Menu
▾
▴
tolven-cvs-commit — Tolven CVS Commit
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(141) |
Sep
(184) |
Oct
(159) |
Nov
(77) |
Dec
(114) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(212) |
Feb
(302) |
Mar
(323) |
Apr
(360) |
May
(302) |
Jun
(392) |
Jul
(299) |
Aug
(858) |
Sep
(499) |
Oct
(489) |
Nov
(324) |
Dec
(438) |
| 2008 |
Jan
(449) |
Feb
(388) |
Mar
(811) |
Apr
(583) |
May
(949) |
Jun
(1431) |
Jul
(943) |
Aug
(527) |
Sep
(576) |
Oct
(440) |
Nov
(1046) |
Dec
(658) |
| 2009 |
Jan
(259) |
Feb
(192) |
Mar
(495) |
Apr
(2322) |
May
(2023) |
Jun
(1387) |
Jul
(722) |
Aug
(771) |
Sep
(167) |
Oct
(142) |
Nov
(384) |
Dec
(884) |
| 2010 |
Jan
(344) |
Feb
(82) |
Mar
(248) |
Apr
(341) |
May
(389) |
Jun
(289) |
Jul
(19) |
Aug
(478) |
Sep
(274) |
Oct
(431) |
Nov
(322) |
Dec
(207) |
| 2011 |
Jan
(125) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Joseph I. <jos...@us...> - 2007-04-01 08:20:52
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv32106/src/org/tolven/doc/bean Modified Files: Tag: E_JI_MDBKeys Evaluator.java EvaluateCCRClinical.java DocumentBean.java TolvenMessage.java EvaluateCCRPersonal.java Log Message: mdbuser password is now read from a hashed password file. The mdbuser and its password are incorporated into IzPack installer. Index: Evaluator.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/bean/Evaluator.java,v retrieving revision 1.11.2.1 retrieving revision 1.11.2.2 diff -C2 -d -r1.11.2.1 -r1.11.2.2 *** Evaluator.java 28 Mar 2007 05:13:22 -0000 1.11.2.1 --- Evaluator.java 1 Apr 2007 08:20:51 -0000 1.11.2.2 *************** *** 93,97 **** docXML = documentLocal.createXMLDocument( tm.getXmlNS(), tm.getAuthorId(), tm.getAccountId() ); System.out.println( "Document created, id: " + docXML.getId()); ! docXML.setAsEncryptedContent(accountProcessingProctectionLocal.getDecryptedContent(tm, AccountProcessingProtectionLocal.ACCOUNT_PROCESSING_Q_ID)); System.out.println( "Document set payload, id: " + docXML.getId()); documentLocal.finalizeDocument(docXML); --- 93,97 ---- docXML = documentLocal.createXMLDocument( tm.getXmlNS(), tm.getAuthorId(), tm.getAccountId() ); System.out.println( "Document created, id: " + docXML.getId()); ! docXML.setAsEncryptedContent(accountProcessingProctectionLocal.getDecryptedContent(tm)); System.out.println( "Document set payload, id: " + docXML.getId()); documentLocal.finalizeDocument(docXML); *************** *** 107,111 **** // Get type of account String accountType = docXML.getAccount().getAccountType().getKnownType(); ! Trim trim = (Trim) xmlBean.unmarshal(tm.getXmlNS(), accountProcessingProctectionLocal.getDecryptedContentAsInputStream(tm, AccountProcessingProtectionLocal.ACCOUNT_PROCESSING_Q_ID)); RuleBase ruleBase = ruleBaseFactory.open( "rules/" + accountType + ".drl"); //load up the rulebase --- 107,111 ---- // Get type of account String accountType = docXML.getAccount().getAccountType().getKnownType(); ! Trim trim = (Trim) xmlBean.unmarshal(tm.getXmlNS(), accountProcessingProctectionLocal.getDecryptedContentAsInputStream(tm)); RuleBase ruleBase = ruleBaseFactory.open( "rules/" + accountType + ".drl"); //load up the rulebase Index: EvaluateCCRClinical.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/bean/EvaluateCCRClinical.java,v retrieving revision 1.3.2.1 retrieving revision 1.3.2.2 diff -C2 -d -r1.3.2.1 -r1.3.2.2 *** EvaluateCCRClinical.java 28 Mar 2007 05:13:22 -0000 1.3.2.1 --- EvaluateCCRClinical.java 1 Apr 2007 08:20:51 -0000 1.3.2.2 *************** *** 36,44 **** System.out.println( "Processing CCR document for clinical account: " + tm.getAccountId()); DocCCR docCCR = documentLocal.createCCRDocument( tm.getAuthorId(), tm.getAccountId() ); ! docCCR.setAsEncryptedContent(accountProcessingProctectionLocal.getDecryptedContent(tm, AccountProcessingProtectionLocal.ACCOUNT_PROCESSING_Q_ID)); documentLocal.finalizeDocument(docCCR); // Get type of account // String accountType = docCCR.getAccount().getAccountType().getKnownType(); ! ContinuityOfCareRecord ccr = (ContinuityOfCareRecord) xmlBean.unmarshal(tm.getXmlNS(), accountProcessingProctectionLocal.getDecryptedContentAsInputStream(tm, AccountProcessingProtectionLocal.ACCOUNT_PROCESSING_Q_ID)); processPatient( docCCR.getAccount(), docCCR.getId(), ccr); } --- 36,44 ---- System.out.println( "Processing CCR document for clinical account: " + tm.getAccountId()); DocCCR docCCR = documentLocal.createCCRDocument( tm.getAuthorId(), tm.getAccountId() ); ! docCCR.setAsEncryptedContent(accountProcessingProctectionLocal.getDecryptedContent(tm)); documentLocal.finalizeDocument(docCCR); // Get type of account // String accountType = docCCR.getAccount().getAccountType().getKnownType(); ! ContinuityOfCareRecord ccr = (ContinuityOfCareRecord) xmlBean.unmarshal(tm.getXmlNS(), accountProcessingProctectionLocal.getDecryptedContentAsInputStream(tm)); processPatient( docCCR.getAccount(), docCCR.getId(), ccr); } Index: EvaluateCCRPersonal.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/bean/EvaluateCCRPersonal.java,v retrieving revision 1.4.2.1 retrieving revision 1.4.2.2 diff -C2 -d -r1.4.2.1 -r1.4.2.2 *** EvaluateCCRPersonal.java 28 Mar 2007 05:13:22 -0000 1.4.2.1 --- EvaluateCCRPersonal.java 1 Apr 2007 08:20:51 -0000 1.4.2.2 *************** *** 39,47 **** System.out.println( "Processing CCR document for personal account: " + tm.getAccountId()); DocCCR docCCR = documentLocal.createCCRDocument( tm.getAuthorId(), tm.getAccountId() ); ! docCCR.setAsEncryptedContent(accountProcessingProctectionLocal.getDecryptedContent(tm, AccountProcessingProtectionLocal.ACCOUNT_PROCESSING_Q_ID)); documentLocal.finalizeDocument(docCCR); // Get type of account // String accountType = docCCR.getAccount().getAccountType().getKnownType(); ! ContinuityOfCareRecord ccr = (ContinuityOfCareRecord) xmlBean.unmarshal(tm.getXmlNS(), accountProcessingProctectionLocal.getDecryptedContentAsInputStream(tm, AccountProcessingProtectionLocal.ACCOUNT_PROCESSING_Q_ID)); processPatient( docCCR.getAccount(), docCCR.getId(), ccr); } --- 39,47 ---- System.out.println( "Processing CCR document for personal account: " + tm.getAccountId()); DocCCR docCCR = documentLocal.createCCRDocument( tm.getAuthorId(), tm.getAccountId() ); ! docCCR.setAsEncryptedContent(accountProcessingProctectionLocal.getDecryptedContent(tm)); documentLocal.finalizeDocument(docCCR); // Get type of account // String accountType = docCCR.getAccount().getAccountType().getKnownType(); ! ContinuityOfCareRecord ccr = (ContinuityOfCareRecord) xmlBean.unmarshal(tm.getXmlNS(), accountProcessingProctectionLocal.getDecryptedContentAsInputStream(tm)); processPatient( docCCR.getAccount(), docCCR.getId(), ccr); } Index: DocumentBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/bean/DocumentBean.java,v retrieving revision 1.22.2.1 retrieving revision 1.22.2.2 diff -C2 -d -r1.22.2.1 -r1.22.2.2 *** DocumentBean.java 28 Mar 2007 05:13:22 -0000 1.22.2.1 --- DocumentBean.java 1 Apr 2007 08:20:51 -0000 1.22.2.2 *************** *** 348,352 **** // tm.setXmlName("trim"); tm.setXmlNS( xmlns); ! accountProcessingProctectionLocal.setAsEncryptedContent(payload, tm, AccountProcessingProtectionLocal.ACCOUNT_PROCESSING_Q_ID); q.send( tm ); q.close(); --- 348,352 ---- // tm.setXmlName("trim"); tm.setXmlNS( xmlns); ! accountProcessingProctectionLocal.setAsEncryptedContent(payload, tm); q.send( tm ); q.close(); Index: TolvenMessage.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/bean/TolvenMessage.java,v retrieving revision 1.3.10.3 retrieving revision 1.3.10.4 diff -C2 -d -r1.3.10.3 -r1.3.10.4 *** TolvenMessage.java 28 Mar 2007 05:13:22 -0000 1.3.10.3 --- TolvenMessage.java 1 Apr 2007 08:20:51 -0000 1.3.10.4 *************** *** 1,6 **** package org.tolven.doc.bean; - import java.io.ByteArrayInputStream; - import java.io.InputStream; import java.io.Serializable; --- 1,4 ---- |
|
From: Joseph I. <jos...@us...> - 2007-04-01 08:20:51
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv32106/src/org/tolven/security Modified Files: Tag: E_JI_MDBKeys AccountProcessingProtectionLocal.java Log Message: mdbuser password is now read from a hashed password file. The mdbuser and its password are incorporated into IzPack installer. Index: AccountProcessingProtectionLocal.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/Attic/AccountProcessingProtectionLocal.java,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -C2 -d -r1.1.2.1 -r1.1.2.2 *** AccountProcessingProtectionLocal.java 28 Mar 2007 05:13:22 -0000 1.1.2.1 --- AccountProcessingProtectionLocal.java 1 Apr 2007 08:20:51 -0000 1.1.2.2 *************** *** 29,40 **** */ public interface AccountProcessingProtectionLocal { - - public static final String ACCOUNT_PROCESSING_Q_ID = "accountprocessingQ"; ! public void setAsEncryptedContent(byte[] unencryptedContent, TolvenMessage tm, String processingId) throws LoginException, GeneralSecurityException, IOException; ! public byte[] getDecryptedContent(TolvenMessage tm, String processingId) throws LoginException, GeneralSecurityException, IOException; ! public InputStream getDecryptedContentAsInputStream(TolvenMessage tm, String processingId) throws LoginException, GeneralSecurityException, IOException; } --- 29,38 ---- */ public interface AccountProcessingProtectionLocal { ! public void setAsEncryptedContent(byte[] unencryptedContent, TolvenMessage tm) throws LoginException, GeneralSecurityException, IOException; ! public byte[] getDecryptedContent(TolvenMessage tm) throws LoginException, GeneralSecurityException, IOException; ! public InputStream getDecryptedContentAsInputStream(TolvenMessage tm) throws LoginException, GeneralSecurityException, IOException; } |
|
From: Joseph I. <jos...@us...> - 2007-04-01 08:20:51
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/gen/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv32106/src/org/tolven/gen/bean Modified Files: Tag: E_JI_MDBKeys GenDriver.java Log Message: mdbuser password is now read from a hashed password file. The mdbuser and its password are incorporated into IzPack installer. Index: GenDriver.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/gen/bean/GenDriver.java,v retrieving revision 1.5.10.1 retrieving revision 1.5.10.2 diff -C2 -d -r1.5.10.1 -r1.5.10.2 *** GenDriver.java 28 Mar 2007 05:13:23 -0000 1.5.10.1 --- GenDriver.java 1 Apr 2007 08:20:51 -0000 1.5.10.2 *************** *** 152,156 **** ByteArrayOutputStream output = new ByteArrayOutputStream( ); xmlBean.marshalCCR( ccr, output ); ! accountProcessingProctectionLocal.setAsEncryptedContent(output.toByteArray(), tm, AccountProcessingProtectionLocal.ACCOUNT_PROCESSING_Q_ID); q.send( tm ); // System.out.println(tm.getPayload()); --- 152,156 ---- ByteArrayOutputStream output = new ByteArrayOutputStream( ); xmlBean.marshalCCR( ccr, output ); ! accountProcessingProctectionLocal.setAsEncryptedContent(output.toByteArray(), tm); q.send( tm ); // System.out.println(tm.getPayload()); |
|
From: Joseph I. <jos...@us...> - 2007-04-01 08:20:45
|
Update of /cvsroot/tolven/tolven/installer/izpack-8.1 In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv32063/installer/izpack-8.1 Modified Files: Tag: E_JI_MDBKeys installUserInputSpec.xml antActionsSpec.xml Log Message: mdbuser password is now read from a hashed password file. The mdbuser and its password are incorporated into IzPack installer. Index: installUserInputSpec.xml =================================================================== RCS file: /cvsroot/tolven/tolven/installer/izpack-8.1/installUserInputSpec.xml,v retrieving revision 1.11 retrieving revision 1.11.2.1 diff -C2 -d -r1.11 -r1.11.2.1 *** installUserInputSpec.xml 19 Mar 2007 22:19:15 -0000 1.11 --- installUserInputSpec.xml 1 Apr 2007 08:20:44 -0000 1.11.2.1 *************** *** 802,805 **** --- 802,831 ---- txt="Both versions of the password must match" /> </field> + <field type="rule" variable="MDB_USER"> + <spec txt="MDB User:" set="0:mdbuser" layout="O:18:U" /> + <validator + class="com.izforge.izpack.util.NotEmptyValidator" + txt="Database User cannot be blank." /> + </field> + <field type="password" variable="MDB_PASSWORD"> + <description align="left" + txt="Please enter the MDB password to be hashed (default is tolven)" /> + <spec> + <pwd txt="Password:" size="20" set="tolven" /> + <pwd txt="Retype Password:" size="20" set="tolven" /> + </spec> + <validator class="com.izforge.izpack.util.PWDValidator" + txt="Both versions of the password must match" /> + </field> + <field type="password" variable="MDB_KEYSTORE_PASSWORD"> + <description align="left" + txt="Please enter an MDB keystore password to protect the MDB password (default is tolven)" /> + <spec> + <pwd txt="Keystore Password:" size="20" set="tolven" /> + <pwd txt="Retype Password:" size="20" set="tolven" /> + </spec> + <validator class="com.izforge.izpack.util.PWDValidator" + txt="Both versions of the password must match" /> + </field> </panel> <panel order="3"> Index: antActionsSpec.xml =================================================================== RCS file: /cvsroot/tolven/tolven/installer/izpack-8.1/antActionsSpec.xml,v retrieving revision 1.5 retrieving revision 1.5.6.1 diff -C2 -d -r1.5 -r1.5.6.1 *** antActionsSpec.xml 12 Oct 2006 23:52:36 -0000 1.5 --- antActionsSpec.xml 1 Apr 2007 08:20:45 -0000 1.5.6.1 *************** *** 35,38 **** --- 35,40 ---- <property name="tolven.ldap.password" value="$LDAP_PASSWORD" /> <property name="tolven.ldap.keystore.password" value="$LDAP_KEYSTORE_PASSWORD" /> + <property name="tolven.mdb.password" value="$MDB_PASSWORD" /> + <property name="tolven.mdb.keystore.password" value="$MDB_KEYSTORE_PASSWORD" /> <property name="tolven.database.password" value="$DB_PASSWORD" /> <property name="tolven.database.keystore.password" value="$DB_KEYSTORE_PASSWORD" /> |
|
From: Joseph I. <jos...@us...> - 2007-04-01 08:20:45
|
Update of /cvsroot/tolven/tolven/installer/template In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv32063/installer/template Modified Files: Tag: E_JI_MDBKeys ant-build.template Log Message: mdbuser password is now read from a hashed password file. The mdbuser and its password are incorporated into IzPack installer. Index: ant-build.template =================================================================== RCS file: /cvsroot/tolven/tolven/installer/template/ant-build.template,v retrieving revision 1.6.2.1 retrieving revision 1.6.2.2 diff -C2 -d -r1.6.2.1 -r1.6.2.2 *** ant-build.template 31 Mar 2007 22:53:16 -0000 1.6.2.1 --- ant-build.template 1 Apr 2007 08:20:45 -0000 1.6.2.2 *************** *** 16,20 **** db.name=$DB_NAME jdbc.username=$DB_USER ! mdb.username=accountprocessingQ # For copying credentials to a remoted host the following two properties must be set to avoid being asked for input # ldap.host.user=someldapuser --- 16,20 ---- db.name=$DB_NAME jdbc.username=$DB_USER ! mdb.username=$MDB_USER # For copying credentials to a remoted host the following two properties must be set to avoid being asked for input # ldap.host.user=someldapuser |
|
From: Joseph I. <jos...@us...> - 2007-04-01 08:20:45
|
Update of /cvsroot/tolven/tolven/template In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv32063/template Modified Files: Tag: E_JI_MDBKeys ant-build.template Log Message: mdbuser password is now read from a hashed password file. The mdbuser and its password are incorporated into IzPack installer. Index: ant-build.template =================================================================== RCS file: /cvsroot/tolven/tolven/template/ant-build.template,v retrieving revision 1.54.2.1 retrieving revision 1.54.2.2 diff -C2 -d -r1.54.2.1 -r1.54.2.2 *** ant-build.template 31 Mar 2007 22:53:16 -0000 1.54.2.1 --- ant-build.template 1 Apr 2007 08:20:44 -0000 1.54.2.2 *************** *** 13,17 **** jdbc.host=localhost jdbc.username=postgres ! mdb.username=accountprocessingQ # Uncomment to build tolvenMobileClient using Wireless Toolkit from Sun --- 13,17 ---- jdbc.host=localhost jdbc.username=postgres ! mdb.username=mdbuser # Uncomment to build tolvenMobileClient using Wireless Toolkit from Sun |
|
From: Joseph I. <jos...@us...> - 2007-04-01 08:20:44
|
Update of /cvsroot/tolven/tolven/jboss-config In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv32063/jboss-config Modified Files: Tag: E_JI_MDBKeys login-config.xml tolven-ds.xml Log Message: mdbuser password is now read from a hashed password file. The mdbuser and its password are incorporated into IzPack installer. Index: tolven-ds.xml =================================================================== RCS file: /cvsroot/tolven/tolven/jboss-config/tolven-ds.xml,v retrieving revision 1.9 retrieving revision 1.9.4.1 diff -C2 -d -r1.9 -r1.9.4.1 *** tolven-ds.xml 6 Mar 2007 17:00:48 -0000 1.9 --- tolven-ds.xml 1 Apr 2007 08:20:41 -0000 1.9.4.1 *************** *** 38,41 **** --- 38,54 ---- </mbean> + <!-- The tolvenMDB SecurityDomain has been placed here for ease of deployment. It can exist in its own service xml --> + <mbean code="org.jboss.security.plugins.JaasSecurityDomain" + name="jboss.security:service=TolvenSecurityDomain,domain=tolvenMDB"> + <constructor> + <arg type="java.lang.String" value="tolvenMDB" /> + </constructor> + <attribute name="KeyStorePass"> + {CLASS}org.jboss.security.plugins.FilePassword:${jboss.server.home.dir}/conf/mdb.password + </attribute> + <attribute name="Salt">@tolven-mdb-salt@</attribute> + <attribute name="IterationCount">@tolven-mdb-iterations@</attribute> + <depends>jboss:type=Service,name=TolvenSystemProperties</depends> + </mbean> </datasources> Index: login-config.xml =================================================================== RCS file: /cvsroot/tolven/tolven/jboss-config/login-config.xml,v retrieving revision 1.18.6.2 retrieving revision 1.18.6.3 diff -C2 -d -r1.18.6.2 -r1.18.6.3 *** login-config.xml 31 Mar 2007 22:53:16 -0000 1.18.6.2 --- login-config.xml 1 Apr 2007 08:20:41 -0000 1.18.6.3 *************** *** 39,42 **** --- 39,45 ---- <login-module code="org.tolven.security.auth.MDBLoginModule" flag="required"> + <module-option name = "username">@mdb-username@</module-option> + <module-option name = "password">@hashed-mdb-password@</module-option> + <module-option name = "jaasSecurityDomain">jboss.security:service=TolvenSecurityDomain,domain=tolvenMDB</module-option> </login-module> <login-module code="org.jboss.security.auth.spi.LdapLoginModule" *************** *** 45,49 **** com.sun.jndi.ldap.LdapCtxFactory </module-option> - <!-- During tolven build ldap.java.naming.provider.url is replaced by the ant property ${ldap.java.naming.provider.url} --> <module-option name="java.naming.provider.url"> @ldap.java.naming.provider.url@ --- 48,51 ---- *************** *** 69,72 **** --- 71,75 ---- <login-module code="org.tolven.security.auth.KeyLoginModule" flag="required"> + <module-option name="password-stacking">useFirstPass</module-option> </login-module> </authentication> |
|
From: Joseph I. <jos...@us...> - 2007-03-31 22:53:27
|
Update of /cvsroot/tolven/tolvenSecurity/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21451/src/org/tolven/security/auth Added Files: Tag: E_JI_MDBKeys MDBLoginModule.java Removed Files: Tag: E_JI_MDBKeys MDBKeyLoginModule.java Log Message: Moved the MDB user password to MDBLoginModule --- MDBKeyLoginModule.java DELETED --- --- NEW FILE: MDBLoginModule.java --- /* * Copyright (C) 2006 Tolven Inc * * This library is free software; you can redistribute it and/or modify it under the terms of * the GNU Lesser General Public License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU Lesser General Public License for more details. * * Contact: in...@to... */ package org.tolven.security.auth; import java.io.IOException; import java.util.Arrays; import java.util.Map; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; /** * This LoginModule does not verify username/password directly and MUST be proceeded by a LoginModule which does. * However, it is responsible for adding credentials to a Subject, and while adding a UserPrivateKey, it will attempt * unlock the UserPrivateKey with the provided password. If the password is not correct, then the login will fail. * * @author Joseph Isaac * */ public class MDBLoginModule implements LoginModule { private CallbackHandler callbackHandler; private String principalName; private char[] password; private Map sharedState; public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) { System.out.println(getClass() + " initialize()"); this.callbackHandler = callbackHandler; this.sharedState = sharedState; } public boolean login() throws LoginException { System.out.println(getClass() + " begin login"); if (callbackHandler == null) throw new LoginException("No CallbackHandler"); NameCallback nc = new NameCallback("User name: "); Callback[] callbacks = { nc }; try { callbackHandler.handle(callbacks); principalName = nc.getName(); if (principalName == null) throw new LoginException("null principalName not permitted"); char[] tmpPassword = "accountprocessingQ".toCharArray(); if (tmpPassword == null) throw new LoginException("null password not permitted"); password = new char[tmpPassword.length]; if (tmpPassword != null) { System.arraycopy(tmpPassword, 0, password, 0, tmpPassword.length); } sharedState.put("javax.security.auth.login.name", password); sharedState.put("javax.security.auth.login.password", password); } catch (IOException e) { LoginException le = new LoginException("Failed to get principalName/password"); le.initCause(e); throw le; } catch (UnsupportedCallbackException e) { LoginException le = new LoginException("CallbackHandler does not support: " + e.getCallback()); le.initCause(e); throw le; } return true; } public boolean commit() throws LoginException { return true; } public boolean abort() throws LoginException { removeAllCredentials(); return true; } public boolean logout() throws LoginException { removeAllCredentials(); return true; } private void removeAllCredentials() throws LoginException { callbackHandler = null; principalName = null; if (password != null) Arrays.fill(password, '0'); password = null; sharedState = null; } } |
|
From: Joseph I. <jos...@us...> - 2007-03-31 22:53:27
|
Update of /cvsroot/tolven/tolvenSecurity/src/org/tolven/security In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21451/src/org/tolven/security Added Files: Tag: E_JI_MDBKeys KeyLoginLocal.java Log Message: Moved the MDB user password to MDBLoginModule --- NEW FILE: KeyLoginLocal.java --- /* * Copyright (C) 2006 Tolven Inc * * This library is free software; you can redistribute it and/or modify it under the terms of * the GNU Lesser General Public License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU Lesser General Public License for more details. * * Contact: in...@to... */ package org.tolven.security; import org.tolven.security.key.AccountPrivateKey; import org.tolven.security.key.AccountPublicKey; import org.tolven.security.key.UserPrivateKey; import org.tolven.security.key.UserPublicKey; /** * This class provides functionality to the KeyLoginModule and should only reference application security related classes * * @author Joseph Isaac * */ public interface KeyLoginLocal { /** * Return a UserPrivateKey * @param principalName * @return */ public UserPrivateKey findUserPrivateKey(String principalName); /** * Return a UserPublicKey * @param principalName * @return */ public UserPublicKey findUserPublicKey(String principalName); /** * Return an AccountPrivateKey * @param accountUserId * @return */ public AccountPrivateKey findAccountPrivateKey(long accountUserId); /** * Return an AccountPublicKey * @param accountUserId * @return */ public AccountPublicKey findAccountPublicKey(long accountUserId); } |
|
From: Joseph I. <jos...@us...> - 2007-03-31 22:53:27
|
Update of /cvsroot/tolven/tolvenSecurity/src/org/tolven/security/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21451/src/org/tolven/security/bean Added Files: Tag: E_JI_MDBKeys KeyLoginBean.java Log Message: Moved the MDB user password to MDBLoginModule --- NEW FILE: KeyLoginBean.java --- /* * Copyright (C) 2006 Tolven Inc * * This library is free software; you can redistribute it and/or modify it under the terms of * the GNU Lesser General Public License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU Lesser General Public License for more details. * * Contact: in...@to... */ package org.tolven.security.bean; import javax.annotation.Resource; import javax.ejb.EJBContext; import javax.ejb.Local; import javax.ejb.Stateless; import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; import javax.persistence.Query; import org.tolven.security.KeyLoginLocal; import org.tolven.security.key.AccountPrivateKey; import org.tolven.security.key.AccountPublicKey; import org.tolven.security.key.UserPrivateKey; import org.tolven.security.key.UserPublicKey; /** * This class provides functionality to the KeyLoginModule and should only reference application security related classes * * @author Joseph Isaac * */ @Stateless @Local(KeyLoginLocal.class) public class KeyLoginBean implements KeyLoginLocal { @PersistenceContext private EntityManager em; @Resource EJBContext ejbContext; /** * Return a UserPrivateKey * @param principalName * @return */ public UserPrivateKey findUserPrivateKey(String principalName) { Query query = em.createQuery("SELECT userPrivateKey FROM TolvenUser u WHERE u.ldapUID = :principal " + "AND u.status = :activeStatus"); query.setParameter("principal", principalName.toLowerCase()); query.setParameter("aciveStatus", "active"); return (UserPrivateKey) query.getSingleResult(); } /** * Return a UserPublicKey * @param principalName * @return */ public UserPublicKey findUserPublicKey(String principalName) { Query query = em.createQuery("SELECT userPublicKey FROM TolvenUser u WHERE u.ldapUID = :principal " + "AND u.status = :activeStatus"); query.setParameter("principal", principalName.toLowerCase()); query.setParameter("aciveStatus", "active"); return (UserPublicKey) query.getSingleResult(); } /** * Return an AccountPrivateKey * @param accountUserId * @return */ public AccountPrivateKey findAccountPrivateKey(long accountUserId) { Query query = em.createQuery("SELECT accountPrivateKey FROM AccountUser au WHERE au.id = :accountUserId " + "AND u.status = :activeStatus"); query.setParameter("accountUserId", accountUserId); query.setParameter("aciveStatus", "active"); return (AccountPrivateKey) query.getSingleResult(); } /** * Return an AccountPublicKey * @param accountUserId * @return */ public AccountPublicKey findAccountPublicKey(long accountUserId) { Query query = em.createQuery("SELECT accountPublicKey FROM AccountUser au WHERE au.id = :accountUserId " + "AND u.status = :activeStatus"); query.setParameter("accountUserId", accountUserId); query.setParameter("aciveStatus", "active"); return (AccountPublicKey) query.getSingleResult(); } } |
|
From: Joseph I. <jos...@us...> - 2007-03-31 22:53:26
|
Update of /cvsroot/tolven/tolvenSecurity/src/org/tolven/security/key In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21451/src/org/tolven/security/key Added Files: Tag: E_JI_MDBKeys AccountKeyRing.java Log Message: Moved the MDB user password to MDBLoginModule --- NEW FILE: AccountKeyRing.java --- /* * Copyright (C) 2006 Tolven Inc * * This library is free software; you can redistribute it and/or modify it under the terms of * the GNU Lesser General Public License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU Lesser General Public License for more details. * * Contact: in...@to... */ package org.tolven.security.key; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.PublicKey; /** * An interface to define AccountPublicKey/AccountPrivateKey functionality * * @author Joseph Isaac */ public interface AccountKeyRing { public AccountPrivateKey getAccountPrivateKey(); public void setAccountPrivateKey(AccountPrivateKey privateKey); public boolean hasAccountPrivateKey(); public AccountPublicKey getAccountPublicKey(); public PublicKey getPublicKey() throws GeneralSecurityException; public void setPublicKey(PublicKey aPublicKey); public void initAccountPrivateKey(char[] password) throws GeneralSecurityException, IOException; } |
|
From: Joseph I. <jos...@us...> - 2007-03-31 22:53:21
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21429/src/org/tolven/security/bean Modified Files: Tag: E_JI_MDBKeys AccountProcessingProtectionBean.java Log Message: Moved the MDB user password to MDBLoginModule Index: AccountProcessingProtectionBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/bean/Attic/AccountProcessingProtectionBean.java,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -C2 -d -r1.1.2.2 -r1.1.2.3 *** AccountProcessingProtectionBean.java 30 Mar 2007 04:41:47 -0000 1.1.2.2 --- AccountProcessingProtectionBean.java 31 Mar 2007 22:53:20 -0000 1.1.2.3 *************** *** 75,79 **** LoginContext lc = null; try { ! lc = new LoginContext("tolvenLDAP", new KeyLdapCallbackHandler(processingId, processingId.toCharArray())); lc.login(); Subject subject = lc.getSubject(); --- 75,79 ---- LoginContext lc = null; try { ! lc = new LoginContext("tolvenMDB", new KeyLdapCallbackHandler(processingId, null)); lc.login(); Subject subject = lc.getSubject(); |
|
From: Joseph I. <jos...@us...> - 2007-03-31 22:53:21
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21429/src/org/tolven/security/auth Modified Files: Tag: E_JI_MDBKeys KeyLoginModule.java Log Message: Moved the MDB user password to MDBLoginModule Index: KeyLoginModule.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth/KeyLoginModule.java,v retrieving revision 1.9.2.3 retrieving revision 1.9.2.4 diff -C2 -d -r1.9.2.3 -r1.9.2.4 *** KeyLoginModule.java 30 Mar 2007 07:07:05 -0000 1.9.2.3 --- KeyLoginModule.java 31 Mar 2007 22:53:20 -0000 1.9.2.4 *************** *** 65,73 **** private char[] password; private long accountUserId; ! public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> arg2, Map<String, ?> arg3) { //System.out.println(getClass() + " initialize()"); this.subject = subject; this.callbackHandler = callbackHandler; } --- 65,75 ---- private char[] password; private long accountUserId; + private Map sharedState; ! public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) { //System.out.println(getClass() + " initialize()"); this.subject = subject; this.callbackHandler = callbackHandler; + this.sharedState = sharedState; } *************** *** 91,99 **** } principalName = nc.getName(); ! if (principalName == null) ! throw new LoginException("null principalName not permitted"); char[] tmpPassword = pc.getPassword(); ! if (tmpPassword == null) ! throw new LoginException("null password not permitted"); password = new char[tmpPassword.length]; System.arraycopy(tmpPassword, 0, password, 0, tmpPassword.length); --- 93,107 ---- } principalName = nc.getName(); ! if (principalName == null) { ! principalName = (String) sharedState.get("javax.security.auth.login.name"); ! if (principalName == null) ! throw new LoginException("null principalName not permitted"); ! } char[] tmpPassword = pc.getPassword(); ! if (tmpPassword == null) { ! tmpPassword = (char[]) sharedState.get("javax.security.auth.login.password"); ! if (tmpPassword == null) ! throw new LoginException("null password not permitted"); ! } password = new char[tmpPassword.length]; System.arraycopy(tmpPassword, 0, password, 0, tmpPassword.length); *************** *** 227,231 **** LoginContext lc = null; try { ! lc = new LoginContext("tolvenLDAP", new KeyLdapCallbackHandler(processingId, processingId.toCharArray())); lc.login(); Subject subject = lc.getSubject(); --- 235,239 ---- LoginContext lc = null; try { ! lc = new LoginContext("tolvenMDB", new KeyLdapCallbackHandler(processingId, null)); lc.login(); Subject subject = lc.getSubject(); *************** *** 250,254 **** } } catch (LoginException ex) { ! throw new RuntimeException(getClass() + " :Could not login " + AccountProcessingProtectionLocal.ACCOUNT_PROCESSING_Q_ID); } } --- 258,262 ---- } } catch (LoginException ex) { ! throw new RuntimeException(getClass() + " :Could not login " + AccountProcessingProtectionLocal.ACCOUNT_PROCESSING_Q_ID, ex); } } *************** *** 271,274 **** --- 279,283 ---- Arrays.fill(password, '0'); password = null; + sharedState = null; try { // Remove UserPrivateKey |
|
From: Joseph I. <jos...@us...> - 2007-03-31 22:53:21
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21429/src/org/tolven/core/bean Modified Files: Tag: E_JI_MDBKeys AccountDAOBean.java Log Message: Moved the MDB user password to MDBLoginModule Index: AccountDAOBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean/AccountDAOBean.java,v retrieving revision 1.29.6.1 retrieving revision 1.29.6.2 diff -C2 -d -r1.29.6.1 -r1.29.6.2 *** AccountDAOBean.java 30 Mar 2007 07:07:06 -0000 1.29.6.1 --- AccountDAOBean.java 31 Mar 2007 22:53:20 -0000 1.29.6.2 *************** *** 123,127 **** LoginContext lc = null; try { ! lc = new LoginContext("tolvenLDAP", new KeyLdapCallbackHandler(processingId, processingId.toCharArray())); lc.login(); Subject subject = lc.getSubject(); --- 123,127 ---- LoginContext lc = null; try { ! lc = new LoginContext("tolvenMDB", new KeyLdapCallbackHandler(processingId, null)); lc.login(); Subject subject = lc.getSubject(); *************** *** 146,150 **** } } catch (LoginException ex) { ! throw new RuntimeException(getClass() + " :Could not login " + AccountProcessingProtectionLocal.ACCOUNT_PROCESSING_Q_ID); } } --- 146,150 ---- } } catch (LoginException ex) { ! throw new RuntimeException(getClass() + " :Could not login " + AccountProcessingProtectionLocal.ACCOUNT_PROCESSING_Q_ID, ex); } } |
|
From: Joseph I. <jos...@us...> - 2007-03-31 22:53:18
|
Update of /cvsroot/tolven/tolven/jboss-config In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21380/jboss-config Modified Files: Tag: E_JI_MDBKeys login-config.xml Log Message: Moved the MDB user password to MDBLoginModule Index: login-config.xml =================================================================== RCS file: /cvsroot/tolven/tolven/jboss-config/login-config.xml,v retrieving revision 1.18.6.1 retrieving revision 1.18.6.2 diff -C2 -d -r1.18.6.1 -r1.18.6.2 *** login-config.xml 28 Mar 2007 05:13:09 -0000 1.18.6.1 --- login-config.xml 31 Mar 2007 22:53:16 -0000 1.18.6.2 *************** *** 37,41 **** <application-policy name="tolvenMDB"> <authentication> ! <login-module code="org.tolven.security.auth.MDBKeyLoginModule" flag="required"> </login-module> --- 37,71 ---- <application-policy name="tolvenMDB"> <authentication> ! <login-module code="org.tolven.security.auth.MDBLoginModule" ! flag="required"> ! </login-module> ! <login-module code="org.jboss.security.auth.spi.LdapLoginModule" ! flag="required"> ! <module-option name="java.naming.factory.initial"> ! com.sun.jndi.ldap.LdapCtxFactory ! </module-option> ! <!-- During tolven build ldap.java.naming.provider.url is replaced by the ant property ${ldap.java.naming.provider.url} --> ! <module-option name="java.naming.provider.url"> ! @ldap.java.naming.provider.url@ ! </module-option> ! <module-option name="java.naming.security.authentication"> ! simple ! </module-option> ! <module-option name="principalDNPrefix">uid=</module-option> ! <module-option name="principalDNSuffix"> ! ,ou=people,dc=tolven,dc=com ! </module-option> ! ! <module-option name="rolesCtxDN"> ! ou=groups,dc=tolven,dc=com ! </module-option> ! <module-option name="uidAttributeID">uniqueMember</module-option> ! <module-option name="matchOnUserDN">true</module-option> ! ! <module-option name="roleAttributeID">cn</module-option> ! <module-option name="roleAttributeIsDN">false </module-option> ! <module-option name="password-stacking">useFirstPass</module-option> ! </login-module> ! <login-module code="org.tolven.security.auth.KeyLoginModule" flag="required"> </login-module> |
|
From: Joseph I. <jos...@us...> - 2007-03-31 22:53:18
|
Update of /cvsroot/tolven/tolven/security-config In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21380/security-config Modified Files: Tag: E_JI_MDBKeys build.xml Log Message: Moved the MDB user password to MDBLoginModule Index: build.xml =================================================================== RCS file: /cvsroot/tolven/tolven/security-config/build.xml,v retrieving revision 1.62 retrieving revision 1.62.6.1 diff -C2 -d -r1.62 -r1.62.6.1 *** build.xml 3 Dec 2006 08:54:13 -0000 1.62 --- build.xml 31 Mar 2007 22:53:16 -0000 1.62.6.1 *************** *** 132,135 **** --- 132,136 ---- <antcall target="create-tolvendev-webserver-keystore" /> <antcall target="create-ldap-password-file" /> + <antcall target="create-mdb-password-file" /> <antcall target="create-pg-password-file" /> <antcall target="save-security-credentials" /> *************** *** 348,351 **** --- 349,377 ---- </target> + <target name="create-mdb-password-file"> + <fail unless="tolven.security.mdb.salt" /> + <fail unless="tolven.security.mdb.iterations" /> + <fail unless="tolven.security.openssl.ldap.dir" /> + <input message="MDB: Please enter the MDB password to be hashed" addproperty="tolven.mdb.password" /> + <input message="MDB: Please enter a keystore password to protect the MDB password" addproperty="tolven.mdb.keystore.password" /> + <java classname="org.jboss.security.plugins.FilePassword" classpath="${tolven.location}/lib/jboss/jbosssx.jar" failonerror="true"> + <arg value="${tolven.security.mdb.salt}" /> + <arg value="${tolven.security.mdb.iterations}" /> + <arg value="${tolven.mdb.keystore.password}" /> + <arg value="${tolven.security.openssl.ldap.dir}/mdb.password" /> + </java> + <fail unless="tolven.security.mdb.salt" /> + <fail unless="tolven.security.mdb.iterations" /> + <input message="Please enter the mdb password to be hashed" addproperty="tolven.mdb.password" /> + <input message="Please enter a keystore password to protect the mdb password" addproperty="tolven.mdb.keystore.password" /> + <java classname="org.jboss.security.plugins.PBEUtils" classpath="${tolven.location}/lib/jboss/jbosssx.jar" output="${tolven.security.openssl.ldap.dir}/hashed-mdb.password" failonerror="true"> + <arg value="${tolven.security.mdb.salt}" /> + <arg value="${tolven.security.mdb.iterations}" /> + <arg value="${tolven.mdb.keystore.password}" /> + <arg value="${tolven.mdb.password}" /> + </java> + <replace file="${tolven.security.openssl.ldap.dir}/hashed-mdb.password" token="Encoded password: " value=""/> + </target> + <target name="display-tolvendev-ca-cert"> <exec executable="${tolven.security.openssl.command}" failonerror="true"> *************** *** 469,472 **** --- 495,499 ---- <fileset dir="${tolven.security.openssl.ldap.dir}"> <include name="ldapserver.password" /> + <include name="mdb.password" /> </fileset> <fileset dir="${tolven.security.openssl.db.dir}"> *************** *** 488,492 **** </fileset> </copy> ! <echo level="info" message="The JBoss ldapserver.password and pgserver.password have been placed in ${tolven.stage}/jboss-server/conf" /> <echo level="info" message="The JBoss keystore and truststore are located in ${tolven.stage}/jboss-server/conf" /> <echo level="info" message="tolvendev-jboss.jks specifies the Java Key Store-format file containing the certificate and key used for SSL between JBoss and Postgres/LDAP" /> --- 515,519 ---- </fileset> </copy> ! <echo level="info" message="The JBoss ldapserver.password, pgserver.password and mdb.password have been placed in ${tolven.stage}/jboss-server/conf" /> <echo level="info" message="The JBoss keystore and truststore are located in ${tolven.stage}/jboss-server/conf" /> <echo level="info" message="tolvendev-jboss.jks specifies the Java Key Store-format file containing the certificate and key used for SSL between JBoss and Postgres/LDAP" /> *************** *** 502,505 **** --- 529,533 ---- <include name="hashed-ldapserver.password" /> <include name="hashed-slapd.password" /> + <include name="hashed-mdb.password" /> </fileset> <fileset dir="${tolven.security.openssl.db.dir}"> *************** *** 507,511 **** </fileset> </move> ! <echo level="info" message="hashed-ldapserver.password and hashed-slapd.password have been placed in ${tolven.stage}/misc" /> </target> --- 535,539 ---- </fileset> </move> ! <echo level="info" message="hashed-ldapserver.password, hashed-slapd.password and hashed-mdb.password have been placed in ${tolven.stage}/misc" /> </target> *************** *** 529,532 **** --- 557,561 ---- <loadfile property="hashed-slapd-password" srcFile="${tolven.stage}/misc/hashed-slapd.password"/> <loadfile property="hashed-ldapserver.password" srcFile="${tolven.stage}/misc/hashed-ldapserver.password"/> + <loadfile property="hashed-mdb.password" srcFile="${tolven.stage}/misc/hashed-mdb.password"/> <loadfile property="hashed-pgserver.password" srcFile="${tolven.stage}/misc/hashed-pgserver.password"/> <filter token="slapd-conf-rootpw" value="${hashed-slapd-password}"/> *************** *** 536,540 **** --- 565,573 ---- <filter token="ldap-location" value="${ldap.location}"/> <filter token="ldap-rootDN" value="${ldap.rootDN}"/> + <filter token="mdb-username" value="${mdb.username}"/> <filter token="hashed-ldapserver-password" value="${hashed-ldapserver.password}"/> + <filter token="hashed-mdb-password" value="${hashed-mdb.password}"/> + <filter token="tolven-mdb-salt" value="${tolven.security.mdb.salt}"/> + <filter token="tolven-mdb-iterations" value="${tolven.security.mdb.iterations}"/> <filter token="hashed-pgserver-password" value="${hashed-pgserver.password}"/> <filter token="tolven-ds-salt" value="${tolven.security.db.salt}"/> *************** *** 613,616 **** --- 646,650 ---- <fileset dir="${tolven.stage}/jboss-server/conf"> <include name="ldapserver.password"/> + <include name="mdb.password"/> <include name="pgserver.password"/> <include name="tolvendev-jboss.jks"/> *************** *** 820,823 **** --- 854,858 ---- <mkdir dir="${tolven.security.openssl.ldap.dir}" /> <antcall target="validate-jboss-ldap-credentials-ldapserver.password" /> + <antcall target="validate-jboss-mdb-credentials-mdb.password" /> <antcall target="validate-jboss-ldap-credentials-login-config" /> <delete dir="${tolven.security.openssl.ldap.dir}" /> |
|
From: Joseph I. <jos...@us...> - 2007-03-31 22:53:18
|
Update of /cvsroot/tolven/tolven/installer/template In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21380/installer/template Modified Files: Tag: E_JI_MDBKeys ant-build.template Log Message: Moved the MDB user password to MDBLoginModule Index: ant-build.template =================================================================== RCS file: /cvsroot/tolven/tolven/installer/template/ant-build.template,v retrieving revision 1.6 retrieving revision 1.6.2.1 diff -C2 -d -r1.6 -r1.6.2.1 *** ant-build.template 20 Mar 2007 09:13:56 -0000 1.6 --- ant-build.template 31 Mar 2007 22:53:16 -0000 1.6.2.1 *************** *** 16,19 **** --- 16,20 ---- db.name=$DB_NAME jdbc.username=$DB_USER + mdb.username=accountprocessingQ # For copying credentials to a remoted host the following two properties must be set to avoid being asked for input # ldap.host.user=someldapuser *************** *** 33,36 **** --- 34,39 ---- tolven.security.db.salt=$DB_SALT tolven.security.db.iterations=$DB_ITERATIONS + tolven.security.mdb.salt=efghabcd + tolven.security.mdb.iterations=13 #certificate creation where tolven.security.build.dir is relative to the security-config or could be absolute |
|
From: Joseph I. <jos...@us...> - 2007-03-31 22:53:18
|
Update of /cvsroot/tolven/tolven In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21380 Modified Files: Tag: E_JI_MDBKeys build.xml Log Message: Moved the MDB user password to MDBLoginModule Index: build.xml =================================================================== RCS file: /cvsroot/tolven/tolven/build.xml,v retrieving revision 1.77.2.2 retrieving revision 1.77.2.3 diff -C2 -d -r1.77.2.2 -r1.77.2.3 *** build.xml 28 Mar 2007 05:13:09 -0000 1.77.2.2 --- build.xml 31 Mar 2007 22:53:16 -0000 1.77.2.3 *************** *** 121,124 **** --- 121,125 ---- <include name="login-config.xml"/> <include name="pgserver.password" /> + <include name="mdb.password" /> <include name="tolvendev-jboss.jks" /> <include name="tolvendev-jboss-cacerts.jks" /> |
|
From: Joseph I. <jos...@us...> - 2007-03-31 22:53:18
|
Update of /cvsroot/tolven/tolven/template In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21380/template Modified Files: Tag: E_JI_MDBKeys ant-build.template Log Message: Moved the MDB user password to MDBLoginModule Index: ant-build.template =================================================================== RCS file: /cvsroot/tolven/tolven/template/ant-build.template,v retrieving revision 1.54 retrieving revision 1.54.2.1 diff -C2 -d -r1.54 -r1.54.2.1 *** ant-build.template 20 Mar 2007 09:13:56 -0000 1.54 --- ant-build.template 31 Mar 2007 22:53:16 -0000 1.54.2.1 *************** *** 13,16 **** --- 13,17 ---- jdbc.host=localhost jdbc.username=postgres + mdb.username=accountprocessingQ # Uncomment to build tolvenMobileClient using Wireless Toolkit from Sun *************** *** 37,40 **** --- 38,43 ---- tolven.security.db.salt=abcdefgh tolven.security.db.iterations=13 + tolven.security.mdb.salt=efghabcd + tolven.security.mdb.iterations=13 #certificate creation where tolven.security.build.dir is relative to the security-config or could be absolute |
|
From: Joseph I. <jos...@us...> - 2007-03-31 22:53:10
|
Update of /cvsroot/tolven/tolvenSecurity/src/org/tolven/security/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21351/src/org/tolven/security/bean Log Message: Directory /cvsroot/tolven/tolvenSecurity/src/org/tolven/security/bean added to the repository --> Using per-directory sticky tag `E_JI_MDBKeys' |
|
From: Joseph I. <jos...@us...> - 2007-03-30 07:07:07
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv17700/src/org/tolven/core/bean Modified Files: Tag: E_JI_MDBKeys AccountDAOBean.java Log Message: At this time, for patient generation, a user does not have to be logged in. So, AccountProcessingKeys have to be created at account creation time, so that the MDBs can work with their encrypted queues. Index: AccountDAOBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean/AccountDAOBean.java,v retrieving revision 1.29 retrieving revision 1.29.6.1 diff -C2 -d -r1.29 -r1.29.6.1 *** AccountDAOBean.java 8 Mar 2007 16:56:37 -0000 1.29 --- AccountDAOBean.java 30 Mar 2007 07:07:06 -0000 1.29.6.1 *************** *** 14,21 **** --- 14,24 ---- package org.tolven.core.bean; + import java.io.IOException; + import java.security.GeneralSecurityException; import java.security.PublicKey; import java.util.ArrayList; import java.util.Date; import java.util.List; + import java.util.Set; import javax.annotation.Resource; *************** *** 24,27 **** --- 27,33 ---- import javax.persistence.PersistenceContext; import javax.persistence.Query; + import javax.security.auth.Subject; + import javax.security.auth.login.LoginContext; + import javax.security.auth.login.LoginException; import org.tolven.core.AccountDAOLocal; *************** *** 35,40 **** --- 41,51 ---- import org.tolven.core.entity.AccountUser; import org.tolven.doc.entity.Invitation; + import org.tolven.security.AccountProcessingProtectionLocal; + import org.tolven.security.auth.KeyLdapCallbackHandler; import org.tolven.security.key.AccountPrivateKey; + import org.tolven.security.key.AccountProcessingPrivateKey; + import org.tolven.security.key.AccountProcessingPublicKey; import org.tolven.security.key.UserPrivateKey; + import org.tolven.security.key.UserPublicKey; /** *************** *** 97,104 **** account.setTitle(title); account.setTimeZone( timeZone ); //account.setAccountTypeId(accountTypeId); em.persist( account ); return account; } ! /** * Create a new account. No users are associated with this account. --- 108,153 ---- account.setTitle(title); account.setTimeZone( timeZone ); //account.setAccountTypeId(accountTypeId); + //TODO: This method is called by the generate patients functionality which generates patients + //for an account in which the user is no logged and has not set up AccountProcessingKeys. + //So it must be done here + setupAccountProcessingKeys(account); em.persist( account ); return account; } ! ! private void setupAccountProcessingKeys(Account account) { ! AccountProcessingPublicKey accountProcessingPublicKey = account.getAccountProcessingPublicKey(); ! try { ! String processingId = AccountProcessingProtectionLocal.ACCOUNT_PROCESSING_Q_ID; ! if (accountProcessingPublicKey == null) { ! LoginContext lc = null; ! try { ! lc = new LoginContext("tolvenLDAP", new KeyLdapCallbackHandler(processingId, processingId.toCharArray())); ! lc.login(); ! Subject subject = lc.getSubject(); ! Set<UserPublicKey> publicCredentials = subject.getPublicCredentials(UserPublicKey.class); ! UserPublicKey userPublicKey = publicCredentials.iterator().next(); ! if (userPublicKey == null) ! throw new RuntimeException(getClass() + " :No UserPublicKey found for " + processingId); ! AccountProcessingPrivateKey accountProcessingPrivateKey = AccountProcessingPrivateKey.getInstance(); ! account.setAccountProcessingPrivateKey(accountProcessingPrivateKey); ! try { ! PublicKey publicKey = accountProcessingPrivateKey.init(userPublicKey.getPublicKey()); ! account.setAccountProcessingPublicKey(publicKey); ! } catch (GeneralSecurityException ex) { ! throw new RuntimeException(getClass() + " :Could not create AccountProcessingKey " + processingId); ! } catch (IOException ex) { ! throw new RuntimeException(getClass() + " :Could not create AccountProcessingKey " + processingId); ! } ! } finally { ! if (lc != null) ! lc.logout(); ! } ! } ! } catch (LoginException ex) { ! throw new RuntimeException(getClass() + " :Could not login " + AccountProcessingProtectionLocal.ACCOUNT_PROCESSING_Q_ID); ! } ! } ! /** * Create a new account. No users are associated with this account. |
|
From: Joseph I. <jos...@us...> - 2007-03-30 07:07:07
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv17700/src/org/tolven/security/auth Modified Files: Tag: E_JI_MDBKeys KeyLoginModule.java Log Message: At this time, for patient generation, a user does not have to be logged in. So, AccountProcessingKeys have to be created at account creation time, so that the MDBs can work with their encrypted queues. Index: KeyLoginModule.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth/KeyLoginModule.java,v retrieving revision 1.9.2.2 retrieving revision 1.9.2.3 diff -C2 -d -r1.9.2.2 -r1.9.2.3 *** KeyLoginModule.java 30 Mar 2007 04:41:49 -0000 1.9.2.2 --- KeyLoginModule.java 30 Mar 2007 07:07:05 -0000 1.9.2.3 *************** *** 206,210 **** //System.out.println(getClass() + ": Adding AccountPublicKey to Subject " + principalName); subject.getPublicCredentials().add(accountPublicKey); ! // Add AccountProcessingKeys here until a GUI allows users to do it themselves AccountUser accountUser = activation.findAccountUser(accountUserId); if (!accountUser.getAccount().hasAccountProcessingPrivateKey()) --- 206,210 ---- //System.out.println(getClass() + ": Adding AccountPublicKey to Subject " + principalName); subject.getPublicCredentials().add(accountPublicKey); ! //TODO: Add AccountProcessingKeys here until a GUI allows users to do it themselves AccountUser accountUser = activation.findAccountUser(accountUserId); if (!accountUser.getAccount().hasAccountProcessingPrivateKey()) |
|
From: Joseph I. <jos...@us...> - 2007-03-30 04:41:53
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core/entity In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21696/src/org/tolven/core/entity Modified Files: Tag: E_JI_MDBKeys Account.java Log Message: Introducing an MDB user with principal accountprocessingQ, for the rule queue, which will allow messages to be encrypted while on the queue. Index: Account.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/entity/Account.java,v retrieving revision 1.17.10.1 retrieving revision 1.17.10.2 diff -C2 -d -r1.17.10.1 -r1.17.10.2 *** Account.java 28 Mar 2007 05:13:23 -0000 1.17.10.1 --- Account.java 30 Mar 2007 04:41:49 -0000 1.17.10.2 *************** *** 84,96 **** private AccountProcessingPublicKey accountProcessingPublicKey; - /* - @AttributeOverrides({ - @AttributeOverride(name="encodedEncryptedPrivateKeyInfo",column=@Column(name="processing_encoded_encrypted_private_key_info")), - @AttributeOverride(name="keySize",column=@Column(name="processing_private_key_size")), - @AttributeOverride(name="algorithm",column=@Column(name="processing_algorithm")), - @AttributeOverride(name="encryptedKey",column=@Column(name="processing_encrypted_secret_key")), - @AttributeOverride(name="algorithm",column=@Column(name="processing_secret_key_algorithm")) - }) - */ @Embedded private AccountProcessingPrivateKey accountProcessingPrivateKey; --- 84,87 ---- |
|
From: Joseph I. <jos...@us...> - 2007-03-30 04:41:53
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21696/src/org/tolven/security Modified Files: Tag: E_JI_MDBKeys LoginLocal.java Log Message: Introducing an MDB user with principal accountprocessingQ, for the rule queue, which will allow messages to be encrypted while on the queue. Index: LoginLocal.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/LoginLocal.java,v retrieving revision 1.4 retrieving revision 1.4.10.1 diff -C2 -d -r1.4 -r1.4.10.1 *** LoginLocal.java 19 Feb 2007 10:17:31 -0000 1.4 --- LoginLocal.java 30 Mar 2007 04:41:48 -0000 1.4.10.1 *************** *** 8,11 **** --- 8,12 ---- import org.tolven.core.bean.InvitationException; + import org.tolven.core.entity.AccountUser; import org.tolven.core.entity.TolvenUser; import org.tolven.security.key.AccountPrivateKey; *************** *** 34,37 **** --- 35,44 ---- /** + * Return an AccountUser given an AccountUserId + * @param anAccountUserId + * @return + */ + public AccountUser findAccountUser(long accountUserId); + /** * Return an AccountPublicKey given an AccountUserId * @param anAccountUserId |
|
From: Joseph I. <jos...@us...> - 2007-03-30 04:41:53
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21696/src/org/tolven/security/auth Modified Files: Tag: E_JI_MDBKeys KeyLoginModule.java Log Message: Introducing an MDB user with principal accountprocessingQ, for the rule queue, which will allow messages to be encrypted while on the queue. Index: KeyLoginModule.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth/KeyLoginModule.java,v retrieving revision 1.9.2.1 retrieving revision 1.9.2.2 diff -C2 -d -r1.9.2.1 -r1.9.2.2 *** KeyLoginModule.java 26 Mar 2007 03:24:56 -0000 1.9.2.1 --- KeyLoginModule.java 30 Mar 2007 04:41:49 -0000 1.9.2.2 *************** *** 15,18 **** --- 15,19 ---- import java.io.IOException; + import java.security.GeneralSecurityException; import java.security.Principal; import java.security.PublicKey; *************** *** 22,25 **** --- 23,27 ---- import java.util.Iterator; import java.util.Map; + import java.util.Set; import javax.naming.InitialContext; *************** *** 30,40 **** --- 32,48 ---- import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; + import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; + import org.tolven.core.entity.Account; + import org.tolven.core.entity.AccountUser; + import org.tolven.security.AccountProcessingProtectionLocal; import org.tolven.security.LoginLocal; import org.tolven.security.TolvenPrincipal; import org.tolven.security.acl.TolvenGroup; import org.tolven.security.key.AccountPrivateKey; + import org.tolven.security.key.AccountProcessingPrivateKey; + import org.tolven.security.key.AccountProcessingPublicKey; import org.tolven.security.key.AccountPublicKey; import org.tolven.security.key.UserKeyRing; *************** *** 59,63 **** public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> arg2, Map<String, ?> arg3) { ! System.out.println(getClass() + " initialize()"); this.subject = subject; this.callbackHandler = callbackHandler; --- 67,71 ---- public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> arg2, Map<String, ?> arg3) { ! //System.out.println(getClass() + " initialize()"); this.subject = subject; this.callbackHandler = callbackHandler; *************** *** 65,69 **** public boolean login() throws LoginException { ! System.out.println(getClass() + " begin login"); if (callbackHandler == null) throw new LoginException("No CallbackHandler"); --- 73,77 ---- public boolean login() throws LoginException { ! //System.out.println(getClass() + " begin login"); if (callbackHandler == null) throw new LoginException("No CallbackHandler"); *************** *** 93,97 **** accountUserId = auc.getAccountUserId(); if (accountUserId == 0) { ! System.out.println(getClass() + " Login not linked to an account"); } else { System.out.println(getClass() + " Login linking to account id=" + accountUserId); --- 101,105 ---- accountUserId = auc.getAccountUserId(); if (accountUserId == 0) { ! //System.out.println(getClass() + " Login not linked to an account"); } else { System.out.println(getClass() + " Login linking to account id=" + accountUserId); *************** *** 110,114 **** public boolean commit() throws LoginException { ! System.out.println(getClass() + ": begin commit"); try { // TolvenPrncipal: Ensure there is only one Group called Roles --- 118,122 ---- public boolean commit() throws LoginException { ! //System.out.println(getClass() + ": begin commit"); try { // TolvenPrncipal: Ensure there is only one Group called Roles *************** *** 146,150 **** if (userKeyRing == null || userKeyRing.getUserPrivateKey() == null) { // Create the keys ! System.out.println("Create new keys for " + principalName); userPrivateKey = UserPrivateKey.getInstance(); PublicKey publicKey = userPrivateKey.init(password); --- 154,158 ---- if (userKeyRing == null || userKeyRing.getUserPrivateKey() == null) { // Create the keys ! //System.out.println("Create new keys for " + principalName); userPrivateKey = UserPrivateKey.getInstance(); PublicKey publicKey = userPrivateKey.init(password); *************** *** 157,161 **** userPrivateKey.unlockPrivateKey(password); // Populate the Subject ! System.out.println(getClass() + ": Adding UserPrivateKey to Subject " + principalName); // UserPrivateKey: Ensure there is only one UserPrivateKey in a Subject by removing any that might be there Object obj = null; --- 165,169 ---- userPrivateKey.unlockPrivateKey(password); // Populate the Subject ! //System.out.println(getClass() + ": Adding UserPrivateKey to Subject " + principalName); // UserPrivateKey: Ensure there is only one UserPrivateKey in a Subject by removing any that might be there Object obj = null; *************** *** 166,170 **** } subject.getPrivateCredentials().add(userPrivateKey); ! System.out.println(getClass() + ": Adding UserPublicKey to Subject " + principalName); // UserPublicKey: Ensure there is only one UserPublicKey in a Subject by removing any that might be there for (Iterator iter = subject.getPublicCredentials().iterator(); iter.hasNext();) { --- 174,178 ---- } subject.getPrivateCredentials().add(userPrivateKey); ! //System.out.println(getClass() + ": Adding UserPublicKey to Subject " + principalName); // UserPublicKey: Ensure there is only one UserPublicKey in a Subject by removing any that might be there for (Iterator iter = subject.getPublicCredentials().iterator(); iter.hasNext();) { *************** *** 179,183 **** if (accountPrivateKey == null) throw new LoginException(getClass() + ": Could not locate an AccountPrivateKey for AccountUser with id=" + accountUserId); ! System.out.println(getClass() + ": Adding AccountPrivateKey to Subject " + principalName); // AccountPrivateKey: Ensure there is only one AccountPrivateKey in a Subject by removing any that might be there for (Iterator iter = subject.getPublicCredentials().iterator(); iter.hasNext();) { --- 187,191 ---- if (accountPrivateKey == null) throw new LoginException(getClass() + ": Could not locate an AccountPrivateKey for AccountUser with id=" + accountUserId); ! //System.out.println(getClass() + ": Adding AccountPrivateKey to Subject " + principalName); // AccountPrivateKey: Ensure there is only one AccountPrivateKey in a Subject by removing any that might be there for (Iterator iter = subject.getPublicCredentials().iterator(); iter.hasNext();) { *************** *** 196,201 **** iter.remove(); } ! System.out.println(getClass() + ": Adding AccountPublicKey to Subject " + principalName); subject.getPublicCredentials().add(accountPublicKey); } System.out.println(getClass() + ": completing login for " + principalName); --- 204,213 ---- iter.remove(); } ! //System.out.println(getClass() + ": Adding AccountPublicKey to Subject " + principalName); subject.getPublicCredentials().add(accountPublicKey); + // Add AccountProcessingKeys here until a GUI allows users to do it themselves + AccountUser accountUser = activation.findAccountUser(accountUserId); + if (!accountUser.getAccount().hasAccountProcessingPrivateKey()) + setupAccountProcessingKeys(activation.findAccountUser(accountUserId)); } System.out.println(getClass() + ": completing login for " + principalName); *************** *** 207,210 **** --- 219,257 ---- } + private void setupAccountProcessingKeys(AccountUser accountUser) { + Account account = accountUser.getAccount(); + AccountProcessingPublicKey accountProcessingPublicKey = account.getAccountProcessingPublicKey(); + try { + String processingId = AccountProcessingProtectionLocal.ACCOUNT_PROCESSING_Q_ID; + if (accountProcessingPublicKey == null) { + LoginContext lc = null; + try { + lc = new LoginContext("tolvenLDAP", new KeyLdapCallbackHandler(processingId, processingId.toCharArray())); + lc.login(); + Subject subject = lc.getSubject(); + Set<UserPublicKey> publicCredentials = subject.getPublicCredentials(UserPublicKey.class); + UserPublicKey userPublicKey = publicCredentials.iterator().next(); + if (userPublicKey == null) + throw new RuntimeException(getClass() + " :No UserPublicKey found for " + processingId); + AccountProcessingPrivateKey accountProcessingPrivateKey = AccountProcessingPrivateKey.getInstance(); + account.setAccountProcessingPrivateKey(accountProcessingPrivateKey); + try { + PublicKey publicKey = accountProcessingPrivateKey.init(userPublicKey.getPublicKey()); + account.setAccountProcessingPublicKey(publicKey); + } catch (GeneralSecurityException ex) { + throw new RuntimeException(getClass() + " :Could not create AccountProcessingKey " + processingId); + } catch (IOException ex) { + throw new RuntimeException(getClass() + " :Could not create AccountProcessingKey " + processingId); + } + } finally { + if (lc != null) + lc.logout(); + } + } + } catch (LoginException ex) { + throw new RuntimeException(getClass() + " :Could not login " + AccountProcessingProtectionLocal.ACCOUNT_PROCESSING_Q_ID); + } + } + public boolean abort() throws LoginException { removeAllCredentials(); |
3 messages has been excluded from this view by a project administrator.
