geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From xuhaih...@apache.org
Subject svn commit: r1172518 - in /geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat: TomcatServerConfigManager.java TomcatServerGBean.java model/ConnectorType.java
Date Mon, 19 Sep 2011 08:37:53 GMT
Author: xuhaihong
Date: Mon Sep 19 08:37:52 2011
New Revision: 1172518

URL: http://svn.apache.org/viewvc?rev=1172518&view=rev
Log:
GERONIMO-5432 Encrypt password values in server.xml (Based on the patch from Xiao Yi)

Modified:
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/TomcatServerConfigManager.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/TomcatServerGBean.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/model/ConnectorType.java

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/TomcatServerConfigManager.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/TomcatServerConfigManager.java?rev=1172518&r1=1172517&r2=1172518&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/TomcatServerConfigManager.java
(original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/TomcatServerConfigManager.java
Mon Sep 19 08:37:52 2011
@@ -31,10 +31,12 @@ import javax.xml.transform.TransformerFa
 import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamResult;
 
+import org.apache.geronimo.crypto.EncryptionManager;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
@@ -73,7 +75,7 @@ public class TomcatServerConfigManager {
      * @param name
      *          the name of connector to be removed.
      */
-    public void removeConnector(String name) {
+    public synchronized void removeConnector(String name) {
 
         Element connector = this.findTargetConnector(name);
         if (null != connector) {
@@ -91,7 +93,7 @@ public class TomcatServerConfigManager {
      * @param serviceName
      *                      the name attribute of <Service> that the connector resides
in.
      */
-    public void updateConnector(Map<String, String> attributesToUpdate, String uniqueConnectorName,
String serviceName) {
+    public synchronized void updateConnector(Map<String, String> attributesToUpdate,
String uniqueConnectorName, String serviceName) {
 
         Element connector = this.findTargetConnector(uniqueConnectorName);
 
@@ -130,14 +132,35 @@ public class TomcatServerConfigManager {
 
     }
 
-
+    public synchronized void encryptPasswords() {
+        boolean persisteRequired = false;
+        NodeList connectors = server_xml_dom_doc.getElementsByTagName("Connector");
+        for (int i = 0; i < connectors.getLength(); i++) {
+            Element connector = (Element) (connectors.item(i));
+            NamedNodeMap attributeMap = connector.getAttributes();
+            for (int j = 0; j < attributeMap.getLength(); j++) {
+                Node attribute = attributeMap.item(j);
+                String nodeValue = attribute.getNodeValue();
+                if (attribute.getNodeName().equals("keystorePass")) {
+                    String encryptedNodeValue = EncryptionManager.encrypt(nodeValue);
+                    if (nodeValue.equals(encryptedNodeValue)) {
+                        continue;
+                    }
+                    persisteRequired = true;
+                    attribute.setNodeValue(encryptedNodeValue);
+                }
+            }
+        }
+        if (persisteRequired) {
+            persistServerConfig();
+        }
+    }
 
     private Element findTargetConnector(String name) {
 
         NodeList connectors = server_xml_dom_doc.getElementsByTagName("Connector");
 
         for (int i = 0; i < connectors.getLength(); i++) {
-
             Element connector = (Element) (connectors.item(i));
             if (name.equals(connector.getAttribute("name"))) {
                 return connector;
@@ -198,12 +221,10 @@ public class TomcatServerConfigManager {
             transformer.setOutputProperty(OutputKeys.INDENT, "yes");
             transformer.setOutputProperty(OutputKeys.METHOD, "xml");
             DOMSource source = new DOMSource(server_xml_dom_doc);
-            FileOutputStream fos=new FileOutputStream(server_XML_File);
-            StreamResult result = new StreamResult(fos);
+            StreamResult result = new StreamResult(server_XML_File);
             transformer.transform(source, result);
         } catch (Exception e1) {
-
-            log.error("Error when persist modified dom back to file:"+server_XML_File,e1);
+            log.error("Error when persist modified DOM back to file:"+server_XML_File,e1);
         }
 
     }

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/TomcatServerGBean.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/TomcatServerGBean.java?rev=1172518&r1=1172517&r2=1172518&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/TomcatServerGBean.java
(original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/TomcatServerGBean.java
Mon Sep 19 08:37:52 2011
@@ -166,6 +166,9 @@ public class TomcatServerGBean implement
     public void doStop() throws Exception {
         server.stop();
         server.destroy();
+        if(tomcatServerConfigManager != null) {
+            tomcatServerConfigManager.encryptPasswords();
+        }
     }
 
     public void doFail() {

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/model/ConnectorType.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/model/ConnectorType.java?rev=1172518&r1=1172517&r2=1172518&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/model/ConnectorType.java
(original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/model/ConnectorType.java
Mon Sep 19 08:37:52 2011
@@ -18,27 +18,28 @@
 
 package org.apache.geronimo.tomcat.model;
 
+import java.util.ArrayList;
 import java.util.HashMap;
-import java.util.Map;
 import java.util.List;
-import java.util.ArrayList;
+import java.util.Map;
 
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlAnyAttribute;
 import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlType;
 import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlType;
 import javax.xml.namespace.QName;
 
-import org.apache.catalina.connector.Connector;
+import org.apache.catalina.Executor;
 import org.apache.catalina.LifecycleListener;
 import org.apache.catalina.Service;
-import org.apache.catalina.Executor;
+import org.apache.catalina.connector.Connector;
+import org.apache.geronimo.crypto.EncryptionManager;
 import org.apache.geronimo.tomcat.TomcatServerGBean;
+import org.apache.tomcat.util.IntrospectionUtils;
 import org.apache.xbean.recipe.ObjectRecipe;
 import org.apache.xbean.recipe.Option;
-import org.apache.tomcat.util.IntrospectionUtils;
 
 
 /**
@@ -606,10 +607,11 @@ public class ConnectorType {
         boolean executorSupported = !connector.getProtocolHandlerClassName().equals("org.apache.jk.server.JkCoyoteHandler");
         for (Map.Entry<QName, String> entry : otherAttributes.entrySet()) {
             String name = entry.getKey().getLocalPart();
+            String value = entry.getValue();
             if (executorSupported && "executor".equals(name)) {
                 Executor executor = service.getExecutor(entry.getValue());
                 if (executor == null) {
-                    throw new IllegalArgumentException("No executor found in service with
name: " + entry.getValue());
+                    throw new IllegalArgumentException("No executor found in service with
name: " + value);
                 }
                 IntrospectionUtils.callMethod1(connector.getProtocolHandler(),
                         "setExecutor",
@@ -617,12 +619,14 @@ public class ConnectorType {
                         java.util.concurrent.Executor.class.getName(),
                         cl);
 
-            } else if("name".equals(name)){
-                
+            } else if ("name".equals(name)) {
+                //name attribute is held by Geronimo to identify the connector, it is not
required by Tomcat
                 TomcatServerGBean.ConnectorName.put(connector, entry.getValue());
-                
-            } else{
-                connector.setProperty(name, entry.getValue());
+            } else {
+                if ("keystorePass".equals(name)) {
+                    value = (String) EncryptionManager.decrypt(name);
+                }
+                connector.setProperty(name, value);
             }
         }
 



Mime
View raw message