Apache
/
activemq
mirror of https://github.com/apache/activemq.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

https://issues.apache.org/activemq/browse/AMQ-2460 - encrypted passwords 

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@991934 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Bosanac Dejan 2010-09-02 13:47:40 +00:00
parent 17e87adb2e
commit 28bc447954
15 changed files with 263 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
activemq-console/pom.xml
View File

@ -118,6 +118,14 @@
<groupId>net.sf.josql</groupId>
<artifactId>gentlyweb-utils</artifactId>
</dependency>
<dependency>
<groupId>org.jasypt</groupId>
<artifactId>jasypt</artifactId>
</dependency>
<dependency>
<groupId>com.ibm.icu</groupId>
<artifactId>icu4j</artifactId>
</dependency>
</dependencies>
<build>

53
activemq-console/src/main/java/org/apache/activemq/console/command/DecryptCommand.java Normal file
View File

@ -0,0 +1,53 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.console.command;
import java.util.List;
import org.jasypt.exceptions.EncryptionOperationNotPossibleException;
public class DecryptCommand extends EncryptCommand {
protected String[] helpFile = new String[] {
"Task Usage: Main decrypt --password <password> --input <input>",
"Description: Decrypts given text.",
"",
"Encrypt Options:",
" --password <password> Password to be used by the encryptor.",
" --input <input> Text to be encrypted.",
" --version Display the version information.",
" -h,-?,--help Display the stop broker help information.",
""
};
@Override
protected void runTask(List<String> tokens) throws Exception {
if (password == null || input == null) {
context.printException(new IllegalArgumentException("input and password parameters are mandatory"));
return;
}
encryptor.setPassword(password);
try {
context.print("Decrypted text: " + encryptor.decrypt(input));
} catch (EncryptionOperationNotPossibleException e) {
context.print("ERROR: Text cannot be decrypted, check your input and password and try again!");
}
}
}

79
activemq-console/src/main/java/org/apache/activemq/console/command/EncryptCommand.java Normal file
View File

@ -0,0 +1,79 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.console.command;
import java.util.List;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
public class EncryptCommand extends AbstractCommand {
protected String[] helpFile = new String[] {
"Task Usage: Main encrypt --password <password> --input <input>",
"Description: Encrypts given text.",
"",
"Encrypt Options:",
" --password <password> Password to be used by the encryptor.",
" --input <input> Text to be encrypted.",
" --version Display the version information.",
" -h,-?,--help Display the stop broker help information.",
""
};
StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
String input;
String password;
@Override
protected void printHelp() {
context.printHelp(helpFile);
}
@Override
protected void runTask(List<String> tokens) throws Exception {
if (password == null || input == null) {
context.printException(new IllegalArgumentException("input and password parameters are mandatory"));
return;
}
encryptor.setPassword(password);
context.print("Encrypted text: " + encryptor.encrypt(input));
}
@Override
protected void handleOption(String token, List<String> tokens) throws Exception {
if (token.startsWith("--input")) {
if (tokens.isEmpty() || ((String)tokens.get(0)).startsWith("-")) {
context.printException(new IllegalArgumentException("input not specified"));
return;
}
input=(String)tokens.remove(0);
} else if (token.startsWith("--password")) {
if (tokens.isEmpty() || ((String)tokens.get(0)).startsWith("-")) {
context.printException(new IllegalArgumentException("password not specified"));
return;
}
password=(String)tokens.remove(0);
} else {
super.handleOption(token, tokens);
}
}
}

6
activemq-console/src/main/java/org/apache/activemq/console/command/ShellCommand.java
View File

@ -49,6 +49,8 @@ public class ShellCommand extends AbstractCommand {
" browse - Display selected messages in a specified destination.",
" journal-audit - Allows you to view records stored in the persistent journal.",
" purge - Delete selected destination's messages that matches the message selector",
" encrypt - Encrypts given text",
" decrypt - Decrypts given text",
"",
"Task Options (Options specific to each task):",
" --extdir <dir> - Add the jar files in the directory to the classpath.",
@ -126,6 +128,10 @@ public class ShellCommand extends AbstractCommand {
command = new PurgeCommand();
} else if (taskToken.equals("journal-audit")) {
command = new AMQJournalToolCommand();
} else if (taskToken.equals("encrypt")) {
command = new EncryptCommand();
} else if (taskToken.equals("decrypt")) {
command = new DecryptCommand();
} else if (taskToken.equals("help")) {
printHelp();
} else {

11
activemq-core/pom.xml
View File

@ -138,7 +138,7 @@
<groupId>org.codehaus.jettison</groupId>
<artifactId>jettison</artifactId>
<optional>true</optional>
</dependency>
</dependency>
<!-- for XML parsing -->
<dependency>
@ -229,6 +229,15 @@
<artifactId>activemq-jmdns_1.0</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.jasypt</groupId>
<artifactId>jasypt</artifactId>
</dependency>
<dependency>
<groupId>com.ibm.icu</groupId>
<artifactId>icu4j</artifactId>
</dependency>
<!-- database testing -->
<dependency>

24
activemq-core/src/test/resources/credentials.properties Normal file
View File

@ -0,0 +1,24 @@
## ---------------------------------------------------------------------------
## Licensed to the Apache Software Foundation (ASF) under one or more
## contributor license agreements. See the NOTICE file distributed with
## this work for additional information regarding copyright ownership.
## The ASF licenses this file to You under the Apache License, Version 2.0
## (the "License"); you may not use this file except in compliance with
## the License. You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------
# Defines credentials that will be used by components (like web console) to access the broker
activemq.username=system
#activemq.password=manager
activemq.password=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
#guest.password=password
guest.password=ENC(Cf3Jf3tM+UrSOoaKU50od5CuBa8rxjoL)

16
activemq-core/src/test/resources/org/apache/activemq/security/simple-auth-broker.xml
View File

@ -25,7 +25,15 @@
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="algorithm" value="PBEWithMD5AndDES"/>
<property name="password" value="activemq"/>
</bean>
<bean id="propertyConfigurer" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
<constructor-arg ref="configurationEncryptor" />
<property name="location" value="classpath:credentials.properties"/>
</bean>
<broker useJmx="true" persistent="false" xmlns="http://activemq.apache.org/schema/core" populateJMSXUserID="true">
@ -41,11 +49,11 @@
<plugins>
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="system" password="manager"
<authenticationUser username="system" password="${activemq.password}"
groups="users,admins"/>
<authenticationUser username="user" password="password"
<authenticationUser username="user" password="${guest.password}"
groups="users"/>
<authenticationUser username="guest" password="password" groups="guests"/>
<authenticationUser username="guest" password="${guest.password}" groups="guests"/>
</users>
</simpleAuthenticationPlugin>

9
assembly/pom.xml
View File

@ -318,7 +318,14 @@
<groupId>stax</groupId>
<artifactId>stax</artifactId>
</dependency>
<dependency>
<groupId>org.jasypt</groupId>
<artifactId>jasypt</artifactId>
</dependency>
<dependency>
<groupId>com.ibm.icu</groupId>
<artifactId>icu4j</artifactId>
</dependency>
<dependency>
<groupId>junit</groupId>

2
assembly/src/main/descriptors/common-bin.xml
View File

@ -210,6 +210,8 @@
<include>org.codehaus.jettison:jettison</include>
<include>org.apache.velocity:velocity</include>
<include>net.sf.josql:josql</include>
<include>org.jasypt:jasypt</include>
<include>com.ibm.icu:icu4j</include>
</includes>
</dependencySet>
<dependencySet>

16
assembly/src/release/conf/activemq.xml
View File

@ -21,12 +21,16 @@
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
<!-- Allows us to use system properties as variables in this configuration file -->
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<value>file:${activemq.base}/conf/credentials.properties</value>
</property>
</bean>
<!-- Allows us to use encrypted system properties as variables in this configuration file -->
<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="algorithm" value="PBEWithMD5AndDES"/>
<property name="password" value="activemq"/>
</bean>
<bean id="propertyConfigurer" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
<constructor-arg ref="configurationEncryptor" />
<property name="location" value="file:${activemq.base}/conf/credentials.properties"/>
</bean>
<!--
The <broker> element is used to configure the ActiveMQ broker.

5
assembly/src/release/conf/credentials.properties
View File

@ -18,4 +18,7 @@
# Defines credentials that will be used by components (like web console) to access the broker
activemq.username=system
activemq.password=manager
#activemq.password=manager
activemq.password=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
#guest.password=password
guest.password=ENC(Cf3Jf3tM+UrSOoaKU50od5CuBa8rxjoL)

15
assembly/src/release/webapps/admin/WEB-INF/webconsole-embedded.xml
View File

@ -21,11 +21,16 @@
<import resource="webconsole-query.xml"/>
<bean id="placeholderConfig" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<value>file:${activemq.base}/conf/credentials.properties</value>
</property>
</bean>
<!-- Allows us to use encrypted system properties as variables in this configuration file -->
<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="algorithm" value="PBEWithMD5AndDES"/>
<property name="password" value="activemq"/>
</bean>
<bean id="propertyConfigurer" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
<constructor-arg ref="configurationEncryptor" />
<property name="location" value="file:${activemq.base}/conf/credentials.properties"/>
</bean>
<!-- use the following bean for a local in-JVM broker -->
<bean id="brokerQuery" class="org.apache.activemq.web.SingletonBrokerFacade" autowire="constructor" scope="prototype"/>

15
assembly/src/release/webapps/camel/WEB-INF/applicationContext.xml
View File

@ -25,11 +25,16 @@
http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd
">
<bean id="placeholderConfig" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<value>file:${activemq.base}/conf/credentials.properties</value>
</property>
</bean>
<!-- Allows us to use encrypted system properties as variables in this configuration file -->
<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="algorithm" value="PBEWithMD5AndDES"/>
<property name="password" value="activemq"/>
</bean>
<bean id="propertyConfigurer" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
<constructor-arg ref="configurationEncryptor" />
<property name="location" value="file:${activemq.base}/conf/credentials.properties"/>
</bean>
<camelContext id="camel" xmlns="http://camel.apache.org/schema/spring">

21
assembly/src/sample-conf/activemq-security.xml
View File

@ -32,11 +32,16 @@
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<value>file:${activemq.base}/conf/credentials.properties</value>
</property>
</bean>
<!-- Allows us to use encrypted system properties as variables in this configuration file -->
<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="algorithm" value="PBEWithMD5AndDES"/>
<property name="password" value="activemq"/>
</bean>
<bean id="propertyConfigurer" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
<constructor-arg ref="configurationEncryptor" />
<property name="location" value="file:${activemq.base}/conf/credentials.properties"/>
</bean>
<broker useJmx="true" persistent="false" xmlns="http://activemq.apache.org/schema/core" destroyApplicationContextOnStop="true">
@ -44,11 +49,11 @@
<!-- Configure authentication; Username, passwords and groups -->
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="system" password="manager"
<authenticationUser username="system" password="${activemq.password}"
groups="users,admins"/>
<authenticationUser username="user" password="password"
<authenticationUser username="user" password="${guest.password}"
groups="users"/>
<authenticationUser username="guest" password="password" groups="guests"/>
<authenticationUser username="guest" password="${guest.password}" groups="guests"/>
</users>
</simpleAuthenticationPlugin>

14
pom.xml
View File

@ -61,6 +61,8 @@
<geronimo-version>1.0</geronimo-version>
<howl-version>0.1.8</howl-version>
<hsqldb-version>1.7.2.2</hsqldb-version>
<icu-version>4.0.1</icu-version>
<jasypt-version>1.6</jasypt-version>
<jdom-version>1.0</jdom-version>
<jetty-version>7.0.1.v20091125</jetty-version>
<jsp-version>2.1.v20100127</jsp-version>
@ -821,6 +823,18 @@
<artifactId>aopalliance</artifactId>
<version>${aopalliance-version}</version>
</dependency>
<dependency>
<groupId>org.jasypt</groupId>
<artifactId>jasypt</artifactId>
<version>${jasypt-version}</version>
</dependency>
<dependency>
<groupId>com.ibm.icu</groupId>
<artifactId>icu4j</artifactId>
<version>${icu-version}</version>
</dependency>
<!-- testing dependencies -->
<dependency>