Menu
▾
▴
tolven-cvs-commit — Tolven CVS Commit
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(141) |
Sep
(184) |
Oct
(159) |
Nov
(77) |
Dec
(114) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(212) |
Feb
(302) |
Mar
(323) |
Apr
(360) |
May
(302) |
Jun
(392) |
Jul
(299) |
Aug
(858) |
Sep
(499) |
Oct
(489) |
Nov
(324) |
Dec
(438) |
| 2008 |
Jan
(449) |
Feb
(388) |
Mar
(811) |
Apr
(583) |
May
(949) |
Jun
(1431) |
Jul
(943) |
Aug
(527) |
Sep
(576) |
Oct
(440) |
Nov
(1046) |
Dec
(658) |
| 2009 |
Jan
(259) |
Feb
(192) |
Mar
(495) |
Apr
(2322) |
May
(2023) |
Jun
(1387) |
Jul
(722) |
Aug
(771) |
Sep
(167) |
Oct
(142) |
Nov
(384) |
Dec
(884) |
| 2010 |
Jan
(344) |
Feb
(82) |
Mar
(248) |
Apr
(341) |
May
(389) |
Jun
(289) |
Jul
(19) |
Aug
(478) |
Sep
(274) |
Oct
(431) |
Nov
(322) |
Dec
(207) |
| 2011 |
Jan
(125) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Joseph I. <jos...@us...> - 2007-03-20 10:04:11
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/app/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv11181/src/org/tolven/app/bean Modified Files: CreatorBean.java Log Message: Provided two interfaces for DocProctectionBean: DocContentSecurity and ImageDocContentSecurity in an attempt to decouple the security for direct dependence on Tolven entities. Removed the PrivateKeyRing class and will now place UserPrivateKey and AccountPrivateKey directly in the Subject's privateCredentials. Clarified the filter sequencing code. Web tier now distinguishes the current account solely by the session accountUserId/accountId attributes, rather than the AccountPrivateKey in the PrivateKeyRing of the web tier Subject. Reauthentications are now occur byf clearing the cache for the principal, which via the KeyLoginModule, results in the keys for the selected Account making their way to the EJB tier Subject for use in the EJB tier. In the EJB tier, the content of DocBase is now protected by DocProtectionBean, which belongs to the tovlenLDAP SecurityDomain. In order to replace the default JBoss CallbackHandler, the class needs to be available to the server before tolven.ear is deployed. A separate tolvenSecurity.jar is now being created. Index: CreatorBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/app/bean/CreatorBean.java,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** CreatorBean.java 12 Mar 2007 08:47:12 -0000 1.6 --- CreatorBean.java 20 Mar 2007 09:13:12 -0000 1.7 *************** *** 5,11 **** import java.util.ArrayList; import java.util.Date; - import java.util.HashMap; import java.util.List; - import java.util.Map; import javax.annotation.EJB; --- 5,9 ---- *************** *** 36,39 **** --- 34,38 ---- import org.tolven.doc.entity.CCRException; import org.tolven.doc.entity.DocXML; + import org.tolven.security.DocProtectionLocal; import org.tolven.trim.Act; import org.tolven.trim.ActBind; *************** *** 64,67 **** --- 63,67 ---- @EJB XMLLocal xmlBean; @EJB XMLProtectedLocal xmlProtectedBean; + @EJB DocProtectionLocal docProtectionBean; @Resource(mappedName="java:/JmsXA") *************** *** 187,191 **** ByteArrayOutputStream trimXML = new ByteArrayOutputStream() ; xmlBean.marshalTRIM(trim, trimXML); ! docXML.setContent(trimXML.toByteArray()); // Document remains in new status, but is saved (persist/merge) documentBean.saveDocument(docXML); --- 187,191 ---- ByteArrayOutputStream trimXML = new ByteArrayOutputStream() ; xmlBean.marshalTRIM(trim, trimXML); ! docXML.setAsEncryptedContent(trimXML.toByteArray()); // Document remains in new status, but is saved (persist/merge) documentBean.saveDocument(docXML); *************** *** 238,242 **** ByteArrayOutputStream trimXML = new ByteArrayOutputStream() ; xmlBean.marshalTRIM(trim, trimXML); ! docXML.setContent(trimXML.toByteArray()); // Document remains in new status, but is saved (persist/merge) documentBean.saveDocument(docXML); --- 238,242 ---- ByteArrayOutputStream trimXML = new ByteArrayOutputStream() ; xmlBean.marshalTRIM(trim, trimXML); ! docXML.setAsEncryptedContent(trimXML.toByteArray()); // Document remains in new status, but is saved (persist/merge) documentBean.saveDocument(docXML); *************** *** 303,307 **** if (0==documentId) throw new IllegalArgumentException( "Submitted DocumentId must not be 0"); DocXML docXML = (DocXML) documentBean.findDocument(documentId); ! submit( docXML, docXML.getContent() ); } --- 303,307 ---- if (0==documentId) throw new IllegalArgumentException( "Submitted DocumentId must not be 0"); DocXML docXML = (DocXML) documentBean.findDocument(documentId); ! submit( docXML, docProtectionBean.getDecryptedContent(docXML) ); } |
|
From: Joseph I. <jos...@us...> - 2007-03-20 09:52:23
|
Update of /cvsroot/tolven/tolven In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv11760 Modified Files: build.xml Log Message: Provided two interfaces for DocProctectionBean: DocContentSecurity and ImageDocContentSecurity in an attempt to decouple the security for direct dependence on Tolven entities. Removed the PrivateKeyRing class and will now place UserPrivateKey and AccountPrivateKey directly in the Subject's privateCredentials. Clarified the filter sequencing code. Web tier now distinguishes the current account solely by the session accountUserId/accountId attributes, rather than the AccountPrivateKey in the PrivateKeyRing of the web tier Subject. Reauthentications are now occur byf clearing the cache for the principal, which via the KeyLoginModule, results in the keys for the selected Account making their way to the EJB tier Subject for use in the EJB tier. In the EJB tier, the content of DocBase is now protected by DocProtectionBean, which belongs to the tovlenLDAP SecurityDomain. In order to replace the default JBoss CallbackHandler, the class needs to be available to the server before tolven.ear is deployed. A separate tolvenSecurity.jar is now being created. Index: build.xml =================================================================== RCS file: /cvsroot/tolven/tolven/build.xml,v retrieving revision 1.76 retrieving revision 1.77 diff -C2 -d -r1.76 -r1.77 *** build.xml 5 Mar 2007 05:57:44 -0000 1.76 --- build.xml 20 Mar 2007 09:13:56 -0000 1.77 *************** *** 33,36 **** --- 33,37 ---- </delete> <delete dir="${tolven.home}/tolven-jboss-4.0.4.GA/docs" /> + <copy file="${tolven.home}/tolven/jboss-config/security-service.xml" todir="${tolven.home}/tolven-jboss-4.0.4.GA/server/tolven/deploy" overwrite="true" preservelastmodified="true" /> <copy file="${tolven.home}/tolven/jboss-config/ejb-timer-service.xml" todir="${tolven.home}/tolven-jboss-4.0.4.GA/server/tolven/deploy" overwrite="true" preservelastmodified="true" verbose="${message.show.copy}" /> <copy toDir="${deploy.location}/deploy/jbossweb-tomcat55.sar/conf" overwrite="true" preservelastmodified="true" verbose="${message.show.copy}"> *************** *** 189,192 **** --- 190,194 ---- <fileset file="build/tolven.ear"/> </copy> + <copy toDir="${deploy.location}/lib" file="${tolvenSecurity.location}/build/tolvenSecurity.jar" overwrite="true" preservelastmodified="true" verbose="${message.show.copy}" /> </target> <target name="packaging" depends="dependencies" description="tolven.ear"> *************** *** 221,224 **** --- 223,227 ---- <target depends="init" name="dependencies" description="Build dependent projects"> + <ant dir="${tolvenSecurity.location}" antfile="${tolvenSecurity.location}/build.xml" target="packaging"/> <ant dir="${tolvenEJB.location}" antfile="${tolvenEJB.location}/build.xml" target="packaging" /> <ant dir="${tolvenWEB.location}" antfile="${tolvenWEB.location}/build.xml" target="packaging" /> |
|
From: Joseph I. <jos...@us...> - 2007-03-20 09:52:22
|
Update of /cvsroot/tolven/tolven/installer/izpack-8.1 In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv11760/installer/izpack-8.1 Modified Files: tolven-install.xml Log Message: Provided two interfaces for DocProctectionBean: DocContentSecurity and ImageDocContentSecurity in an attempt to decouple the security for direct dependence on Tolven entities. Removed the PrivateKeyRing class and will now place UserPrivateKey and AccountPrivateKey directly in the Subject's privateCredentials. Clarified the filter sequencing code. Web tier now distinguishes the current account solely by the session accountUserId/accountId attributes, rather than the AccountPrivateKey in the PrivateKeyRing of the web tier Subject. Reauthentications are now occur byf clearing the cache for the principal, which via the KeyLoginModule, results in the keys for the selected Account making their way to the EJB tier Subject for use in the EJB tier. In the EJB tier, the content of DocBase is now protected by DocProtectionBean, which belongs to the tovlenLDAP SecurityDomain. In order to replace the default JBoss CallbackHandler, the class needs to be available to the server before tolven.ear is deployed. A separate tolvenSecurity.jar is now being created. Index: tolven-install.xml =================================================================== RCS file: /cvsroot/tolven/tolven/installer/izpack-8.1/tolven-install.xml,v retrieving revision 1.16 retrieving revision 1.17 diff -C2 -d -r1.16 -r1.17 *** tolven-install.xml 24 Feb 2007 23:59:09 -0000 1.16 --- tolven-install.xml 20 Mar 2007 09:13:56 -0000 1.17 *************** *** 215,218 **** --- 215,221 ---- includes="tolvenBrowse/**" excludes="tolvenBrowse/bin/**,tolvenBrowse/build/**" /> + <fileset dir="../../.." targetdir="$INSTALL_PATH" + includes="tolvenSecurity/**" + excludes="tolvenSecurity/bin/**,tolvenSecurity/build/**" /> <depends packname="base" /> </pack> |
|
From: Joseph I. <jos...@us...> - 2007-03-20 09:52:22
|
Update of /cvsroot/tolven/tolvenSecurity/src/org/tolven/web/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv11839/src/org/tolven/web/security/auth Added Files: UsernamePasswordAccountUserIdCallbackHandler.java Log Message: Provided two interfaces for DocProctectionBean: DocContentSecurity and ImageDocContentSecurity in an attempt to decouple the security for direct dependence on Tolven entities. Removed the PrivateKeyRing class and will now place UserPrivateKey and AccountPrivateKey directly in the Subject's privateCredentials. Clarified the filter sequencing code. Web tier now distinguishes the current account solely by the session accountUserId/accountId attributes, rather than the AccountPrivateKey in the PrivateKeyRing of the web tier Subject. Reauthentications are now occur byf clearing the cache for the principal, which via the KeyLoginModule, results in the keys for the selected Account making their way to the EJB tier Subject for use in the EJB tier. In the EJB tier, the content of DocBase is now protected by DocProtectionBean, which belongs to the tovlenLDAP SecurityDomain. In order to replace the default JBoss CallbackHandler, the class needs to be available to the server before tolven.ear is deployed. A separate tolvenSecurity.jar is now being created. --- NEW FILE: UsernamePasswordAccountUserIdCallbackHandler.java --- /* * Copyright (C) 2006 Tolven Inc * * This library is free software; you can redistribute it and/or modify it under the terms of * the GNU Lesser General Public License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU Lesser General Public License for more details. * * Contact: in...@to... */ package org.tolven.web.security.auth; import java.lang.reflect.Method; import java.io.IOException; import java.security.Principal; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.jacc.PolicyContext; import javax.security.jacc.PolicyContextException; import javax.servlet.http.HttpServletRequest; import org.tolven.security.auth.AccountUserIdCallback; /** * This class provides a way to supply the username, password and optionally the accountUserId to LoginModules via the CallbackHandler interface * @author Joseph Isaac * */ public class UsernamePasswordAccountUserIdCallbackHandler implements CallbackHandler { public static final String ACCOUNTUSER_ID = "accountUserId"; private Principal principal; private Object credential; public UsernamePasswordAccountUserIdCallbackHandler() { } public UsernamePasswordAccountUserIdCallbackHandler(Principal principal, Object credential) { this.principal = principal; this.credential = credential; } public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { int len = callbacks.length; Callback cb; for (int i = 0; i < len; i++) { cb = callbacks[i]; if (cb instanceof NameCallback) { NameCallback ncb = (NameCallback) cb; if (principal != null) ncb.setName(principal.getName()); } else if (cb instanceof PasswordCallback) { PasswordCallback pcb = (PasswordCallback) cb; if (credential != null) pcb.setPassword(getPassword()); } else if (cb instanceof org.tolven.security.auth.AccountUserIdCallback) { AccountUserIdCallback pcb = (AccountUserIdCallback) cb; try { HttpServletRequest request = (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest"); if (request != null) { Object obj = request.getSession().getAttribute(ACCOUNTUSER_ID); if (obj == null) { pcb.setAccountUserId(0L); } else { pcb.setAccountUserId((Long) obj); } } } catch (PolicyContextException ex) { ex.printStackTrace(); throw new RuntimeException(ex); } } else { throw new UnsupportedCallbackException(cb, "Unsupported Callback Exception"); } } } public void setSecurityInfo(Principal principal, Object credential) { this.principal = principal; this.credential = credential; } private char[] getPassword() { char[] password = null; if (credential instanceof char[]) { password = (char[]) credential; } else if (credential instanceof String) { String s = (String) credential; password = s.toCharArray(); } else { try { Class[] types = {}; Method m = credential.getClass().getMethod("toCharArray", types); Object[] args = {}; password = (char[]) m.invoke(credential, args); } catch (Exception e) { if (credential != null) { String s = credential.toString(); password = s.toCharArray(); } } } return password; } } |
|
From: Joseph I. <jos...@us...> - 2007-03-20 09:52:22
|
Update of /cvsroot/tolven/tolvenSecurity In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv11839 Added Files: build.xml Log Message: Provided two interfaces for DocProctectionBean: DocContentSecurity and ImageDocContentSecurity in an attempt to decouple the security for direct dependence on Tolven entities. Removed the PrivateKeyRing class and will now place UserPrivateKey and AccountPrivateKey directly in the Subject's privateCredentials. Clarified the filter sequencing code. Web tier now distinguishes the current account solely by the session accountUserId/accountId attributes, rather than the AccountPrivateKey in the PrivateKeyRing of the web tier Subject. Reauthentications are now occur byf clearing the cache for the principal, which via the KeyLoginModule, results in the keys for the selected Account making their way to the EJB tier Subject for use in the EJB tier. In the EJB tier, the content of DocBase is now protected by DocProtectionBean, which belongs to the tovlenLDAP SecurityDomain. In order to replace the default JBoss CallbackHandler, the class needs to be available to the server before tolven.ear is deployed. A separate tolvenSecurity.jar is now being created. --- NEW FILE: build.xml --- <?xml version="1.0" encoding="UTF-8"?> <project basedir="." default="packaging" name="tolvenSecurity"> <property file="../tolven/resources/ant-build.properties"/> <path id="project.classpath"> <fileset dir="${jboss.location}"> <include name="client/*.jar"/> </fileset> </path> <target name="init"> <delete dir="${tolvenSecurity.location}/build/bin"/> <delete dir="${tolvenSecurity.location}/build/doc"/> <mkdir dir="${tolvenSecurity.location}/build/bin"/> <mkdir dir="${tolvenSecurity.location}/build/doc"/> </target> <target name="clean"> <delete dir="${tolvenSecurity.location}/build"/> </target> <target name="compile" depends="init"> <echo message="${ant.project.name}: ${ant.file}"/> <javac destdir="${tolvenSecurity.location}/build/bin" debug="true" > <src path="${tolvenSecurity.location}/src"/> <classpath refid="project.classpath"/> </javac> </target> <target name="packaging" depends="compile" description="tolvenSecurity.jar"> <jar destfile="${tolvenSecurity.location}/build/tolvenSecurity.jar"> <zipfileset dir="${tolvenSecurity.location}/build/bin" includes="org/tolven/web/security/auth/UsernamePasswordAccountUserIdCallbackHandler.class"/> <zipfileset dir="${tolvenSecurity.location}/build/bin" includes="org/tolven/security/auth/AccountUserIdCallback.class"/> </jar> </target> <target name="javadoc" description="Generate Javadoc"> <javadoc access="public" author="true" destdir="${tolvenSecurity.location}/build/doc" doctitle="Tolven Security" packagenames="*" source="1.5" sourcepath="${tolvenSecurity.location}/src" splitindex="true" use="true" version="true"/> </target> </project> |
|
From: Joseph I. <jos...@us...> - 2007-03-20 09:52:22
|
Update of /cvsroot/tolven/tolvenSecurity/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv11839/src/org/tolven/security/auth Added Files: AccountUserIdCallback.java Log Message: Provided two interfaces for DocProctectionBean: DocContentSecurity and ImageDocContentSecurity in an attempt to decouple the security for direct dependence on Tolven entities. Removed the PrivateKeyRing class and will now place UserPrivateKey and AccountPrivateKey directly in the Subject's privateCredentials. Clarified the filter sequencing code. Web tier now distinguishes the current account solely by the session accountUserId/accountId attributes, rather than the AccountPrivateKey in the PrivateKeyRing of the web tier Subject. Reauthentications are now occur byf clearing the cache for the principal, which via the KeyLoginModule, results in the keys for the selected Account making their way to the EJB tier Subject for use in the EJB tier. In the EJB tier, the content of DocBase is now protected by DocProtectionBean, which belongs to the tovlenLDAP SecurityDomain. In order to replace the default JBoss CallbackHandler, the class needs to be available to the server before tolven.ear is deployed. A separate tolvenSecurity.jar is now being created. --- NEW FILE: AccountUserIdCallback.java --- /* * Copyright (C) 2006 Tolven Inc * * This library is free software; you can redistribute it and/or modify it under the terms of * the GNU Lesser General Public License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU Lesser General Public License for more details. * * Contact: in...@to... */ package org.tolven.security.auth; import java.io.Serializable; import javax.security.auth.callback.Callback; /** * This class provides a way to supply the AccountUserId to a LoginModule * @author Joseph Isaac * */ public class AccountUserIdCallback implements Callback, Serializable { private String prompt; private long accountUserId; public AccountUserIdCallback(String prompt) { this.prompt = prompt; } /** * Return a prompt * @return */ public String getPrompt() { return prompt; } /** * Return the accountUserId * @return */ public long getAccountUserId() { return accountUserId; } /** * Set the accountUserId * @param accountUserId */ public void setAccountUserId(long accountUserId) { this.accountUserId = accountUserId; } } |
|
From: Joseph I. <jos...@us...> - 2007-03-20 09:13:35
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv11181/src/org/tolven/security Modified Files: TolvenPrincipal.java Added Files: ImageDocContentSecurity.java DocProtectionLocal.java DocContentSecurity.java Log Message: Provided two interfaces for DocProctectionBean: DocContentSecurity and ImageDocContentSecurity in an attempt to decouple the security for direct dependence on Tolven entities. Removed the PrivateKeyRing class and will now place UserPrivateKey and AccountPrivateKey directly in the Subject's privateCredentials. Clarified the filter sequencing code. Web tier now distinguishes the current account solely by the session accountUserId/accountId attributes, rather than the AccountPrivateKey in the PrivateKeyRing of the web tier Subject. Reauthentications are now occur byf clearing the cache for the principal, which via the KeyLoginModule, results in the keys for the selected Account making their way to the EJB tier Subject for use in the EJB tier. In the EJB tier, the content of DocBase is now protected by DocProtectionBean, which belongs to the tovlenLDAP SecurityDomain. In order to replace the default JBoss CallbackHandler, the class needs to be available to the server before tolven.ear is deployed. A separate tolvenSecurity.jar is now being created. --- NEW FILE: DocContentSecurity.java --- /* * Copyright (C) 2006 Tolven Inc * * This library is free software; you can redistribute it and/or modify it under the terms of * the GNU Lesser General Public License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU Lesser General Public License for more details. * * Contact: in...@to... */ package org.tolven.security; import org.tolven.security.key.DocumentSecretKey; /** * This interface indicates the methods needed to decrypt content securely. The document id is currently only for audit purposes. * * @author Joseph Isaac * */ public interface DocContentSecurity { public long getId(); public byte[] getContent(); public DocumentSecretKey getDocumentSecretKey(); } --- NEW FILE: DocProtectionLocal.java --- /* * Copyright (C) 2006 Tolven Inc * * This library is free software; you can redistribute it and/or modify it under the terms of * the GNU Lesser General Public License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU Lesser General Public License for more details. * * Contact: in...@to... */ package org.tolven.security; import java.io.IOException; import java.io.OutputStream; import com.sun.image.codec.jpeg.ImageFormatException; /** * This interface protects the DocBase by handling its encryption and decryption. * * @author Joseph Isaac * */ public interface DocProtectionLocal { /** * Currently assumes all content is encrypted and only the authorized loggedInUser will succeed in getting the readable content * This method calls decryption each time it is called. * Decryption takes CPU time and it requires access to security policy which means * the caller must have permission to call this method. * @param encryptedContent * @return */ public byte[] getDecryptedContent(DocContentSecurity doc); /** * Return the contents of the document as base64 encoded. * This method calls decryption each time it is called. * Decryption takes CPU time and it requires access to security policy which means * the caller must have permission to call this method. */ public String getDecryptedContentB64(DocContentSecurity doc); /** * Return the content as a string. This method calls decryption each time it is called. * Decryption takes CPU time and it requires access to security policy which means * the caller must have permission to call this method. * @return */ public String getDecryptedContentString(DocContentSecurity doc); public void streamJPEGThumbnail(ImageDocContentSecurity doc, int targetWidth, int targetHeight, OutputStream stream) throws ImageFormatException, IOException; } Index: TolvenPrincipal.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/TolvenPrincipal.java,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** TolvenPrincipal.java 19 Feb 2007 13:02:45 -0000 1.2 --- TolvenPrincipal.java 20 Mar 2007 09:13:12 -0000 1.3 *************** *** 42,45 **** --- 42,49 ---- return name.hashCode(); } + + public String toString() { + return getName(); + } } --- NEW FILE: ImageDocContentSecurity.java --- /* * Copyright (C) 2006 Tolven Inc * * This library is free software; you can redistribute it and/or modify it under the terms of * the GNU Lesser General Public License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU Lesser General Public License for more details. * * Contact: in...@to... */ package org.tolven.security; import java.io.IOException; import java.io.OutputStream; import com.sun.image.codec.jpeg.ImageFormatException; /** * This interface indicates the methods needed to decrypt image content securely. * * @author Joseph Isaac * */ public interface ImageDocContentSecurity extends DocContentSecurity { public void streamJPEGThumbnail(byte[] unencryptedContent, int targetWidth, int targetHeight, OutputStream stream) throws ImageFormatException, IOException; } |
|
From: Joseph I. <jos...@us...> - 2007-03-20 09:13:34
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv11181/src/org/tolven/security/auth Modified Files: KeyLoginModule.java Removed Files: AccountUserIdCallback.java Log Message: Provided two interfaces for DocProctectionBean: DocContentSecurity and ImageDocContentSecurity in an attempt to decouple the security for direct dependence on Tolven entities. Removed the PrivateKeyRing class and will now place UserPrivateKey and AccountPrivateKey directly in the Subject's privateCredentials. Clarified the filter sequencing code. Web tier now distinguishes the current account solely by the session accountUserId/accountId attributes, rather than the AccountPrivateKey in the PrivateKeyRing of the web tier Subject. Reauthentications are now occur byf clearing the cache for the principal, which via the KeyLoginModule, results in the keys for the selected Account making their way to the EJB tier Subject for use in the EJB tier. In the EJB tier, the content of DocBase is now protected by DocProtectionBean, which belongs to the tovlenLDAP SecurityDomain. In order to replace the default JBoss CallbackHandler, the class needs to be available to the server before tolven.ear is deployed. A separate tolvenSecurity.jar is now being created. Index: KeyLoginModule.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth/KeyLoginModule.java,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** KeyLoginModule.java 20 Feb 2007 08:31:20 -0000 1.8 --- KeyLoginModule.java 20 Mar 2007 09:13:07 -0000 1.9 *************** *** 38,42 **** import org.tolven.security.key.AccountPrivateKey; import org.tolven.security.key.AccountPublicKey; - import org.tolven.security.key.PrivateKeyRing; import org.tolven.security.key.UserKeyRing; import org.tolven.security.key.UserPrivateKey; --- 38,41 ---- *************** *** 47,52 **** * However, it is responsible for adding credentials to a Subject, and while adding a UserPrivateKey, it will attempt * unlock the UserPrivateKey with the provided password. If the password is not correct, then the login will fail. - * The UserPrivateKey is placed in a PrivateKeyRing, and it is the PrivateKeyRing which is added to the privateCredentials - * of the Subject. * * @author Joseph Isaac --- 46,49 ---- *************** *** 95,98 **** --- 92,100 ---- pc.clearPassword(); accountUserId = auc.getAccountUserId(); + if (accountUserId == 0) { + System.out.println(getClass() + " Login not linked to an account"); + } else { + System.out.println(getClass() + " Login linking to account id=" + accountUserId); + } } catch (IOException e) { LoginException le = new LoginException("Failed to get principalName/password"); *************** *** 154,166 **** // Populate the Subject System.out.println(getClass() + ": Adding UserPrivateKey to Subject " + principalName); ! // UserPrivateKey: Ensure there is only one PrivateKeyRing in a Subject by removing any that might be there Object obj = null; for (Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { obj = iter.next(); ! if (obj instanceof PrivateKeyRing) iter.remove(); } ! PrivateKeyRing privateKeyRing = new PrivateKeyRing(userPrivateKey); ! subject.getPrivateCredentials().add(privateKeyRing); System.out.println(getClass() + ": Adding UserPublicKey to Subject " + principalName); // UserPublicKey: Ensure there is only one UserPublicKey in a Subject by removing any that might be there --- 156,167 ---- // Populate the Subject System.out.println(getClass() + ": Adding UserPrivateKey to Subject " + principalName); ! // UserPrivateKey: Ensure there is only one UserPrivateKey in a Subject by removing any that might be there Object obj = null; for (Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { obj = iter.next(); ! if (obj instanceof UserPrivateKey) iter.remove(); } ! subject.getPrivateCredentials().add(userPrivateKey); System.out.println(getClass() + ": Adding UserPublicKey to Subject " + principalName); // UserPublicKey: Ensure there is only one UserPublicKey in a Subject by removing any that might be there *************** *** 176,181 **** if (accountPrivateKey == null) throw new LoginException(getClass() + ": Could not locate an AccountPrivateKey for AccountUser with id=" + accountUserId); ! System.out.println(getClass() + ": Adding AccountPrivateKey to PrivateKeyRing " + principalName); ! privateKeyRing.setAccountPrivateKey(accountPrivateKey); AccountPublicKey accountPublicKey = activation.findAccountPublicKey(accountUserId); if (accountPublicKey == null) --- 177,188 ---- if (accountPrivateKey == null) throw new LoginException(getClass() + ": Could not locate an AccountPrivateKey for AccountUser with id=" + accountUserId); ! System.out.println(getClass() + ": Adding AccountPrivateKey to Subject " + principalName); ! // AccountPrivateKey: Ensure there is only one AccountPrivateKey in a Subject by removing any that might be there ! for (Iterator iter = subject.getPublicCredentials().iterator(); iter.hasNext();) { ! obj = iter.next(); ! if (obj instanceof AccountPrivateKey) ! iter.remove(); ! } ! subject.getPrivateCredentials().add(accountPrivateKey); AccountPublicKey accountPublicKey = activation.findAccountPublicKey(accountUserId); if (accountPublicKey == null) *************** *** 216,225 **** password = null; try { ! // Remove PrivateKeyRing if (subject != null) { Object obj = null; for (Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { obj = iter.next(); ! if (obj instanceof PrivateKeyRing) iter.remove(); } --- 223,232 ---- password = null; try { ! // Remove UserPrivateKey if (subject != null) { Object obj = null; for (Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { obj = iter.next(); ! if (obj instanceof UserPrivateKey) iter.remove(); } --- AccountUserIdCallback.java DELETED --- |
|
From: John C. <jc...@us...> - 2007-03-19 22:19:21
|
Update of /cvsroot/tolven/tolven/installer/izpack-8.1 In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv3074/installer/izpack-8.1 Modified Files: installUserInputSpec.xml Log Message: Cosmetic: Add choices for postgres 8.2 Index: installUserInputSpec.xml =================================================================== RCS file: /cvsroot/tolven/tolven/installer/izpack-8.1/installUserInputSpec.xml,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** installUserInputSpec.xml 19 Oct 2006 14:01:59 -0000 1.10 --- installUserInputSpec.xml 19 Mar 2007 22:19:15 -0000 1.11 *************** *** 764,771 **** --- 764,776 ---- <choice value="/var/lib/pgsql" os="unix" /> <choice value="/usr/local/pgsql" os="unix" /> + <choice value="c:\postgreSQL\8.2" os="windows" /> + <choice value="d:\postgreSQL\8.2" os="windows" /> + <choice value="e:\postgreSQL\8.2" os="windows" /> + <choice value="f:\postgreSQL\8.2" os="windows" /> <choice value="c:\postgreSQL\8.1" os="windows" /> <choice value="d:\postgreSQL\8.1" os="windows" /> <choice value="e:\postgreSQL\8.1" os="windows" /> <choice value="f:\postgreSQL\8.1" os="windows" /> + <choice value="C:\Program Files\PostgreSQL\8.2" os="windows" /> <choice value="C:\Program Files\PostgreSQL\8.1" os="windows" /> </spec> |
|
From: Joseph I. <jos...@us...> - 2007-03-19 07:04:10
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv19156/src/org/tolven/security Modified Files: Tag: P_JI_RefreshAPK DocContentSecurity.java ImageDocContentSecurity.java Log Message: Added the usual comment and javadoc comments. Index: DocContentSecurity.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/Attic/DocContentSecurity.java,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -C2 -d -r1.1.2.1 -r1.1.2.2 *** DocContentSecurity.java 19 Mar 2007 06:39:06 -0000 1.1.2.1 --- DocContentSecurity.java 19 Mar 2007 06:42:24 -0000 1.1.2.2 *************** *** 1,9 **** --- 1,30 ---- + /* + * Copyright (C) 2006 Tolven Inc + * + * This library is free software; you can redistribute it and/or modify it under the terms of + * the GNU Lesser General Public License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; + * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU Lesser General Public License for more details. + * + * Contact: in...@to... + */ package org.tolven.security; import org.tolven.security.key.DocumentSecretKey; + /** + * This interface indicates the methods needed to decrypt content securely. The document id is currently only for audit purposes. + * + * @author Joseph Isaac + * + */ public interface DocContentSecurity { public long getId(); + public byte[] getContent(); + public DocumentSecretKey getDocumentSecretKey(); } Index: ImageDocContentSecurity.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/Attic/ImageDocContentSecurity.java,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -C2 -d -r1.1.2.1 -r1.1.2.2 *** ImageDocContentSecurity.java 19 Mar 2007 06:39:06 -0000 1.1.2.1 --- ImageDocContentSecurity.java 19 Mar 2007 06:42:24 -0000 1.1.2.2 *************** *** 1,2 **** --- 1,15 ---- + /* + * Copyright (C) 2006 Tolven Inc + * + * This library is free software; you can redistribute it and/or modify it under the terms of + * the GNU Lesser General Public License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; + * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU Lesser General Public License for more details. + * + * Contact: in...@to... + */ package org.tolven.security; *************** *** 5,9 **** import com.sun.image.codec.jpeg.ImageFormatException; ! public interface ImageDocContentSecurity extends DocContentSecurity { public void streamJPEGThumbnail(byte[] unencryptedContent, int targetWidth, int targetHeight, OutputStream stream) throws ImageFormatException, IOException; --- 18,27 ---- import com.sun.image.codec.jpeg.ImageFormatException; ! /** ! * This interface indicates the methods needed to decrypt image content securely. ! * ! * @author Joseph Isaac ! * ! */ public interface ImageDocContentSecurity extends DocContentSecurity { public void streamJPEGThumbnail(byte[] unencryptedContent, int targetWidth, int targetHeight, OutputStream stream) throws ImageFormatException, IOException; |
|
From: Joseph I. <jos...@us...> - 2007-03-19 06:39:08
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv17660/src/org/tolven/security Modified Files: Tag: P_JI_RefreshAPK DocProtectionLocal.java Added Files: Tag: P_JI_RefreshAPK DocContentSecurity.java ImageDocContentSecurity.java Log Message: Provided two interfaces for DocProctectionBean: DocContentSecurity and ImageDocContentSecurity in an attempt to decouple the security for direct dependence on Tolven entities. --- NEW FILE: DocContentSecurity.java --- package org.tolven.security; import org.tolven.security.key.DocumentSecretKey; public interface DocContentSecurity { public long getId(); public byte[] getContent(); public DocumentSecretKey getDocumentSecretKey(); } Index: DocProtectionLocal.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/Attic/DocProtectionLocal.java,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -C2 -d -r1.1.2.1 -r1.1.2.2 *** DocProtectionLocal.java 17 Mar 2007 11:45:44 -0000 1.1.2.1 --- DocProtectionLocal.java 19 Mar 2007 06:39:06 -0000 1.1.2.2 *************** *** 17,23 **** import java.io.OutputStream; - import org.tolven.doc.entity.DocBase; - import org.tolven.doc.entity.DocImage; - import com.sun.image.codec.jpeg.ImageFormatException; --- 17,20 ---- *************** *** 38,42 **** * @return */ ! public byte[] getDecryptedContent(DocBase doc); /** --- 35,39 ---- * @return */ ! public byte[] getDecryptedContent(DocContentSecurity doc); /** *************** *** 46,50 **** * the caller must have permission to call this method. */ ! public String getDecryptedContentB64(DocBase doc); /** --- 43,47 ---- * the caller must have permission to call this method. */ ! public String getDecryptedContentB64(DocContentSecurity doc); /** *************** *** 54,59 **** * @return */ ! public String getDecryptedContentString(DocBase doc); ! public void streamJPEGThumbnail(DocImage doc, int targetWidth, int targetHeight, OutputStream stream) throws ImageFormatException, IOException; } --- 51,56 ---- * @return */ ! public String getDecryptedContentString(DocContentSecurity doc); ! public void streamJPEGThumbnail(ImageDocContentSecurity doc, int targetWidth, int targetHeight, OutputStream stream) throws ImageFormatException, IOException; } --- NEW FILE: ImageDocContentSecurity.java --- package org.tolven.security; import java.io.IOException; import java.io.OutputStream; import com.sun.image.codec.jpeg.ImageFormatException; public interface ImageDocContentSecurity extends DocContentSecurity { public void streamJPEGThumbnail(byte[] unencryptedContent, int targetWidth, int targetHeight, OutputStream stream) throws ImageFormatException, IOException; } |
|
From: Joseph I. <jos...@us...> - 2007-03-19 06:39:08
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/entity In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv17660/src/org/tolven/doc/entity Modified Files: Tag: P_JI_RefreshAPK DocBase.java DocImage.java Log Message: Provided two interfaces for DocProctectionBean: DocContentSecurity and ImageDocContentSecurity in an attempt to decouple the security for direct dependence on Tolven entities. Index: DocImage.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/entity/DocImage.java,v retrieving revision 1.1.8.1 retrieving revision 1.1.8.2 diff -C2 -d -r1.1.8.1 -r1.1.8.2 *** DocImage.java 17 Mar 2007 11:45:44 -0000 1.1.8.1 --- DocImage.java 19 Mar 2007 06:39:06 -0000 1.1.8.2 *************** *** 17,20 **** --- 17,22 ---- import javax.swing.ImageIcon; + import org.tolven.security.ImageDocContentSecurity; + import com.sun.image.codec.jpeg.ImageFormatException; import com.sun.image.codec.jpeg.JPEGCodec; *************** *** 28,32 **** @Entity @DiscriminatorValue("IMG") ! public class DocImage extends DocBase { /** --- 30,34 ---- @Entity @DiscriminatorValue("IMG") ! public class DocImage extends DocBase implements ImageDocContentSecurity { /** Index: DocBase.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/entity/DocBase.java,v retrieving revision 1.22.8.1 retrieving revision 1.22.8.2 diff -C2 -d -r1.22.8.1 -r1.22.8.2 *** DocBase.java 17 Mar 2007 11:45:44 -0000 1.22.8.1 --- DocBase.java 19 Mar 2007 06:39:06 -0000 1.22.8.2 *************** *** 39,42 **** --- 39,43 ---- import org.tolven.core.entity.Account; import org.tolven.core.entity.TolvenUser; + import org.tolven.security.DocContentSecurity; import org.tolven.security.key.DocumentSecretKey; *************** *** 51,55 **** @DiscriminatorColumn(name="DISC", discriminatorType=DiscriminatorType.STRING,length=10) @DiscriminatorValue("DOC") ! public class DocBase implements Serializable { /** --- 52,56 ---- @DiscriminatorColumn(name="DISC", discriminatorType=DiscriminatorType.STRING,length=10) @DiscriminatorValue("DOC") ! public class DocBase implements DocContentSecurity, Serializable { /** |
|
From: Joseph I. <jos...@us...> - 2007-03-19 06:39:08
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv17660/src/org/tolven/security/bean Modified Files: Tag: P_JI_RefreshAPK DocProtectionBean.java Log Message: Provided two interfaces for DocProctectionBean: DocContentSecurity and ImageDocContentSecurity in an attempt to decouple the security for direct dependence on Tolven entities. Index: DocProtectionBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/bean/Attic/DocProtectionBean.java,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -C2 -d -r1.1.2.2 -r1.1.2.3 *** DocProtectionBean.java 18 Mar 2007 01:03:19 -0000 1.1.2.2 --- DocProtectionBean.java 19 Mar 2007 06:39:07 -0000 1.1.2.3 *************** *** 33,38 **** import org.tolven.security.key.AccountPrivateKey; import org.tolven.security.key.UserPrivateKey; ! import org.tolven.doc.entity.DocBase; ! import org.tolven.doc.entity.DocImage; import com.sun.image.codec.jpeg.ImageFormatException; --- 33,38 ---- import org.tolven.security.key.AccountPrivateKey; import org.tolven.security.key.UserPrivateKey; ! import org.tolven.security.DocContentSecurity; ! import org.tolven.security.ImageDocContentSecurity; import com.sun.image.codec.jpeg.ImageFormatException; *************** *** 58,68 **** * @return */ ! public byte[] getDecryptedContent(DocBase doc) { System.out.println("DocProtectedBean.getDecryptedContent"); if (doc.getContent() == null) return doc.getContent(); try { - if (doc.getAccount() == null) - throw new RuntimeException("Content cannot be retrieved from a document which is not associated with an account"); Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); if (subject == null) --- 58,66 ---- * @return */ ! public byte[] getDecryptedContent(DocContentSecurity doc) { System.out.println("DocProtectedBean.getDecryptedContent"); if (doc.getContent() == null) return doc.getContent(); try { Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); if (subject == null) *************** *** 89,93 **** throw new RuntimeException(": No AccountPrivateKey found in Subject " + principal.getName()); AccountPrivateKey activeAccountPrivateKey = accountPrivateKeys.iterator().next(); - System.out.println(getClass() + " Decrypt doc for account=" + doc.getAccount()); System.out.println(getClass() + " Decryption AccountPrivateKey=" + activeAccountPrivateKey); if (doc.getDocumentSecretKey() == null) { --- 87,90 ---- *************** *** 98,106 **** return doc.getContent(); } - if (activeAccountPrivateKey == null) { - //TODO: No AccountPrivateKey means the content cannot be decrypted....for now give it back as encryptedContent - System.out.println(getClass() + " No AccountPrivateKey found for doc id=" + doc.getId()); - return doc.getContent(); - } SecretKey docSecretKey = doc.getDocumentSecretKey().getSecretKey(activeAccountPrivateKey.getPrivateKey(privateKey)); Cipher cipher = Cipher.getInstance(docSecretKey.getAlgorithm()); --- 95,98 ---- *************** *** 119,123 **** * the caller must have permission to call this method. */ ! public String getDecryptedContentB64(DocBase doc) { return new String(Base64.encodeBase64(getDecryptedContent(doc))); } --- 111,115 ---- * the caller must have permission to call this method. */ ! public String getDecryptedContentB64(DocContentSecurity doc) { return new String(Base64.encodeBase64(getDecryptedContent(doc))); } *************** *** 130,134 **** * @return */ ! public String getDecryptedContentString(DocBase doc) { byte[] c = getDecryptedContent(doc); if (c == null) --- 122,126 ---- * @return */ ! public String getDecryptedContentString(DocContentSecurity doc) { byte[] c = getDecryptedContent(doc); if (c == null) *************** *** 147,151 **** * @throws IOException */ ! public void streamJPEGThumbnail(DocImage doc, int targetWidth, int targetHeight, OutputStream stream) throws ImageFormatException, IOException { doc.streamJPEGThumbnail(getDecryptedContent(doc), targetWidth, targetHeight, stream); } --- 139,143 ---- * @throws IOException */ ! public void streamJPEGThumbnail(ImageDocContentSecurity doc, int targetWidth, int targetHeight, OutputStream stream) throws ImageFormatException, IOException { doc.streamJPEGThumbnail(getDecryptedContent(doc), targetWidth, targetHeight, stream); } |
|
From: John C. <jc...@us...> - 2007-03-19 00:53:24
|
Update of /cvsroot/tolven/tolven/template In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv4891/template Modified Files: ant-build.template Log Message: Update with latest software versions Index: ant-build.template =================================================================== RCS file: /cvsroot/tolven/tolven/template/ant-build.template,v retrieving revision 1.52 retrieving revision 1.53 diff -C2 -d -r1.52 -r1.53 *** ant-build.template 1 Mar 2007 22:29:07 -0000 1.52 --- ant-build.template 19 Mar 2007 00:53:22 -0000 1.53 *************** *** 1,4 **** # Tolven top-level location ! tolven.home=c:/tolvenWS # Location for components used by Tolven ldap.location=c:/OpenLDAP --- 1,4 ---- # Tolven top-level location ! tolven.home=c:/tolven-HEAD # Location for components used by Tolven ldap.location=c:/OpenLDAP *************** *** 7,18 **** ldap.host=localhost ldap.rootDN=cn=Manager,dc=tolven,dc=com ! postgres.location=c:/postgreSQL/8.1/ postgres.location.browsable=true ! java.home=c:/jdk1.5.0_06 jboss.location=${tolven.home}/tolven-jboss-4.0.4.GA jdbc.host=localhost jdbc.username=postgres ! # Uncomment to build tolvenMobileClient - Wireless Toolkit from Sun #wtk.home=c:/wtk25 --- 7,18 ---- ldap.host=localhost ldap.rootDN=cn=Manager,dc=tolven,dc=com ! postgres.location=c:/postgreSQL/8.2/ postgres.location.browsable=true ! java.home=c:/jdk1.6.0 jboss.location=${tolven.home}/tolven-jboss-4.0.4.GA jdbc.host=localhost jdbc.username=postgres ! # Uncomment to build tolvenMobileClient using Wireless Toolkit from Sun #wtk.home=c:/wtk25 *************** *** 21,25 **** # postgres.host.user=somepguser ! # IzPack is the current installer technology and it's location is only required for developing the installer aspects of tolven izpack.location=c:/IzPack --- 21,25 ---- # postgres.host.user=somepguser ! # IzPack is the installer technology used by Tolven to create the Tolven installer kit and it's location is only required if you want to create a Tolven installer izpack.location=c:/IzPack |
|
From: Joseph I. <jos...@us...> - 2007-03-19 00:44:53
|
Update of /cvsroot/tolven/tolvenBrowse/src/org/tolven/index In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv24730/src/org/tolven/index Modified Files: Tag: P_JI_RefreshAPK BrowseSecurityFilter.java Log Message: Removed the PrivateKeyRing class and will now place UserPrivateKey and AccountPrivateKey directly in the Subject's privateCredentials. Index: BrowseSecurityFilter.java =================================================================== RCS file: /cvsroot/tolven/tolvenBrowse/src/org/tolven/index/BrowseSecurityFilter.java,v retrieving revision 1.1 retrieving revision 1.1.4.1 diff -C2 -d -r1.1 -r1.1.4.1 *** BrowseSecurityFilter.java 24 Feb 2007 21:58:05 -0000 1.1 --- BrowseSecurityFilter.java 18 Mar 2007 01:03:22 -0000 1.1.4.1 *************** *** 7,17 **** import java.util.Date; import java.util.List; - import java.util.Set; import javax.annotation.EJB; import javax.naming.InitialContext; import javax.naming.NamingException; import javax.security.auth.Subject; - import javax.security.auth.login.LoginContext; import javax.security.jacc.PolicyContext; import javax.servlet.Filter; --- 7,19 ---- import java.util.Date; import java.util.List; import javax.annotation.EJB; + import javax.management.JMException; + import javax.management.MBeanServer; + import javax.management.MBeanServerFactory; + import javax.management.ObjectName; import javax.naming.InitialContext; import javax.naming.NamingException; import javax.security.auth.Subject; import javax.security.jacc.PolicyContext; import javax.servlet.Filter; *************** *** 27,32 **** import org.tolven.core.entity.AccountUser; import org.tolven.core.entity.TolvenUser; - import org.tolven.security.auth.UsernamePasswordAccountUserIdCallbackHandler; - import org.tolven.security.key.PrivateKeyRing; /** --- 29,32 ---- *************** *** 106,115 **** System.out.println("Account id " + Long.toString(accountId) + " accepted"); long accountUserId = new Long(accountUser.getId()); ! Set<PrivateKeyRing> privateCredentials = subject.getPrivateCredentials(PrivateKeyRing.class); ! if (privateCredentials.isEmpty()) ! throw new ServletException("No PrivateKeyRing"); ! PrivateKeyRing privateKeyRing = (PrivateKeyRing) privateCredentials.iterator().next(); ! privateKeyRing.setAccountPrivateKey(accountUser.getAccountPrivateKey()); request.getSession().setAttribute("accountUserId", accountUserId); response.sendRedirect("view.browse"); return; --- 106,113 ---- System.out.println("Account id " + Long.toString(accountId) + " accepted"); long accountUserId = new Long(accountUser.getId()); ! request.getSession().setAttribute("accountId", accountUser.getAccount().getId()); request.getSession().setAttribute("accountUserId", accountUserId); + //Clear the cache since the user account information is being updated + clearAuthenticationCache(principal); response.sendRedirect("view.browse"); return; *************** *** 123,126 **** --- 121,133 ---- } + private void clearAuthenticationCache(Principal principal) throws JMException { + System.out.println(getClass() + " clearAuthenticationCache"); + MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0); + ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager"); + String[] signature = { "java.lang.String", Principal.class.getName() }; + Object[] params = { "tolvenLDAP", principal }; + server.invoke(jaasMgr, "flushAuthenticationCache", params, signature); + } + public void init(FilterConfig config) throws ServletException { try |
|
From: Joseph I. <jos...@us...> - 2007-03-19 00:44:51
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/web/security In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv24663/src/org/tolven/web/security Modified Files: Tag: P_JI_RefreshAPK SecurityFilter.java VestibuleSecurityFilter.java GeneralSecurityFilter.java Log Message: Removed the PrivateKeyRing class and will now place UserPrivateKey and AccountPrivateKey directly in the Subject's privateCredentials. Index: VestibuleSecurityFilter.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/security/VestibuleSecurityFilter.java,v retrieving revision 1.19.4.2 retrieving revision 1.19.4.3 diff -C2 -d -r1.19.4.2 -r1.19.4.3 *** VestibuleSecurityFilter.java 17 Mar 2007 23:24:06 -0000 1.19.4.2 --- VestibuleSecurityFilter.java 18 Mar 2007 01:03:13 -0000 1.19.4.3 *************** *** 22,28 **** import javax.management.JMException; - import javax.management.MBeanServer; - import javax.management.MBeanServerFactory; - import javax.management.ObjectName; import javax.naming.InitialContext; import javax.naming.NamingException; --- 22,25 ---- *************** *** 48,52 **** import org.tolven.core.entity.TolvenUser; import org.tolven.security.LoginLocal; - import org.tolven.security.key.PrivateKeyRing; import org.tolven.security.key.UserPrivateKey; import org.tolven.security.key.UserPublicKey; --- 45,48 ---- *************** *** 115,121 **** String principalName = principal.getName(); ! Set<PrivateKeyRing> privateCredentials = subject.getPrivateCredentials(PrivateKeyRing.class); if (privateCredentials.isEmpty()) { ! logout("NO PRIVATE KEY RING", request, response); return; } --- 111,117 ---- String principalName = principal.getName(); ! Set<UserPrivateKey> privateCredentials = subject.getPrivateCredentials(UserPrivateKey.class); if (privateCredentials.isEmpty()) { ! logout("No UserPrivateKey", request, response); return; } *************** *** 229,236 **** */ private void addKeysToUser(TolvenUser aTolvenUser, Subject subject) throws GeneralSecurityException { ! Set<PrivateKeyRing> privateCredentials = subject.getPrivateCredentials(PrivateKeyRing.class); ! if (privateCredentials.isEmpty()) ! throw new GeneralSecurityException(getClass() + " :No PrivateKeyRing found for " + aTolvenUser.getLdapUID()); ! UserPrivateKey userPrivateKey = privateCredentials.iterator().next().getUserPrivateKey(); if (userPrivateKey == null) throw new GeneralSecurityException(getClass() + " :No UserPrivateKey found for " + aTolvenUser.getLdapUID()); --- 225,230 ---- */ private void addKeysToUser(TolvenUser aTolvenUser, Subject subject) throws GeneralSecurityException { ! Set<UserPrivateKey> privateCredentials = subject.getPrivateCredentials(UserPrivateKey.class); ! UserPrivateKey userPrivateKey = privateCredentials.iterator().next(); if (userPrivateKey == null) throw new GeneralSecurityException(getClass() + " :No UserPrivateKey found for " + aTolvenUser.getLdapUID()); *************** *** 244,256 **** } - private void clearAuthenticationCache(Principal principal) throws JMException { - System.out.println(getClass() + " clearAuthenticationCache"); - MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0); - ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager"); - String[] signature = { "java.lang.String", Principal.class.getName() }; - Object[] params = { "tolvenLDAP", principal }; - server.invoke(jaasMgr, "flushAuthenticationCache", params, signature); - } - public void destroy() { } --- 238,241 ---- Index: GeneralSecurityFilter.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/security/GeneralSecurityFilter.java,v retrieving revision 1.8.4.2 retrieving revision 1.8.4.3 diff -C2 -d -r1.8.4.2 -r1.8.4.3 *** GeneralSecurityFilter.java 17 Mar 2007 23:24:06 -0000 1.8.4.2 --- GeneralSecurityFilter.java 18 Mar 2007 01:03:13 -0000 1.8.4.3 *************** *** 20,26 **** import javax.management.JMException; - import javax.management.MBeanServer; - import javax.management.MBeanServerFactory; - import javax.management.ObjectName; import javax.naming.InitialContext; import javax.naming.NamingException; --- 20,23 ---- *************** *** 41,45 **** import org.tolven.core.entity.AccountUser; import org.tolven.core.entity.TolvenUser; ! import org.tolven.security.key.PrivateKeyRing; /** --- 38,42 ---- import org.tolven.core.entity.AccountUser; import org.tolven.core.entity.TolvenUser; ! import org.tolven.security.key.UserPrivateKey; /** *************** *** 100,106 **** } ! Set<PrivateKeyRing> privateCredentials = subject.getPrivateCredentials(PrivateKeyRing.class); if (privateCredentials.isEmpty()) { ! logout("NO PRIVATE KEY RING", request, response); return; } --- 97,103 ---- } ! Set<UserPrivateKey> privateCredentials = subject.getPrivateCredentials(UserPrivateKey.class); if (privateCredentials.isEmpty()) { ! logout("NO UserPrivateKey", request, response); return; } *************** *** 139,151 **** } - private void clearAuthenticationCache(Principal principal) throws JMException { - System.out.println(getClass() + " clearAuthenticationCache"); - MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0); - ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager"); - String[] signature = { "java.lang.String", Principal.class.getName() }; - Object[] params = { "tolvenLDAP", principal }; - server.invoke(jaasMgr, "flushAuthenticationCache", params, signature); - } - public void destroy() { } --- 136,139 ---- Index: SecurityFilter.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/security/SecurityFilter.java,v retrieving revision 1.9 retrieving revision 1.9.6.1 diff -C2 -d -r1.9 -r1.9.6.1 *** SecurityFilter.java 6 Feb 2007 08:18:40 -0000 1.9 --- SecurityFilter.java 18 Mar 2007 01:03:13 -0000 1.9.6.1 *************** *** 15,18 **** --- 15,24 ---- import java.io.IOException; + import java.security.Principal; + + import javax.management.JMException; + import javax.management.MBeanServer; + import javax.management.MBeanServerFactory; + import javax.management.ObjectName; import javax.servlet.Filter; import javax.servlet.ServletException; *************** *** 36,38 **** --- 42,53 ---- } + protected void clearAuthenticationCache(Principal principal) throws JMException { + System.out.println(getClass() + " clearAuthenticationCache"); + MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0); + ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager"); + String[] signature = { "java.lang.String", Principal.class.getName() }; + Object[] params = { "tolvenLDAP", principal }; + server.invoke(jaasMgr, "flushAuthenticationCache", params, signature); + } + } |
|
From: Joseph I. <jos...@us...> - 2007-03-19 00:35:53
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/web In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv24663/src/org/tolven/web Modified Files: Tag: P_JI_RefreshAPK TopAction.java TolvenAction.java Log Message: Removed the PrivateKeyRing class and will now place UserPrivateKey and AccountPrivateKey directly in the Subject's privateCredentials. Index: TopAction.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/TopAction.java,v retrieving revision 1.45 retrieving revision 1.45.4.1 diff -C2 -d -r1.45 -r1.45.4.1 *** TopAction.java 28 Feb 2007 07:03:19 -0000 1.45 --- TopAction.java 18 Mar 2007 01:03:13 -0000 1.45.4.1 *************** *** 15,24 **** import java.io.IOException; - import java.security.GeneralSecurityException; import java.util.LinkedList; import java.util.List; - import java.util.Map; import java.util.Properties; - import java.util.Set; import javax.faces.context.ExternalContext; --- 15,21 ---- *************** *** 26,47 **** import javax.naming.InitialContext; import javax.naming.NamingException; - import javax.security.auth.Subject; - import javax.security.jacc.PolicyContext; - import javax.security.jacc.PolicyContextException; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; - import org.tolven.app.MenuLocal; import org.tolven.core.ActivationLocal; - import org.tolven.core.InvitationLocal; import org.tolven.core.entity.AccountUser; - import org.tolven.core.entity.Status; import org.tolven.core.entity.TolvenUser; import org.tolven.security.LDAPLocal; - import org.tolven.security.LoginLocal; import org.tolven.security.TolvenPerson; - import org.tolven.security.key.PrivateKeyRing; - import org.tolven.security.key.UserPrivateKey; - import org.tolven.security.key.UserPublicKey; import org.tolven.web.security.VestibuleSecurityFilter; --- 23,33 ---- *************** *** 54,59 **** private LDAPLocal ldap; private ActivationLocal activation; - private LoginLocal loginBean; - private InvitationLocal invitationBean; --- 40,43 ---- *************** *** 83,88 **** // J2EE 1.5 has not yet defined exact XML <ejb-ref> syntax for EJB3 activation = (ActivationLocal) ctx.lookup("tolven/ActivationBean/local"); - loginBean = (LoginLocal) ctx.lookup("tolven/LoginBean/local"); - invitationBean = (InvitationLocal) ctx.lookup("tolven/InvitationBean/local"); ldap = (LDAPLocal) ctx.lookup("tolven/LDAPBean/local"); ignoreDefault = false; --- 67,70 ---- Index: TolvenAction.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/TolvenAction.java,v retrieving revision 1.7.6.1 retrieving revision 1.7.6.2 diff -C2 -d -r1.7.6.1 -r1.7.6.2 *** TolvenAction.java 17 Mar 2007 23:24:07 -0000 1.7.6.1 --- TolvenAction.java 18 Mar 2007 01:03:13 -0000 1.7.6.2 *************** *** 27,31 **** import javax.faces.context.FacesContext; - import org.tolven.security.key.PrivateKeyRing; import org.tolven.security.key.UserPrivateKey; import org.tolven.web.security.VestibuleSecurityFilter; --- 27,30 ---- *************** *** 107,124 **** */ public UserPrivateKey getSubjectUserPrivateKey() throws PolicyContextException, GeneralSecurityException { - return getSubjectPrivateKeyRing().getUserPrivateKey(); - } - - /** - * Return the PrivateKeyRing for the user - * @return - * @throws PolicyContextException - * @throws GeneralSecurityException - */ - public PrivateKeyRing getSubjectPrivateKeyRing() throws PolicyContextException, GeneralSecurityException { Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); if (subject == null) throw new GeneralSecurityException("No Subject found in PolicyContext"); ! Set privateCredentials = subject.getPrivateCredentials(PrivateKeyRing.class); if (privateCredentials.isEmpty()) { Principal principal = null; --- 106,113 ---- */ public UserPrivateKey getSubjectUserPrivateKey() throws PolicyContextException, GeneralSecurityException { Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); if (subject == null) throw new GeneralSecurityException("No Subject found in PolicyContext"); ! Set privateCredentials = subject.getPrivateCredentials(UserPrivateKey.class); if (privateCredentials.isEmpty()) { Principal principal = null; *************** *** 134,140 **** throw new GeneralSecurityException("No Principal found in PolicyContext Subject"); String principalName = principal.getName(); ! throw new GeneralSecurityException(": No PrivateKeyRing found for " + principalName); } ! return (PrivateKeyRing) privateCredentials.iterator().next(); } --- 123,129 ---- throw new GeneralSecurityException("No Principal found in PolicyContext Subject"); String principalName = principal.getName(); ! throw new GeneralSecurityException(": No UserPrivateKey found for " + principalName); } ! return (UserPrivateKey) privateCredentials.iterator().next(); } |
|
From: Joseph I. <jos...@us...> - 2007-03-19 00:35:50
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv14620/src/org/tolven/security/auth Modified Files: Tag: P_JI_RefreshAPK KeyLoginModule.java Log Message: Web tier now distinguishes the current account solely by the session accountUserId/accountId attributes, rather than the AccountPrivateKey in the PrivateKeyRing of the web tier Subject. Reauthentications are now occur byf clearing the cache for the principal, which via the KeyLoginModule, results in the keys for the selected Account making their way to the EJB tier Subject for use in the EJB tier. In the EJB tier, the content of DocBase is now protected by DocProtectionBean, which belongs to the tovlenLDAP SecurityDomain. Index: KeyLoginModule.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth/KeyLoginModule.java,v retrieving revision 1.8 retrieving revision 1.8.8.1 diff -C2 -d -r1.8 -r1.8.8.1 *** KeyLoginModule.java 20 Feb 2007 08:31:20 -0000 1.8 --- KeyLoginModule.java 17 Mar 2007 11:45:44 -0000 1.8.8.1 *************** *** 95,98 **** --- 95,103 ---- pc.clearPassword(); accountUserId = auc.getAccountUserId(); + if (accountUserId == 0) { + System.out.println(getClass() + " Login not linked to an account"); + } else { + System.out.println(getClass() + " Login linking to account id=" + accountUserId); + } } catch (IOException e) { LoginException le = new LoginException("Failed to get principalName/password"); |
|
From: Joseph I. <jos...@us...> - 2007-03-19 00:35:49
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/app/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv14620/src/org/tolven/app/bean Modified Files: Tag: P_JI_RefreshAPK CreatorBean.java Log Message: Web tier now distinguishes the current account solely by the session accountUserId/accountId attributes, rather than the AccountPrivateKey in the PrivateKeyRing of the web tier Subject. Reauthentications are now occur byf clearing the cache for the principal, which via the KeyLoginModule, results in the keys for the selected Account making their way to the EJB tier Subject for use in the EJB tier. In the EJB tier, the content of DocBase is now protected by DocProtectionBean, which belongs to the tovlenLDAP SecurityDomain. Index: CreatorBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/app/bean/CreatorBean.java,v retrieving revision 1.5 retrieving revision 1.5.4.1 diff -C2 -d -r1.5 -r1.5.4.1 *** CreatorBean.java 8 Mar 2007 17:13:19 -0000 1.5 --- CreatorBean.java 17 Mar 2007 11:45:43 -0000 1.5.4.1 *************** *** 5,11 **** import java.util.ArrayList; import java.util.Date; - import java.util.HashMap; import java.util.List; - import java.util.Map; import javax.annotation.EJB; --- 5,9 ---- *************** *** 35,38 **** --- 33,37 ---- import org.tolven.doc.entity.CCRException; import org.tolven.doc.entity.DocXML; + import org.tolven.security.DocProtectionLocal; import org.tolven.trim.Act; import org.tolven.trim.ActBind; *************** *** 63,66 **** --- 62,66 ---- @EJB XMLLocal xmlBean; @EJB XMLProtectedLocal xmlProtectedBean; + @EJB DocProtectionLocal docProtectionBean; @Resource(mappedName="java:/JmsXA") *************** *** 185,189 **** ByteArrayOutputStream trimXML = new ByteArrayOutputStream() ; xmlBean.marshalTRIM(trim, trimXML); ! docXML.setContent(trimXML.toByteArray()); // Document remains in new status, but is saved (persist/merge) documentBean.saveDocument(docXML); --- 185,189 ---- ByteArrayOutputStream trimXML = new ByteArrayOutputStream() ; xmlBean.marshalTRIM(trim, trimXML); ! docXML.setAsEncryptedContent(trimXML.toByteArray()); // Document remains in new status, but is saved (persist/merge) documentBean.saveDocument(docXML); *************** *** 235,239 **** ByteArrayOutputStream trimXML = new ByteArrayOutputStream() ; xmlBean.marshalTRIM(trim, trimXML); ! docXML.setContent(trimXML.toByteArray()); // Document remains in new status, but is saved (persist/merge) documentBean.saveDocument(docXML); --- 235,239 ---- ByteArrayOutputStream trimXML = new ByteArrayOutputStream() ; xmlBean.marshalTRIM(trim, trimXML); ! docXML.setAsEncryptedContent(trimXML.toByteArray()); // Document remains in new status, but is saved (persist/merge) documentBean.saveDocument(docXML); *************** *** 300,304 **** if (0==documentId) throw new IllegalArgumentException( "Submitted DocumentId must not be 0"); DocXML docXML = (DocXML) documentBean.findDocument(documentId); ! submit( docXML, docXML.getContent() ); } --- 300,304 ---- if (0==documentId) throw new IllegalArgumentException( "Submitted DocumentId must not be 0"); DocXML docXML = (DocXML) documentBean.findDocument(documentId); ! submit( docXML, docProtectionBean.getDecryptedContent(docXML) ); } |
|
From: Joseph I. <jos...@us...> - 2007-03-18 23:55:50
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/ajax In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv14670/src/org/tolven/ajax Modified Files: Tag: P_JI_RefreshAPK DocServlet.java Log Message: Web tier now distinguishes the current account solely by the session accountUserId/accountId attributes, rather than the AccountPrivateKey in the PrivateKeyRing of the web tier Subject. Reauthentications are now occur byf clearing the cache for the principal, which via the KeyLoginModule, results in the keys for the selected Account making their way to the EJB tier Subject for use in the EJB tier. In the EJB tier, the content of DocBase is now protected by DocProtectionBean, which belongs to the tovlenLDAP SecurityDomain. Index: DocServlet.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/ajax/DocServlet.java,v retrieving revision 1.9 retrieving revision 1.9.6.1 diff -C2 -d -r1.9 -r1.9.6.1 *** DocServlet.java 17 Feb 2007 21:14:00 -0000 1.9 --- DocServlet.java 17 Mar 2007 11:45:52 -0000 1.9.6.1 *************** *** 32,35 **** --- 32,36 ---- import org.tolven.doc.DocumentLocal; import org.tolven.doc.entity.DocImage; + import org.tolven.security.DocProtectionLocal; import org.tolven.web.security.VestibuleSecurityFilter; public class DocServlet extends HttpServlet { *************** *** 41,44 **** --- 42,46 ---- // @EJB private DocumentLocal docBean; + private DocProtectionLocal docProtectionBean; *************** *** 64,67 **** --- 66,70 ---- // J2EE 1.5 has not yet defined exact XML <ejb-ref> syntax for EJB3 docBean = (DocumentLocal) ctx.lookup("tolven/DocumentBean/local"); + docProtectionBean = (DocProtectionLocal) ctx.lookup("tolven/DocProtectionBean/local"); } catch (NamingException e) *************** *** 163,167 **** res.setContentType("image/jpeg"); res.setHeader("Cache-Control", "no-cache"); ! doc.streamJPEGThumbnail( targetWidth, targetHeight, res.getOutputStream()); } catch(Exception e) --- 166,170 ---- res.setContentType("image/jpeg"); res.setHeader("Cache-Control", "no-cache"); ! docProtectionBean.streamJPEGThumbnail(doc, targetWidth, targetHeight, res.getOutputStream()); } catch(Exception e) |
|
From: Joseph I. <jos...@us...> - 2007-03-18 23:55:49
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/key In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv24703/src/org/tolven/security/key Removed Files: Tag: P_JI_RefreshAPK PrivateKeyRing.java Log Message: Removed the PrivateKeyRing class and will now place UserPrivateKey and AccountPrivateKey directly in the Subject's privateCredentials. --- PrivateKeyRing.java DELETED --- |
|
From: Joseph I. <jos...@us...> - 2007-03-18 23:54:52
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv14620/src/org/tolven/security Added Files: Tag: P_JI_RefreshAPK DocProtectionLocal.java Log Message: Web tier now distinguishes the current account solely by the session accountUserId/accountId attributes, rather than the AccountPrivateKey in the PrivateKeyRing of the web tier Subject. Reauthentications are now occur byf clearing the cache for the principal, which via the KeyLoginModule, results in the keys for the selected Account making their way to the EJB tier Subject for use in the EJB tier. In the EJB tier, the content of DocBase is now protected by DocProtectionBean, which belongs to the tovlenLDAP SecurityDomain. --- NEW FILE: DocProtectionLocal.java --- /* * Copyright (C) 2006 Tolven Inc * * This library is free software; you can redistribute it and/or modify it under the terms of * the GNU Lesser General Public License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU Lesser General Public License for more details. * * Contact: in...@to... */ package org.tolven.security; import java.io.IOException; import java.io.OutputStream; import org.tolven.doc.entity.DocBase; import org.tolven.doc.entity.DocImage; import com.sun.image.codec.jpeg.ImageFormatException; /** * This interface protects the DocBase by handling its encryption and decryption. * * @author Joseph Isaac * */ public interface DocProtectionLocal { /** * Currently assumes all content is encrypted and only the authorized loggedInUser will succeed in getting the readable content * This method calls decryption each time it is called. * Decryption takes CPU time and it requires access to security policy which means * the caller must have permission to call this method. * @param encryptedContent * @return */ public byte[] getDecryptedContent(DocBase doc); /** * Return the contents of the document as base64 encoded. * This method calls decryption each time it is called. * Decryption takes CPU time and it requires access to security policy which means * the caller must have permission to call this method. */ public String getDecryptedContentB64(DocBase doc); /** * Return the content as a string. This method calls decryption each time it is called. * Decryption takes CPU time and it requires access to security policy which means * the caller must have permission to call this method. * @return */ public String getDecryptedContentString(DocBase doc); public void streamJPEGThumbnail(DocImage doc, int targetWidth, int targetHeight, OutputStream stream) throws ImageFormatException, IOException; } |
|
From: Joseph I. <jos...@us...> - 2007-03-18 23:54:15
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/web In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv14670/src/org/tolven/web Modified Files: Tag: P_JI_RefreshAPK MenuAction.java DocAction.java RegisterAction.java AccountAction.java Log Message: Web tier now distinguishes the current account solely by the session accountUserId/accountId attributes, rather than the AccountPrivateKey in the PrivateKeyRing of the web tier Subject. Reauthentications are now occur byf clearing the cache for the principal, which via the KeyLoginModule, results in the keys for the selected Account making their way to the EJB tier Subject for use in the EJB tier. In the EJB tier, the content of DocBase is now protected by DocProtectionBean, which belongs to the tovlenLDAP SecurityDomain. Index: DocAction.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/DocAction.java,v retrieving revision 1.13 retrieving revision 1.13.6.1 diff -C2 -d -r1.13 -r1.13.6.1 *** DocAction.java 17 Feb 2007 23:07:32 -0000 1.13 --- DocAction.java 17 Mar 2007 11:45:51 -0000 1.13.6.1 *************** *** 14,41 **** package org.tolven.web; - import java.util.ArrayList; import java.util.List; import java.util.Map; import javax.annotation.EJB; - import javax.el.ELException; import javax.faces.application.Application; import javax.faces.context.FacesContext; - import javax.faces.model.SelectItem; import javax.naming.InitialContext; import javax.naming.NamingException; - import javax.servlet.http.HttpSession; - import javax.xml.bind.JAXBException; - import org.tolven.app.entity.MenuData; - import org.tolven.ccr.ContinuityOfCareRecord; import org.tolven.doc.DocumentLocal; - import org.tolven.doc.XMLLocal; import org.tolven.doc.XMLProtectedLocal; import org.tolven.doc.entity.DocBase; - import org.tolven.doc.entity.DocCCR; import org.tolven.doc.entity.DocImage; import org.tolven.doc.entity.DocXML; ! import org.tolven.web.security.VestibuleSecurityFilter; /** --- 14,32 ---- package org.tolven.web; import java.util.List; import java.util.Map; import javax.annotation.EJB; import javax.faces.application.Application; import javax.faces.context.FacesContext; import javax.naming.InitialContext; import javax.naming.NamingException; import org.tolven.doc.DocumentLocal; import org.tolven.doc.XMLProtectedLocal; import org.tolven.doc.entity.DocBase; import org.tolven.doc.entity.DocImage; import org.tolven.doc.entity.DocXML; ! import org.tolven.security.DocProtectionLocal; /** *************** *** 57,60 **** --- 48,52 ---- @EJB protected DocumentLocal docBean; @EJB protected XMLProtectedLocal xmlProtectedBean; + @EJB private DocProtectionLocal docProtectionBean; /** Creates a new instance of DocAction *************** *** 66,69 **** --- 58,62 ---- docBean = (DocumentLocal) ctx.lookup("tolven/DocumentBean/local"); xmlProtectedBean = (XMLProtectedLocal) ctx.lookup("tolven/XMLProtectedBean/local"); + docProtectionBean = (DocProtectionLocal) ctx.lookup("tolven/DocProtectionBean/local"); setContent("This is some more content in B64 - We'll see how big it can be and if it can handle non-printable characters in a while" ); } *************** *** 76,80 **** doc = new DocBase(); doc.setMediaType( "text/plain" ); ! doc.setContentString( content ); docBean.createDocument( doc, getSessionTolvenUserId(), getSessionAccountId() ); return "success"; --- 69,73 ---- doc = new DocBase(); doc.setMediaType( "text/plain" ); ! doc.setAsEncryptedContentString(content); docBean.createDocument( doc, getSessionTolvenUserId(), getSessionAccountId() ); return "success"; *************** *** 111,128 **** } ! /** ! * Type-safe method to return the current XML-based document, if any. ! * @return ! * @throws Exception ! */ public DocXML getDocXML( ) throws Exception { ! DocBase d = getDoc(); ! if (d==null) return null; ! if (!(d instanceof DocXML)) { ! System.out.println( "Document is not CCR " + d.getId() + " Class: " + d.getClass().getName()); ! return null; ! } ! return (DocXML) d; ! } public long getDocumentId() { --- 104,132 ---- } ! /** ! * Type-safe method to return the current XML-based document, if any. ! * @return ! * @throws Exception ! */ public DocXML getDocXML( ) throws Exception { ! DocBase d = getDoc(); ! if (d==null) return null; ! if (!(d instanceof DocXML)) { ! System.out.println( "Document is not CCR " + d.getId() + " Class: " + d.getClass().getName()); ! return null; ! } ! return (DocXML) d; ! } ! ! /** ! * Type-safe method to return the current XML-based document, if any. ! * @return ! * @throws Exception ! */ ! public String getDocXMLContentString( ) throws Exception { ! DocXML d = getDocXML(); ! if (d==null) return null; ! return docProtectionBean.getDecryptedContentString(d); ! } public long getDocumentId() { Index: MenuAction.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/MenuAction.java,v retrieving revision 1.37 retrieving revision 1.37.4.1 diff -C2 -d -r1.37 -r1.37.4.1 *** MenuAction.java 28 Feb 2007 07:04:30 -0000 1.37 --- MenuAction.java 17 Mar 2007 11:45:51 -0000 1.37.4.1 *************** *** 15,19 **** import java.awt.Color; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.net.URLEncoder; --- 15,18 ---- *************** *** 25,32 **** import java.util.Map; - import javax.annotation.Resource; import javax.faces.context.FacesContext; - import javax.jms.ConnectionFactory; - import javax.jms.Queue; import javax.naming.InitialContext; import javax.naming.NamingException; --- 24,28 ---- *************** *** 55,68 **** import org.tolven.core.util.Queuer; import org.tolven.doc.DocumentLocal; - import org.tolven.doc.XMLLocal; import org.tolven.doc.XMLProtectedLocal; - import org.tolven.doc.bean.TolvenMessage; - import org.tolven.doc.bean.XMLBean; import org.tolven.doc.entity.CCRException; import org.tolven.doc.entity.DocBase; import org.tolven.doc.entity.DocCCR; import org.tolven.doc.entity.DocXML; - import org.tolven.gen.entity.FamilyMember; import org.tolven.gen.model.GenMedicalCCR; import org.tolven.trim.util.TRIMException; /** --- 51,61 ---- import org.tolven.core.util.Queuer; import org.tolven.doc.DocumentLocal; import org.tolven.doc.XMLProtectedLocal; import org.tolven.doc.entity.CCRException; import org.tolven.doc.entity.DocBase; import org.tolven.doc.entity.DocCCR; import org.tolven.doc.entity.DocXML; import org.tolven.gen.model.GenMedicalCCR; + import org.tolven.security.DocProtectionLocal; import org.tolven.trim.util.TRIMException; /** *************** *** 88,91 **** --- 81,85 ---- protected XMLProtectedLocal xmlProtectedLocal; protected CreatorLocal creatorBean; + protected DocProtectionLocal docProtectionBean; private String givenName; private String value; *************** *** 103,106 **** --- 97,101 ---- documentLocal = (DocumentLocal) ctx.lookup("tolven/DocumentBean/local"); xmlProtectedLocal = (XMLProtectedLocal) ctx.lookup("tolven/XMLProtectedBean/local"); + docProtectionBean = (DocProtectionLocal) ctx.lookup("tolven/DocProtectionBean/local"); } *************** *** 348,351 **** --- 343,356 ---- } + /** + * This method is needed because menuData only contains documentId, a separate query is needed + * to get the document itself. + * @return + * @throws Exception + */ + public String getDrilldownItemDocContentString() throws Exception { + return docProtectionBean.getDecryptedContentString(getDrilldownItemDoc()); + } + public DocCCR getDocCCR( ) throws Exception { MenuData md = getDrilldownItem(); Index: RegisterAction.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/RegisterAction.java,v retrieving revision 1.46 retrieving revision 1.46.4.1 diff -C2 -d -r1.46 -r1.46.4.1 *** RegisterAction.java 8 Mar 2007 17:07:23 -0000 1.46 --- RegisterAction.java 17 Mar 2007 11:45:51 -0000 1.46.4.1 *************** *** 431,434 **** --- 431,435 ---- } HttpSession session = (HttpSession)FacesContext.getCurrentInstance().getExternalContext().getSession(false); + System.out.println(getClass() + " REGISTER ACTION :VESTIBULE_PASS=" + session.getAttribute(VestibuleSecurityFilter.VESTIBULE_PASS)); session.setAttribute(VestibuleSecurityFilter.VESTIBULE_PASS, "true"); return "success"; Index: AccountAction.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/AccountAction.java,v retrieving revision 1.12 retrieving revision 1.12.4.1 diff -C2 -d -r1.12 -r1.12.4.1 *** AccountAction.java 28 Feb 2007 07:06:12 -0000 1.12 --- AccountAction.java 17 Mar 2007 11:45:51 -0000 1.12.4.1 *************** *** 110,113 **** --- 110,115 ---- HttpSession session = ((HttpSession) ctx.getSession(true)); session.setAttribute(VestibuleSecurityFilter.ACCOUNTUSER_ID, new Long( accountUser.getId())); + //TODO The Account and its id can be obtained from accountUser, so is ACCOUNT_ID necessary? + session.setAttribute(VestibuleSecurityFilter.ACCOUNT_ID, new Long( accountUser.getAccount().getId())); // getTop().updatePrivateKeyRing(); return "success"; |
|
From: Joseph I. <jos...@us...> - 2007-03-18 23:34:34
|
Update of /cvsroot/tolven/tolvenWEB/web/five In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv14670/web/five Modified Files: Tag: P_JI_RefreshAPK xml.xhtml Log Message: Web tier now distinguishes the current account solely by the session accountUserId/accountId attributes, rather than the AccountPrivateKey in the PrivateKeyRing of the web tier Subject. Reauthentications are now occur byf clearing the cache for the principal, which via the KeyLoginModule, results in the keys for the selected Account making their way to the EJB tier Subject for use in the EJB tier. In the EJB tier, the content of DocBase is now protected by DocProtectionBean, which belongs to the tovlenLDAP SecurityDomain. Index: xml.xhtml =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/web/five/xml.xhtml,v retrieving revision 1.3 retrieving revision 1.3.6.1 diff -C2 -d -r1.3 -r1.3.6.1 *** xml.xhtml 16 Jan 2007 06:42:48 -0000 1.3 --- xml.xhtml 17 Mar 2007 11:45:52 -0000 1.3.6.1 *************** *** 12,16 **** Document: #{menu.drilldownItem.documentId} <pre> ! #{menu.drilldownItemDoc.contentString} </pre> --- 12,16 ---- Document: #{menu.drilldownItem.documentId} <pre> ! #{menu.drilldownItemDocContentString} </pre> |
|
From: Joseph I. <jos...@us...> - 2007-03-18 23:32:07
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv24703/src/org/tolven/security/auth Modified Files: Tag: P_JI_RefreshAPK KeyLoginModule.java Log Message: Removed the PrivateKeyRing class and will now place UserPrivateKey and AccountPrivateKey directly in the Subject's privateCredentials. Index: KeyLoginModule.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth/KeyLoginModule.java,v retrieving revision 1.8.8.1 retrieving revision 1.8.8.2 diff -C2 -d -r1.8.8.1 -r1.8.8.2 *** KeyLoginModule.java 17 Mar 2007 11:45:44 -0000 1.8.8.1 --- KeyLoginModule.java 18 Mar 2007 01:03:19 -0000 1.8.8.2 *************** *** 38,42 **** import org.tolven.security.key.AccountPrivateKey; import org.tolven.security.key.AccountPublicKey; - import org.tolven.security.key.PrivateKeyRing; import org.tolven.security.key.UserKeyRing; import org.tolven.security.key.UserPrivateKey; --- 38,41 ---- *************** *** 47,52 **** * However, it is responsible for adding credentials to a Subject, and while adding a UserPrivateKey, it will attempt * unlock the UserPrivateKey with the provided password. If the password is not correct, then the login will fail. - * The UserPrivateKey is placed in a PrivateKeyRing, and it is the PrivateKeyRing which is added to the privateCredentials - * of the Subject. * * @author Joseph Isaac --- 46,49 ---- *************** *** 159,171 **** // Populate the Subject System.out.println(getClass() + ": Adding UserPrivateKey to Subject " + principalName); ! // UserPrivateKey: Ensure there is only one PrivateKeyRing in a Subject by removing any that might be there Object obj = null; for (Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { obj = iter.next(); ! if (obj instanceof PrivateKeyRing) iter.remove(); } ! PrivateKeyRing privateKeyRing = new PrivateKeyRing(userPrivateKey); ! subject.getPrivateCredentials().add(privateKeyRing); System.out.println(getClass() + ": Adding UserPublicKey to Subject " + principalName); // UserPublicKey: Ensure there is only one UserPublicKey in a Subject by removing any that might be there --- 156,167 ---- // Populate the Subject System.out.println(getClass() + ": Adding UserPrivateKey to Subject " + principalName); ! // UserPrivateKey: Ensure there is only one UserPrivateKey in a Subject by removing any that might be there Object obj = null; for (Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { obj = iter.next(); ! if (obj instanceof UserPrivateKey) iter.remove(); } ! subject.getPrivateCredentials().add(userPrivateKey); System.out.println(getClass() + ": Adding UserPublicKey to Subject " + principalName); // UserPublicKey: Ensure there is only one UserPublicKey in a Subject by removing any that might be there *************** *** 181,186 **** if (accountPrivateKey == null) throw new LoginException(getClass() + ": Could not locate an AccountPrivateKey for AccountUser with id=" + accountUserId); ! System.out.println(getClass() + ": Adding AccountPrivateKey to PrivateKeyRing " + principalName); ! privateKeyRing.setAccountPrivateKey(accountPrivateKey); AccountPublicKey accountPublicKey = activation.findAccountPublicKey(accountUserId); if (accountPublicKey == null) --- 177,188 ---- if (accountPrivateKey == null) throw new LoginException(getClass() + ": Could not locate an AccountPrivateKey for AccountUser with id=" + accountUserId); ! System.out.println(getClass() + ": Adding AccountPrivateKey to Subject " + principalName); ! // AccountPrivateKey: Ensure there is only one AccountPrivateKey in a Subject by removing any that might be there ! for (Iterator iter = subject.getPublicCredentials().iterator(); iter.hasNext();) { ! obj = iter.next(); ! if (obj instanceof AccountPrivateKey) ! iter.remove(); ! } ! subject.getPrivateCredentials().add(accountPrivateKey); AccountPublicKey accountPublicKey = activation.findAccountPublicKey(accountUserId); if (accountPublicKey == null) *************** *** 221,230 **** password = null; try { ! // Remove PrivateKeyRing if (subject != null) { Object obj = null; for (Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { obj = iter.next(); ! if (obj instanceof PrivateKeyRing) iter.remove(); } --- 223,232 ---- password = null; try { ! // Remove UserPrivateKey if (subject != null) { Object obj = null; for (Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { obj = iter.next(); ! if (obj instanceof UserPrivateKey) iter.remove(); } |
3 messages has been excluded from this view by a project administrator.
