You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by as...@apache.org on 2010/05/11 10:51:39 UTC
svn commit: r943045 - in /geronimo/server/trunk:
framework/configs/jmx-security/
framework/configs/karaf-framework/src/main/distribution/unix-shell/bin/
framework/configs/karaf-framework/src/main/distribution/windows-text/bin/
framework/modules/geronim...
Author: ashishjain
Date: Tue May 11 08:51:38 2010
New Revision: 943045
URL: http://svn.apache.org/viewvc?rev=943045&view=rev
Log:
GERONIMO-5294 Fix for trunk, refer GERONIMO-5148.
Modified:
geronimo/server/trunk/framework/configs/jmx-security/pom.xml
geronimo/server/trunk/framework/configs/karaf-framework/src/main/distribution/unix-shell/bin/geronimo
geronimo/server/trunk/framework/configs/karaf-framework/src/main/distribution/windows-text/bin/geronimo.bat
geronimo/server/trunk/framework/modules/geronimo-cli/src/main/java/org/apache/geronimo/cli/daemon/DaemonCLParser.java
geronimo/server/trunk/framework/modules/geronimo-system/src/main/java/org/apache/geronimo/system/main/EmbeddedDaemon.java
geronimo/server/trunk/plugins/clustering/clustering/src/main/plan/plan.xml
Modified: geronimo/server/trunk/framework/configs/jmx-security/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/configs/jmx-security/pom.xml?rev=943045&r1=943044&r2=943045&view=diff
==============================================================================
--- geronimo/server/trunk/framework/configs/jmx-security/pom.xml (original)
+++ geronimo/server/trunk/framework/configs/jmx-security/pom.xml Tue May 11 08:51:38 2010
@@ -70,6 +70,12 @@
<attribute name="host">#{ServerHostname}</attribute>
<attribute name="port">#{JMXSecurePort + PortOffset}</attribute>
<attribute name="urlPath">/jndi/rmi://#{ServerHostname}:#{NamingPort + PortOffset}/JMXSecureConnector</attribute>
+ <attribute name="algorithm">Default</attribute>
+ <attribute name="secureProtocol">TLS</attribute>
+ <attribute name="keyStore">geronimo-default</attribute>
+ <attribute name="keyAlias">geronimo</attribute>
+ <attribute name="trustStore">geronimo-default</attribute>
+ <attribute name="clientAuth">false</attribute>
</gbean>
</config-xml-content>
<config-substitution key="JMXSecurePort">9998</config-substitution>
Modified: geronimo/server/trunk/framework/configs/karaf-framework/src/main/distribution/unix-shell/bin/geronimo
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/configs/karaf-framework/src/main/distribution/unix-shell/bin/geronimo?rev=943045&r1=943044&r2=943045&view=diff
==============================================================================
--- geronimo/server/trunk/framework/configs/karaf-framework/src/main/distribution/unix-shell/bin/geronimo (original)
+++ geronimo/server/trunk/framework/configs/karaf-framework/src/main/distribution/unix-shell/bin/geronimo Tue May 11 08:51:38 2010
@@ -440,6 +440,7 @@ else
echo " -vv --veryverbose DEBUG log level"
echo " --override Override configurations. USE WITH CAUTION!"
echo " --help Detailed help."
+ echo " -s --secure Enable Geronimo for 2 way secure JMX communication."
echo ""
echo "args for stop command:"
echo " --user Admin user"
Modified: geronimo/server/trunk/framework/configs/karaf-framework/src/main/distribution/windows-text/bin/geronimo.bat
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/configs/karaf-framework/src/main/distribution/windows-text/bin/geronimo.bat?rev=943045&r1=943044&r2=943045&view=diff
==============================================================================
--- geronimo/server/trunk/framework/configs/karaf-framework/src/main/distribution/windows-text/bin/geronimo.bat (original)
+++ geronimo/server/trunk/framework/configs/karaf-framework/src/main/distribution/windows-text/bin/geronimo.bat Tue May 11 08:51:38 2010
@@ -255,6 +255,7 @@ echo -v --verbose INFO log level
echo -vv --veryverbose DEBUG log level
echo --override Override configurations. USE WITH CAUTION!
echo --help Detailed help.
+echo -s --secure Enable Geronimo for 2 way secure JMX communication.
echo.
echo args for stop command:
echo --user Admin user
Modified: geronimo/server/trunk/framework/modules/geronimo-cli/src/main/java/org/apache/geronimo/cli/daemon/DaemonCLParser.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-cli/src/main/java/org/apache/geronimo/cli/daemon/DaemonCLParser.java?rev=943045&r1=943044&r2=943045&view=diff
==============================================================================
--- geronimo/server/trunk/framework/modules/geronimo-cli/src/main/java/org/apache/geronimo/cli/daemon/DaemonCLParser.java (original)
+++ geronimo/server/trunk/framework/modules/geronimo-cli/src/main/java/org/apache/geronimo/cli/daemon/DaemonCLParser.java Tue May 11 08:51:38 2010
@@ -37,13 +37,19 @@ public class DaemonCLParser extends Base
private final static String ARGUMENT_MODULE_OVERRIDE_SHORTFORM = "o";
private final static String ARGUMENT_MODULE_OVERRIDE = "override";
-
+
+ private final static String ARGUMENT_SECURE_SHORTFORM = "s";
+ private final static String ARGUMENT_SECURE = "secure";
public DaemonCLParser(OutputStream out) {
super(out);
addProgressOptions();
addOverride();
+ addSecure();
}
+ public boolean isSecure() {
+ return commandLine.hasOption(ARGUMENT_SECURE_SHORTFORM);
+ }
public boolean isNoProgress() {
return commandLine.hasOption(ARGUMENT_NO_PROGRESS_SHORTFORM);
}
@@ -80,6 +86,11 @@ public class DaemonCLParser extends Base
options.addOption(option);
}
+ protected void addSecure() {
+ options.addOption(ARGUMENT_SECURE_SHORTFORM, ARGUMENT_SECURE, false,
+ "Use secure channel to communicate with the server. Unsecured channel is used by default.");
+ }
+
protected void addProgressOptions() {
OptionGroup optionGroup = new OptionGroup();
Modified: geronimo/server/trunk/framework/modules/geronimo-system/src/main/java/org/apache/geronimo/system/main/EmbeddedDaemon.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-system/src/main/java/org/apache/geronimo/system/main/EmbeddedDaemon.java?rev=943045&r1=943044&r2=943045&view=diff
==============================================================================
--- geronimo/server/trunk/framework/modules/geronimo-system/src/main/java/org/apache/geronimo/system/main/EmbeddedDaemon.java (original)
+++ geronimo/server/trunk/framework/modules/geronimo-system/src/main/java/org/apache/geronimo/system/main/EmbeddedDaemon.java Tue May 11 08:51:38 2010
@@ -17,13 +17,16 @@
package org.apache.geronimo.system.main;
+import java.io.FileInputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.LinkedHashSet;
import java.util.List;
+import java.util.Properties;
import java.util.Set;
import org.apache.geronimo.cli.daemon.DaemonCLParser;
+import org.apache.geronimo.crypto.EncryptionManager;
import org.apache.geronimo.gbean.AbstractName;
import org.apache.geronimo.gbean.AbstractNameQuery;
import org.apache.geronimo.gbean.GBeanInfo;
@@ -52,6 +55,11 @@ public class EmbeddedDaemon implements M
private StartupMonitor monitor;
private LifecycleMonitor lifecycleMonitor;
private List<Artifact> configs = new ArrayList<Artifact>();
+ static String KEYSTORE_TRUSTSTORE_PASSWORD_FILE = "org.apache.geronimo.keyStoreTrustStorePasswordFile";
+ static String DEFAULT_TRUSTSTORE_KEYSTORE_LOCATION = "/var/security/keystores/geronimo-default";
+ static String GERONIMO_HOME = "org.apache.geronimo.home.dir";
+ static String DEFAULT_KEYSTORE_TRUSTSTORE_PASSWORD_FILE = System.getProperty(GERONIMO_HOME)
+ + "/var/config/config-substitutions.properties";
public EmbeddedDaemon(Kernel kernel, Bundle bundle) {
this.kernel = kernel;
@@ -66,6 +74,7 @@ public class EmbeddedDaemon implements M
initializeMonitor(parser);
initializeOverride(parser);
+ initializeSecure(parser);
long start = System.currentTimeMillis();
@@ -79,6 +88,39 @@ public class EmbeddedDaemon implements M
return doStartup();
}
+ protected void initializeSecure(DaemonCLParser parser) {
+ if (parser.isSecure()) {
+ try {
+ Properties props = new Properties();
+
+ String keyStorePassword = null;
+ String trustStorePassword = null;
+
+ FileInputStream fstream = new FileInputStream(System.getProperty(KEYSTORE_TRUSTSTORE_PASSWORD_FILE,
+ DEFAULT_KEYSTORE_TRUSTSTORE_PASSWORD_FILE));
+ props.load(fstream);
+
+ keyStorePassword = (String) EncryptionManager.decrypt(props.getProperty("keyStorePassword"));
+ trustStorePassword = (String) EncryptionManager.decrypt(props.getProperty("trustStorePassword"));
+
+ fstream.close();
+
+ String value = System.getProperty("javax.net.ssl.keyStore", System.getProperty(GERONIMO_HOME)
+ + DEFAULT_TRUSTSTORE_KEYSTORE_LOCATION);
+ String value1 = System.getProperty("javax.net.ssl.trustStore", System.getProperty(GERONIMO_HOME)
+ + DEFAULT_TRUSTSTORE_KEYSTORE_LOCATION);
+ System.setProperty("javax.net.ssl.keyStore", value);
+ System.setProperty("javax.net.ssl.trustStore", value1);
+ System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
+ System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
+ }
+
+ catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+ }
+
protected void initializeOverride(DaemonCLParser parser) {
String[] override = parser.getOverride();
if (null != override) {
Modified: geronimo/server/trunk/plugins/clustering/clustering/src/main/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/clustering/clustering/src/main/plan/plan.xml?rev=943045&r1=943044&r2=943045&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/clustering/clustering/src/main/plan/plan.xml (original)
+++ geronimo/server/trunk/plugins/clustering/clustering/src/main/plan/plan.xml Tue May 11 08:51:38 2010
@@ -22,9 +22,14 @@
<gbean name="Node" class="org.apache.geronimo.clustering.BasicLocalNode">
<attribute name="nodeName">${planNodeName}</attribute>
- <reference name="JMXConnector">
- <name>JMXService</name>
- </reference>
+ <references name="JMXConnector">
+ <pattern>
+ <name>JMXService</name>
+ </pattern>
+ <pattern>
+ <name>JMXSecureConnector</name>
+ </pattern>
+ </references>
</gbean>
</module>