You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tuscany.apache.org by sl...@apache.org on 2010/02/25 16:12:45 UTC
svn commit: r916315 - in
/tuscany/sca-java-2.x/trunk/modules/policy-security/src/main:
java/org/apache/tuscany/sca/policy/security/http/
java/org/apache/tuscany/sca/policy/security/http/ssl/ resources/
resources/META-INF/services/
Author: slaws
Date: Thu Feb 25 15:12:44 2010
New Revision: 916315
URL: http://svn.apache.org/viewvc?rev=916315&view=rev
Log:
add https policy model. This is copied from the 1.x http confidentiality policy. Would be nice to have a common model that any bindings that use HTTP can use but this causes problems in terms of picking the right policy provider for a given binding. Going with this for no but needs fixing.
Added:
tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/
tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/
tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicy.java (with props)
tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicyProcessor.java (with props)
Modified:
tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/resources/policy-security-validation-messages.properties
Added: tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicy.java
URL: http://svn.apache.org/viewvc/tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicy.java?rev=916315&view=auto
==============================================================================
--- tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicy.java (added)
+++ tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicy.java Thu Feb 25 15:12:44 2010
@@ -0,0 +1,130 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.tuscany.sca.policy.security.http.ssl;
+
+import java.util.Properties;
+
+import javax.xml.namespace.QName;
+
+import org.apache.tuscany.sca.assembly.xml.Constants;
+
+/**
+ * Models the SCA Implementation Security Policy Assertion for Confidentiality.
+ *
+ * This would map to enabling SSL communication and would require
+ * the following configuration items :
+ *
+ * - javax.net.ssl.keyStore
+ * - javax.net.ssl.keyStorePassword
+ * - javax.net.ssl.keyStoreType
+ *
+ * - javax.net.ssl.trustStoreType
+ * - javax.net.ssl.trustStore
+ * - javax.net.ssl.trustStorePassword
+ *
+ * @version $Rev$ $Date$
+ */
+public class HTTPSPolicy {
+ public static final QName NAME = new QName(Constants.SCA11_TUSCANY_NS, "https");
+
+ private String trustStoreType;
+ private String trustStore;
+ private String trustStorePassword;
+
+ private String keyStoreType;
+ private String keyStore;
+ private String keyStorePassword;
+
+
+ public String getTrustStoreType() {
+ return trustStoreType;
+ }
+
+ public void setTrustStoreType(String trustStoreType) {
+ this.trustStoreType = trustStoreType;
+ }
+
+ public String getTrustStore() {
+ return trustStore;
+ }
+
+ public void setTrustStore(String trustStore) {
+ this.trustStore = trustStore;
+ }
+
+ public String getTrustStorePassword() {
+ return trustStorePassword;
+ }
+
+ public void setTrustStorePassword(String trustStorePassword) {
+ this.trustStorePassword = trustStorePassword;
+ }
+
+ public String getKeyStoreType() {
+ return keyStoreType;
+ }
+
+ public void setKeyStoreType(String keyStoreType) {
+ this.keyStoreType = keyStoreType;
+ }
+
+ public String getKeyStore() {
+ return keyStore;
+ }
+
+ public void setKeyStore(String keyStore) {
+ this.keyStore = keyStore;
+ }
+
+ public String getKeyStorePassword() {
+ return keyStorePassword;
+ }
+
+ public void setKeyStorePassword(String keyStorePassword) {
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ public QName getSchemaName() {
+ return NAME;
+ }
+
+ public boolean isUnresolved() {
+ return false;
+ }
+
+ public void setUnresolved(boolean unresolved) {
+
+ }
+
+ public Properties toProperties() {
+ Properties properties = new Properties();
+
+ properties.put("javax.net.ssl.trustStoreType", trustStoreType);
+ properties.put("javax.net.ssl.trustStore", trustStore);
+ properties.put("javax.net.ssl.trustStorePassword", trustStorePassword);
+
+ properties.put("javax.net.ssl.keyStoreType", keyStoreType);
+ properties.put("javax.net.ssl.keyStore", keyStore);
+ properties.put("javax.net.ssl.keyStorePassword", keyStorePassword);
+
+ return properties;
+ }
+
+}
Propchange: tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicy.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicy.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added: tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicyProcessor.java
URL: http://svn.apache.org/viewvc/tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicyProcessor.java?rev=916315&view=auto
==============================================================================
--- tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicyProcessor.java (added)
+++ tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicyProcessor.java Thu Feb 25 15:12:44 2010
@@ -0,0 +1,156 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.tuscany.sca.policy.security.http.ssl;
+
+import static javax.xml.stream.XMLStreamConstants.END_ELEMENT;
+import static javax.xml.stream.XMLStreamConstants.START_ELEMENT;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.tuscany.sca.assembly.xml.Constants;
+import org.apache.tuscany.sca.contribution.processor.ContributionReadException;
+import org.apache.tuscany.sca.contribution.processor.ContributionResolveException;
+import org.apache.tuscany.sca.contribution.processor.ContributionWriteException;
+import org.apache.tuscany.sca.contribution.processor.ProcessorContext;
+import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor;
+import org.apache.tuscany.sca.contribution.resolver.ModelResolver;
+import org.apache.tuscany.sca.core.FactoryExtensionPoint;
+import org.apache.tuscany.sca.monitor.Monitor;
+
+public class HTTPSPolicyProcessor implements StAXArtifactProcessor<HTTPSPolicy> {
+ private static final QName KEY_STORE_QNAME = new QName(Constants.SCA11_TUSCANY_NS, "keyStore");
+ private static final QName TRUST_STORE_QNAME = new QName(Constants.SCA11_TUSCANY_NS, "trustStore");
+
+ public HTTPSPolicyProcessor(FactoryExtensionPoint modelFactories) {
+ }
+
+ public QName getArtifactType() {
+ return HTTPSPolicy.NAME;
+ }
+
+ public Class<HTTPSPolicy> getModelType() {
+ return HTTPSPolicy.class;
+ }
+
+ public HTTPSPolicy read(XMLStreamReader reader, ProcessorContext context) throws ContributionReadException, XMLStreamException {
+ HTTPSPolicy policy = new HTTPSPolicy();
+ int event = reader.getEventType();
+ QName start = reader.getName();
+ QName name = null;
+ while (true) {
+ switch (event) {
+ case START_ELEMENT:
+ name = reader.getName();
+ if(KEY_STORE_QNAME.equals(name)) {
+ //<tuscany:keyStore type="JKS" file="conf/tomcat.keystore" password="apache"/>
+ String type = reader.getAttributeValue(null, "type");
+ if(type == null) {
+ Monitor.error(context.getMonitor(),
+ this,
+ "policy-security-validation-messages",
+ "RequiredAttributeKeyStoreTypeMissing");
+ } else {
+ policy.setKeyStoreType(type);
+ }
+
+ String file = reader.getAttributeValue(null, "file");
+ if(file == null) {
+ Monitor.error(context.getMonitor(),
+ this,
+ "policy-security-validation-messages",
+ "RequiredAttributeKeyStoreFileMissing");
+ } else {
+ policy.setKeyStore(file);
+ }
+
+ String password = reader.getAttributeValue(null, "password");
+ if(file == null) {
+ Monitor.error(context.getMonitor(),
+ this,
+ "policy-security-validation-messages",
+ "RequiredAttributeKeyStorePasswordMissing");
+ } else {
+ policy.setKeyStorePassword(password);
+ }
+
+ } else if(TRUST_STORE_QNAME.equals(name)) {
+ //<tuscany:trustStore type="" file="" password=""/>
+ String type = reader.getAttributeValue(null, "type");
+ if(type == null) {
+ Monitor.error(context.getMonitor(),
+ this,
+ "policy-security-validation-messages",
+ "RequiredAttributeTrustStoreTypeMissing");
+ } else {
+ policy.setTrustStoreType(type);
+ }
+
+ String file = reader.getAttributeValue(null, "file");
+ if(file == null) {
+ Monitor.error(context.getMonitor(),
+ this,
+ "policy-security-validation-messages",
+ "RequiredAttributeTrustStoreFileMissing");
+ } else {
+ policy.setTrustStore(file);
+ }
+
+ String password = reader.getAttributeValue(null, "password");
+ if(file == null) {
+ Monitor.error(context.getMonitor(),
+ this,
+ "policy-security-validation-messages",
+ "RequiredAttributeTrustStorePasswordMissing");
+ } else {
+ policy.setTrustStorePassword(password);
+ }
+
+ }
+ break;
+ case END_ELEMENT:
+ if (start.equals(reader.getName())) {
+ if (reader.hasNext()) {
+ reader.next();
+ }
+ return policy;
+ }
+
+ }
+ if (reader.hasNext()) {
+ event = reader.next();
+ } else {
+ return policy;
+ }
+ } }
+
+ public void write(HTTPSPolicy model, XMLStreamWriter writer, ProcessorContext context) throws ContributionWriteException,
+ XMLStreamException {
+ // TODO
+
+ }
+
+ public void resolve(HTTPSPolicy model, ModelResolver resolver, ProcessorContext context) throws ContributionResolveException {
+
+ }
+
+}
Propchange: tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicyProcessor.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/http/ssl/HTTPSPolicyProcessor.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
URL: http://svn.apache.org/viewvc/tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor?rev=916315&r1=916314&r2=916315&view=diff
==============================================================================
--- tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor (original)
+++ tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor Thu Feb 25 15:12:44 2010
@@ -16,6 +16,10 @@
# under the License.
# Implementation class for the artifact processor extension
+org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.1#basicAuthentication,model=org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy
+org.apache.tuscany.sca.policy.security.http.ssl.HTTPSPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.1#https,model=org.apache.tuscany.sca.policy.security.http.ssl.HTTPSPolicy
+
+# TODO - following processors are old and somewhat questionable for 2.x, needs reviewing
org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://docs.oasis-open.org/ns/opencsa/sca/200912#authorization,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://docs.oasis-open.org/ns/opencsa/sca/200912#allow,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://docs.oasis-open.org/ns/opencsa/sca/200912#permitAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
@@ -23,5 +27,3 @@
org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://docs.oasis-open.org/ns/opencsa/sca/200912#runAs,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy
org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.1#securityIdentity,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy
org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.1#jaasAuthentication,model=org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy
-org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.1#basicAuthentication,model=org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy
-
Modified: tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/resources/policy-security-validation-messages.properties
URL: http://svn.apache.org/viewvc/tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/resources/policy-security-validation-messages.properties?rev=916315&r1=916314&r2=916315&view=diff
==============================================================================
--- tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/resources/policy-security-validation-messages.properties (original)
+++ tuscany/sca-java-2.x/trunk/modules/policy-security/src/main/resources/policy-security-validation-messages.properties Thu Feb 25 15:12:44 2010
@@ -19,4 +19,10 @@
#
#
RequiredAttributeRolesMissing = Required attribute 'roles' is missing.
-ClassNotFoundException = Class Not Found Exception: {0}
\ No newline at end of file
+ClassNotFoundException = Class Not Found Exception: {0}
+RequiredAttributeKeyStoreTypeMissing = Required attribute 'type' of keyStore element is missing
+RequiredAttributeKeyStoreFileMissing = Required attribute 'file' of keyStore element is missing
+RequiredAttributeKeyStorePasswordMissing = Required attribute 'password' of keyStore element is missing
+RequiredAttributeTrustStoreTypeMissing = Required attribute 'type' of trustStore element is missing
+RequiredAttributeTrustStoreFileMissing = Required attribute 'file' of trustStore element is missing
+RequiredAttributeTrustStorePasswordMissing = Required attribute 'password' of trustStore element is missing
\ No newline at end of file