You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by co...@apache.org on 2019/11/08 12:02:37 UTC
[camel] branch master updated: CAMEL-14161 - Remove default key
from camel-shiro
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/master by this push:
new 115b516 CAMEL-14161 - Remove default key from camel-shiro
115b516 is described below
commit 115b51666cb97eb33f9d57ca96ed18b8cd08b858
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Nov 8 12:01:47 2019 +0000
CAMEL-14161 - Remove default key from camel-shiro
---
.../shiro/security/ShiroSecurityPolicy.java | 38 ++++++-------
.../shiro/security/ShiroSecurityTokenInjector.java | 16 +-----
.../shiro/security/ShiroAuthenticationTest.java | 64 ++++++++++++++++------
.../ROOT/pages/camel-3-migration-guide.adoc | 5 ++
4 files changed, 68 insertions(+), 55 deletions(-)
diff --git a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityPolicy.java b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityPolicy.java
index fc6a607..1b342e0 100644
--- a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityPolicy.java
+++ b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityPolicy.java
@@ -36,11 +36,6 @@ import org.slf4j.LoggerFactory;
public class ShiroSecurityPolicy implements AuthorizationPolicy {
private static final Logger LOG = LoggerFactory.getLogger(ShiroSecurityPolicy.class);
- private final byte[] bits128 = {
- (byte) 0x08, (byte) 0x09, (byte) 0x0A, (byte) 0x0B,
- (byte) 0x0C, (byte) 0x0D, (byte) 0x0E, (byte) 0x0F,
- (byte) 0x10, (byte) 0x11, (byte) 0x12, (byte) 0x13,
- (byte) 0x14, (byte) 0x15, (byte) 0x16, (byte) 0x17};
private CipherService cipherService;
private byte[] passPhrase;
private SecurityManager securityManager;
@@ -50,57 +45,56 @@ public class ShiroSecurityPolicy implements AuthorizationPolicy {
private boolean base64;
private boolean allPermissionsRequired;
private boolean allRolesRequired;
-
+
public ShiroSecurityPolicy() {
- this.passPhrase = bits128;
- // Set up AES encryption based cipher service, by default
+ // Set up AES encryption based cipher service, by default
cipherService = new AesCipherService();
permissionsList = new ArrayList<>();
rolesList = new ArrayList<>();
alwaysReauthenticate = true;
- }
-
+ }
+
public ShiroSecurityPolicy(String iniResourcePath) {
this();
Factory<SecurityManager> factory = new IniSecurityManagerFactory(iniResourcePath);
securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
}
-
+
public ShiroSecurityPolicy(Ini ini) {
this();
Factory<SecurityManager> factory = new IniSecurityManagerFactory(ini);
securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
}
-
+
public ShiroSecurityPolicy(String iniResourcePath, byte[] passPhrase) {
- this(iniResourcePath);
+ this(iniResourcePath);
this.setPassPhrase(passPhrase);
}
public ShiroSecurityPolicy(Ini ini, byte[] passPhrase) {
- this(ini);
+ this(ini);
this.setPassPhrase(passPhrase);
}
-
+
public ShiroSecurityPolicy(String iniResourcePath, byte[] passPhrase, boolean alwaysReauthenticate) {
- this(iniResourcePath, passPhrase);
+ this(iniResourcePath, passPhrase);
this.setAlwaysReauthenticate(alwaysReauthenticate);
}
public ShiroSecurityPolicy(Ini ini, byte[] passPhrase, boolean alwaysReauthenticate) {
- this(ini, passPhrase);
+ this(ini, passPhrase);
this.setAlwaysReauthenticate(alwaysReauthenticate);
}
-
+
public ShiroSecurityPolicy(String iniResourcePath, byte[] passPhrase, boolean alwaysReauthenticate, List<Permission> permissionsList) {
- this(iniResourcePath, passPhrase, alwaysReauthenticate);
+ this(iniResourcePath, passPhrase, alwaysReauthenticate);
this.setPermissionsList(permissionsList);
}
-
+
public ShiroSecurityPolicy(Ini ini, byte[] passPhrase, boolean alwaysReauthenticate, List<Permission> permissionsList) {
- this(ini, passPhrase, alwaysReauthenticate);
+ this(ini, passPhrase, alwaysReauthenticate);
this.setPermissionsList(permissionsList);
}
@@ -108,7 +102,7 @@ public class ShiroSecurityPolicy implements AuthorizationPolicy {
public void beforeWrap(RouteContext routeContext, NamedNode definition) {
// noop
}
-
+
@Override
public Processor wrap(RouteContext routeContext, final Processor processor) {
if (LOG.isDebugEnabled()) {
diff --git a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityTokenInjector.java b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityTokenInjector.java
index b4c8cf2..2019f90 100644
--- a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityTokenInjector.java
+++ b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityTokenInjector.java
@@ -21,25 +21,14 @@ import org.apache.camel.Processor;
import org.apache.shiro.crypto.AesCipherService;
import org.apache.shiro.crypto.CipherService;
import org.apache.shiro.util.ByteSource;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
public class ShiroSecurityTokenInjector implements Processor {
- private static final Logger LOG = LoggerFactory.getLogger(ShiroSecurityTokenInjector.class);
-
- private final byte[] bits128 = {
- (byte) 0x08, (byte) 0x09, (byte) 0x0A, (byte) 0x0B,
- (byte) 0x0C, (byte) 0x0D, (byte) 0x0E, (byte) 0x0F,
- (byte) 0x10, (byte) 0x11, (byte) 0x12, (byte) 0x13,
- (byte) 0x14, (byte) 0x15, (byte) 0x16, (byte) 0x17};
private byte[] passPhrase;
private ShiroSecurityToken securityToken;
private CipherService cipherService;
private boolean base64;
-
- public ShiroSecurityTokenInjector() {
- this.passPhrase = bits128;
+ public ShiroSecurityTokenInjector() {
// Set up AES encryption based cipher service, by default
cipherService = new AesCipherService();
}
@@ -56,9 +45,6 @@ public class ShiroSecurityTokenInjector implements Processor {
}
public ByteSource encrypt() throws Exception {
- if (passPhrase == bits128) {
- LOG.warn("Using the default encryption key is not secure");
- }
return ShiroSecurityHelper.encrypt(securityToken, passPhrase, cipherService);
}
diff --git a/components/camel-shiro/src/test/java/org/apache/camel/component/shiro/security/ShiroAuthenticationTest.java b/components/camel-shiro/src/test/java/org/apache/camel/component/shiro/security/ShiroAuthenticationTest.java
index dfdb9ba..48e0408 100644
--- a/components/camel-shiro/src/test/java/org/apache/camel/component/shiro/security/ShiroAuthenticationTest.java
+++ b/components/camel-shiro/src/test/java/org/apache/camel/component/shiro/security/ShiroAuthenticationTest.java
@@ -19,6 +19,7 @@ package org.apache.camel.component.shiro.security;
import java.util.HashMap;
import java.util.Map;
+import org.apache.camel.CamelExecutionException;
import org.apache.camel.EndpointInject;
import org.apache.camel.Exchange;
import org.apache.camel.builder.RouteBuilder;
@@ -42,33 +43,33 @@ public class ShiroAuthenticationTest extends CamelTestSupport {
(byte) 0x08, (byte) 0x09, (byte) 0x0A, (byte) 0x0B,
(byte) 0x0C, (byte) 0x0D, (byte) 0x0E, (byte) 0x0F,
(byte) 0x10, (byte) 0x11, (byte) 0x12, (byte) 0x13,
- (byte) 0x14, (byte) 0x15, (byte) 0x16, (byte) 0x17};
-
+ (byte) 0x14, (byte) 0x15, (byte) 0x16, (byte) 0x17};
+
@Test
- public void testShiroAuthenticationFailure() throws Exception {
+ public void testShiroAuthenticationFailure() throws Exception {
//Incorrect password
ShiroSecurityToken shiroSecurityToken = new ShiroSecurityToken("ringo", "stirr");
TestShiroSecurityTokenInjector shiroSecurityTokenInjector = new TestShiroSecurityTokenInjector(shiroSecurityToken, passPhrase);
-
+
successEndpoint.expectedMessageCount(0);
failureEndpoint.expectedMessageCount(1);
-
+
template.send("direct:secureEndpoint", shiroSecurityTokenInjector);
-
+
successEndpoint.assertIsSatisfied();
failureEndpoint.assertIsSatisfied();
}
-
+
@Test
- public void testSuccessfulShiroAuthenticationWithNoAuthorization() throws Exception {
+ public void testSuccessfulShiroAuthenticationWithNoAuthorization() throws Exception {
ShiroSecurityToken shiroSecurityToken = new ShiroSecurityToken("ringo", "starr");
TestShiroSecurityTokenInjector shiroSecurityTokenInjector = new TestShiroSecurityTokenInjector(shiroSecurityToken, passPhrase);
-
+
successEndpoint.expectedMessageCount(1);
failureEndpoint.expectedMessageCount(0);
-
+
template.send("direct:secureEndpoint", shiroSecurityTokenInjector);
-
+
successEndpoint.assertIsSatisfied();
failureEndpoint.assertIsSatisfied();
}
@@ -100,11 +101,26 @@ public class ShiroAuthenticationTest extends CamelTestSupport {
failureEndpoint.assertIsSatisfied();
}
+ @Test
+ public void testMissingEncryptionKey() throws Exception {
+ Map<String, Object> headers = new HashMap<>();
+ headers.put(ShiroSecurityConstants.SHIRO_SECURITY_USERNAME, "ringo");
+ headers.put(ShiroSecurityConstants.SHIRO_SECURITY_PASSWORD, "starr");
+ try {
+ template.sendBodyAndHeaders("direct:secureEndpointMissingKey", "Beatle Mania", headers);
+ fail("Failure expected on a missing key");
+ } catch (CamelExecutionException ex) {
+ // expected
+ assertTrue(ex.getCause() instanceof IllegalArgumentException);
+ }
+ }
+
@Override
- protected RouteBuilder createRouteBuilder() throws Exception {
+ protected RouteBuilder[] createRouteBuilders() throws Exception {
final ShiroSecurityPolicy securityPolicy = new ShiroSecurityPolicy("src/test/resources/securityconfig.ini", passPhrase);
-
- return new RouteBuilder() {
+ final ShiroSecurityPolicy securityPolicy2 = new ShiroSecurityPolicy("src/test/resources/securityconfig.ini");
+
+ return new RouteBuilder[] {new RouteBuilder() {
@SuppressWarnings("unchecked")
public void configure() {
onException(UnknownAccountException.class, IncorrectCredentialsException.class,
@@ -116,21 +132,33 @@ public class ShiroAuthenticationTest extends CamelTestSupport {
to("log:incoming payload").
to("mock:success");
}
- };
+ }, new RouteBuilder() {
+ @SuppressWarnings("unchecked")
+ public void configure() {
+ onException(UnknownAccountException.class, IncorrectCredentialsException.class,
+ LockedAccountException.class, AuthenticationException.class).
+ to("mock:authenticationException");
+
+ from("direct:secureEndpointMissingKey").
+ policy(securityPolicy2).
+ to("log:incoming payload").
+ to("mock:success");
+ }
+ }};
}
-
+
private static class TestShiroSecurityTokenInjector extends ShiroSecurityTokenInjector {
TestShiroSecurityTokenInjector(ShiroSecurityToken shiroSecurityToken, byte[] bytes) {
super(shiroSecurityToken, bytes);
}
-
+
@Override
public void process(Exchange exchange) throws Exception {
exchange.getIn().setHeader(ShiroSecurityConstants.SHIRO_SECURITY_TOKEN, encrypt());
exchange.getIn().setBody("Beatle Mania");
}
}
-
+
}
diff --git a/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc b/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc
index 47ded17..52fd846 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc
@@ -332,6 +332,11 @@ is now SHA256withRSA (before it was SHA1WithDSA).
The default JSon library with the JSon dataformat has changed from `XStream` to `Jackson`.
+=== Shiro Component
+
+The default encryption key for the Shiro component has been removed, so now it
+is mandatory to supply the key/passphrase.
+
=== XML Security Component
The default signature algorithm has changed for the XML Security Component - it