From 4af6912e43237c3678f05e30c69385481f42ae76 Mon Sep 17 00:00:00 2001 From: clemenso Date: Tue, 12 May 2009 14:46:41 +0000 Subject: bku web start git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@354 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../java/at/gv/egiz/bku/webstart/Container.java | 86 ++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java (limited to 'BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java') diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java new file mode 100644 index 00000000..ef12e4fd --- /dev/null +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -0,0 +1,86 @@ +package at.gv.egiz.bku.webstart; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.mortbay.jetty.Connector; +import org.mortbay.jetty.Handler; +import org.mortbay.jetty.Server; +import org.mortbay.jetty.handler.DefaultHandler; +import org.mortbay.jetty.handler.HandlerCollection; +import org.mortbay.jetty.nio.SelectChannelConnector; +import org.mortbay.jetty.security.SslSocketConnector; +import org.mortbay.jetty.webapp.WebAppContext; +import org.mortbay.thread.QueuedThreadPool; + +public class Container { + + public static final String HTTP_PORT = "mocca.http.port"; + public static final String HTTPS_PORT = "mocca.http.port"; + + private static Log log = LogFactory.getLog(Container.class); + + private Server server; + + public Container() { + } + + public void init() { + server = new Server(); + QueuedThreadPool qtp = new QueuedThreadPool(); + qtp.setMaxThreads(5); + qtp.setMinThreads(2); + qtp.setLowThreads(0); + server.setThreadPool(qtp); + server.setStopAtShutdown(true); + server.setGracefulShutdown(3000); + + SelectChannelConnector connector = new SelectChannelConnector(); + connector.setPort(Integer.getInteger(HTTP_PORT, 3495).intValue()); + connector.setAcceptors(1); + connector.setConfidentialPort(Integer.getInteger(HTTPS_PORT, 3496).intValue()); + + SslSocketConnector sslConnector = new SslSocketConnector(); + sslConnector.setPort(Integer.getInteger(HTTPS_PORT, 3496).intValue()); + sslConnector.setAcceptors(1); + sslConnector.setKeystore(System.getProperty("user.home") + + "/.mocca/conf/keystore/keystore.ks"); + sslConnector.setPassword("changeMe"); + sslConnector.setKeyPassword("changeMe"); + + server.setConnectors(new Connector[] { connector, sslConnector }); + +// HandlerCollection handlers = new HandlerCollection(); + WebAppContext webapp = new WebAppContext(); + webapp.setContextPath("/"); + webapp.setExtractWAR(true); //false + webapp.setParentLoaderPriority(false); + +// webappcontext.setWar("BKULocal-1.0.4-SNAPSHOT.war"); + webapp.setWar(getClass().getClassLoader().getResource("BKULocalWar/").toString()); + +// handlers.setHandlers(new Handler[] { webappcontext, new DefaultHandler() }); + + server.setHandler(webapp); + server.setGracefulShutdown(1000*3); + } + + public void start() throws Exception { + server.start(); + } + + public boolean isRunning() { + return server.isRunning(); + } + + public void stop() throws Exception { + server.stop(); + } + + public void destroy() { + server.destroy(); + } + + public void join() throws InterruptedException { + server.join(); + } +} \ No newline at end of file -- cgit v1.2.3 From 61366ba8efcc0cf3d36438e9ee26228e7bc66174 Mon Sep 17 00:00:00 2001 From: clemenso Date: Fri, 12 Jun 2009 12:42:05 +0000 Subject: BKU Web Start git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@361 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../java/at/gv/egiz/bku/webstart/Container.java | 60 ++++++++++++++++------ 1 file changed, 43 insertions(+), 17 deletions(-) (limited to 'BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java') diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java index ef12e4fd..0cd3e633 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -1,5 +1,15 @@ package at.gv.egiz.bku.webstart; +import at.gv.egiz.bku.utils.StreamUtil; +import java.io.BufferedOutputStream; +import java.io.BufferedReader; +import java.io.File; +import java.io.FileNotFoundException; +import java.io.FileOutputStream; +import java.io.FileReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.mortbay.jetty.Connector; @@ -14,8 +24,8 @@ import org.mortbay.thread.QueuedThreadPool; public class Container { - public static final String HTTP_PORT = "mocca.http.port"; - public static final String HTTPS_PORT = "mocca.http.port"; + public static final String HTTP_PORT_PROPERTY = "mocca.http.port"; + public static final String HTTPS_PORT_PROPERTY = "mocca.http.port"; private static Log log = LogFactory.getLog(Container.class); @@ -24,7 +34,7 @@ public class Container { public Container() { } - public void init() { + public void init() throws IOException { server = new Server(); QueuedThreadPool qtp = new QueuedThreadPool(); qtp.setMaxThreads(5); @@ -35,35 +45,51 @@ public class Container { server.setGracefulShutdown(3000); SelectChannelConnector connector = new SelectChannelConnector(); - connector.setPort(Integer.getInteger(HTTP_PORT, 3495).intValue()); + connector.setPort(Integer.getInteger(HTTP_PORT_PROPERTY, 3495).intValue()); connector.setAcceptors(1); - connector.setConfidentialPort(Integer.getInteger(HTTPS_PORT, 3496).intValue()); + connector.setConfidentialPort(Integer.getInteger(HTTPS_PORT_PROPERTY, 3496).intValue()); + connector.setHost("127.0.0.1"); SslSocketConnector sslConnector = new SslSocketConnector(); - sslConnector.setPort(Integer.getInteger(HTTPS_PORT, 3496).intValue()); + sslConnector.setPort(Integer.getInteger(HTTPS_PORT_PROPERTY, 3496).intValue()); sslConnector.setAcceptors(1); - sslConnector.setKeystore(System.getProperty("user.home") - + "/.mocca/conf/keystore/keystore.ks"); - sslConnector.setPassword("changeMe"); - sslConnector.setKeyPassword("changeMe"); + sslConnector.setHost("127.0.0.1"); + File configDir = new File(System.getProperty("user.home") + "/" + BKULauncher.CONFIG_DIR); + sslConnector.setKeystore(configDir.getPath() + "/" + BKULauncher.KEYSTORE_FILE); + File passwdFile = new File(configDir, BKULauncher.PASSWD_FILE); + BufferedReader reader = new BufferedReader(new FileReader(passwdFile)); + String pwd; + while ((pwd = reader.readLine()) != null) { + sslConnector.setPassword(pwd); + sslConnector.setKeyPassword(pwd); + } + reader.close(); server.setConnectors(new Connector[] { connector, sslConnector }); -// HandlerCollection handlers = new HandlerCollection(); WebAppContext webapp = new WebAppContext(); + webapp.setLogUrlOnStart(true); webapp.setContextPath("/"); - webapp.setExtractWAR(true); //false - webapp.setParentLoaderPriority(false); + webapp.setExtractWAR(true); + webapp.setParentLoaderPriority(false); //true); -// webappcontext.setWar("BKULocal-1.0.4-SNAPSHOT.war"); - webapp.setWar(getClass().getClassLoader().getResource("BKULocalWar/").toString()); - -// handlers.setHandlers(new Handler[] { webappcontext, new DefaultHandler() }); + webapp.setWar(copyWebapp(webapp.getTempDirectory())); //getClass().getClassLoader().getResource("BKULocalWar/").toString()); server.setHandler(webapp); server.setGracefulShutdown(1000*3); } + + private String copyWebapp(File webappDir) throws IOException { + File webapp = new File(webappDir, "BKULocal.war"); + log.debug("copying BKULocal classpath resource to " + webapp); + InputStream is = getClass().getClassLoader().getResourceAsStream("BKULocal.war"); + OutputStream os = new BufferedOutputStream(new FileOutputStream(webapp)); + StreamUtil.copyStream(is, os); + os.close(); + return webapp.getPath(); + } + public void start() throws Exception { server.start(); } -- cgit v1.2.3 From 69e0dbee3567fc3a710d7bffad4d03e64edd7daa Mon Sep 17 00:00:00 2001 From: clemenso Date: Thu, 25 Jun 2009 12:07:39 +0000 Subject: TLS CipherSuites (FF XP) git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@375 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../java/at/gv/egiz/bku/webstart/Container.java | 47 +++++++++++++++++++++- 1 file changed, 45 insertions(+), 2 deletions(-) (limited to 'BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java') diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java index 0cd3e633..89044486 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -35,6 +35,7 @@ public class Container { } public void init() throws IOException { +// System.setProperty("DEBUG", "true"); server = new Server(); QueuedThreadPool qtp = new QueuedThreadPool(); qtp.setMaxThreads(5); @@ -55,7 +56,13 @@ public class Container { sslConnector.setAcceptors(1); sslConnector.setHost("127.0.0.1"); File configDir = new File(System.getProperty("user.home") + "/" + BKULauncher.CONFIG_DIR); - sslConnector.setKeystore(configDir.getPath() + "/" + BKULauncher.KEYSTORE_FILE); + File keystoreFile = new File(configDir, BKULauncher.KEYSTORE_FILE); + if (!keystoreFile.canRead()) { + log.error("MOCCA keystore file not readable: " + keystoreFile.getAbsolutePath()); + throw new FileNotFoundException("MOCCA keystore file not readable: " + keystoreFile.getAbsolutePath()); + } + log.debug("loading MOCCA keystore from " + keystoreFile.getAbsolutePath()); + sslConnector.setKeystore(keystoreFile.getAbsolutePath()); File passwdFile = new File(configDir, BKULauncher.PASSWD_FILE); BufferedReader reader = new BufferedReader(new FileReader(passwdFile)); String pwd; @@ -64,6 +71,42 @@ public class Container { sslConnector.setKeyPassword(pwd); } reader.close(); + + //avoid jetty's ClassCastException: iaik.security.ecc.ecdsa.ECPublicKey cannot be cast to java.security.interfaces.ECPublicKey + String[] RFC4492CipherSuites = new String[] { + "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + + "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + + "TLS_ECDH_RSA_WITH_NULL_SHA", + "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + + "TLS_ECDHE_RSA_WITH_NULL_SHA", + "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + + "TLS_ECDH_anon_WITH_NULL_SHA", + "TLS_ECDH_anon_WITH_RC4_128_SHA", + "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" + }; + + sslConnector.setExcludeCipherSuites(RFC4492CipherSuites); + server.setConnectors(new Connector[] { connector, sslConnector }); @@ -71,7 +114,7 @@ public class Container { webapp.setLogUrlOnStart(true); webapp.setContextPath("/"); webapp.setExtractWAR(true); - webapp.setParentLoaderPriority(false); //true); + webapp.setParentLoaderPriority(false); webapp.setWar(copyWebapp(webapp.getTempDirectory())); //getClass().getClassLoader().getResource("BKULocalWar/").toString()); -- cgit v1.2.3 From 79016a7b2f9d89e52e991b0abdfc73ad24e60979 Mon Sep 17 00:00:00 2001 From: clemenso Date: Thu, 13 Aug 2009 09:19:28 +0000 Subject: [#433] update BKU Web Start CertStore WebStart configuration refactored git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@423 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../java/at/gv/egiz/bku/webstart/Container.java | 75 ++++++++++++++++++---- 1 file changed, 62 insertions(+), 13 deletions(-) (limited to 'BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java') diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java index 89044486..4df90ab2 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -1,22 +1,28 @@ package at.gv.egiz.bku.webstart; import at.gv.egiz.bku.utils.StreamUtil; +import java.awt.AWTPermission; import java.io.BufferedOutputStream; import java.io.BufferedReader; import java.io.File; import java.io.FileNotFoundException; import java.io.FileOutputStream; +import java.io.FilePermission; import java.io.FileReader; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; +import java.lang.reflect.ReflectPermission; +import java.net.NetPermission; +import java.net.SocketPermission; +import java.security.Permissions; +import java.security.SecurityPermission; +import java.util.PropertyPermission; +import javax.smartcardio.CardPermission; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.mortbay.jetty.Connector; -import org.mortbay.jetty.Handler; import org.mortbay.jetty.Server; -import org.mortbay.jetty.handler.DefaultHandler; -import org.mortbay.jetty.handler.HandlerCollection; import org.mortbay.jetty.nio.SelectChannelConnector; import org.mortbay.jetty.security.SslSocketConnector; import org.mortbay.jetty.webapp.WebAppContext; @@ -28,12 +34,18 @@ public class Container { public static final String HTTPS_PORT_PROPERTY = "mocca.http.port"; private static Log log = LogFactory.getLog(Container.class); + static { + if (log.isDebugEnabled()) { + //Jetty log INFO and WARN, include ignored exceptions + //jetty logging may be further restricted by setting level in log4j.properties + System.setProperty("VERBOSE", "true"); + //do not set Jetty DEBUG logging, produces loads of output + //System.setProperty("DEBUG", "true"); + } + } private Server server; - public Container() { - } - public void init() throws IOException { // System.setProperty("DEBUG", "true"); server = new Server(); @@ -55,15 +67,15 @@ public class Container { sslConnector.setPort(Integer.getInteger(HTTPS_PORT_PROPERTY, 3496).intValue()); sslConnector.setAcceptors(1); sslConnector.setHost("127.0.0.1"); - File configDir = new File(System.getProperty("user.home") + "/" + BKULauncher.CONFIG_DIR); - File keystoreFile = new File(configDir, BKULauncher.KEYSTORE_FILE); + File configDir = new File(System.getProperty("user.home") + "/" + Configurator.CONFIG_DIR); + File keystoreFile = new File(configDir, Configurator.KEYSTORE_FILE); if (!keystoreFile.canRead()) { log.error("MOCCA keystore file not readable: " + keystoreFile.getAbsolutePath()); throw new FileNotFoundException("MOCCA keystore file not readable: " + keystoreFile.getAbsolutePath()); } log.debug("loading MOCCA keystore from " + keystoreFile.getAbsolutePath()); sslConnector.setKeystore(keystoreFile.getAbsolutePath()); - File passwdFile = new File(configDir, BKULauncher.PASSWD_FILE); + File passwdFile = new File(configDir, Configurator.PASSWD_FILE); BufferedReader reader = new BufferedReader(new FileReader(passwdFile)); String pwd; while ((pwd = reader.readLine()) != null) { @@ -107,7 +119,6 @@ public class Container { sslConnector.setExcludeCipherSuites(RFC4492CipherSuites); - server.setConnectors(new Connector[] { connector, sslConnector }); WebAppContext webapp = new WebAppContext(); @@ -116,13 +127,13 @@ public class Container { webapp.setExtractWAR(true); webapp.setParentLoaderPriority(false); - webapp.setWar(copyWebapp(webapp.getTempDirectory())); //getClass().getClassLoader().getResource("BKULocalWar/").toString()); - + webapp.setWar(copyWebapp(webapp.getTempDirectory())); + webapp.setPermissions(getPermissions(webapp.getTempDirectory())); + server.setHandler(webapp); server.setGracefulShutdown(1000*3); } - private String copyWebapp(File webappDir) throws IOException { File webapp = new File(webappDir, "BKULocal.war"); log.debug("copying BKULocal classpath resource to " + webapp); @@ -133,6 +144,44 @@ public class Container { return webapp.getPath(); } + private Permissions getPermissions(File webappDir) { + Permissions perms = new Permissions(); + + // jetty-webstart (spring?) + perms.add(new RuntimePermission("getClassLoader")); + + // standard permissions + perms.add(new PropertyPermission("*", "read")); + perms.add(new RuntimePermission("accessDeclaredMembers")); + perms.add(new RuntimePermission("accessClassInPackage.*")); + perms.add(new RuntimePermission("defineClassInPackage.*")); + perms.add(new RuntimePermission("setFactory")); + perms.add(new RuntimePermission("getProtectionDomain")); + perms.add(new RuntimePermission("modifyThread")); + perms.add(new RuntimePermission("modifyThreadGroup")); + perms.add(new RuntimePermission("setFactory")); + perms.add(new ReflectPermission("suppressAccessChecks")); + + // MOCCA specific + perms.add(new SocketPermission("*", "connect,resolve")); + perms.add(new NetPermission("specifyStreamHandler")); + perms.add(new SecurityPermission("insertProvider.*")); + perms.add(new SecurityPermission("putProviderProperty.*")); + perms.add(new SecurityPermission("removeProvider.*")); + perms.add(new CardPermission("*", "*")); + perms.add(new AWTPermission("*")); + + perms.add(new FilePermission(webappDir.getAbsolutePath() + "/-", "read")); + perms.add(new FilePermission(new File(System.getProperty("java.home") + "/lib/xalan.properties").getAbsolutePath(), "read")); + perms.add(new FilePermission(new File(System.getProperty("java.home") + "/lib/xerces.properties").getAbsolutePath(), "read")); + perms.add(new FilePermission(new File(System.getProperty("user.home")).getAbsolutePath(), "read, write")); + perms.add(new FilePermission(new File(System.getProperty("user.home") + "/-").getAbsolutePath(), "read, write")); + perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/logs/*").getAbsolutePath(), "read, write,delete")); + + + return perms; + } + public void start() throws Exception { server.start(); } -- cgit v1.2.3 From a8e021a5b4450e117b76d9f6cc69bd24cd1dd5d3 Mon Sep 17 00:00:00 2001 From: clemenso Date: Fri, 14 Aug 2009 10:55:59 +0000 Subject: fixed updateRequired function git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@434 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java') diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java index 4df90ab2..a2947833 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -177,7 +177,11 @@ public class Container { perms.add(new FilePermission(new File(System.getProperty("user.home")).getAbsolutePath(), "read, write")); perms.add(new FilePermission(new File(System.getProperty("user.home") + "/-").getAbsolutePath(), "read, write")); perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/logs/*").getAbsolutePath(), "read, write,delete")); + perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/certs/-").getAbsolutePath(), "read, write,delete")); + //TODO + log.trace("granting file read/write permission to MOCCA local"); + perms.add(new FilePermission("<>", "read, write")); return perms; } -- cgit v1.2.3 From df55caa03b0111d81b44762936462ca29d229c7e Mon Sep 17 00:00:00 2001 From: clemenso Date: Fri, 14 Aug 2009 10:59:28 +0000 Subject: <> git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@435 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java') diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java index a2947833..4ae3b060 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -181,7 +181,7 @@ public class Container { //TODO log.trace("granting file read/write permission to MOCCA local"); - perms.add(new FilePermission("<>", "read, write")); + perms.add(new FilePermission("<>", "read, write")); return perms; } -- cgit v1.2.3 From e72c9994054446f38c5bc53d7da573e366f57963 Mon Sep 17 00:00:00 2001 From: clemenso Date: Wed, 19 Aug 2009 13:43:02 +0000 Subject: make "include-webstart" profile default (added "local-webstart" for development) updateRequired (versioning) bug fixed AboutDialog Branding (removed MOCCA/Bean) git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@444 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java') diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java index 4ae3b060..08a0808a 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -151,7 +151,7 @@ public class Container { perms.add(new RuntimePermission("getClassLoader")); // standard permissions - perms.add(new PropertyPermission("*", "read")); + perms.add(new PropertyPermission("*", "read,write")); perms.add(new RuntimePermission("accessDeclaredMembers")); perms.add(new RuntimePermission("accessClassInPackage.*")); perms.add(new RuntimePermission("defineClassInPackage.*")); -- cgit v1.2.3 From 145003155c05e915b900989a27cef1271398164b Mon Sep 17 00:00:00 2001 From: clemenso Date: Wed, 26 Aug 2009 17:31:32 +0000 Subject: MOCCA TLS Server CA cert installation servlet removed help.jsp (and jsp dependencies in jetty) moved html pages to src/main/webapp (encoding problem?) switch to BASIC download protocol in BKUWebStart (no jnlpDownloadServlet required, see template.xml) git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@474 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../java/at/gv/egiz/bku/webstart/Container.java | 210 +++++++++++++-------- 1 file changed, 128 insertions(+), 82 deletions(-) (limited to 'BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java') diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java index 08a0808a..3bf74d3c 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -2,9 +2,11 @@ package at.gv.egiz.bku.webstart; import at.gv.egiz.bku.utils.StreamUtil; import java.awt.AWTPermission; +import java.io.BufferedInputStream; import java.io.BufferedOutputStream; import java.io.BufferedReader; import java.io.File; +import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.FilePermission; @@ -15,8 +17,12 @@ import java.io.OutputStream; import java.lang.reflect.ReflectPermission; import java.net.NetPermission; import java.net.SocketPermission; +import java.security.AllPermission; +import java.security.KeyStore; import java.security.Permissions; import java.security.SecurityPermission; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; import java.util.PropertyPermission; import javax.smartcardio.CardPermission; import org.apache.commons.logging.Log; @@ -32,8 +38,9 @@ public class Container { public static final String HTTP_PORT_PROPERTY = "mocca.http.port"; public static final String HTTPS_PORT_PROPERTY = "mocca.http.port"; - + public static final String SERVER_CA_CERTIFICATE_ATTRIBUTE = "mocca.tls.server.ca.certificate"; private static Log log = LogFactory.getLog(Container.class); + static { if (log.isDebugEnabled()) { //Jetty log INFO and WARN, include ignored exceptions @@ -43,7 +50,6 @@ public class Container { //System.setProperty("DEBUG", "true"); } } - private Server server; public void init() throws IOException { @@ -75,63 +81,98 @@ public class Container { } log.debug("loading MOCCA keystore from " + keystoreFile.getAbsolutePath()); sslConnector.setKeystore(keystoreFile.getAbsolutePath()); - File passwdFile = new File(configDir, Configurator.PASSWD_FILE); - BufferedReader reader = new BufferedReader(new FileReader(passwdFile)); - String pwd; - while ((pwd = reader.readLine()) != null) { - sslConnector.setPassword(pwd); - sslConnector.setKeyPassword(pwd); - } - reader.close(); - + String passwd = readPassword(new File(configDir, Configurator.PASSWD_FILE)); + sslConnector.setPassword(passwd); + sslConnector.setKeyPassword(passwd); + //avoid jetty's ClassCastException: iaik.security.ecc.ecdsa.ECPublicKey cannot be cast to java.security.interfaces.ECPublicKey - String[] RFC4492CipherSuites = new String[] { + String[] RFC4492CipherSuites = new String[]{ "TLS_ECDH_ECDSA_WITH_NULL_SHA", - "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", - - "TLS_ECDHE_ECDSA_WITH_NULL_SHA", - "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", - - "TLS_ECDH_RSA_WITH_NULL_SHA", - "TLS_ECDH_RSA_WITH_RC4_128_SHA", - "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", - - "TLS_ECDHE_RSA_WITH_NULL_SHA", - "TLS_ECDHE_RSA_WITH_RC4_128_SHA", - "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", - - "TLS_ECDH_anon_WITH_NULL_SHA", - "TLS_ECDH_anon_WITH_RC4_128_SHA", - "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", - "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", - "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" + "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "TLS_ECDH_RSA_WITH_NULL_SHA", + "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "TLS_ECDHE_RSA_WITH_NULL_SHA", + "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "TLS_ECDH_anon_WITH_NULL_SHA", + "TLS_ECDH_anon_WITH_RC4_128_SHA", + "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" }; sslConnector.setExcludeCipherSuites(RFC4492CipherSuites); - server.setConnectors(new Connector[] { connector, sslConnector }); - + server.setConnectors(new Connector[]{connector, sslConnector}); + WebAppContext webapp = new WebAppContext(); webapp.setLogUrlOnStart(true); webapp.setContextPath("/"); - webapp.setExtractWAR(true); + webapp.setExtractWAR(true); webapp.setParentLoaderPriority(false); + try { + // no way to get certificate from within the servlet (SSLEngine/Jetty SSLSocketConnector/SSLContext?) + if (log.isTraceEnabled()) { + log.trace("local ca certificate from " + keystoreFile + " in webapp context at " + SERVER_CA_CERTIFICATE_ATTRIBUTE); + } + BufferedInputStream bis = new BufferedInputStream(new FileInputStream(keystoreFile)); + KeyStore sslKeyStore = KeyStore.getInstance("JKS"); + sslKeyStore.load(bis, passwd.toCharArray()); + Certificate[] sslChain = sslKeyStore.getCertificateChain(TLSServerCA.MOCCA_TLS_SERVER_ALIAS); + webapp.setAttribute(SERVER_CA_CERTIFICATE_ATTRIBUTE, sslChain[sslChain.length - 1]); + bis.close(); + } catch (Exception ex) { + log.error("Failed to load local ca certificate", ex); + log.warn("automated web certificate installation will not be available"); + } + webapp.setWar(copyWebapp(webapp.getTempDirectory())); webapp.setPermissions(getPermissions(webapp.getTempDirectory())); - + server.setHandler(webapp); - server.setGracefulShutdown(1000*3); + server.setGracefulShutdown(1000 * 3); + } + + /** + * @return The first valid (not empty, no comment) line of the passwd file + * @throws IOException + */ + protected static String readPassword(File passwdFile) throws IOException { + if (passwdFile.exists() && passwdFile.canRead()) { + BufferedReader passwdReader = null; + try { + passwdReader = new BufferedReader(new FileReader(passwdFile)); + String passwd; + while ((passwd = passwdReader.readLine().trim()) != null) { + if (passwd.length() > 0 && !passwd.startsWith("#")) { + return passwd; + } + } + } catch (IOException ex) { + log.error("failed to read password from " + passwdFile, ex); + throw ex; + } finally { + try { + passwdReader.close(); + } catch (IOException ex) { + } + } + } + throw new IOException(passwdFile + " not readable"); } private String copyWebapp(File webappDir) throws IOException { @@ -146,43 +187,48 @@ public class Container { private Permissions getPermissions(File webappDir) { Permissions perms = new Permissions(); + perms.add(new AllPermission()); + + + if (false) { + + // jetty-webstart (spring?) + perms.add(new RuntimePermission("getClassLoader")); + + // standard permissions + perms.add(new PropertyPermission("*", "read,write")); + perms.add(new RuntimePermission("accessDeclaredMembers")); + perms.add(new RuntimePermission("accessClassInPackage.*")); + perms.add(new RuntimePermission("defineClassInPackage.*")); + perms.add(new RuntimePermission("setFactory")); + perms.add(new RuntimePermission("getProtectionDomain")); + perms.add(new RuntimePermission("modifyThread")); + perms.add(new RuntimePermission("modifyThreadGroup")); + perms.add(new RuntimePermission("setFactory")); + perms.add(new ReflectPermission("suppressAccessChecks")); + + // MOCCA specific + perms.add(new SocketPermission("*", "connect,resolve")); + perms.add(new NetPermission("specifyStreamHandler")); + perms.add(new SecurityPermission("insertProvider.*")); + perms.add(new SecurityPermission("putProviderProperty.*")); + perms.add(new SecurityPermission("removeProvider.*")); + perms.add(new CardPermission("*", "*")); + perms.add(new AWTPermission("*")); + + perms.add(new FilePermission(webappDir.getAbsolutePath() + "/-", "read")); + perms.add(new FilePermission(new File(System.getProperty("java.home") + "/lib/xalan.properties").getAbsolutePath(), "read")); + perms.add(new FilePermission(new File(System.getProperty("java.home") + "/lib/xerces.properties").getAbsolutePath(), "read")); + perms.add(new FilePermission(new File(System.getProperty("user.home")).getAbsolutePath(), "read, write")); + perms.add(new FilePermission(new File(System.getProperty("user.home") + "/-").getAbsolutePath(), "read, write")); + perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/logs/*").getAbsolutePath(), "read, write,delete")); + perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/certs/-").getAbsolutePath(), "read, write,delete")); + + //TODO +// log.trace("granting file read/write permission to MOCCA local"); +// perms.add(new FilePermission("<>", "read, write")); - // jetty-webstart (spring?) - perms.add(new RuntimePermission("getClassLoader")); - - // standard permissions - perms.add(new PropertyPermission("*", "read,write")); - perms.add(new RuntimePermission("accessDeclaredMembers")); - perms.add(new RuntimePermission("accessClassInPackage.*")); - perms.add(new RuntimePermission("defineClassInPackage.*")); - perms.add(new RuntimePermission("setFactory")); - perms.add(new RuntimePermission("getProtectionDomain")); - perms.add(new RuntimePermission("modifyThread")); - perms.add(new RuntimePermission("modifyThreadGroup")); - perms.add(new RuntimePermission("setFactory")); - perms.add(new ReflectPermission("suppressAccessChecks")); - - // MOCCA specific - perms.add(new SocketPermission("*", "connect,resolve")); - perms.add(new NetPermission("specifyStreamHandler")); - perms.add(new SecurityPermission("insertProvider.*")); - perms.add(new SecurityPermission("putProviderProperty.*")); - perms.add(new SecurityPermission("removeProvider.*")); - perms.add(new CardPermission("*", "*")); - perms.add(new AWTPermission("*")); - - perms.add(new FilePermission(webappDir.getAbsolutePath() + "/-", "read")); - perms.add(new FilePermission(new File(System.getProperty("java.home") + "/lib/xalan.properties").getAbsolutePath(), "read")); - perms.add(new FilePermission(new File(System.getProperty("java.home") + "/lib/xerces.properties").getAbsolutePath(), "read")); - perms.add(new FilePermission(new File(System.getProperty("user.home")).getAbsolutePath(), "read, write")); - perms.add(new FilePermission(new File(System.getProperty("user.home") + "/-").getAbsolutePath(), "read, write")); - perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/logs/*").getAbsolutePath(), "read, write,delete")); - perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/certs/-").getAbsolutePath(), "read, write,delete")); - - //TODO - log.trace("granting file read/write permission to MOCCA local"); - perms.add(new FilePermission("<>", "read, write")); - + } return perms; } @@ -205,4 +251,4 @@ public class Container { public void join() throws InterruptedException { server.join(); } -} \ No newline at end of file +} -- cgit v1.2.3 From dd04951a76fc6406755a94ecf547c0797f062fa2 Mon Sep 17 00:00:00 2001 From: clemenso Date: Fri, 28 Aug 2009 17:53:01 +0000 Subject: replace installCertificate servlet with der encoded crt file in webapp/ moved local-webstart profile to BKUWebStart (jnlp-inline goal) help note for internet explorer on visat/7 git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@482 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../java/at/gv/egiz/bku/webstart/Container.java | 47 +++++++++++++--------- 1 file changed, 28 insertions(+), 19 deletions(-) (limited to 'BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java') diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java index 3bf74d3c..2feae267 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -22,7 +22,6 @@ import java.security.KeyStore; import java.security.Permissions; import java.security.SecurityPermission; import java.security.cert.Certificate; -import java.security.cert.CertificateException; import java.util.PropertyPermission; import javax.smartcardio.CardPermission; import org.apache.commons.logging.Log; @@ -38,7 +37,6 @@ public class Container { public static final String HTTP_PORT_PROPERTY = "mocca.http.port"; public static final String HTTPS_PORT_PROPERTY = "mocca.http.port"; - public static final String SERVER_CA_CERTIFICATE_ATTRIBUTE = "mocca.tls.server.ca.certificate"; private static Log log = LogFactory.getLog(Container.class); static { @@ -51,6 +49,8 @@ public class Container { } } private Server server; + private WebAppContext webapp; + private Certificate caCertificate; public void init() throws IOException { // System.setProperty("DEBUG", "true"); @@ -118,33 +118,19 @@ public class Container { server.setConnectors(new Connector[]{connector, sslConnector}); - WebAppContext webapp = new WebAppContext(); + webapp = new WebAppContext(); webapp.setLogUrlOnStart(true); webapp.setContextPath("/"); webapp.setExtractWAR(true); webapp.setParentLoaderPriority(false); - try { - // no way to get certificate from within the servlet (SSLEngine/Jetty SSLSocketConnector/SSLContext?) - if (log.isTraceEnabled()) { - log.trace("local ca certificate from " + keystoreFile + " in webapp context at " + SERVER_CA_CERTIFICATE_ATTRIBUTE); - } - BufferedInputStream bis = new BufferedInputStream(new FileInputStream(keystoreFile)); - KeyStore sslKeyStore = KeyStore.getInstance("JKS"); - sslKeyStore.load(bis, passwd.toCharArray()); - Certificate[] sslChain = sslKeyStore.getCertificateChain(TLSServerCA.MOCCA_TLS_SERVER_ALIAS); - webapp.setAttribute(SERVER_CA_CERTIFICATE_ATTRIBUTE, sslChain[sslChain.length - 1]); - bis.close(); - } catch (Exception ex) { - log.error("Failed to load local ca certificate", ex); - log.warn("automated web certificate installation will not be available"); - } - webapp.setWar(copyWebapp(webapp.getTempDirectory())); webapp.setPermissions(getPermissions(webapp.getTempDirectory())); server.setHandler(webapp); server.setGracefulShutdown(1000 * 3); + + loadCACertificate(keystoreFile, passwd.toCharArray()); } /** @@ -234,6 +220,12 @@ public class Container { public void start() throws Exception { server.start(); + // webapp.getBaseResource() + File caCertFile = new File(webapp.getTempDirectory(), "webapp/ca.crt"); + BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(caCertFile)); + bos.write(caCertificate.getEncoded()); + bos.flush(); + bos.close(); } public boolean isRunning() { @@ -251,4 +243,21 @@ public class Container { public void join() throws InterruptedException { server.join(); } + + private void loadCACertificate(File keystoreFile, char[] passwd) { + try { + if (log.isTraceEnabled()) { + log.trace("local ca certificate from " + keystoreFile); + } + BufferedInputStream bis = new BufferedInputStream(new FileInputStream(keystoreFile)); + KeyStore sslKeyStore = KeyStore.getInstance("JKS"); + sslKeyStore.load(bis, passwd); + Certificate[] sslChain = sslKeyStore.getCertificateChain(TLSServerCA.MOCCA_TLS_SERVER_ALIAS); + caCertificate = sslChain[sslChain.length - 1]; + bis.close(); + } catch (Exception ex) { + log.error("Failed to load local ca certificate", ex); + log.warn("automated web certificate installation will not be available"); + } + } } -- cgit v1.2.3 From bd070e82c276afb8c1c3a9ddc3b5712783760881 Mon Sep 17 00:00:00 2001 From: mcentner Date: Tue, 29 Sep 2009 17:36:06 +0000 Subject: Logging issues fixed: - Added possibility to configure logging of BKUWebstart. Logging is now configured from log4j configuration deployed with BKUWebstart in a first step. In a second step the webstart launcher looks for a log4j configuration file in the user's mooca configuration directory and updates the log4j configuration. - Logging of IAIK PKI properly initialized. IAIK PKI does not mess with the log4j configuration any longer. - Changed log4j accordingly (an appender is now needed as IAIK PKI does not reconfigure log4j any longer). Added css-stylesheet to ErrorResponses issued by the BKU to improve the presentation to the user. Changed dependencies of BKUWebStart (see Issue#469 https://egovlabs.gv.at/tracker/index.php?func=detail&aid=469&group_id=13&atid=134). DataURLConnection now uses the request encoding of SL < 1.2. application/x-www-form-urlencoded is now used as default encoding method. multipart/form-data is used only if transfer parameters are present in the request that require a Content-Type parameter. This can only be set with multipart/form-data. This is not in conformance with SL 1.2, however it should improve compatibility with applications. Therefore, removed the ability to configure the DataURLConnection implementation class. DataURLConnection now uses a streaming implementation for encoding of application/x-www-form-urlencoded requests. XWWWFormUrlImputDecoder now uses a streaming implementation for decoding of application/x-www-form-urlencoded requests. Fixed Bug in SLResultPart that caused a binary response to be provided as parameter "XMLResponse" in a multipart/form-data encoded request to DataURL. SLCommandFactory now supports unmarshalling of SL < 1.2 requests in order issue meaningful error messages. Therefore, the marshaling context for response marshaling had to be separated from the marshaling context for requests in order to avoid the marshaling of SL < 1.2 namespace prefixes in SL 1.2 responses. Target attribute in QualifiedProperties is now marshaled. (see Issue#470 https://egovlabs.gv.at/tracker/index.php?func=detail&aid=470&group_id=13&atid=134) Reporting of XML validation errors improved. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@510 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../src/main/java/at/gv/egiz/bku/webstart/Container.java | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java') diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java index 2feae267..4d1fe658 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -1,6 +1,7 @@ package at.gv.egiz.bku.webstart; -import at.gv.egiz.bku.utils.StreamUtil; +import iaik.utils.StreamCopier; + import java.awt.AWTPermission; import java.io.BufferedInputStream; import java.io.BufferedOutputStream; @@ -24,20 +25,20 @@ import java.security.SecurityPermission; import java.security.cert.Certificate; import java.util.PropertyPermission; import javax.smartcardio.CardPermission; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.mortbay.jetty.Connector; import org.mortbay.jetty.Server; import org.mortbay.jetty.nio.SelectChannelConnector; import org.mortbay.jetty.security.SslSocketConnector; import org.mortbay.jetty.webapp.WebAppContext; import org.mortbay.thread.QueuedThreadPool; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class Container { public static final String HTTP_PORT_PROPERTY = "mocca.http.port"; public static final String HTTPS_PORT_PROPERTY = "mocca.http.port"; - private static Log log = LogFactory.getLog(Container.class); + private static Logger log = LoggerFactory.getLogger(Container.class); static { if (log.isDebugEnabled()) { @@ -166,7 +167,7 @@ public class Container { log.debug("copying BKULocal classpath resource to " + webapp); InputStream is = getClass().getClassLoader().getResourceAsStream("BKULocal.war"); OutputStream os = new BufferedOutputStream(new FileOutputStream(webapp)); - StreamUtil.copyStream(is, os); + new StreamCopier(is, os).copyStream(); os.close(); return webapp.getPath(); } -- cgit v1.2.3