sca/http/tomcat/TomcatServer.java
(original)
+++
tuscany/branches/sca-java-1.x/modules/host-tomcat/src/main/java/org/apache/tuscany/sca/http/tomcat/TomcatServer.java
Thu Feb 26 04:29:11 2009
@@ -58,6 +58,7 @@
import org.apache.tomcat.util.http.mapper.MappingData;
import org.apache.tomcat.util.net.JIoEndpoint;
import org.apache.tuscany.sca.host.http.DefaultResourceServlet;
+import org.apache.tuscany.sca.host.http.SecurityContext;
import org.apache.tuscany.sca.host.http.ServletHost;
import org.apache.tuscany.sca.host.http.ServletMappingException;
import org.apache.tuscany.sca.work.WorkScheduler;
@@ -72,6 +73,7 @@
private static final Logger logger =
Logger.getLogger(TomcatServer.class.getName());
private int defaultPortNumber = 8080;
+ private int defaultSSLPortNumber = 443;
private final class TuscanyLoader implements Loader {
private final ClassLoader tccl;
@@ -209,16 +211,35 @@
}
}
}
-
+
public void addServletMapping(String suri, Servlet servlet) {
+ addServletMapping(suri, servlet, null);
+ }
+
+ public void addServletMapping(String suri, Servlet servlet, final
SecurityContext securityContext) {
URI uri = URI.create(suri);
// Get the URI scheme and port
- String scheme = uri.getScheme();
- if (scheme == null) {
- scheme = "http";
+ String scheme = null;
+ if(securityContext != null && securityContext.isSSLEnabled()) {
+ scheme = "https";
+ } else {
+ scheme = uri.getScheme();
+ if (scheme == null) {
+ scheme = "http";
+ }
+ }
+
+ int tmpPortNumber = uri.getPort();
+ if (tmpPortNumber == -1) {
+ if ("http".equals(scheme)) {
+ tmpPortNumber = defaultPortNumber;
+ } else {
+ tmpPortNumber = defaultPortNumber;
+ }
}
- final int portNumber = (uri.getPort() == -1 ? defaultPortNumber :
uri.getPort());
+
+ final int portNumber = tmpPortNumber;
// Get the port object associated with the given port number
Port port = ports.get(portNumber);
@@ -287,7 +308,7 @@
customConnector.setContainer(engine);
if ("https".equalsIgnoreCase(protocol)) {
- configureSSL(customConnector);
+ configureSSL(customConnector, securityContext);
((Http11Protocol)
customConnector.getProtocolHandler()).setSSLEnabled(true);
}
customConnector.initialize();
@@ -295,21 +316,39 @@
return customConnector;
}
- private void configureSSL(CustomConnector customConnector)
{
- String trustStore =
System.getProperty("javax.net.ssl.trustStore");
- String trustStorePass =
System.getProperty("javax.net.ssl.trustStorePassword");
- String keyStore =
System.getProperty("javax.net.ssl.keyStore");
- String keyStorePass =
System.getProperty("javax.net.ssl.keyStorePassword");
-
+ private void configureSSL(CustomConnector customConnector,
SecurityContext securityContext) {
+ String keyStoreType;
+ String keyStore;
+ String keyStorePass;
+
+ String trustStoreType;
+ String trustStore;
+ String trustStorePass;
+
+ if(securityContext == null) {
+ keyStoreType =
System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType());
+ keyStore =
System.getProperty("javax.net.ssl.keyStore");
+ keyStorePass =
System.getProperty("javax.net.ssl.keyStorePassword");
+
+ trustStoreType =
System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType());
+ trustStore =
System.getProperty("javax.net.ssl.trustStore");
+ trustStorePass =
System.getProperty("javax.net.ssl.trustStorePassword");
+ } else {
+ keyStoreType =
securityContext.getSSLProperties().getProperty("javax.net.ssl.keyStoreType",
KeyStore.getDefaultType());
+ keyStore =
securityContext.getSSLProperties().getProperty("javax.net.ssl.keyStore");
+ keyStorePass =
securityContext.getSSLProperties().getProperty("javax.net.ssl.keyStorePassword");
+
+ trustStoreType =
securityContext.getSSLProperties().getProperty("javax.net.ssl.trustStoreType",
KeyStore.getDefaultType());
+ trustStore =
securityContext.getSSLProperties().getProperty("javax.net.ssl.trustStore");
+ trustStorePass =
securityContext.getSSLProperties().getProperty("javax.net.ssl.trustStorePassword");
+ }
+
customConnector.setProperty("protocol", "TLS");
+ customConnector.setProperty("keytype", keyStoreType);
customConnector.setProperty("keystore", keyStore);
customConnector.setProperty("keypass", keyStorePass);
- String keyStoreType =
- System.getProperty("javax.net.ssl.keyStoreType",
KeyStore.getDefaultType());
- String trustStoreType =
- System.getProperty("javax.net.ssl.trustStoreType",
KeyStore.getDefaultType());
- customConnector.setProperty("keytype", keyStoreType);
+
customConnector.setProperty("trusttype",
trustStoreType);
customConnector.setProperty("truststore", trustStore);
customConnector.setProperty("trustpass",
trustStorePass);
Added:
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java
URL:
http://svn.apache.org/viewvc/tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java?rev=748006&view=auto
==============================================================================
---
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java
(added)
+++
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java
Thu Feb 26 04:29:11 2009
@@ -0,0 +1,130 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.tuscany.sca.policy.confidentiality;
+
+import java.util.Properties;
+
+import javax.xml.namespace.QName;
+
+import org.apache.tuscany.sca.assembly.xml.Constants;
+import org.apache.tuscany.sca.policy.Policy;
+
+
+/**
+ * Models the SCA Implementation Security Policy Assertion for Confidentiality.
+ *
+ * This would map to enabling SSL communication and would require
+ * the following configuration items :
+ *
+ * - javax.net.ssl.keyStore
+ * - javax.net.ssl.keyStorePassword
+ * - javax.net.ssl.keyStoreType
+ *
+ * - javax.net.ssl.trustStoreType
+ * - javax.net.ssl.trustStore
+ * - javax.net.ssl.trustStorePassword
+ *
+ * @version $Rev$ $Date$
+ */
+public class ConfidentialityPolicy implements Policy {
+ public static final QName NAME = new QName(Constants.SCA10_TUSCANY_NS,
"confidentiality");
+
+ private String trustStore;
+ private String trustStorePassword;
+ private String keyStore;
+ private String keyStorePassword;
+ private String keyStoreType;
+ private String trustStoreType;
+
+ public String getTrustStore() {
+ return trustStore;
+ }
+
+ public void setTrustStore(String trustStore) {
+ this.trustStore = trustStore;
+ }
+
+ public String getTrustStorePassword() {
+ return trustStorePassword;
+ }
+
+ public void setTrustStorePassword(String trustStorePassword) {
+ this.trustStorePassword = trustStorePassword;
+ }
+
+ public String getKeyStore() {
+ return keyStore;
+ }
+
+ public void setKeyStore(String keyStore) {
+ this.keyStore = keyStore;
+ }
+
+ public String getKeyStorePassword() {
+ return keyStorePassword;
+ }
+
+ public void setKeyStorePassword(String keyStorePassword) {
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ public String getKeyStoreType() {
+ return keyStoreType;
+ }
+
+ public void setKeyStoreType(String keyStoreType) {
+ this.keyStoreType = keyStoreType;
+ }
+
+ public String getTrustStoreType() {
+ return trustStoreType;
+ }
+
+ public void setTrustStoreType(String trustStoreType) {
+ this.trustStoreType = trustStoreType;
+ }
+
+ public QName getSchemaName() {
+ return NAME;
+ }
+
+ public boolean isUnresolved() {
+ return false;
+ }
+
+ public void setUnresolved(boolean unresolved) {
+
+ }
+
+ public Properties toProperties() {
+ Properties properties = new Properties();
+
+ properties.put("javax.net.ssl.trustStoreType", trustStoreType);
+ properties.put("javax.net.ssl.trustStore", trustStore);
+ properties.put("javax.net.ssl.trustStorePassword", trustStorePassword);
+
+ properties.put("javax.net.ssl.keyStoreType", keyStoreType);
+ properties.put("javax.net.ssl.keyStore", keyStore);
+ properties.put("javax.net.ssl.keyStorePassword", keyStorePassword);
+
+ return properties;
+ }
+
+}
Propchange:
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java
URL:
http://svn.apache.org/viewvc/tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java?rev=748006&view=auto
==============================================================================
---
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java
(added)
+++
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java
Thu Feb 26 04:29:11 2009
@@ -0,0 +1,158 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.tuscany.sca.policy.confidentiality;
+
+import static javax.xml.stream.XMLStreamConstants.END_ELEMENT;
+import static javax.xml.stream.XMLStreamConstants.START_ELEMENT;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.tuscany.sca.assembly.builder.impl.ProblemImpl;
+import org.apache.tuscany.sca.assembly.xml.Constants;
+import org.apache.tuscany.sca.contribution.ModelFactoryExtensionPoint;
+import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor;
+import org.apache.tuscany.sca.contribution.resolver.ModelResolver;
+import org.apache.tuscany.sca.contribution.service.ContributionReadException;
+import
org.apache.tuscany.sca.contribution.service.ContributionResolveException;
+import org.apache.tuscany.sca.contribution.service.ContributionWriteException;
+import org.apache.tuscany.sca.monitor.Monitor;
+import org.apache.tuscany.sca.monitor.Problem;
+import org.apache.tuscany.sca.monitor.Problem.Severity;
+
+public class ConfidentialityPolicyProcessor implements
StAXArtifactProcessor<ConfidentialityPolicy> {
+ private static final QName KEY_STORE_QNAME = new
QName(Constants.SCA10_TUSCANY_NS, "keyStore");
+ private static final QName TRUST_STORE_QNAME = new
QName(Constants.SCA10_TUSCANY_NS, "trustStore");
+
+ private Monitor monitor;
+
+ public ConfidentialityPolicyProcessor(ModelFactoryExtensionPoint
modelFactories, Monitor monitor) {
+ this.monitor = monitor;
+ }
+
+ /**
+ * Report a error.
+ *
+ * @param problems
+ * @param message
+ * @param model
+ */
+ private void error(String message, Object model, Object...
messageParameters) {
+ if (monitor != null) {
+ Problem problem = new ProblemImpl(this.getClass().getName(),
"policy-security-validation-messages", Severity.ERROR, model, message,
(Object[])messageParameters);
+ monitor.problem(problem);
+ }
+ }
+
+ public QName getArtifactType() {
+ return ConfidentialityPolicy.NAME;
+ }
+
+ public Class<ConfidentialityPolicy> getModelType() {
+ return ConfidentialityPolicy.class;
+ }
+
+ public ConfidentialityPolicy read(XMLStreamReader reader) throws
ContributionReadException, XMLStreamException {
+ ConfidentialityPolicy policy = new ConfidentialityPolicy();
+ int event = reader.getEventType();
+ QName start = reader.getName();
+ QName name = null;
+ while (true) {
+ switch (event) {
+ case START_ELEMENT:
+ name = reader.getName();
+ if(KEY_STORE_QNAME.equals(name)) {
+ //<tuscany:keyStore type="JKS"
file="conf/tomcat.keystore" password="apache"/>
+ String type = reader.getAttributeValue(null, "type");
+ if(type == null) {
+ error("RequiredAttributeKeyStoreTypeMissing",
reader);
+ } else {
+ policy.setKeyStoreType(type);
+ }
+
+ String file = reader.getAttributeValue(null, "file");
+ if(file == null) {
+ error("RequiredAttributeKeyStoreFileMissing",
reader);
+ } else {
+ policy.setKeyStore(file);
+ }
+
+ String password = reader.getAttributeValue(null,
"password");
+ if(file == null) {
+ error("RequiredAttributeKeyStorePasswordMissing",
reader);
+ } else {
+ policy.setKeyStorePassword(password);
+ }
+
+ } else if(TRUST_STORE_QNAME.equals(name)) {
+ //<tuscany:trustStore type="" file="" password=""/>
+ String type = reader.getAttributeValue(null, "type");
+ if(type == null) {
+ error("RequiredAttributeTrustStoreTypeMissing",
reader);
+ } else {
+ policy.setTrustStoreType(type);
+ }
+
+ String file = reader.getAttributeValue(null, "file");
+ if(file == null) {
+ error("RequiredAttributeTrusStoreFileMissing",
reader);
+ } else {
+ policy.setTrustStore(file);
+ }
+
+ String password = reader.getAttributeValue(null,
"password");
+ if(file == null) {
+
error("RequiredAttributeTrustStorePasswordMissing", reader);
+ } else {
+ policy.setTrustStorePassword(password);
+ }
+
+ }
+ break;
+ case END_ELEMENT:
+ if (start.equals(reader.getName())) {
+ if (reader.hasNext()) {
+ reader.next();
+ }
+ return policy;
+ }
+
+ }
+ if (reader.hasNext()) {
+ event = reader.next();
+ } else {
+ return policy;
+ }
+ } }
+
+ public void write(ConfidentialityPolicy model, XMLStreamWriter writer)
throws ContributionWriteException,
+ XMLStreamException {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void resolve(ConfidentialityPolicy model, ModelResolver resolver)
throws ContributionResolveException {
+ // TODO Auto-generated method stub
+
+ }
+
+}
Propchange:
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified:
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityPolicyDefinitionsProvider.java
URL:
http://svn.apache.org/viewvc/tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityPolicyDefinitionsProvider.java?rev=748006&r1=748005&r2=748006&view=diff
==============================================================================
---
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityPolicyDefinitionsProvider.java
(original)
+++
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityPolicyDefinitionsProvider.java
Thu Feb 26 04:29:11 2009
@@ -34,16 +34,18 @@
/**
* Provider for Policy Intents and PolicySet definitions related to security
- *
+ *
* @version $Rev$ $Date$
*/
public class SecurityPolicyDefinitionsProvider implements
SCADefinitionsProvider {
+ private static final String definitionsFile =
"org/apache/tuscany/sca/policy/security/definitions.xml";
private static final String tuscanyDefinitionsFile =
"org/apache/tuscany/sca/policy/security/tuscany_definitions.xml";
- private String definitionsFile =
"org/apache/tuscany/sca/policy/security/definitions.xml";
+
URLArtifactProcessor urlArtifactProcessor = null;
public SecurityPolicyDefinitionsProvider(ExtensionPointRegistry registry) {
- URLArtifactProcessorExtensionPoint documentProcessors =
registry.getExtensionPoint(URLArtifactProcessorExtensionPoint.class);
+ URLArtifactProcessorExtensionPoint documentProcessors =
+
registry.getExtensionPoint(URLArtifactProcessorExtensionPoint.class);
urlArtifactProcessor =
(URLArtifactProcessor)documentProcessors.getProcessor(SCADefinitions.class);
}
@@ -51,34 +53,31 @@
SCADefinitions scaDefns = null;
SCADefinitions tuscanyDefns = null;
try {
- // Allow privileged access to load resource. Requires
RuntimePermssion in security policy.
+ // Allow privileged access to load resource. Requires
+ // RuntimePermssion in security policy.
URL definitionsFileUrl = AccessController.doPrivileged(new
PrivilegedAction<URL>() {
public URL run() {
return
getClass().getClassLoader().getResource(definitionsFile);
}
- });
+ });
URI uri = new URI(definitionsFile);
- scaDefns = (SCADefinitions)urlArtifactProcessor.read(null,
- uri,
-
definitionsFileUrl);
+ scaDefns = (SCADefinitions)urlArtifactProcessor.read(null, uri,
definitionsFileUrl);
definitionsFileUrl = AccessController.doPrivileged(new
PrivilegedAction<URL>() {
public URL run() {
return
getClass().getClassLoader().getResource(tuscanyDefinitionsFile);
}
- });
+ });
uri = new URI(definitionsFile);
- tuscanyDefns = (SCADefinitions)urlArtifactProcessor.read(null,
- uri,
-
definitionsFileUrl);
+ tuscanyDefns = (SCADefinitions)urlArtifactProcessor.read(null,
uri, definitionsFileUrl);
SCADefinitionsUtil.aggregateSCADefinitions(tuscanyDefns, scaDefns);
return scaDefns;
- } catch ( Exception e ) {
+ } catch (Exception e) {
throw new SCADefinitionsProviderException(e);
}
}
Modified:
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
URL:
http://svn.apache.org/viewvc/tuscany/branches/sca-java-1.x/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor?rev=748006&r1=748005&r2=748006&view=diff
==============================================================================
---
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
(original)
+++
tuscany/branches/sca-java-1.x/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
Thu Feb 26 04:29:11 2009
@@ -25,3 +25,4 @@
org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#securityIdentity,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy
org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#jaasAuthentication,model=org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy
org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#basicAuthentication,model=org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy
+org.apache.tuscany.sca.policy.confidentiality.ConfidentialityPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#confidentiality,model=org.apache.tuscany.sca.policy.confidentiality.ConfidentialityPolicy
\ No newline at end of file
Modified: tuscany/branches/sca-java-1.x/samples/store-secure/pom.xml
URL:
http://svn.apache.org/viewvc/tuscany/branches/sca-java-1.x/samples/store-secure/pom.xml?rev=748006&r1=748005&r2=748006&view=diff
==============================================================================
--- tuscany/branches/sca-java-1.x/samples/store-secure/pom.xml (original)
+++ tuscany/branches/sca-java-1.x/samples/store-secure/pom.xml Thu Feb 26
04:29:11 2009
@@ -44,6 +44,12 @@
<dependency>
<groupId>org.apache.tuscany.sca</groupId>
+ <artifactId>tuscany-policy-security</artifactId>
+ <version>1.5-SNAPSHOT</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.tuscany.sca</groupId>
<artifactId>tuscany-data-api</artifactId>
<version>1.5-SNAPSHOT</version>
</dependency>
Added:
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/java/launch/LaunchSSL.java
URL:
http://svn.apache.org/viewvc/tuscany/branches/sca-java-1.x/samples/store-secure/src/main/java/launch/LaunchSSL.java?rev=748006&view=auto
==============================================================================
---
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/java/launch/LaunchSSL.java
(added)
+++
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/java/launch/LaunchSSL.java
Thu Feb 26 04:29:11 2009
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package launch;
+
+import org.apache.tuscany.sca.host.embedded.SCADomain;
+
+public class LaunchSSL {
+ public static void main(String[] args) throws Exception {
+ System.out.println("Starting ...");
+ SCADomain scaDomain = SCADomain.newInstance("store-ssl.composite");
+ System.out.println("store.composite ready for big business !!!");
+ System.in.read();
+ System.out.println("Stopping ...");
+ scaDomain.close();
+ System.out.println();
+ }
+}
Propchange:
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/java/launch/LaunchSSL.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/java/launch/LaunchSSL.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified:
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/resources/definitions.xml
URL:
http://svn.apache.org/viewvc/tuscany/branches/sca-java-1.x/samples/store-secure/src/main/resources/definitions.xml?rev=748006&r1=748005&r2=748006&view=diff
==============================================================================
---
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/resources/definitions.xml
(original)
+++
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/resources/definitions.xml
Thu Feb 26 04:29:11 2009
@@ -24,8 +24,7 @@
xmlns:store="http://store";>
- <!-- WS Security POLICY SETS -->
- <sca:policySet name="widgetBindingAuthenticationPolicySet"
+ <sca:policySet name="widgetBindingAuthenticationPolicySet"
provides="sca:authentication"
appliesTo="tuscany:binding.http">
<tuscany:basicAuthentication>
@@ -37,8 +36,7 @@
</tuscany:basicAuthentication>
</sca:policySet>
- <!-- WS Security POLICY SETS -->
- <sca:policySet name="widgetServiceAuthenticationPolicySet"
+ <sca:policySet name="widgetServiceAuthenticationPolicySet"
provides="sca:authentication"
appliesTo="sca:service">
<tuscany:basicAuthentication>
@@ -49,5 +47,18 @@
</tuscany:authorizedUsers>
</tuscany:basicAuthentication>
</sca:policySet>
+
+ <sca:policySet name="widgetConfidentialityConfigurationPolicySet"
+ provides="sca:confidentiality"
+ appliesTo="tuscany:binding.http">
+ <tuscany:confidentiality>
+ <tuscany:keyStore type="JKS" file="target/classes/tuscany.keyStore"
password="apache"/>
+ <tuscany:trustStore type="" file="" password=""/>
+ </tuscany:confidentiality>
+ </sca:policySet>
+
+
+
+
</sca:definitions>
Added:
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/resources/store-ssl.composite
URL:
http://svn.apache.org/viewvc/tuscany/branches/sca-java-1.x/samples/store-secure/src/main/resources/store-ssl.composite?rev=748006&view=auto
==============================================================================
---
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/resources/store-ssl.composite
(added)
+++
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/resources/store-ssl.composite
Thu Feb 26 04:29:11 2009
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+-->
+<composite xmlns="http://www.osoa.org/xmlns/sca/1.0";
+ xmlns:t="http://tuscany.apache.org/xmlns/sca/1.0";
+ targetNamespace="http://store";
+ name="store">
+
+ <component name="Store">
+ <t:implementation.widget location="uiservices/store.html"/>
+ <service name="Widget">
+ <t:binding.http uri="/store" requires="confidentiality"/>
+ </service>
+ <reference name="catalog" target="Catalog">
+ <t:binding.jsonrpc/>
+ </reference>
+ <reference name="shoppingCart" target="ShoppingCart/Cart">
+ <t:binding.atom/>
+ </reference>
+ <reference name="shoppingTotal" target="ShoppingCart/Total">
+ <t:binding.jsonrpc/>
+ </reference>
+ </component>
+
+ <component name="Catalog">
+ <implementation.java class="services.FruitsCatalogImpl"/>
+ <property name="currencyCode">USD</property>
+ <service name="Catalog">
+ <t:binding.jsonrpc/>
+ </service>
+ <reference name="currencyConverter"
target="CurrencyConverter"/>
+ </component>
+
+ <component name="ShoppingCart">
+ <implementation.java class="services.ShoppingCartImpl"/>
+ <service name="Cart">
+ <t:binding.atom uri="/ShoppingCart/Cart"/>
+ </service>
+ <service name="Total">
+ <t:binding.jsonrpc/>
+ </service>
+ </component>
+
+ <component name="CurrencyConverter">
+ <implementation.java class="services.CurrencyConverterImpl"/>
+ </component>
+
+</composite>
Propchange:
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/resources/store-ssl.composite
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/resources/store-ssl.composite
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange:
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/resources/store-ssl.composite
------------------------------------------------------------------------------
svn:mime-type = text/xml
Added:
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/resources/tuscany.keyStore
URL:
http://svn.apache.org/viewvc/tuscany/branches/sca-java-1.x/samples/store-secure/src/main/resources/tuscany.keyStore?rev=748006&view=auto
==============================================================================
Files
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/resources/tuscany.keyStore
(added) and
tuscany/branches/sca-java-1.x/samples/store-secure/src/main/resources/tuscany.keyStore
Thu Feb 26 04:29:11 2009 differ
