You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by th...@apache.org on 2011/02/15 13:23:02 UTC
svn commit: r1070864 - in
/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart:
RampartConstants.java policy/builders/CryptoConfigBuilder.java
policy/model/CryptoConfig.java util/RampartUtil.java
Author: thilinamb
Date: Tue Feb 15 12:23:02 2011
New Revision: 1070864
URL: http://svn.apache.org/viewvc?rev=1070864&view=rev
Log:
Enabling crypto caching by default when Merlin is used as the Crypto implementation. Old parameters used to enable crypto caching are still valid. If someone wants to disable crypto caching, it can be done by setting the value of attribute 'enableCryptoCaching' to false. (This new attribute needs to included to the documentation)
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartConstants.java
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
Modified: axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartConstants.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartConstants.java?rev=1070864&r1=1070863&r2=1070864&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartConstants.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartConstants.java Tue Feb 15 12:23:02 2011
@@ -5,5 +5,6 @@ public class RampartConstants {
public static final String TIME_LOG = "org.apache.rampart.TIME";
public static final String MESSAGE_LOG = "org.apache.rampart.MESSAGE";
public static final String SEC_FAULT = "SECURITY_VALIDATION_FAILURE";
-
+ public static final String MERLIN_CRYPTO_IMPL = "org.apache.ws.security.components.crypto.Merlin";
+ public static final String MERLIN_CRYPTO_IMPL_CACHE_KEY = "org.apache.ws.security.crypto.merlin.file";
}
Modified: axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java?rev=1070864&r1=1070863&r2=1070864&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java Tue Feb 15 12:23:02 2011
@@ -47,6 +47,12 @@ public class CryptoConfigBuilder impleme
if(cacheRefreshIntAttr != null){
cryptoCofig.setCacheRefreshInterval(cacheRefreshIntAttr.getAttributeValue().trim());
}
+
+ OMAttribute enableCryptoCacheAttr = element.getAttribute(new QName(CryptoConfig.CACHE_ENABLED));
+ if(enableCryptoCacheAttr != null){
+ cryptoCofig.setCacheEnabled(Boolean.parseBoolean(enableCryptoCacheAttr.
+ getAttributeValue().trim().toLowerCase()));
+ }
Properties properties = new Properties();
Modified: axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java?rev=1070864&r1=1070863&r2=1070864&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java Tue Feb 15 12:23:02 2011
@@ -47,6 +47,11 @@ public class CryptoConfig implements Ass
public final static String PROPERTY_NAME_ATTR = "name";
public final static String CRYPTO_KEY_ATTR = "cryptoKey";
public final static String CACHE_REFRESH_INTVL = "cacheRefreshInterval";
+ public static final String CACHE_ENABLED = "enableCryptoCaching";
+
+ private Properties prop;
+
+ private boolean cacheEnabled = true;
private String provider;
private String cryptoKey;
@@ -68,17 +73,18 @@ public class CryptoConfig implements Ass
this.cacheRefreshInterval = cacheRefreshInterval;
}
- private Properties prop;
-
public Properties getProp() {
return prop;
}
+
public void setProp(Properties prop) {
this.prop = prop;
}
+
public String getProvider() {
return provider;
}
+
public void setProvider(String provider) {
this.provider = provider;
}
@@ -97,6 +103,14 @@ public class CryptoConfig implements Ass
throw new UnsupportedOperationException("TODO");
}
+ public boolean isCacheEnabled() {
+ return cacheEnabled;
+ }
+
+ public void setCacheEnabled(boolean cacheEnabled) {
+ this.cacheEnabled = cacheEnabled;
+ }
+
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
String prefix = writer.getPrefix(RampartConfig.NS);
@@ -119,7 +133,9 @@ public class CryptoConfig implements Ass
writer.writeAttribute(CACHE_REFRESH_INTVL, getCacheRefreshInterval());
}
-
+ if(!isCacheEnabled()){
+ writer.writeAttribute(CACHE_ENABLED, Boolean.toString(isCacheEnabled()));
+ }
String key;
String value;
Modified: axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java?rev=1070864&r1=1070863&r2=1070864&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java Tue Feb 15 12:23:02 2011
@@ -49,6 +49,7 @@ import org.apache.rahas.client.STSClient
import org.apache.rampart.PolicyBasedResultsValidator;
import org.apache.rampart.PolicyValidatorCallbackHandler;
import org.apache.rampart.RampartConfigCallbackHandler;
+import org.apache.rampart.RampartConstants;
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
@@ -90,13 +91,14 @@ import javax.servlet.http.HttpServletReq
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.*;
+import java.util.concurrent.ConcurrentHashMap;
public class RampartUtil {
private static final String CRYPTO_PROVIDER = "org.apache.ws.security.crypto.provider";
private static Log log = LogFactory.getLog(RampartUtil.class);
- private static Map cryptoStore = new Hashtable();
+ private static Map<String, CachedCrypto> cryptoStore = new ConcurrentHashMap<String, CachedCrypto>();
private static class CachedCrypto {
private Crypto crypto;
@@ -130,9 +132,9 @@ public class RampartUtil {
String cbHandlerClass = rpd.getRampartConfig().getPwCbClass();
ClassLoader classLoader = msgContext.getAxisService().getClassLoader();
-
+
log.debug("loading class : " + cbHandlerClass);
-
+
Class cbClass;
try {
cbClass = Loader.loadClass(classLoader, cbHandlerClass);
@@ -177,9 +179,9 @@ public class RampartUtil {
String cbHandlerClass = rpd.getRampartConfig().getPolicyValidatorCbClass();
ClassLoader classLoader = msgContext.getAxisService().getClassLoader();
-
+
log.debug("loading class : " + cbHandlerClass);
-
+
Class cbClass;
try {
cbClass = Loader.loadClass(classLoader, cbHandlerClass);
@@ -210,9 +212,9 @@ public class RampartUtil {
String cbHandlerClass = rpd.getRampartConfig().getRampartConfigCbClass();
ClassLoader classLoader = msgContext.getAxisService().getClassLoader();
-
+
log.debug("loading class : " + cbHandlerClass);
-
+
Class cbClass;
try {
cbClass = Loader.loadClass(classLoader, cbHandlerClass);
@@ -289,76 +291,55 @@ public class RampartUtil {
*/
public static Crypto getEncryptionCrypto(RampartConfig config, ClassLoader loader)
throws RampartException {
- log.debug("Loading encryption crypto");
-
+
+ if (log.isDebugEnabled()) {
+ log.debug("Loading encryption crypto");
+ }
+
+ Crypto crypto = null;
+
if (config != null && config.getEncrCryptoConfig() != null) {
- CryptoConfig cryptoConfig = config.getEncrCryptoConfig();
- String provider = cryptoConfig.getProvider();
- log.debug("Usig provider: " + provider);
- Properties prop = cryptoConfig.getProp();
- prop.put(CRYPTO_PROVIDER, provider);
-
- String cryptoKey = null;
- String interval = null;
- if (cryptoConfig.getCryptoKey() != null) {
- cryptoKey = prop.getProperty(cryptoConfig.getCryptoKey());
- interval = cryptoConfig.getCacheRefreshInterval();
- }
-
- Crypto crypto = null;
-
- if (cryptoKey != null) {
- // cache enabled
- crypto = retrieveCrytpoFromCache(cryptoKey.trim() + "#" + provider.trim(), interval);
- }
-
- if (crypto == null) {
- // cache miss
- crypto = CryptoFactory.getInstance(prop, loader);
- if (cryptoKey != null) {
- // cache enabled - let's cache
- cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
- }
- }
- return crypto;
-
- } else {
- log.debug("Trying the signature crypto info");
-
- // Try using signature crypto information
- if (config != null && config.getSigCryptoConfig() != null) {
- CryptoConfig cryptoConfig = config.getSigCryptoConfig();
- String provider = cryptoConfig.getProvider();
- log.debug("Usig provider: " + provider);
- Properties prop = cryptoConfig.getProp();
- prop.put(CRYPTO_PROVIDER, provider);
- String cryptoKey = null;
- String interval = null;
- if (cryptoConfig.getCryptoKey() != null) {
- cryptoKey = prop.getProperty(cryptoConfig.getCryptoKey());
- interval = cryptoConfig.getCacheRefreshInterval();
- }
-
- Crypto crypto = null;
- if (cryptoKey != null) {
- // cache enabled
- crypto = retrieveCrytpoFromCache(cryptoKey.trim() + "#" + provider.trim(),
- interval);
- }
-
- if (crypto == null) {
- // cache miss
- crypto = CryptoFactory.getInstance(prop, loader);
- if (cryptoKey != null) {
- // cache enabled - let's cache
- cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
- }
- }
- return crypto;
- } else {
- return null;
- }
- }
+ CryptoConfig cryptoConfig = config.getEncrCryptoConfig();
+ String provider = cryptoConfig.getProvider();
+ if (log.isDebugEnabled()) {
+ log.debug("Using provider: " + provider);
+ }
+ Properties prop = cryptoConfig.getProp();
+ prop.put(CRYPTO_PROVIDER, provider);
+
+ String cryptoKey = null;
+ String interval = null;
+ if (cryptoConfig.isCacheEnabled()) {
+ if (cryptoConfig.getCryptoKey() != null) {
+ cryptoKey = prop.getProperty(cryptoConfig.getCryptoKey());
+ interval = cryptoConfig.getCacheRefreshInterval();
+ }
+ else if(provider.equals(RampartConstants.MERLIN_CRYPTO_IMPL)){
+ cryptoKey = cryptoConfig.getProp().getProperty(RampartConstants.MERLIN_CRYPTO_IMPL_CACHE_KEY);
+ }
+ }
+
+
+ if (cryptoKey != null) {
+ // Crypto caching is enabled
+ crypto = retrieveCryptoFromCache(cryptoKey.trim() + "#" + provider.trim(), interval);
+ }
+
+ if (crypto == null) {
+ // cache miss
+ crypto = CryptoFactory.getInstance(prop, loader);
+ if (cryptoKey != null) {
+ // Crypto caching is enabled - cache the Crypto object
+ cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
+ }
+ }
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug("Trying the signature crypto info");
+ }
+ crypto = getSignatureCrypto(config, loader);
+ }
+ return crypto;
}
/**
@@ -371,42 +352,49 @@ public class RampartUtil {
*/
public static Crypto getSignatureCrypto(RampartConfig config, ClassLoader loader)
throws RampartException {
- log.debug("Loading Signature crypto");
-
- if (config != null && config.getSigCryptoConfig() != null) {
- CryptoConfig cryptoConfig = config.getSigCryptoConfig();
- String provider = cryptoConfig.getProvider();
- log.debug("Usig provider: " + provider);
- Properties prop = cryptoConfig.getProp();
- prop.put(CRYPTO_PROVIDER, provider);
- String cryptoKey = null;
- String interval = null;
- if (cryptoConfig.getCryptoKey() != null) {
- cryptoKey = prop.getProperty(cryptoConfig.getCryptoKey());
- interval = cryptoConfig.getCacheRefreshInterval();
- }
-
- Crypto crypto = null;
-
- if (cryptoKey != null) {
- // cache enabled
- crypto = retrieveCrytpoFromCache(cryptoKey.trim() + "#" + provider.trim(), interval);
- }
-
- if (crypto == null) {
- // cache miss
- crypto = CryptoFactory.getInstance(prop, loader);
- if (cryptoKey != null) {
- // cache enabled - let's cache
- cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
- }
- }
-
- return crypto;
-
- } else {
- return null;
- }
+
+ if (log.isDebugEnabled()) {
+ log.debug("Loading Signature crypto");
+ }
+
+ Crypto crypto = null;
+
+ if (config != null && config.getSigCryptoConfig() != null) {
+ CryptoConfig cryptoConfig = config.getSigCryptoConfig();
+ String provider = cryptoConfig.getProvider();
+ if (log.isDebugEnabled()) {
+ log.debug("Using provider: " + provider);
+ }
+ Properties prop = cryptoConfig.getProp();
+ prop.put(CRYPTO_PROVIDER, provider);
+ String cryptoKey = null;
+ String interval = null;
+
+ if (cryptoConfig.isCacheEnabled()) {
+ if (cryptoConfig.getCryptoKey() != null) {
+ cryptoKey = prop.getProperty(cryptoConfig.getCryptoKey());
+ interval = cryptoConfig.getCacheRefreshInterval();
+ }
+ else if(provider.equals(RampartConstants.MERLIN_CRYPTO_IMPL)){
+ cryptoKey = cryptoConfig.getProp().getProperty(RampartConstants.MERLIN_CRYPTO_IMPL_CACHE_KEY);
+ }
+ }
+
+ if (cryptoKey != null) {
+ // cache enabled
+ crypto = retrieveCryptoFromCache(cryptoKey.trim() + "#" + provider.trim(), interval);
+ }
+
+ if (crypto == null) {
+ // cache miss
+ crypto = CryptoFactory.getInstance(prop, loader);
+ if (cryptoKey != null) {
+ // cache enabled - let's cache
+ cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
+ }
+ }
+ }
+ return crypto;
}
@@ -644,7 +632,7 @@ public class RampartUtil {
String id = getToken(rmd, rstTemplate,
issuerEprAddress, action, stsPolicy);
-
+
log.debug("SecureConversationToken obtained: id=" + id);
return id;
}
@@ -1730,26 +1718,26 @@ public class RampartUtil {
}
}
- private static Crypto retrieveCrytpoFromCache(String cryptoKey, String refreshInterval) {
+ private static Crypto retrieveCryptoFromCache(String cryptoKey, String refreshInterval) {
// cache hit
if (cryptoStore.containsKey(cryptoKey)) {
- CachedCrypto cachedCrypto = (CachedCrypto) cryptoStore.get(cryptoKey);
+ CachedCrypto cachedCrypto = cryptoStore.get(cryptoKey);
if (refreshInterval != null) {
if (cachedCrypto.creationTime + new Long(refreshInterval).longValue() > Calendar
.getInstance().getTimeInMillis()) {
if (log.isDebugEnabled()) {
- log.info("Cache Hit : Crypto Object was found in cache.");
+ log.debug("Cache Hit : Crypto Object was found in cache.");
}
return cachedCrypto.crypto;
} else {
if (log.isDebugEnabled()) {
- log.info("Cache Miss : Crypto Object found in cache is expired.");
+ log.debug("Cache Miss : Crypto Object found in cache is expired.");
}
return null;
}
} else {
if (log.isDebugEnabled()) {
- log.info("Cache Hit : Crypto Object was found in cache.");
+ log.debug("Cache Hit : Crypto Object was found in cache.");
}
return cachedCrypto.crypto;
}
@@ -1757,7 +1745,7 @@ public class RampartUtil {
// cache miss
else {
if (log.isDebugEnabled()) {
- log.info("Cache Miss : Crypto Object was not found in cache.");
+ log.debug("Cache Miss : Crypto Object was not found in cache.");
}
return null;
}
@@ -1767,7 +1755,7 @@ public class RampartUtil {
cryptoStore.put(cryptoKey, new CachedCrypto(crypto, Calendar.getInstance()
.getTimeInMillis()));
if (log.isDebugEnabled()) {
- log.info("Crypto object is inserted into the Cache.");
+ log.debug("Crypto object is inserted into the Cache.");
}
}