diff options
Diffstat (limited to 'spss/server/serverlib/src/main/java')
-rw-r--r-- | spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/MOASecurityManagerExtended.java (renamed from spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerExtended.java) | 22 | ||||
-rw-r--r-- | spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/MOASecurityManagerSimple.java (renamed from spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerSimple.java) | 20 | ||||
-rw-r--r-- | spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java | 19 | ||||
-rw-r--r-- | spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java | 7 |
4 files changed, 37 insertions, 31 deletions
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerExtended.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/MOASecurityManagerExtended.java index ab9c01daa..42ee621e6 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerExtended.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/MOASecurityManagerExtended.java @@ -1,4 +1,4 @@ -package at.gv.egovernment.moa.spss;
+package at.gv.egovernment.moa.spss.server;
import java.net.InetAddress;
import java.net.UnknownHostException;
@@ -24,21 +24,21 @@ public class MOASecurityManagerExtended extends SecurityManager { */
public void checkConnect(String host, int port, Object context) {
- Logger.debug("checkConnect: " + host + ":" + port);
+ // System.out.println("checkConnect: " + host + ":" + port);
if (!checkURI(host, port))
throw new SecurityException("URI not allowed (blacklisted or external URIs generally not allowed");
else {
- Logger.debug("Perform checkConnect of given SecurityManager");
+ // System.out.println("Perform checkConnect of given SecurityManager");
super.checkConnect(host, port, context);
}
}
public void checkConnect(String host, int port) {
- Logger.debug("checkConnect: " + host + ":" + port);
+ // System.out.println("checkConnect: " + host + ":" + port);
if (!checkURI(host, port))
throw new SecurityException("URI not allowed (blacklisted or external URIs generally not allowed");
else {
- Logger.debug("Perform checkConnect of given SecurityManager");
+ // System.out.println("Perform checkConnect of given SecurityManager");
super.checkConnect(host, port);
}
}
@@ -53,7 +53,7 @@ public class MOASecurityManagerExtended extends SecurityManager { if (bport == null) {
// check only host
if (bhost.equalsIgnoreCase(host)) {
- Logger.debug("Security check: " + host + " blacklisted");
+ // System.out.println("Security check: " + host + " blacklisted");
return false;
}
}
@@ -61,24 +61,24 @@ public class MOASecurityManagerExtended extends SecurityManager { // check host and port
int iport = new Integer(bport).intValue();
if (bhost.equalsIgnoreCase(host) && (iport == port)) {
- Logger.debug("Security check: " + host + ":" + port + " blacklisted");
+ // System.out.println("Security check: " + host + ":" + port + " blacklisted");
return false;
}
}
}
- Logger.debug("Security check: " + host + ":" + port + " allowed");
+ // System.out.println("Security check: " + host + ":" + port + " allowed");
return true;
}
else {
String localhost = getLocalhostName();
if (host.equalsIgnoreCase(localhost) || host.equalsIgnoreCase("localhost") || host.equalsIgnoreCase("127.0.0.1") ) {
- Logger.debug("Security check: localhost name allowed");
+ // System.out.println("Security check: localhost name allowed");
return true;
}
- Logger.debug("Security check: " + host + ":" + port + " not allowed (external URIs not allowed)");
+ // System.out.println("Security check: " + host + ":" + port + " not allowed (external URIs not allowed)");
return false;
}
}
@@ -99,7 +99,7 @@ public class MOASecurityManagerExtended extends SecurityManager { }
catch (UnknownHostException e) {
- Logger.debug("UnknownHostExeption: Returns \"localhost\" as name for localhost");
+ // System.out.println("UnknownHostExeption: Returns \"localhost\" as name for localhost");
return "localhost";
}
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerSimple.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/MOASecurityManagerSimple.java index 361a75e4c..530a27a48 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/MOASecurityManagerSimple.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/MOASecurityManagerSimple.java @@ -1,4 +1,5 @@ -package at.gv.egovernment.moa.spss;
+package at.gv.egovernment.moa.spss.server;
+
import java.io.FileDescriptor;
import java.net.InetAddress;
@@ -7,8 +8,6 @@ import java.security.Permission; import java.util.Iterator;
import java.util.List;
-import at.gv.egovernment.moa.logging.Logger;
-
public class MOASecurityManagerSimple extends SecurityManager {
private List blacklist;
@@ -25,13 +24,12 @@ public class MOASecurityManagerSimple extends SecurityManager { */
public void checkConnect(String host, int port, Object context) {
- //Logger.debug("checkConnect: " + host + ":" + port);
if (!checkURI(host, port))
throw new SecurityException("URI not allowed (blacklisted or external URIs generally not allowed");
}
public void checkConnect(String host, int port) {
- //Logger.debug("checkConnect: " + host + ":" + port);
+ // System.out.println("checkConnect: " + host + ":" + port);
if (!checkURI(host, port))
throw new SecurityException("URI not allowed (blacklisted or external URIs generally not allowed");
}
@@ -46,7 +44,7 @@ public class MOASecurityManagerSimple extends SecurityManager { if (bport == null) {
// check only host
if (bhost.equalsIgnoreCase(host)) {
- //Logger.debug("Security check: " + host + " blacklisted");
+ // System.out.println("Security check: " + host + " blacklisted");
return false;
}
}
@@ -54,24 +52,24 @@ public class MOASecurityManagerSimple extends SecurityManager { // check host and port
int iport = new Integer(bport).intValue();
if (bhost.equalsIgnoreCase(host) && (iport == port)) {
- //Logger.debug("Security check: " + host + ":" + port + " blacklisted");
+ // System.out.println("Security check: " + host + ":" + port + " blacklisted");
return false;
}
}
}
- //Logger.debug("Security check: " + host + ":" + port + " allowed");
+ // System.out.println("Security check: " + host + ":" + port + " allowed");
return true;
}
else {
String localhost = getLocalhostName();
if (host.equalsIgnoreCase(localhost) || host.equalsIgnoreCase("localhost") || host.equalsIgnoreCase("127.0.0.1") ) {
- //Logger.debug("Security check: localhost name allowed");
+ // System.out.println("Security check: localhost name allowed");
return true;
}
- //Logger.debug("Security check: " + host + ":" + port + " not allowed (external URIs not allowed)");
+ // System.out.println("Security check: " + host + ":" + port + " not allowed (external URIs not allowed)");
return false;
}
}
@@ -93,7 +91,7 @@ public class MOASecurityManagerSimple extends SecurityManager { }
catch (UnknownHostException e) {
- //Logger.debug("UnknownHostExeption: Returns \"localhost\" as name for localhost");
+ // System.out.println("UnknownHostExeption: Returns \"localhost\" as name for localhost");
return "localhost";
}
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java index 9e0a7fd53..bcd9416b8 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -48,8 +48,8 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.spss.MOASecurityManagerExtended; -import at.gv.egovernment.moa.spss.MOASecurityManagerSimple; +import at.gv.egovernment.moa.spss.server.MOASecurityManagerExtended; +import at.gv.egovernment.moa.spss.server.MOASecurityManagerSimple; import at.gv.egovernment.moa.spss.util.MessageProvider; import at.gv.egovernment.moa.util.DOMUtils; @@ -386,29 +386,30 @@ public class ConfigurationProvider // set SecurityManager for permitting/disallowing external URIs SecurityManager sm = System.getSecurityManager(); + if (sm == null) { // no security manager exists - create a new one - //Logger.debug(new LogMsg("Create new MOASecurityManagerSimple")); + Logger.debug(new LogMsg("Create new MOASecurityManagerSimple")); sm = new MOASecurityManagerSimple(allowExternalUris_, blackListedUris_); - //Logger.debug(new LogMsg("Set the new MOASecurityManagerSimple")); + Logger.debug(new LogMsg("Set the new MOASecurityManagerSimple")); System.setSecurityManager(sm); } else { String classname = sm.getClass().getName(); - if (!classname.equalsIgnoreCase("at.gv.egovernment.moa.spss.MOASecurityManagerSimple") && - !classname.equalsIgnoreCase("at.gv.egovernment.moa.spss.MOASecurityManagerExtended")) { + if (!classname.equalsIgnoreCase("at.gv.egovernment.moa.spss.server.MOASecurityManagerSimple") && + !classname.equalsIgnoreCase("at.gv.egovernment.moa.spss.server.MOASecurityManagerExtended")) { // if SecurityManager is not already a MOASecurityManager - // Logger.debug(new LogMsg("Create new MOASecurityManagerExtended (including existing SecurityManager)")); + Logger.debug(new LogMsg("Create new MOASecurityManagerExtended (including existing SecurityManager)")); sm = new MOASecurityManagerExtended(allowExternalUris_, blackListedUris_); - //Logger.debug(new LogMsg("Set the new MOASecurityManagerSimple")); + Logger.debug(new LogMsg("Set the new MOASecurityManagerSimple")); System.setSecurityManager(sm); } - //Logger.debug(new LogMsg("No new MOASecurityManager instantiated")); + Logger.debug(new LogMsg("No new MOASecurityManager instantiated")); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index a57c807a1..a123dd4fc 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -212,6 +212,10 @@ public class XMLSignatureVerificationInvoker { module.setLog(new IaikLog(loggingCtx.getNodeID())); + //@TODO + SecurityManager sm = System.getSecurityManager(); + System.setSecurityManager(null); + result = module.verifySignature( xmlSignature, @@ -219,6 +223,9 @@ public class XMLSignatureVerificationInvoker { profile, signingTime, new TransactionId(context.getTransactionID())); + + //@TODO + System.setSecurityManager(sm); } catch (IAIKException e) { MOAException moaException = IaikExceptionMapper.getInstance().map(e); throw moaException; |