899 auth

cnf/releaserepo/index.xml.sha

@@ -1 +1 @@
-11b48e5330364fac1fb35f837d3672857c541979eb579d74a764fb94891d5c7b
+1e6a93c9b5e2007c5dd50eedb51243aec8257e7a57c021c66e0ee3b7382fb989

pnnl.goss.core.runner/conf/pnnl.goss.core.server.cfg

@@ -5,8 +5,8 @@
 
 # This user is equivelant to root.  Must have '*'
 # permissions on the message bus.
-goss.system.manager = ${goss.system.manager}
-goss.system.manager.password = ${goss.system.manager.password}
+goss.system.manager = system
+goss.system.manager.password = managera
 
 # The following are used for the core-client connection.
 goss.openwire.uri = tcp://${activemq.host}:${openwire.port}

pnnl.goss.core/core-api.bnd

@@ -1,4 +1,4 @@
 Export-Package: \
 	com.northconcepts.exception,\
 	pnnl.goss.core
-Bundle-Version: 7.1.1.${tstamp}
+Bundle-Version: 8.0.3.${tstamp}

pnnl.goss.core/goss-client.bnd

@@ -1,3 +1,3 @@
 Private-Package:  \
 	pnnl.goss.core.client
-Bundle-Version: 2.0.29.${tstamp}
+Bundle-Version: 2.0.56.${tstamp}

pnnl.goss.core/goss-core-commands.bnd

@@ -1,3 +1,3 @@
 Private-Package:  \
 	pnnl.goss.core.commands
-Bundle-Version: 2.0.18.${tstamp}
+Bundle-Version: 2.0.33.${tstamp}

pnnl.goss.core/goss-core-security.bnd

@@ -4,4 +4,4 @@ Private-Package:  \
 Bundle-Activator: pnnl.goss.core.security.impl.Activator
 Export-Package:  \
 	pnnl.goss.core.security
-Bundle-Version: 2.1.17.${tstamp}
+Bundle-Version: 2.4.10.${tstamp}

pnnl.goss.core/goss-core-server-api.bnd

@@ -1,3 +1,3 @@
 Export-Package:  \
 	pnnl.goss.core.server
-Bundle-Version: 2.0.18.${tstamp}
+Bundle-Version: 3.0.6.${tstamp}

pnnl.goss.core/goss-core-server-registry.bnd

@@ -1,4 +1,4 @@
-Bundle-Version: 1.0.18.${tstamp}
+Bundle-Version: 1.0.55.${tstamp}
 Private-Package:  \
 	pnnl.goss.server.registry
 DynamicImport-Package: *

pnnl.goss.core/goss-core-server-web.bnd

@@ -2,7 +2,7 @@ DynamicImport-Package: *
 Private-Package:  \
 	pnnl.goss.core.server.web
 
-Bundle-Version: 1.1.1.${tstamp}
+Bundle-Version: 1.1.34.${tstamp}
 
 # Import webroot folder to path resources/webroot
 Include-Resource: resources/webroot=webroot

pnnl.goss.core/goss-core-server.bnd

@@ -3,4 +3,4 @@ Private-Package:  \
 DynamicImport-Package: *
 #Include-Resource: \
 #	OSGI-INF/blueprint/blueprint.xml=config/blueprint.xml
-Bundle-Version: 2.0.27.${tstamp}
+Bundle-Version: 2.0.73.${tstamp}

pnnl.goss.core/security-ldap.bnd

@@ -1,3 +1,3 @@
 Private-Package:  \
 	pnnl.goss.core.security.ldap
-Bundle-Version: 1.0.5.${tstamp}
+Bundle-Version: 1.0.11.${tstamp}

pnnl.goss.core/security-propertyfile.bnd

@@ -1,3 +1,3 @@
 Private-Package:  \
 	pnnl.goss.core.security.propertyfile
-Bundle-Version: 2.0.8.${tstamp}
+Bundle-Version: 2.0.19.${tstamp}

pnnl.goss.core/src/pnnl/goss/core/client/GossClient.java

@@ -47,6 +47,7 @@
 //import static pnnl.goss.core.GossCoreContants.PROP_CORE_CLIENT_CONFIG;
 import java.io.Serializable;
 import java.util.ArrayList;
+import java.util.Enumeration;
 import java.util.List;
 import java.util.UUID;
 
@@ -312,15 +313,22 @@ public void run() {
 											.substring(
 													buffer.toString().indexOf(
 															":") + 1);
+
 									DataResponse dataResponse = new DataResponse(message);
 									dataResponse.setDestination(msg.getJMSDestination().toString());
-									if(msg.getJMSReplyTo() != null)
+									if(msg.getJMSReplyTo() != null) {
 										dataResponse.setReplyDestination(msg.getJMSReplyTo());
-									if(msg.getBooleanProperty(SecurityConstants.HAS_SUBJECT_HEADER))
-										dataResponse.setUsername(msg.getStringProperty(SecurityConstants.SUBJECT_HEADER));
+									}
+
+									if(msg.getBooleanProperty(SecurityConstants.HAS_SUBJECT_HEADER)) {
+										String username = msg.getStringProperty(SecurityConstants.SUBJECT_HEADER);
+										dataResponse.setUsername(username);
+									} else {
+										log.warn("No username received in stomp message");
+									}
 									event.onMessage(dataResponse);
 								}
-								if (msg instanceof StompJmsTextMessage) {
+								else if (msg instanceof StompJmsTextMessage) {
 									StompJmsTextMessage stompMessage = (StompJmsTextMessage) msg;
 
 									org.fusesource.hawtbuf.Buffer buffer = stompMessage
@@ -330,18 +338,31 @@ public void run() {
 											.substring(
 													buffer.toString().indexOf(
 															":") + 1);
+
 									Gson gson = new Gson();
 									DataResponse dataResponse;
 									try{
-										dataResponse = DataResponse.parse(message);
+										try {
+											// don't fail if the message isn't already in data response format
+											dataResponse = DataResponse.parse(message);
+										} catch(JsonSyntaxException e){
+											dataResponse = new DataResponse();
+											dataResponse.setData(message);
+										}
 										dataResponse.setDestination(stompMessage.getStompJmsDestination().toString());
-										if(msg.getJMSReplyTo() != null)
+										if(msg.getJMSReplyTo() != null) {
 											dataResponse.setReplyDestination(msg.getJMSReplyTo());
-										if(msg.getBooleanProperty(SecurityConstants.HAS_SUBJECT_HEADER))
-											dataResponse.setUsername(msg.getStringProperty(SecurityConstants.SUBJECT_HEADER));
+										}
+										if(msg.getBooleanProperty(SecurityConstants.HAS_SUBJECT_HEADER)) {
+											String username = msg.getStringProperty(SecurityConstants.SUBJECT_HEADER);
+											dataResponse.setUsername(username);
+										} else {
+											log.warn("No username received in stomp message");
+										}
 										event.onMessage(dataResponse);
 									}
 									catch(JsonSyntaxException e){
+										e.printStackTrace();
 										dataResponse = new DataResponse(message);
 										dataResponse.setDestination(stompMessage.getStompJmsDestination().toString());
 										if(msg.getJMSReplyTo() != null)
@@ -351,6 +372,8 @@ public void run() {
 										event.onMessage(dataResponse);
 									}
 
+								} else {
+									//TODO warn of unknown message type???
 								}
 							} catch (JMSException ex) {
 								// Happens when a timeout occurs.

pnnl.goss.core/src/pnnl/goss/core/packageinfo

@@ -1 +1 @@
-version 4.1.0
+version 5.0.0

pnnl.goss.core/src/pnnl/goss/core/security/GossSecurityManager.java

@@ -0,0 +1,13 @@
+package pnnl.goss.core.security;
+
+
+public interface GossSecurityManager extends org.apache.shiro.mgt.SecurityManager {
+
+	public static final String PROP_SYSTEM_MANAGER = "goss.system.manager";
+	public static final String PROP_SYSTEM_MANAGER_PASSWORD = "goss.system.manager.password";
+
+
+	public String getProperty(String key, String defaultValue);
+
+
+}

pnnl.goss.core/src/pnnl/goss/core/security/SecurityConfig.java

@@ -0,0 +1,6 @@
+package pnnl.goss.core.security;
+
+public interface SecurityConfig {
+	public String getManagerUser();
+	public String getManagerPassword();
+}

pnnl.goss.core/src/pnnl/goss/core/security/SecurityConstants.java

@@ -3,4 +3,7 @@
 public class SecurityConstants {
 	public static final String HAS_SUBJECT_HEADER = "GOSS_HAS_SUBJECT";
 	public static final String SUBJECT_HEADER = "GOSS_SUBJECT";
+
+	public static final String PROP_SYSTEM_MANAGER = "goss.system.manager";
+	public static final String PROP_SYSTEM_MANAGER_PASSWORD = "goss.system.manager.password";
 }

pnnl.goss.core/src/pnnl/goss/core/security/impl/Activator.java

@@ -1,48 +1,55 @@
 package pnnl.goss.core.security.impl;
 
-import java.util.HashSet;
-import java.util.Set;
 
-import org.apache.activemq.shiro.mgt.DefaultActiveMqSecurityManager;
 import org.apache.felix.dm.DependencyActivatorBase;
 import org.apache.felix.dm.DependencyManager;
-import org.apache.shiro.SecurityUtils;
+import org.apache.felix.dm.annotation.api.Component;
+import org.apache.felix.dm.annotation.api.ServiceDependency;
 import org.apache.shiro.mgt.SecurityManager;
-import org.apache.shiro.realm.Realm;
 import org.osgi.framework.BundleContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
+import pnnl.goss.core.security.SecurityConfig;
+
+
+
+@Component
 public class Activator extends DependencyActivatorBase {
 
+
+  @ServiceDependency
+  private DependencyManager manager;
+  private static final Logger log = LoggerFactory.getLogger(Activator.class);
+
+  private static final String CONFIG_PID = "pnnl.goss.security";
+
+
 	@Override
 	public void init(BundleContext context, DependencyManager manager)
 			throws Exception {
-
-		//Factory<SecurityManager> factory = new DefaultSecurityManager();
-		//Secu new IniSecurityManagerFactory(
-		//		"conf/shiro.ini");
-
-		Realm defaultRealm = new SystemRealm("system", "manager");
-		Set<Realm> realms = new HashSet<>();
-		realms.add(defaultRealm);
-		DefaultActiveMqSecurityManager securityManager = new DefaultActiveMqSecurityManager();
-
-		securityManager.setRealms(realms);
-		//CurrentAuthorizedPrincipals principleHandler = new CurrentAuthorizedPrincipals();
-
 
-		//gt((AbstractAuthenticator)securityManager.getAuthenticator()).getAuthenticationListeners().add(principleHandler);
+		manager.add(createComponent()
+	        .setInterface(
+	        		SecurityConfig.class.getName(), null)
+	        .setImplementation(SecurityConfigImpl.class)            
+	        .add(createConfigurationDependency().setPid(CONFIG_PID)));
+		manager.add(createComponent()
+		          .setInterface(
+		  				SecurityManager.class.getName(), null)
+		          .setImplementation(SecurityManagerImpl.class)            
+		          .add(createConfigurationDependency().setPid(CONFIG_PID)));
 
-		SecurityUtils.setSecurityManager(securityManager);
-
-
-		manager.add(createComponent().setInterface(
-				SecurityManager.class.getName(), null).setImplementation(
-						securityManager));
 	}
 
 	@Override
 	public void destroy(BundleContext context, DependencyManager manager)
 			throws Exception {
 		// 
 	}
+
+
+
+
+
 }

pnnl.goss.core/src/pnnl/goss/core/security/impl/GossAuthorizingRealm.java

@@ -1,6 +1,7 @@
 package pnnl.goss.core.security.impl;
 
 import java.util.Collection;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Set;
 
@@ -17,13 +18,21 @@
 import org.apache.shiro.realm.Realm;
 import org.apache.shiro.subject.PrincipalCollection;
 
+import pnnl.goss.core.security.SecurityConfig;
+
 @Component
 public class GossAuthorizingRealm extends AuthorizingRealm implements Realm  {
 
+	public static final String DEFAULT_SYSTEM_USER = "system";
+
 	// Depend on this so that the security manager service is loaded before
 	// this package.
 	@ServiceDependency
 	private volatile SecurityManager securityManager;
+	@ServiceDependency
+	private volatile SecurityConfig securityConfig;
+	private HashMap<String, SimpleAccount> accountCache = new HashMap<String, SimpleAccount>();
+
 
 	private Collection<String> getPermissionsByRole(String role){
 		Set<String> permissions = new HashSet<>();
@@ -45,25 +54,23 @@ private Collection<String> getPermissionsByRole(String role){
 		return permissions;
 	}
 
-    protected SimpleAccount getAccount(String username) {
+    protected SimpleAccount getAccount(String username, String password) {
+    	String systemUserName = DEFAULT_SYSTEM_USER;
+    	if(securityConfig!=null){
+    		systemUserName = securityConfig.getManagerUser();
+    	}
+
+
 
     	SimpleAccount account = null;
     	Set<String> defaultRoles = new HashSet<String>();
     	defaultRoles.add("users");
     	defaultRoles.add("advisory");
 
-        // Populate a dummy instance based upon the username's access privileges.
-    	switch(username){
-    	case "darkhelmet":
-    		account = new SimpleAccount(username, "ludicrousspeed", getName());
-    		//account.addRole("darklord");
-    		//account.addStringPermissions(getPermissionsByRole("users"));
-    		break;   	
-    	case "system":
-    		account = new SimpleAccount(username, "manager", getName());
-    		account.addRole("system");
-    		account.addStringPermissions(getPermissionsByRole("system"));
-    		break;
+    	if(username.equals(systemUserName)){
+    		account = new SimpleAccount(username, password, getName());
+    		account.addRole(systemUserName);
+    		account.addStringPermissions(getPermissionsByRole(systemUserName));
     	}
 
     	if (account == null){
@@ -99,9 +106,9 @@ protected AuthorizationInfo doGetAuthorizationInfo(
 
 		 //get the principal this realm cares about:
         String username = (String) getAvailablePrincipal(principals);
-
         //call the underlying EIS for the account data:
-        return getAccount(username);
+//        return getAccount(username);
+		return accountCache.get(username);
 	}
 
 	@Override
@@ -111,6 +118,6 @@ protected AuthenticationInfo doGetAuthenticationInfo(
 		//we can safely cast to a UsernamePasswordToken here, because this class 'supports' UsernamePasswordToken
         //objects.  See the Realm.supports() method if your application will use a different type of token.
         UsernamePasswordToken upToken = (UsernamePasswordToken) token;
-        return getAccount(upToken.getUsername());
+        return getAccount(upToken.getUsername(), upToken.getPassword().toString());
 	}
 }