diff options
15 files changed, 610 insertions, 44 deletions
diff --git a/branches/sca-java-1.x/modules/binding-http-runtime/src/main/java/org/apache/tuscany/sca/binding/http/provider/HTTPServiceBindingProvider.java b/branches/sca-java-1.x/modules/binding-http-runtime/src/main/java/org/apache/tuscany/sca/binding/http/provider/HTTPServiceBindingProvider.java index 8f91ff4343..67c782ef05 100644 --- a/branches/sca-java-1.x/modules/binding-http-runtime/src/main/java/org/apache/tuscany/sca/binding/http/provider/HTTPServiceBindingProvider.java +++ b/branches/sca-java-1.x/modules/binding-http-runtime/src/main/java/org/apache/tuscany/sca/binding/http/provider/HTTPServiceBindingProvider.java @@ -19,15 +19,21 @@ package org.apache.tuscany.sca.binding.http.provider; +import java.util.List; + import javax.servlet.Servlet; import org.apache.tuscany.sca.binding.http.HTTPBinding; +import org.apache.tuscany.sca.host.http.SecurityContext; import org.apache.tuscany.sca.host.http.ServletHost; import org.apache.tuscany.sca.interfacedef.InterfaceContract; import org.apache.tuscany.sca.interfacedef.Operation; import org.apache.tuscany.sca.invocation.InvocationChain; import org.apache.tuscany.sca.invocation.Invoker; import org.apache.tuscany.sca.invocation.MessageFactory; +import org.apache.tuscany.sca.policy.PolicySet; +import org.apache.tuscany.sca.policy.PolicySetAttachPoint; +import org.apache.tuscany.sca.policy.confidentiality.ConfidentialityPolicy; import org.apache.tuscany.sca.provider.ServiceBindingProvider; import org.apache.tuscany.sca.runtime.RuntimeComponent; import org.apache.tuscany.sca.runtime.RuntimeComponentService; @@ -118,7 +124,29 @@ public class HTTPServiceBindingProvider implements ServiceBindingProvider { if (!servletMapping.endsWith("*")) { servletMapping += "*"; } - servletHost.addServletMapping(servletMapping, servlet); + + + SecurityContext securityContext = new SecurityContext(); + + // find out which policies are active + if (binding instanceof PolicySetAttachPoint) { + List<PolicySet> policySets = ((PolicySetAttachPoint)binding).getApplicablePolicySets(); + for (PolicySet ps : policySets) { + for (Object p : ps.getPolicies()) { + if (ConfidentialityPolicy.class.isInstance(p)) { + ConfidentialityPolicy confidentialityPolicy = (ConfidentialityPolicy)p; + + securityContext.setSSLEnabled(true); + securityContext.setSSLProperties(confidentialityPolicy.toProperties()); + } else { + // etc. check for other types of policy being present + } + } + } + } + + + servletHost.addServletMapping(servletMapping, servlet, securityContext); } public void stop() { diff --git a/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/ExtensibleServletHost.java b/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/ExtensibleServletHost.java index 4be5de4100..ed1fac1b50 100644 --- a/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/ExtensibleServletHost.java +++ b/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/ExtensibleServletHost.java @@ -68,6 +68,16 @@ public class ExtensibleServletHost implements ServletHost { // For now just select the first one getDefaultServletHost().addServletMapping(uri, servlet); } + + public void addServletMapping(String uri, Servlet servlet, SecurityContext securityContext) throws ServletMappingException { + if (servletHosts.getServletHosts().isEmpty()) { + throw new ServletMappingException("No servlet host available"); + } + + // TODO implement selection of the correct Servlet host based on the mapping + // For now just select the first one + getDefaultServletHost().addServletMapping(uri, servlet, securityContext); + } public Servlet getServletMapping(String uri) throws ServletMappingException { if (servletHosts.getServletHosts().isEmpty()) { diff --git a/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/SecurityContext.java b/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/SecurityContext.java new file mode 100644 index 0000000000..05140d6e29 --- /dev/null +++ b/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/SecurityContext.java @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.host.http; + +import java.util.Properties; + +/** + * A class to store policy context to enable Security QoS to + * HTTP binding + */ +public class SecurityContext { + private boolean isSSLEnabled = false; + private Properties sslProperties; + + public boolean isSSLEnabled() { + return isSSLEnabled; + } + + public void setSSLEnabled(boolean value) { + this.isSSLEnabled = value; + } + + public Properties getSSLProperties() { + return sslProperties; + } + + public void setSSLProperties(Properties sslProperties) { + this.sslProperties = sslProperties; + } +} diff --git a/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/ServletHost.java b/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/ServletHost.java index e5dbd59a07..041880916b 100644 --- a/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/ServletHost.java +++ b/branches/sca-java-1.x/modules/host-http/src/main/java/org/apache/tuscany/sca/host/http/ServletHost.java @@ -60,6 +60,19 @@ public interface ServletHost { void addServletMapping(String uri, Servlet servlet) throws ServletMappingException; /** + * Add a mapping for an instance of a Servlet. This requests that the + * Servlet container direct all requests to the designated mapping to the + * supplied Servlet instance. SecurityContext can be passed to enable + * QoS services such as Confidentiality (SSL) and Authentication/Authorization + * + * @param uri the URI-mapping for the Servlet + * @param servlet the Servlet that should be invoked + * @param securityContext the SecurityContext to enable QoS services + * @throws ServletMappingException + */ + void addServletMapping(String uri, Servlet servlet, SecurityContext securityContext) throws ServletMappingException; + + /** * Remove a Servlet mapping. This directs the Servlet container not to direct * any more requests to a previously registered Servlet. * diff --git a/branches/sca-java-1.x/modules/host-jetty/src/main/java/org/apache/tuscany/sca/http/jetty/JettyServer.java b/branches/sca-java-1.x/modules/host-jetty/src/main/java/org/apache/tuscany/sca/http/jetty/JettyServer.java index dfb34f11a5..6e165cd219 100644 --- a/branches/sca-java-1.x/modules/host-jetty/src/main/java/org/apache/tuscany/sca/http/jetty/JettyServer.java +++ b/branches/sca-java-1.x/modules/host-jetty/src/main/java/org/apache/tuscany/sca/http/jetty/JettyServer.java @@ -41,6 +41,7 @@ import javax.servlet.Servlet; import javax.servlet.ServletException; import org.apache.tuscany.sca.host.http.DefaultResourceServlet; +import org.apache.tuscany.sca.host.http.SecurityContext; import org.apache.tuscany.sca.host.http.ServletHost; import org.apache.tuscany.sca.host.http.ServletMappingException; import org.apache.tuscany.sca.work.WorkScheduler; @@ -66,7 +67,7 @@ public class JettyServer implements ServletHost { private final Object joinLock = new Object(); private String trustStore; - private String truststorePassword; + private String trustStorePassword; private String keyStore; private String keyStorePassword; @@ -77,6 +78,7 @@ public class JettyServer implements ServletHost { private boolean sendServerVersion; private WorkScheduler workScheduler; private int defaultPort = 8080; + private int defaultSSLPort = 443; /** * Represents a port and the server that serves it. @@ -113,7 +115,7 @@ public class JettyServer implements ServletHost { AccessController.doPrivileged(new PrivilegedAction<Object>() { public Object run() { trustStore = System.getProperty("javax.net.ssl.trustStore"); - truststorePassword = System.getProperty("javax.net.ssl.trustStorePassword"); + trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword"); keyStore = System.getProperty("javax.net.ssl.keyStore"); keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword"); @@ -155,14 +157,24 @@ public class JettyServer implements ServletHost { } } - private void configureSSL(SslSocketConnector connector) { + private void configureSSL(SslSocketConnector connector, SecurityContext securityContext) { connector.setProtocol("TLS"); + + if (securityContext != null) { + keyStoreType = securityContext.getSSLProperties().getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType()); + keyStore = securityContext.getSSLProperties().getProperty("javax.net.ssl.keyStore"); + keyStorePassword = securityContext.getSSLProperties().getProperty("javax.net.ssl.keyStorePassword"); + + trustStoreType = securityContext.getSSLProperties().getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType()); + trustStore = securityContext.getSSLProperties().getProperty("javax.net.ssl.trustStore"); + trustStorePassword = securityContext.getSSLProperties().getProperty("javax.net.ssl.trustStorePassword"); + } connector.setKeystore(keyStore); connector.setKeyPassword(keyStorePassword); connector.setKeystoreType(keyStoreType); connector.setTruststore(trustStore); - connector.setTrustPassword(truststorePassword); + connector.setTrustPassword(trustStorePassword); connector.setTruststoreType(trustStoreType); connector.setPassword(keyStorePassword); @@ -173,16 +185,30 @@ public class JettyServer implements ServletHost { } public void addServletMapping(String suri, Servlet servlet) throws ServletMappingException { + addServletMapping(suri, servlet, null); + } + + public void addServletMapping(String suri, Servlet servlet, final SecurityContext securityContext) throws ServletMappingException { URI uri = URI.create(suri); // Get the URI scheme and port - String scheme = uri.getScheme(); - if (scheme == null) { - scheme = "http"; + String scheme = null; + if(securityContext != null && securityContext.isSSLEnabled()) { + scheme = "https"; + } else { + scheme = uri.getScheme(); + if (scheme == null) { + scheme = "http"; + } } + int portNumber = uri.getPort(); if (portNumber == -1) { - portNumber = defaultPort; + if ("http".equals(scheme)) { + portNumber = defaultPort; + } else { + portNumber = defaultPort; + } } // Get the port object associated with the given port number @@ -198,7 +224,7 @@ public class JettyServer implements ServletHost { // httpConnector.setPort(portNumber); SslSocketConnector sslConnector = new SslSocketConnector(); sslConnector.setPort(portNumber); - configureSSL(sslConnector); + configureSSL(sslConnector, securityContext); server.setConnectors(new Connector[] {sslConnector}); } else { SelectChannelConnector selectConnector = new SelectChannelConnector(); diff --git a/branches/sca-java-1.x/modules/host-tomcat/src/main/java/org/apache/tuscany/sca/http/tomcat/TomcatServer.java b/branches/sca-java-1.x/modules/host-tomcat/src/main/java/org/apache/tuscany/sca/http/tomcat/TomcatServer.java index 5ea1701c05..b93747c51c 100644 --- a/branches/sca-java-1.x/modules/host-tomcat/src/main/java/org/apache/tuscany/sca/http/tomcat/TomcatServer.java +++ b/branches/sca-java-1.x/modules/host-tomcat/src/main/java/org/apache/tuscany/sca/http/tomcat/TomcatServer.java @@ -58,6 +58,7 @@ import org.apache.tomcat.util.buf.MessageBytes; import org.apache.tomcat.util.http.mapper.MappingData; import org.apache.tomcat.util.net.JIoEndpoint; import org.apache.tuscany.sca.host.http.DefaultResourceServlet; +import org.apache.tuscany.sca.host.http.SecurityContext; import org.apache.tuscany.sca.host.http.ServletHost; import org.apache.tuscany.sca.host.http.ServletMappingException; import org.apache.tuscany.sca.work.WorkScheduler; @@ -72,6 +73,7 @@ public class TomcatServer implements ServletHost { private static final Logger logger = Logger.getLogger(TomcatServer.class.getName()); private int defaultPortNumber = 8080; + private int defaultSSLPortNumber = 443; private final class TuscanyLoader implements Loader { private final ClassLoader tccl; @@ -209,16 +211,35 @@ public class TomcatServer implements ServletHost { } } } - + public void addServletMapping(String suri, Servlet servlet) { + addServletMapping(suri, servlet, null); + } + + public void addServletMapping(String suri, Servlet servlet, final SecurityContext securityContext) { URI uri = URI.create(suri); // Get the URI scheme and port - String scheme = uri.getScheme(); - if (scheme == null) { - scheme = "http"; + String scheme = null; + if(securityContext != null && securityContext.isSSLEnabled()) { + scheme = "https"; + } else { + scheme = uri.getScheme(); + if (scheme == null) { + scheme = "http"; + } + } + + int tmpPortNumber = uri.getPort(); + if (tmpPortNumber == -1) { + if ("http".equals(scheme)) { + tmpPortNumber = defaultPortNumber; + } else { + tmpPortNumber = defaultPortNumber; + } } - final int portNumber = (uri.getPort() == -1 ? defaultPortNumber : uri.getPort()); + + final int portNumber = tmpPortNumber; // Get the port object associated with the given port number Port port = ports.get(portNumber); @@ -287,7 +308,7 @@ public class TomcatServer implements ServletHost { customConnector.setContainer(engine); if ("https".equalsIgnoreCase(protocol)) { - configureSSL(customConnector); + configureSSL(customConnector, securityContext); ((Http11Protocol) customConnector.getProtocolHandler()).setSSLEnabled(true); } customConnector.initialize(); @@ -295,21 +316,39 @@ public class TomcatServer implements ServletHost { return customConnector; } - private void configureSSL(CustomConnector customConnector) { - String trustStore = System.getProperty("javax.net.ssl.trustStore"); - String trustStorePass = System.getProperty("javax.net.ssl.trustStorePassword"); - String keyStore = System.getProperty("javax.net.ssl.keyStore"); - String keyStorePass = System.getProperty("javax.net.ssl.keyStorePassword"); - + private void configureSSL(CustomConnector customConnector, SecurityContext securityContext) { + String keyStoreType; + String keyStore; + String keyStorePass; + + String trustStoreType; + String trustStore; + String trustStorePass; + + if(securityContext == null) { + keyStoreType = System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType()); + keyStore = System.getProperty("javax.net.ssl.keyStore"); + keyStorePass = System.getProperty("javax.net.ssl.keyStorePassword"); + + trustStoreType = System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType()); + trustStore = System.getProperty("javax.net.ssl.trustStore"); + trustStorePass = System.getProperty("javax.net.ssl.trustStorePassword"); + } else { + keyStoreType = securityContext.getSSLProperties().getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType()); + keyStore = securityContext.getSSLProperties().getProperty("javax.net.ssl.keyStore"); + keyStorePass = securityContext.getSSLProperties().getProperty("javax.net.ssl.keyStorePassword"); + + trustStoreType = securityContext.getSSLProperties().getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType()); + trustStore = securityContext.getSSLProperties().getProperty("javax.net.ssl.trustStore"); + trustStorePass = securityContext.getSSLProperties().getProperty("javax.net.ssl.trustStorePassword"); + } + customConnector.setProperty("protocol", "TLS"); + customConnector.setProperty("keytype", keyStoreType); customConnector.setProperty("keystore", keyStore); customConnector.setProperty("keypass", keyStorePass); - String keyStoreType = - System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType()); - String trustStoreType = - System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType()); - customConnector.setProperty("keytype", keyStoreType); + customConnector.setProperty("trusttype", trustStoreType); customConnector.setProperty("truststore", trustStore); customConnector.setProperty("trustpass", trustStorePass); diff --git a/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java b/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java new file mode 100644 index 0000000000..7c97b38968 --- /dev/null +++ b/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicy.java @@ -0,0 +1,130 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.confidentiality; + +import java.util.Properties; + +import javax.xml.namespace.QName; + +import org.apache.tuscany.sca.assembly.xml.Constants; +import org.apache.tuscany.sca.policy.Policy; + + +/** + * Models the SCA Implementation Security Policy Assertion for Confidentiality. + * + * This would map to enabling SSL communication and would require + * the following configuration items : + * + * - javax.net.ssl.keyStore + * - javax.net.ssl.keyStorePassword + * - javax.net.ssl.keyStoreType + * + * - javax.net.ssl.trustStoreType + * - javax.net.ssl.trustStore + * - javax.net.ssl.trustStorePassword + * + * @version $Rev$ $Date$ + */ +public class ConfidentialityPolicy implements Policy { + public static final QName NAME = new QName(Constants.SCA10_TUSCANY_NS, "confidentiality"); + + private String trustStore; + private String trustStorePassword; + private String keyStore; + private String keyStorePassword; + private String keyStoreType; + private String trustStoreType; + + public String getTrustStore() { + return trustStore; + } + + public void setTrustStore(String trustStore) { + this.trustStore = trustStore; + } + + public String getTrustStorePassword() { + return trustStorePassword; + } + + public void setTrustStorePassword(String trustStorePassword) { + this.trustStorePassword = trustStorePassword; + } + + public String getKeyStore() { + return keyStore; + } + + public void setKeyStore(String keyStore) { + this.keyStore = keyStore; + } + + public String getKeyStorePassword() { + return keyStorePassword; + } + + public void setKeyStorePassword(String keyStorePassword) { + this.keyStorePassword = keyStorePassword; + } + + public String getKeyStoreType() { + return keyStoreType; + } + + public void setKeyStoreType(String keyStoreType) { + this.keyStoreType = keyStoreType; + } + + public String getTrustStoreType() { + return trustStoreType; + } + + public void setTrustStoreType(String trustStoreType) { + this.trustStoreType = trustStoreType; + } + + public QName getSchemaName() { + return NAME; + } + + public boolean isUnresolved() { + return false; + } + + public void setUnresolved(boolean unresolved) { + + } + + public Properties toProperties() { + Properties properties = new Properties(); + + properties.put("javax.net.ssl.trustStoreType", trustStoreType); + properties.put("javax.net.ssl.trustStore", trustStore); + properties.put("javax.net.ssl.trustStorePassword", trustStorePassword); + + properties.put("javax.net.ssl.keyStoreType", keyStoreType); + properties.put("javax.net.ssl.keyStore", keyStore); + properties.put("javax.net.ssl.keyStorePassword", keyStorePassword); + + return properties; + } + +} diff --git a/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java b/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java new file mode 100644 index 0000000000..8d9621da96 --- /dev/null +++ b/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/confidentiality/ConfidentialityPolicyProcessor.java @@ -0,0 +1,158 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.confidentiality; + +import static javax.xml.stream.XMLStreamConstants.END_ELEMENT; +import static javax.xml.stream.XMLStreamConstants.START_ELEMENT; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; + +import org.apache.tuscany.sca.assembly.builder.impl.ProblemImpl; +import org.apache.tuscany.sca.assembly.xml.Constants; +import org.apache.tuscany.sca.contribution.ModelFactoryExtensionPoint; +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.contribution.resolver.ModelResolver; +import org.apache.tuscany.sca.contribution.service.ContributionReadException; +import org.apache.tuscany.sca.contribution.service.ContributionResolveException; +import org.apache.tuscany.sca.contribution.service.ContributionWriteException; +import org.apache.tuscany.sca.monitor.Monitor; +import org.apache.tuscany.sca.monitor.Problem; +import org.apache.tuscany.sca.monitor.Problem.Severity; + +public class ConfidentialityPolicyProcessor implements StAXArtifactProcessor<ConfidentialityPolicy> { + private static final QName KEY_STORE_QNAME = new QName(Constants.SCA10_TUSCANY_NS, "keyStore"); + private static final QName TRUST_STORE_QNAME = new QName(Constants.SCA10_TUSCANY_NS, "trustStore"); + + private Monitor monitor; + + public ConfidentialityPolicyProcessor(ModelFactoryExtensionPoint modelFactories, Monitor monitor) { + this.monitor = monitor; + } + + /** + * Report a error. + * + * @param problems + * @param message + * @param model + */ + private void error(String message, Object model, Object... messageParameters) { + if (monitor != null) { + Problem problem = new ProblemImpl(this.getClass().getName(), "policy-security-validation-messages", Severity.ERROR, model, message, (Object[])messageParameters); + monitor.problem(problem); + } + } + + public QName getArtifactType() { + return ConfidentialityPolicy.NAME; + } + + public Class<ConfidentialityPolicy> getModelType() { + return ConfidentialityPolicy.class; + } + + public ConfidentialityPolicy read(XMLStreamReader reader) throws ContributionReadException, XMLStreamException { + ConfidentialityPolicy policy = new ConfidentialityPolicy(); + int event = reader.getEventType(); + QName start = reader.getName(); + QName name = null; + while (true) { + switch (event) { + case START_ELEMENT: + name = reader.getName(); + if(KEY_STORE_QNAME.equals(name)) { + //<tuscany:keyStore type="JKS" file="conf/tomcat.keystore" password="apache"/> + String type = reader.getAttributeValue(null, "type"); + if(type == null) { + error("RequiredAttributeKeyStoreTypeMissing", reader); + } else { + policy.setKeyStoreType(type); + } + + String file = reader.getAttributeValue(null, "file"); + if(file == null) { + error("RequiredAttributeKeyStoreFileMissing", reader); + } else { + policy.setKeyStore(file); + } + + String password = reader.getAttributeValue(null, "password"); + if(file == null) { + error("RequiredAttributeKeyStorePasswordMissing", reader); + } else { + policy.setKeyStorePassword(password); + } + + } else if(TRUST_STORE_QNAME.equals(name)) { + //<tuscany:trustStore type="" file="" password=""/> + String type = reader.getAttributeValue(null, "type"); + if(type == null) { + error("RequiredAttributeTrustStoreTypeMissing", reader); + } else { + policy.setTrustStoreType(type); + } + + String file = reader.getAttributeValue(null, "file"); + if(file == null) { + error("RequiredAttributeTrusStoreFileMissing", reader); + } else { + policy.setTrustStore(file); + } + + String password = reader.getAttributeValue(null, "password"); + if(file == null) { + error("RequiredAttributeTrustStorePasswordMissing", reader); + } else { + policy.setTrustStorePassword(password); + } + + } + break; + case END_ELEMENT: + if (start.equals(reader.getName())) { + if (reader.hasNext()) { + reader.next(); + } + return policy; + } + + } + if (reader.hasNext()) { + event = reader.next(); + } else { + return policy; + } + } } + + public void write(ConfidentialityPolicy model, XMLStreamWriter writer) throws ContributionWriteException, + XMLStreamException { + // TODO Auto-generated method stub + + } + + public void resolve(ConfidentialityPolicy model, ModelResolver resolver) throws ContributionResolveException { + // TODO Auto-generated method stub + + } + +} diff --git a/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityPolicyDefinitionsProvider.java b/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityPolicyDefinitionsProvider.java index cfe856e0f2..c914d99365 100644 --- a/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityPolicyDefinitionsProvider.java +++ b/branches/sca-java-1.x/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityPolicyDefinitionsProvider.java @@ -34,16 +34,18 @@ import org.apache.tuscany.sca.provider.SCADefinitionsProviderException; /** * Provider for Policy Intents and PolicySet definitions related to security - * + * * @version $Rev$ $Date$ */ public class SecurityPolicyDefinitionsProvider implements SCADefinitionsProvider { + private static final String definitionsFile = "org/apache/tuscany/sca/policy/security/definitions.xml"; private static final String tuscanyDefinitionsFile = "org/apache/tuscany/sca/policy/security/tuscany_definitions.xml"; - private String definitionsFile = "org/apache/tuscany/sca/policy/security/definitions.xml"; + URLArtifactProcessor urlArtifactProcessor = null; public SecurityPolicyDefinitionsProvider(ExtensionPointRegistry registry) { - URLArtifactProcessorExtensionPoint documentProcessors = registry.getExtensionPoint(URLArtifactProcessorExtensionPoint.class); + URLArtifactProcessorExtensionPoint documentProcessors = + registry.getExtensionPoint(URLArtifactProcessorExtensionPoint.class); urlArtifactProcessor = (URLArtifactProcessor)documentProcessors.getProcessor(SCADefinitions.class); } @@ -51,34 +53,31 @@ public class SecurityPolicyDefinitionsProvider implements SCADefinitionsProvider SCADefinitions scaDefns = null; SCADefinitions tuscanyDefns = null; try { - // Allow privileged access to load resource. Requires RuntimePermssion in security policy. + // Allow privileged access to load resource. Requires + // RuntimePermssion in security policy. URL definitionsFileUrl = AccessController.doPrivileged(new PrivilegedAction<URL>() { public URL run() { return getClass().getClassLoader().getResource(definitionsFile); } - }); + }); URI uri = new URI(definitionsFile); - scaDefns = (SCADefinitions)urlArtifactProcessor.read(null, - uri, - definitionsFileUrl); + scaDefns = (SCADefinitions)urlArtifactProcessor.read(null, uri, definitionsFileUrl); definitionsFileUrl = AccessController.doPrivileged(new PrivilegedAction<URL>() { public URL run() { return getClass().getClassLoader().getResource(tuscanyDefinitionsFile); } - }); + }); uri = new URI(definitionsFile); - tuscanyDefns = (SCADefinitions)urlArtifactProcessor.read(null, - uri, - definitionsFileUrl); + tuscanyDefns = (SCADefinitions)urlArtifactProcessor.read(null, uri, definitionsFileUrl); SCADefinitionsUtil.aggregateSCADefinitions(tuscanyDefns, scaDefns); return scaDefns; - } catch ( Exception e ) { + } catch (Exception e) { throw new SCADefinitionsProviderException(e); } } diff --git a/branches/sca-java-1.x/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor b/branches/sca-java-1.x/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor index bf8e4d11b4..2a6a393f83 100644 --- a/branches/sca-java-1.x/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor +++ b/branches/sca-java-1.x/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor @@ -25,3 +25,4 @@ org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=htt org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#securityIdentity,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy
org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#jaasAuthentication,model=org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy
org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#basicAuthentication,model=org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy
+org.apache.tuscany.sca.policy.confidentiality.ConfidentialityPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#confidentiality,model=org.apache.tuscany.sca.policy.confidentiality.ConfidentialityPolicy
\ No newline at end of file diff --git a/branches/sca-java-1.x/samples/store-secure/pom.xml b/branches/sca-java-1.x/samples/store-secure/pom.xml index bd6d771be8..e5ff66a0fc 100644 --- a/branches/sca-java-1.x/samples/store-secure/pom.xml +++ b/branches/sca-java-1.x/samples/store-secure/pom.xml @@ -44,6 +44,12 @@ <dependency> <groupId>org.apache.tuscany.sca</groupId> + <artifactId>tuscany-policy-security</artifactId> + <version>1.5-SNAPSHOT</version> + </dependency> + + <dependency> + <groupId>org.apache.tuscany.sca</groupId> <artifactId>tuscany-data-api</artifactId> <version>1.5-SNAPSHOT</version> </dependency> diff --git a/branches/sca-java-1.x/samples/store-secure/src/main/java/launch/LaunchSSL.java b/branches/sca-java-1.x/samples/store-secure/src/main/java/launch/LaunchSSL.java new file mode 100644 index 0000000000..a3703869ac --- /dev/null +++ b/branches/sca-java-1.x/samples/store-secure/src/main/java/launch/LaunchSSL.java @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package launch; + +import org.apache.tuscany.sca.host.embedded.SCADomain; + +public class LaunchSSL { + public static void main(String[] args) throws Exception { + System.out.println("Starting ..."); + SCADomain scaDomain = SCADomain.newInstance("store-ssl.composite"); + System.out.println("store.composite ready for big business !!!"); + System.in.read(); + System.out.println("Stopping ..."); + scaDomain.close(); + System.out.println(); + } +} diff --git a/branches/sca-java-1.x/samples/store-secure/src/main/resources/definitions.xml b/branches/sca-java-1.x/samples/store-secure/src/main/resources/definitions.xml index 58db5df865..0b1d409c7f 100644 --- a/branches/sca-java-1.x/samples/store-secure/src/main/resources/definitions.xml +++ b/branches/sca-java-1.x/samples/store-secure/src/main/resources/definitions.xml @@ -24,8 +24,7 @@ xmlns:store="http://store"> - <!-- WS Security POLICY SETS --> - <sca:policySet name="widgetBindingAuthenticationPolicySet" + <sca:policySet name="widgetBindingAuthenticationPolicySet" provides="sca:authentication" appliesTo="tuscany:binding.http"> <tuscany:basicAuthentication> @@ -37,8 +36,7 @@ </tuscany:basicAuthentication> </sca:policySet> - <!-- WS Security POLICY SETS --> - <sca:policySet name="widgetServiceAuthenticationPolicySet" + <sca:policySet name="widgetServiceAuthenticationPolicySet" provides="sca:authentication" appliesTo="sca:service"> <tuscany:basicAuthentication> @@ -49,5 +47,18 @@ </tuscany:authorizedUsers> </tuscany:basicAuthentication> </sca:policySet> + + <sca:policySet name="widgetConfidentialityConfigurationPolicySet" + provides="sca:confidentiality" + appliesTo="tuscany:binding.http"> + <tuscany:confidentiality> + <tuscany:keyStore type="JKS" file="target/classes/tuscany.keyStore" password="apache"/> + <tuscany:trustStore type="" file="" password=""/> + </tuscany:confidentiality> + </sca:policySet> + + + + </sca:definitions> diff --git a/branches/sca-java-1.x/samples/store-secure/src/main/resources/store-ssl.composite b/branches/sca-java-1.x/samples/store-secure/src/main/resources/store-ssl.composite new file mode 100644 index 0000000000..79ef3f31a3 --- /dev/null +++ b/branches/sca-java-1.x/samples/store-secure/src/main/resources/store-ssl.composite @@ -0,0 +1,64 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. +--> +<composite xmlns="http://www.osoa.org/xmlns/sca/1.0" + xmlns:t="http://tuscany.apache.org/xmlns/sca/1.0" + targetNamespace="http://store" + name="store"> + + <component name="Store"> + <t:implementation.widget location="uiservices/store.html"/> + <service name="Widget"> + <t:binding.http uri="/store" requires="confidentiality"/> + </service> + <reference name="catalog" target="Catalog"> + <t:binding.jsonrpc/> + </reference> + <reference name="shoppingCart" target="ShoppingCart/Cart"> + <t:binding.atom/> + </reference> + <reference name="shoppingTotal" target="ShoppingCart/Total"> + <t:binding.jsonrpc/> + </reference> + </component> + + <component name="Catalog"> + <implementation.java class="services.FruitsCatalogImpl"/> + <property name="currencyCode">USD</property> + <service name="Catalog"> + <t:binding.jsonrpc/> + </service> + <reference name="currencyConverter" target="CurrencyConverter"/> + </component> + + <component name="ShoppingCart"> + <implementation.java class="services.ShoppingCartImpl"/> + <service name="Cart"> + <t:binding.atom uri="/ShoppingCart/Cart"/> + </service> + <service name="Total"> + <t:binding.jsonrpc/> + </service> + </component> + + <component name="CurrencyConverter"> + <implementation.java class="services.CurrencyConverterImpl"/> + </component> + +</composite> diff --git a/branches/sca-java-1.x/samples/store-secure/src/main/resources/tuscany.keyStore b/branches/sca-java-1.x/samples/store-secure/src/main/resources/tuscany.keyStore Binary files differnew file mode 100644 index 0000000000..7ea23f7ff4 --- /dev/null +++ b/branches/sca-java-1.x/samples/store-secure/src/main/resources/tuscany.keyStore |