You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openjpa.apache.org by mi...@apache.org on 2009/09/16 17:35:45 UTC
svn commit: r815842 - in /openjpa/branches/1.3.x:
openjpa-kernel/src/main/java/org/apache/openjpa/conf/
openjpa-lib/src/main/java/org/apache/openjpa/lib/encryption/
openjpa-persistence/src/test/java/org/apache/openjpa/persistence/
openjpa-persistence/s...
Author: mikedd
Date: Wed Sep 16 15:35:45 2009
New Revision: 815842
URL: http://svn.apache.org/viewvc?rev=815842&view=rev
Log:
OPENJPA-1089:
Adding encryption provider plugin in 1.3.x.
Submitted By: Rick Curtis
Added:
openjpa/branches/1.3.x/openjpa-lib/src/main/java/org/apache/openjpa/lib/encryption/
openjpa/branches/1.3.x/openjpa-lib/src/main/java/org/apache/openjpa/lib/encryption/EncryptionProvider.java (with props)
openjpa/branches/1.3.x/openjpa-project/src/doc/manual/ref_guide_encryption.xml (with props)
Modified:
openjpa/branches/1.3.x/openjpa-kernel/src/main/java/org/apache/openjpa/conf/OpenJPAConfiguration.java
openjpa/branches/1.3.x/openjpa-kernel/src/main/java/org/apache/openjpa/conf/OpenJPAConfigurationImpl.java
openjpa/branches/1.3.x/openjpa-persistence/src/test/java/org/apache/openjpa/persistence/TestPersistenceProductDerivation.java
openjpa/branches/1.3.x/openjpa-persistence/src/test/resources/META-INF/persistence.xml
openjpa/branches/1.3.x/openjpa-project/src/doc/manual/manual.xml
openjpa/branches/1.3.x/openjpa-project/src/doc/manual/ref_guide_conf.xml
Modified: openjpa/branches/1.3.x/openjpa-kernel/src/main/java/org/apache/openjpa/conf/OpenJPAConfiguration.java
URL: http://svn.apache.org/viewvc/openjpa/branches/1.3.x/openjpa-kernel/src/main/java/org/apache/openjpa/conf/OpenJPAConfiguration.java?rev=815842&r1=815841&r2=815842&view=diff
==============================================================================
--- openjpa/branches/1.3.x/openjpa-kernel/src/main/java/org/apache/openjpa/conf/OpenJPAConfiguration.java (original)
+++ openjpa/branches/1.3.x/openjpa-kernel/src/main/java/org/apache/openjpa/conf/OpenJPAConfiguration.java Wed Sep 16 15:35:45 2009
@@ -44,6 +44,7 @@
import org.apache.openjpa.kernel.exps.AggregateListener;
import org.apache.openjpa.kernel.exps.FilterListener;
import org.apache.openjpa.lib.conf.Configuration;
+import org.apache.openjpa.lib.encryption.EncryptionProvider;
import org.apache.openjpa.meta.MetaDataFactory;
import org.apache.openjpa.meta.MetaDataRepository;
import org.apache.openjpa.util.ClassResolver;
@@ -1526,4 +1527,18 @@
* @since 1.3.0
*/
public void setInitializeEagerly(boolean flag);
+
+ /**
+ * Sets the {@link EncryptionProvider}.
+ *
+ * @param className
+ */
+ public void setEncryptionProvider(String className);
+
+ /**
+ * Gets the {@link EncryptionProvider}.
+ *
+ * @return EncryptionProvider
+ */
+ public EncryptionProvider getEncryptionProvider();
}
Modified: openjpa/branches/1.3.x/openjpa-kernel/src/main/java/org/apache/openjpa/conf/OpenJPAConfigurationImpl.java
URL: http://svn.apache.org/viewvc/openjpa/branches/1.3.x/openjpa-kernel/src/main/java/org/apache/openjpa/conf/OpenJPAConfigurationImpl.java?rev=815842&r1=815841&r2=815842&view=diff
==============================================================================
--- openjpa/branches/1.3.x/openjpa-kernel/src/main/java/org/apache/openjpa/conf/OpenJPAConfigurationImpl.java (original)
+++ openjpa/branches/1.3.x/openjpa-kernel/src/main/java/org/apache/openjpa/conf/OpenJPAConfigurationImpl.java Wed Sep 16 15:35:45 2009
@@ -55,6 +55,7 @@
import org.apache.openjpa.lib.conf.ProductDerivations;
import org.apache.openjpa.lib.conf.StringListValue;
import org.apache.openjpa.lib.conf.StringValue;
+import org.apache.openjpa.lib.encryption.EncryptionProvider;
import org.apache.openjpa.lib.log.Log;
import org.apache.openjpa.lib.util.Localizer;
import org.apache.openjpa.meta.MetaDataFactory;
@@ -108,6 +109,7 @@
public ObjectValue proxyManagerPlugin;
public StringValue connectionUserName;
public StringValue connectionPassword;
+ public PluginValue encryptionProvider;
public StringValue connectionURL;
public StringValue connectionDriverName;
public ObjectValue connectionFactory;
@@ -330,6 +332,9 @@
connectionUserName = addString("ConnectionUserName");
connectionPassword = addString("ConnectionPassword");
+
+ encryptionProvider = addPlugin("EncryptionProvider",true);
+
connectionURL = addString("ConnectionURL");
connectionDriverName = addString("ConnectionDriverName");
connectionFactoryName = addString("ConnectionFactoryName");
@@ -889,6 +894,10 @@
}
public String getConnectionPassword() {
+ EncryptionProvider p = getEncryptionProvider();
+ if(p != null) {
+ return p.decrypt(connectionPassword.getString());
+ }
return connectionPassword.getString();
}
@@ -989,6 +998,10 @@
}
public String getConnection2Password() {
+ EncryptionProvider p = getEncryptionProvider();
+ if(p != null){
+ return p.decrypt(connection2Password.getString());
+ }
return connection2Password.getString();
}
@@ -1468,4 +1481,14 @@
public Log getConfigurationLog() {
return getLog(LOG_RUNTIME);
}
+
+ public void setEncryptionProvider(String p) {
+ encryptionProvider.setString(p);
+ }
+
+ public EncryptionProvider getEncryptionProvider() {
+ if (encryptionProvider.get() == null)
+ encryptionProvider.instantiate(EncryptionProvider.class, this);
+ return (EncryptionProvider) encryptionProvider.get();
+ }
}
Added: openjpa/branches/1.3.x/openjpa-lib/src/main/java/org/apache/openjpa/lib/encryption/EncryptionProvider.java
URL: http://svn.apache.org/viewvc/openjpa/branches/1.3.x/openjpa-lib/src/main/java/org/apache/openjpa/lib/encryption/EncryptionProvider.java?rev=815842&view=auto
==============================================================================
--- openjpa/branches/1.3.x/openjpa-lib/src/main/java/org/apache/openjpa/lib/encryption/EncryptionProvider.java (added)
+++ openjpa/branches/1.3.x/openjpa-lib/src/main/java/org/apache/openjpa/lib/encryption/EncryptionProvider.java Wed Sep 16 15:35:45 2009
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.openjpa.lib.encryption;
+
+/**
+ * Interface for providing encryption/decryption capabilities to the OpenJPA
+ * runtime.
+ *
+ * Currently method is ONLY called to decrypt openjpa.ConnectionPassword and
+ * openjpa.Connection2Password properties.
+ */
+public interface EncryptionProvider {
+
+ /**
+ * This method will decrypt the provided string. If null is passed into this
+ * method it should noop and return null. No exceptions should ever escape
+ * from this method.
+ *
+ * Note: Currently method is ONLY called to decrypt
+ * openjpa.ConnectionPassword and openjpa.Connection2Password properties.
+ */
+ public String decrypt(String password);
+
+ /**
+ * This method will encrypt the provided string. If null is passed into this
+ * method it should noop and return null. No exceptions should ever escape
+ * from this method.
+ *
+ * NOTE : This method is not called by the OpenJPA runtime. It is here for
+ * possible future uses.
+ */
+ public String encrypt(String password);
+}
Propchange: openjpa/branches/1.3.x/openjpa-lib/src/main/java/org/apache/openjpa/lib/encryption/EncryptionProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: openjpa/branches/1.3.x/openjpa-persistence/src/test/java/org/apache/openjpa/persistence/TestPersistenceProductDerivation.java
URL: http://svn.apache.org/viewvc/openjpa/branches/1.3.x/openjpa-persistence/src/test/java/org/apache/openjpa/persistence/TestPersistenceProductDerivation.java?rev=815842&r1=815841&r2=815842&view=diff
==============================================================================
--- openjpa/branches/1.3.x/openjpa-persistence/src/test/java/org/apache/openjpa/persistence/TestPersistenceProductDerivation.java (original)
+++ openjpa/branches/1.3.x/openjpa-persistence/src/test/java/org/apache/openjpa/persistence/TestPersistenceProductDerivation.java Wed Sep 16 15:35:45 2009
@@ -31,10 +31,14 @@
import java.util.jar.JarEntry;
import java.util.jar.JarOutputStream;
-import org.apache.openjpa.lib.util.J2DoPrivHelper;
-
import junit.framework.TestCase;
+import org.apache.openjpa.conf.OpenJPAConfiguration;
+import org.apache.openjpa.conf.OpenJPAConfigurationImpl;
+import org.apache.openjpa.lib.conf.ConfigurationProvider;
+import org.apache.openjpa.lib.encryption.EncryptionProvider;
+import org.apache.openjpa.lib.util.J2DoPrivHelper;
+
public class TestPersistenceProductDerivation extends TestCase {
private File sourceFile;
private File targetFile;
@@ -90,7 +94,7 @@
}
}
/**
- * Added for OPENJPA-932. Verifies a ppd properly loads pu's from multiple
+ * Added for OPENJPA-932. Verifies a PersistenceProductDerivation properly loads pu's from multiple
* archives.
*
* @throws Exception
@@ -101,11 +105,46 @@
new String[]{"pu_1","pu_2","pu_3"});
PersistenceProductDerivation ppd = new PersistenceProductDerivation();
- List actual = ppd.getAnchorsInResource("META-INF/persistence.xml");
+ List<String> actual = ppd.getAnchorsInResource("META-INF/persistence.xml");
- assertEquals(expectedPUs, actual);
+ assertTrue(actual.containsAll(expectedPUs));
}
-
+ public void testEncryptionPluginConfiguration() throws Exception {
+ PersistenceProductDerivation ppd = new PersistenceProductDerivation();
+ OpenJPAConfiguration conf = new OpenJPAConfigurationImpl();
+ String encryptedPassword = "encrypted_password";
+ ClassLoader loader = null;
+
+ ConfigurationProvider provider = ppd.load(
+ PersistenceProductDerivation.RSRC_DEFAULT,
+ "encryption_plugin_pu", loader);
+ provider.setInto(conf);
+ EncryptionProvider ep = conf.getEncryptionProvider();
+ assertNotNull(ep);
+ // Cast to test impl
+ TestEncryptionProvider tep = (TestEncryptionProvider) ep;
+
+ conf.setConnectionPassword(encryptedPassword);
+ // Validate that when we get the ConnectionPassword from configuration
+ // that it is decrypted
+ assertEquals(TestEncryptionProvider.decryptedPassword, conf
+ .getConnectionPassword());
+ // Validate that the EncryptionProvider is called with the 'encrypted'
+ // password
+ assertEquals(encryptedPassword, tep.getEncryptedPassword());
+ }
+ public void testEncryptionPluginConfigurationDefaultValue() throws Exception {
+ PersistenceProductDerivation ppd = new PersistenceProductDerivation();
+ OpenJPAConfiguration conf = new OpenJPAConfigurationImpl();
+ ClassLoader loader = null;
+
+ ConfigurationProvider provider = ppd.load(
+ PersistenceProductDerivation.RSRC_DEFAULT,
+ "encryption_plugin_default_pu", loader);
+ provider.setInto(conf);
+
+ assertNull(conf.getEncryptionProvider());
+ }
private void buildJar(File sourceFile, File targetFile) throws Exception {
JarOutputStream out = new JarOutputStream(
@@ -132,4 +171,31 @@
super(urls,parent);
}
}
+ public static class TestEncryptionProvider implements EncryptionProvider {
+ public static final String decryptedPassword = "decypted_password";
+ // Save the 'encrypted' password so our UT can perform validation.
+ private String encryptedPassword;
+
+ public String getEncryptedPassword() {
+ return encryptedPassword;
+ }
+
+ /**
+ * This method ALWAYS returns the String "decypted_password".
+ *
+ * @see EncryptionProvider#decrypt(String)
+ */
+ public String decrypt(String password) {
+ encryptedPassword = password;
+
+ return decryptedPassword;
+ }
+
+ /**
+ * @see EncryptionProvider#encrypt(String)
+ */
+ public String encrypt(String password) {
+ return password;
+ }
+ }
}
Modified: openjpa/branches/1.3.x/openjpa-persistence/src/test/resources/META-INF/persistence.xml
URL: http://svn.apache.org/viewvc/openjpa/branches/1.3.x/openjpa-persistence/src/test/resources/META-INF/persistence.xml?rev=815842&r1=815841&r2=815842&view=diff
==============================================================================
--- openjpa/branches/1.3.x/openjpa-persistence/src/test/resources/META-INF/persistence.xml (original)
+++ openjpa/branches/1.3.x/openjpa-persistence/src/test/resources/META-INF/persistence.xml Wed Sep 16 15:35:45 2009
@@ -23,5 +23,13 @@
<persistence-unit name="pu_1" transaction-type="RESOURCE_LOCAL">
</persistence-unit>
<persistence-unit name="pu_2" transaction-type="RESOURCE_LOCAL">
- </persistence-unit>
+ </persistence-unit>
+ <persistence-unit name="encryption_plugin_pu" transaction-type="RESOURCE_LOCAL">
+ <properties>
+ <property name="openjpa.EncryptionProvider"
+ value="org.apache.openjpa.persistence.TestPersistenceProductDerivation$TestEncryptionProvider" />
+ </properties>
+ </persistence-unit>
+ <persistence-unit name="encryption_plugin_default_pu" transaction-type="RESOURCE_LOCAL">
+ </persistence-unit>
</persistence>
Modified: openjpa/branches/1.3.x/openjpa-project/src/doc/manual/manual.xml
URL: http://svn.apache.org/viewvc/openjpa/branches/1.3.x/openjpa-project/src/doc/manual/manual.xml?rev=815842&r1=815841&r2=815842&view=diff
==============================================================================
--- openjpa/branches/1.3.x/openjpa-project/src/doc/manual/manual.xml (original)
+++ openjpa/branches/1.3.x/openjpa-project/src/doc/manual/manual.xml Wed Sep 16 15:35:45 2009
@@ -46,6 +46,7 @@
<!ENTITY ref_guide_deploy.xml SYSTEM "ref_guide_deploy.xml">
<!ENTITY ref_guide_runtime.xml SYSTEM "ref_guide_runtime.xml">
<!ENTITY ref_guide_caching.xml SYSTEM "ref_guide_caching.xml">
+ <!ENTITY ref_guide_encryption.xml SYSTEM "ref_guide_encryption.xml">
<!ENTITY ref_guide_remote.xml SYSTEM "ref_guide_remote.xml">
<!ENTITY ref_guide_slice.xml SYSTEM "ref_guide_slice.xml">
<!ENTITY ref_guide_integration.xml SYSTEM "ref_guide_integration.xml">
@@ -101,6 +102,7 @@
&ref_guide_deploy.xml;
&ref_guide_runtime.xml;
&ref_guide_caching.xml;
+ &ref_guide_encryption.xml;
&ref_guide_remote.xml;
&ref_guide_slice.xml;
&ref_guide_integration.xml;
Modified: openjpa/branches/1.3.x/openjpa-project/src/doc/manual/ref_guide_conf.xml
URL: http://svn.apache.org/viewvc/openjpa/branches/1.3.x/openjpa-project/src/doc/manual/ref_guide_conf.xml?rev=815842&r1=815841&r2=815842&view=diff
==============================================================================
--- openjpa/branches/1.3.x/openjpa-project/src/doc/manual/ref_guide_conf.xml (original)
+++ openjpa/branches/1.3.x/openjpa-project/src/doc/manual/ref_guide_conf.xml Wed Sep 16 15:35:45 2009
@@ -1698,6 +1698,47 @@
runtime. See <xref linkend="ref_guide_dbsetup_lrs"/> for details.
</para>
</section>
+<!-- start -->
+<section id="openjpa.EncryptionProvider">
+ <title>
+ openjpa.EncryptionProvider
+ </title>
+ <indexterm zone="openjpa.EncryptionProvider">
+ <primary>
+ DataCache
+ </primary>
+ </indexterm>
+ <indexterm zone="openjpa.EncryptionProvider">
+ <primary>
+ encryption
+ </primary>
+ </indexterm>
+ <para>
+ <emphasis role="bold">Property name: </emphasis><literal>openjpa.EncryptionProvider</literal>
+ </para>
+ <para>
+ <emphasis role="bold">Configuration API:</emphasis>
+ <ulink url="../javadoc/org/apache/openjpa/conf/OpenJPAConfiguration.html#getEncryptionProvider()">
+ <methodname>org.apache.openjpa.conf.OpenJPAConfiguration.getEncryptionProvider</methodname>
+ </ulink>
+ </para>
+ <para>
+ <emphasis role="bold">Resource adaptor config-property: </emphasis>
+ <literal>EncryptionProvider</literal>
+ </para>
+ <para>
+ <emphasis role="bold">Default: </emphasis><literal>false</literal>
+ </para>
+ <para>
+<emphasis role="bold">Description:</emphasis> A plugin list string (see
+<xref linkend="ref_guide_conf_plugins"/>) describing the
+<ulink url="../javadoc/org/apache/openjpa/lib/EncryptionProvider.html"><classname>
+org.apache.openjpa.lib.EncryptionProvider</classname></ulink>s to use for connection password
+encryption. See <xref linkend="ref_guide_encryption1"/> for details.
+ </para>
+ </section>
+
+<!-- end -->
<section id="openjpa.FetchGroups">
<title>
openjpa.FetchGroups
Added: openjpa/branches/1.3.x/openjpa-project/src/doc/manual/ref_guide_encryption.xml
URL: http://svn.apache.org/viewvc/openjpa/branches/1.3.x/openjpa-project/src/doc/manual/ref_guide_encryption.xml?rev=815842&view=auto
==============================================================================
--- openjpa/branches/1.3.x/openjpa-project/src/doc/manual/ref_guide_encryption.xml (added)
+++ openjpa/branches/1.3.x/openjpa-project/src/doc/manual/ref_guide_encryption.xml Wed Sep 16 15:35:45 2009
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<chapter id="ref_guide_encryption">
+ <title>
+ Encryption Provider
+ </title>
+ <para>
+ OpenJPA provides an interface for a provider to implement to allow
+ connection passwords to be encrypted. Whenever a connection password
+ is needed, the decrypt(String) method will be invoked. See
+ <ulink url="../javadoc/org/apache/openjpa/lib/encryption/EncryptionProvider.html">
+ <classname>org.apache.openjpa.lib.encryption.EncryptionProvider</classname>
+ </ulink> for the detailed javadoc.
+ </para>
+ <para>
+ Notes:
+ <itemizedlist>
+ <listitem>
+ <para>
+ It is an OpenJPA users responsibility to implement the EncryptionProvider
+ interface. There is not a default implementation.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The interface has an encrypt(String) method, but it is not called by the OpenJPA runtime.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </para>
+</chapter>
Propchange: openjpa/branches/1.3.x/openjpa-project/src/doc/manual/ref_guide_encryption.xml
------------------------------------------------------------------------------
svn:eol-style = native