You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ie...@apache.org on 2013/10/10 11:37:57 UTC
svn commit: r1530899 - in /sling/trunk/bundles/extensions/discovery/impl/src:
main/java/org/apache/sling/discovery/impl/
main/java/org/apache/sling/discovery/impl/topology/connector/
test/java/org/apache/sling/discovery/impl/topology/connector/
Author: ieb
Date: Thu Oct 10 09:37:56 2013
New Revision: 1530899
URL: http://svn.apache.org/r1530899
Log:
SLING-3154 Add Topology Message Verification to the Discovery service.
whiteListDisabled was confusing, hmacEnabled is clearer.
Modified:
sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/Config.java
sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyConnectorServlet.java
sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java
sling/trunk/bundles/extensions/discovery/impl/src/test/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidatorTest.java
Modified: sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/Config.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/Config.java?rev=1530899&r1=1530898&r2=1530899&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/Config.java (original)
+++ sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/Config.java Thu Oct 10 09:37:56 2013
@@ -97,10 +97,10 @@ public class Config {
public static final String LEADER_ELECTION_REPOSITORY_DESCRIPTOR_NAME_KEY = "leaderElectionRepositoryDescriptor";
/**
- * If set to true, the whitelist is disabled and the signing and encryption are enabled.
+ * If set to true, hmac is enabled and the white list is disabled.
*/
@Property(boolValue=false)
- private static final String WHITELIST_DISABLED = "whiteListDisabled";
+ private static final String HMAC_ENABLED = "hmacEnabled";
/**
* If set to true, and the whitelist is disabled, messages will be encrypted.
@@ -125,9 +125,9 @@ public class Config {
private String leaderElectionRepositoryDescriptor ;
/**
- * True when the whitelist is disabled.
+ * True when the hmac is enabled and signing is disabled.
*/
- private boolean whiteListDisabled;
+ private boolean hmacEnabled;
/**
* the shared key.
@@ -225,7 +225,7 @@ public class Config {
logger.debug("configure: leaderElectionRepositoryDescriptor='{}'",
this.leaderElectionRepositoryDescriptor);
- whiteListDisabled = PropertiesUtil.toBoolean(properties.get(WHITELIST_DISABLED), true);
+ hmacEnabled = PropertiesUtil.toBoolean(properties.get(HMAC_ENABLED), true);
encryptionEnabled = PropertiesUtil.toBoolean(properties.get(ENCRYPTION_ENABLED), false);
sharedKey = PropertiesUtil.toString(properties.get(SHARED_KEY), null);
keyInterval = PropertiesUtil.toLong(SHARED_KEY_INTERVAL, DEFAULT_SHARED_KEY_INTERVAL);
@@ -321,18 +321,30 @@ public class Config {
return leaderElectionRepositoryDescriptor;
}
- public boolean isWhiteListDisabled() {
- return whiteListDisabled;
+ /**
+ * @return true if hmac is enabled.
+ */
+ public boolean isHmacEnabled() {
+ return hmacEnabled;
}
+ /**
+ * @return the shared key
+ */
public String getSharedKey() {
return sharedKey;
}
+ /**
+ * @return the interval of the shared key for hmac.
+ */
public long getKeyInterval() {
return keyInterval;
}
+ /**
+ * @return true if encryption is enabled.
+ */
public boolean isEncryptionEnabled() {
return encryptionEnabled;
}
Modified: sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyConnectorServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyConnectorServlet.java?rev=1530899&r1=1530898&r2=1530899&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyConnectorServlet.java (original)
+++ sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyConnectorServlet.java Thu Oct 10 09:37:56 2013
@@ -77,7 +77,7 @@ public class TopologyConnectorServlet ex
protected void activate(final ComponentContext context) {
whitelist.clear();
- if (!config.isWhiteListDisabled()) {
+ if (!config.isHmacEnabled()) {
String[] whitelistConfig = config.getTopologyConnectorWhitelist();
for (int i = 0; i < whitelistConfig.length; i++) {
String aWhitelistEntry = whitelistConfig[i];
@@ -217,7 +217,7 @@ public class TopologyConnectorServlet ex
/** Checks if the provided request's remote server is whitelisted **/
private boolean isWhitelisted(final SlingHttpServletRequest request) {
- if (config.isWhiteListDisabled()) {
+ if (config.isHmacEnabled()) {
return requestValidator.isTrusted(request);
} else {
if (whitelist.contains(request.getRemoteAddr())) {
Modified: sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java?rev=1530899&r1=1530898&r2=1530899&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java (original)
+++ sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java Thu Oct 10 09:37:56 2013
@@ -117,7 +117,7 @@ public class TopologyRequestValidator {
public TopologyRequestValidator(Config config) {
trustEnabled = false;
encryptionEnabled = false;
- if (config.isWhiteListDisabled()) {
+ if (config.isHmacEnabled()) {
trustEnabled = true;
sharedKey = config.getSharedKey();
interval = config.getKeyInterval();
Modified: sling/trunk/bundles/extensions/discovery/impl/src/test/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidatorTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/impl/src/test/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidatorTest.java?rev=1530899&r1=1530898&r2=1530899&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/discovery/impl/src/test/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidatorTest.java (original)
+++ sling/trunk/bundles/extensions/discovery/impl/src/test/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidatorTest.java Thu Oct 10 09:37:56 2013
@@ -51,7 +51,7 @@ public class TopologyRequestValidatorTes
public void before() throws SecurityException, IllegalArgumentException, NoSuchFieldException, IllegalAccessException {
Config config= new Config();
setPrivate(config, "sharedKey", "testKey");
- setPrivate(config, "whiteListDisabled", true);
+ setPrivate(config, "hmacEnabled", true);
setPrivate(config, "encryptionEnabled", true);
setPrivate(config, "keyInterval", 3600*100*4);
topologyRequestValidator = new TopologyRequestValidator(config);