JMX and security improvements

["Hubert, Eric" <Er...@foxmobile.com>]

Hi all,

At the weekend I took some time to work on improving JMX and security support: https://issues.apache.org/jira/browse/SYNAPSE-526

Basically I incorporated the feedback received and had a look on Indikas quite flexible Security API he first introduced to datasources. As I'm already interested in using this, I first added a small implementation to support the default "JBoss way" of encryption (fixed passphrase) and other encoding. Additionally I enhanced the current CipherTool to be able to encrypt/decrypt using a simple passphrase.

The next step I did was using the secret API also for JMX credentials. I therefore tried to come up with a default implementation which could be used to encrypt passwords also in other places without having to care to much about the internal security API offering a great flexibility which might not always be needed.

I tested my changes for a lot of different scenarios, but I'm not sure whether I covered them all, as I likely even don't know all of them.

So this is why I would like to ask anyone who could spend some minutes to review those changes/additions. 


Thanks a lot!
   Eric

Re: JMX and security improvements

[Andreas Veithen <an...@gmail.com>]

The patch is related to code I'm not very familiar with, so I will not
be able to provide feedback. If you and Ruwan reviewed the patch, then
we should commit it.

Andreas

On Mon, Apr 20, 2009 at 11:15, Asankha C. Perera <as...@apache.org> wrote:
> Hi Eric
>>
>> At the weekend I took some time to work on improving JMX and security
>> support: https://issues.apache.org/jira/browse/SYNAPSE-526
>>
>> Basically I incorporated the feedback received and had a look on Indikas
>> quite flexible Security API he first introduced to datasources. As I'm
>> already interested in using this, I first added a small implementation to
>> support the default "JBoss way" of encryption (fixed passphrase) and other
>> encoding. Additionally I enhanced the current CipherTool to be able to
>> encrypt/decrypt using a simple passphrase.
>>
>> The next step I did was using the secret API also for JMX credentials. I
>> therefore tried to come up with a default implementation which could be used
>> to encrypt passwords also in other places without having to care to much
>> about the internal security API offering a great flexibility which might not
>> always be needed.
>>
>> I tested my changes for a lot of different scenarios, but I'm not sure
>> whether I covered them all, as I likely even don't know all of them.
>>
>> So this is why I would like to ask anyone who could spend some minutes to
>> review those changes/additions.
>
> I went though this change before the weekend, and it looked ok - I was
> expecting feedback from Indika as this touches on the security / secret
> stuff brought in recently.. but lets not delay it anymore as this touches a
> few files, unless Ruwan / Andreas has any feedback not to commit..
>
> cheers
> asankha
>
> --
> Asankha C. Perera
> AdroitLogic, http://adroitlogic.org
>
> http://esbmagic.blogspot.com
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@synapse.apache.org
> For additional commands, e-mail: dev-help@synapse.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@synapse.apache.org
For additional commands, e-mail: dev-help@synapse.apache.org

Re: JMX and security improvements

[Ruwan Linton <ru...@gmail.com>]

+1 for committing the patch, seems OK to me.

Thanks,
Ruwan

On Mon, Apr 20, 2009 at 7:32 PM, Hubert, Eric <Er...@foxmobile.com>wrote:

> Hi all,
>
> > I went though this change before the weekend, and it looked ok - I was
> > expecting feedback from Indika as this touches on the security / secret
> > stuff brought in recently.. but lets not delay it anymore as this
> > touches a few files, unless Ruwan / Andreas has any feedback not to
> > commit.
>
> Yeah, it would be fine if the code could be committed any time soon. Indika
> lately already indicated that he will not be able to spend much time on
> Synapse in the near future, so I did not expect an immediate answer from
> him, although this of cause would be very valuable.
>
> Personally I would like to highlight that I feel responsible for my
> submissions. So if something should break because I may have missed a test
> case, I will of cause help to fix the issue quickly.
>
> My next contribution basing on this one is already on the way. Actually the
> implementation is done, but I need a few more hours for proper testing.
>
> Regards,
>    Eric
>
>
>
>


-- 
Ruwan Linton
Senior Software Engineer & Product Manager; WSO2 ESB; http://wso2.org/esb
WSO2 Inc.; http://wso2.org
email: ruwan@wso2.com; cell: +94 77 341 3097
blog: http://ruwansblog.blogspot.com

Re: JMX and security improvements

["Asankha C. Perera" <as...@apache.org>]

Hi Eric
> Yeah, it would be fine if the code could be committed any time soon. Indika lately already indicated that he will not be able to spend much time on Synapse in the near future, so I did not expect an immediate answer from him, although this of cause would be very valuable.
>
> Personally I would like to highlight that I feel responsible for my submissions. So if something should break because I may have missed a test case, I will of cause help to fix the issue quickly.
>   
The code is committed, so you should be ok to proceed.. please keep an 
eye for testing and possible user comments related to this area in 
future which would be helpful
> My next contribution basing on this one is already on the way. Actually the implementation is done, but I need a few more hours for proper testing.
>   
Cool, I hope you have a JIRA open?

cheers
asankha

-- 
Asankha C. Perera
AdroitLogic, http://adroitlogic.org

http://esbmagic.blogspot.com





---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@synapse.apache.org
For additional commands, e-mail: dev-help@synapse.apache.org

RE: JMX and security improvements

["Hubert, Eric" <Er...@foxmobile.com>]

Hi all,

> I went though this change before the weekend, and it looked ok - I was
> expecting feedback from Indika as this touches on the security / secret
> stuff brought in recently.. but lets not delay it anymore as this
> touches a few files, unless Ruwan / Andreas has any feedback not to
> commit.

Yeah, it would be fine if the code could be committed any time soon. Indika lately already indicated that he will not be able to spend much time on Synapse in the near future, so I did not expect an immediate answer from him, although this of cause would be very valuable.

Personally I would like to highlight that I feel responsible for my submissions. So if something should break because I may have missed a test case, I will of cause help to fix the issue quickly.

My next contribution basing on this one is already on the way. Actually the implementation is done, but I need a few more hours for proper testing.

Regards,
   Eric

Re: JMX and security improvements

["Asankha C. Perera" <as...@apache.org>]

Hi Eric
> At the weekend I took some time to work on improving JMX and security support: https://issues.apache.org/jira/browse/SYNAPSE-526
>
> Basically I incorporated the feedback received and had a look on Indikas quite flexible Security API he first introduced to datasources. As I'm already interested in using this, I first added a small implementation to support the default "JBoss way" of encryption (fixed passphrase) and other encoding. Additionally I enhanced the current CipherTool to be able to encrypt/decrypt using a simple passphrase.
>
> The next step I did was using the secret API also for JMX credentials. I therefore tried to come up with a default implementation which could be used to encrypt passwords also in other places without having to care to much about the internal security API offering a great flexibility which might not always be needed.
>
> I tested my changes for a lot of different scenarios, but I'm not sure whether I covered them all, as I likely even don't know all of them.
>
> So this is why I would like to ask anyone who could spend some minutes to review those changes/additions.
I went though this change before the weekend, and it looked ok - I was 
expecting feedback from Indika as this touches on the security / secret 
stuff brought in recently.. but lets not delay it anymore as this 
touches a few files, unless Ruwan / Andreas has any feedback not to commit..

cheers
asankha

-- 
Asankha C. Perera
AdroitLogic, http://adroitlogic.org

http://esbmagic.blogspot.com





---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@synapse.apache.org
For additional commands, e-mail: dev-help@synapse.apache.org