aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorkstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>2012-02-10 00:02:07 +0000
committerkstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>2012-02-10 00:02:07 +0000
commit8038e84084386965fb44ca4492f666dd27af186e (patch)
tree67f31a96abc06c0148cb8730ea371193a14bc69d
parent4af2a06ad0d4dc021277b115d15bbeeede3c23b7 (diff)
downloadmoa-id-spss-8038e84084386965fb44ca4492f666dd27af186e.tar.gz
moa-id-spss-8038e84084386965fb44ca4492f666dd27af186e.tar.bz2
moa-id-spss-8038e84084386965fb44ca4492f666dd27af186e.zip
Update zu Blacklisten
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1237 d688527b-c9ab-4aba-bd8d-4036d912da1d
-rw-r--r--id/server/auth/.classpath2
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/MOASecurityManagerExtended.java (renamed from spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerExtended.java)22
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/MOASecurityManagerSimple.java (renamed from spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerSimple.java)20
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java19
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java7
5 files changed, 38 insertions, 32 deletions
diff --git a/id/server/auth/.classpath b/id/server/auth/.classpath
index 6acd7de03..f724d4325 100644
--- a/id/server/auth/.classpath
+++ b/id/server/auth/.classpath
@@ -2,7 +2,7 @@
<classpath>
<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
- <classpathentry kind="con" path="org.eclipse.jst.server.core.container/org.eclipse.jst.server.tomcat.runtimeTarget/Apache Tomcat v5.0"/>
+ <classpathentry kind="con" path="org.eclipse.jst.server.core.container/org.eclipse.jst.server.tomcat.runtimeTarget/Apache Tomcat v6.0"/>
<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER">
<attributes>
<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerExtended.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/MOASecurityManagerExtended.java
index ab9c01daa..42ee621e6 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerExtended.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/MOASecurityManagerExtended.java
@@ -1,4 +1,4 @@
-package at.gv.egovernment.moa.spss;
+package at.gv.egovernment.moa.spss.server;
import java.net.InetAddress;
import java.net.UnknownHostException;
@@ -24,21 +24,21 @@ public class MOASecurityManagerExtended extends SecurityManager {
*/
public void checkConnect(String host, int port, Object context) {
- Logger.debug("checkConnect: " + host + ":" + port);
+ // System.out.println("checkConnect: " + host + ":" + port);
if (!checkURI(host, port))
throw new SecurityException("URI not allowed (blacklisted or external URIs generally not allowed");
else {
- Logger.debug("Perform checkConnect of given SecurityManager");
+ // System.out.println("Perform checkConnect of given SecurityManager");
super.checkConnect(host, port, context);
}
}
public void checkConnect(String host, int port) {
- Logger.debug("checkConnect: " + host + ":" + port);
+ // System.out.println("checkConnect: " + host + ":" + port);
if (!checkURI(host, port))
throw new SecurityException("URI not allowed (blacklisted or external URIs generally not allowed");
else {
- Logger.debug("Perform checkConnect of given SecurityManager");
+ // System.out.println("Perform checkConnect of given SecurityManager");
super.checkConnect(host, port);
}
}
@@ -53,7 +53,7 @@ public class MOASecurityManagerExtended extends SecurityManager {
if (bport == null) {
// check only host
if (bhost.equalsIgnoreCase(host)) {
- Logger.debug("Security check: " + host + " blacklisted");
+ // System.out.println("Security check: " + host + " blacklisted");
return false;
}
}
@@ -61,24 +61,24 @@ public class MOASecurityManagerExtended extends SecurityManager {
// check host and port
int iport = new Integer(bport).intValue();
if (bhost.equalsIgnoreCase(host) && (iport == port)) {
- Logger.debug("Security check: " + host + ":" + port + " blacklisted");
+ // System.out.println("Security check: " + host + ":" + port + " blacklisted");
return false;
}
}
}
- Logger.debug("Security check: " + host + ":" + port + " allowed");
+ // System.out.println("Security check: " + host + ":" + port + " allowed");
return true;
}
else {
String localhost = getLocalhostName();
if (host.equalsIgnoreCase(localhost) || host.equalsIgnoreCase("localhost") || host.equalsIgnoreCase("127.0.0.1") ) {
- Logger.debug("Security check: localhost name allowed");
+ // System.out.println("Security check: localhost name allowed");
return true;
}
- Logger.debug("Security check: " + host + ":" + port + " not allowed (external URIs not allowed)");
+ // System.out.println("Security check: " + host + ":" + port + " not allowed (external URIs not allowed)");
return false;
}
}
@@ -99,7 +99,7 @@ public class MOASecurityManagerExtended extends SecurityManager {
}
catch (UnknownHostException e) {
- Logger.debug("UnknownHostExeption: Returns \"localhost\" as name for localhost");
+ // System.out.println("UnknownHostExeption: Returns \"localhost\" as name for localhost");
return "localhost";
}
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerSimple.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/MOASecurityManagerSimple.java
index 361a75e4c..530a27a48 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerSimple.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/MOASecurityManagerSimple.java
@@ -1,4 +1,5 @@
-package at.gv.egovernment.moa.spss;
+package at.gv.egovernment.moa.spss.server;
+
import java.io.FileDescriptor;
import java.net.InetAddress;
@@ -7,8 +8,6 @@ import java.security.Permission;
import java.util.Iterator;
import java.util.List;
-import at.gv.egovernment.moa.logging.Logger;
-
public class MOASecurityManagerSimple extends SecurityManager {
private List blacklist;
@@ -25,13 +24,12 @@ public class MOASecurityManagerSimple extends SecurityManager {
*/
public void checkConnect(String host, int port, Object context) {
- //Logger.debug("checkConnect: " + host + ":" + port);
if (!checkURI(host, port))
throw new SecurityException("URI not allowed (blacklisted or external URIs generally not allowed");
}
public void checkConnect(String host, int port) {
- //Logger.debug("checkConnect: " + host + ":" + port);
+ // System.out.println("checkConnect: " + host + ":" + port);
if (!checkURI(host, port))
throw new SecurityException("URI not allowed (blacklisted or external URIs generally not allowed");
}
@@ -46,7 +44,7 @@ public class MOASecurityManagerSimple extends SecurityManager {
if (bport == null) {
// check only host
if (bhost.equalsIgnoreCase(host)) {
- //Logger.debug("Security check: " + host + " blacklisted");
+ // System.out.println("Security check: " + host + " blacklisted");
return false;
}
}
@@ -54,24 +52,24 @@ public class MOASecurityManagerSimple extends SecurityManager {
// check host and port
int iport = new Integer(bport).intValue();
if (bhost.equalsIgnoreCase(host) && (iport == port)) {
- //Logger.debug("Security check: " + host + ":" + port + " blacklisted");
+ // System.out.println("Security check: " + host + ":" + port + " blacklisted");
return false;
}
}
}
- //Logger.debug("Security check: " + host + ":" + port + " allowed");
+ // System.out.println("Security check: " + host + ":" + port + " allowed");
return true;
}
else {
String localhost = getLocalhostName();
if (host.equalsIgnoreCase(localhost) || host.equalsIgnoreCase("localhost") || host.equalsIgnoreCase("127.0.0.1") ) {
- //Logger.debug("Security check: localhost name allowed");
+ // System.out.println("Security check: localhost name allowed");
return true;
}
- //Logger.debug("Security check: " + host + ":" + port + " not allowed (external URIs not allowed)");
+ // System.out.println("Security check: " + host + ":" + port + " not allowed (external URIs not allowed)");
return false;
}
}
@@ -93,7 +91,7 @@ public class MOASecurityManagerSimple extends SecurityManager {
}
catch (UnknownHostException e) {
- //Logger.debug("UnknownHostExeption: Returns \"localhost\" as name for localhost");
+ // System.out.println("UnknownHostExeption: Returns \"localhost\" as name for localhost");
return "localhost";
}
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 9e0a7fd53..bcd9416b8 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -48,8 +48,8 @@ import org.w3c.dom.Element;
import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.spss.MOASecurityManagerExtended;
-import at.gv.egovernment.moa.spss.MOASecurityManagerSimple;
+import at.gv.egovernment.moa.spss.server.MOASecurityManagerExtended;
+import at.gv.egovernment.moa.spss.server.MOASecurityManagerSimple;
import at.gv.egovernment.moa.spss.util.MessageProvider;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -386,29 +386,30 @@ public class ConfigurationProvider
// set SecurityManager for permitting/disallowing external URIs
SecurityManager sm = System.getSecurityManager();
+
if (sm == null) {
// no security manager exists - create a new one
- //Logger.debug(new LogMsg("Create new MOASecurityManagerSimple"));
+ Logger.debug(new LogMsg("Create new MOASecurityManagerSimple"));
sm = new MOASecurityManagerSimple(allowExternalUris_, blackListedUris_);
- //Logger.debug(new LogMsg("Set the new MOASecurityManagerSimple"));
+ Logger.debug(new LogMsg("Set the new MOASecurityManagerSimple"));
System.setSecurityManager(sm);
}
else {
String classname = sm.getClass().getName();
- if (!classname.equalsIgnoreCase("at.gv.egovernment.moa.spss.MOASecurityManagerSimple") &&
- !classname.equalsIgnoreCase("at.gv.egovernment.moa.spss.MOASecurityManagerExtended")) {
+ if (!classname.equalsIgnoreCase("at.gv.egovernment.moa.spss.server.MOASecurityManagerSimple") &&
+ !classname.equalsIgnoreCase("at.gv.egovernment.moa.spss.server.MOASecurityManagerExtended")) {
// if SecurityManager is not already a MOASecurityManager
- // Logger.debug(new LogMsg("Create new MOASecurityManagerExtended (including existing SecurityManager)"));
+ Logger.debug(new LogMsg("Create new MOASecurityManagerExtended (including existing SecurityManager)"));
sm = new MOASecurityManagerExtended(allowExternalUris_, blackListedUris_);
- //Logger.debug(new LogMsg("Set the new MOASecurityManagerSimple"));
+ Logger.debug(new LogMsg("Set the new MOASecurityManagerSimple"));
System.setSecurityManager(sm);
}
- //Logger.debug(new LogMsg("No new MOASecurityManager instantiated"));
+ Logger.debug(new LogMsg("No new MOASecurityManager instantiated"));
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index a57c807a1..a123dd4fc 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -212,6 +212,10 @@ public class XMLSignatureVerificationInvoker {
module.setLog(new IaikLog(loggingCtx.getNodeID()));
+ //@TODO
+ SecurityManager sm = System.getSecurityManager();
+ System.setSecurityManager(null);
+
result =
module.verifySignature(
xmlSignature,
@@ -219,6 +223,9 @@ public class XMLSignatureVerificationInvoker {
profile,
signingTime,
new TransactionId(context.getTransactionID()));
+
+ //@TODO
+ System.setSecurityManager(sm);
} catch (IAIKException e) {
MOAException moaException = IaikExceptionMapper.getInstance().map(e);
throw moaException;