mirror of https://github.com/apache/activemq.git
https://issues.apache.org/activemq/browse/AMQ-2460 - encrypted passwords
git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@991934 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
17e87adb2e
commit
28bc447954
|
@ -118,6 +118,14 @@
|
|||
<groupId>net.sf.josql</groupId>
|
||||
<artifactId>gentlyweb-utils</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jasypt</groupId>
|
||||
<artifactId>jasypt</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.ibm.icu</groupId>
|
||||
<artifactId>icu4j</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
|
|
|
@ -0,0 +1,53 @@
|
|||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.apache.activemq.console.command;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.jasypt.exceptions.EncryptionOperationNotPossibleException;
|
||||
|
||||
public class DecryptCommand extends EncryptCommand {
|
||||
|
||||
protected String[] helpFile = new String[] {
|
||||
"Task Usage: Main decrypt --password <password> --input <input>",
|
||||
"Description: Decrypts given text.",
|
||||
"",
|
||||
"Encrypt Options:",
|
||||
" --password <password> Password to be used by the encryptor.",
|
||||
" --input <input> Text to be encrypted.",
|
||||
" --version Display the version information.",
|
||||
" -h,-?,--help Display the stop broker help information.",
|
||||
""
|
||||
};
|
||||
|
||||
@Override
|
||||
protected void runTask(List<String> tokens) throws Exception {
|
||||
if (password == null || input == null) {
|
||||
context.printException(new IllegalArgumentException("input and password parameters are mandatory"));
|
||||
return;
|
||||
}
|
||||
encryptor.setPassword(password);
|
||||
try {
|
||||
context.print("Decrypted text: " + encryptor.decrypt(input));
|
||||
} catch (EncryptionOperationNotPossibleException e) {
|
||||
context.print("ERROR: Text cannot be decrypted, check your input and password and try again!");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,79 @@
|
|||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.apache.activemq.console.command;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
|
||||
|
||||
public class EncryptCommand extends AbstractCommand {
|
||||
|
||||
protected String[] helpFile = new String[] {
|
||||
"Task Usage: Main encrypt --password <password> --input <input>",
|
||||
"Description: Encrypts given text.",
|
||||
"",
|
||||
"Encrypt Options:",
|
||||
" --password <password> Password to be used by the encryptor.",
|
||||
" --input <input> Text to be encrypted.",
|
||||
" --version Display the version information.",
|
||||
" -h,-?,--help Display the stop broker help information.",
|
||||
""
|
||||
};
|
||||
|
||||
StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
|
||||
String input;
|
||||
String password;
|
||||
|
||||
@Override
|
||||
protected void printHelp() {
|
||||
context.printHelp(helpFile);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void runTask(List<String> tokens) throws Exception {
|
||||
if (password == null || input == null) {
|
||||
context.printException(new IllegalArgumentException("input and password parameters are mandatory"));
|
||||
return;
|
||||
}
|
||||
encryptor.setPassword(password);
|
||||
context.print("Encrypted text: " + encryptor.encrypt(input));
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void handleOption(String token, List<String> tokens) throws Exception {
|
||||
if (token.startsWith("--input")) {
|
||||
if (tokens.isEmpty() || ((String)tokens.get(0)).startsWith("-")) {
|
||||
context.printException(new IllegalArgumentException("input not specified"));
|
||||
return;
|
||||
}
|
||||
|
||||
input=(String)tokens.remove(0);
|
||||
} else if (token.startsWith("--password")) {
|
||||
if (tokens.isEmpty() || ((String)tokens.get(0)).startsWith("-")) {
|
||||
context.printException(new IllegalArgumentException("password not specified"));
|
||||
return;
|
||||
}
|
||||
|
||||
password=(String)tokens.remove(0);
|
||||
} else {
|
||||
super.handleOption(token, tokens);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
|
@ -49,6 +49,8 @@ public class ShellCommand extends AbstractCommand {
|
|||
" browse - Display selected messages in a specified destination.",
|
||||
" journal-audit - Allows you to view records stored in the persistent journal.",
|
||||
" purge - Delete selected destination's messages that matches the message selector",
|
||||
" encrypt - Encrypts given text",
|
||||
" decrypt - Decrypts given text",
|
||||
"",
|
||||
"Task Options (Options specific to each task):",
|
||||
" --extdir <dir> - Add the jar files in the directory to the classpath.",
|
||||
|
@ -126,6 +128,10 @@ public class ShellCommand extends AbstractCommand {
|
|||
command = new PurgeCommand();
|
||||
} else if (taskToken.equals("journal-audit")) {
|
||||
command = new AMQJournalToolCommand();
|
||||
} else if (taskToken.equals("encrypt")) {
|
||||
command = new EncryptCommand();
|
||||
} else if (taskToken.equals("decrypt")) {
|
||||
command = new DecryptCommand();
|
||||
} else if (taskToken.equals("help")) {
|
||||
printHelp();
|
||||
} else {
|
||||
|
|
|
@ -138,7 +138,7 @@
|
|||
<groupId>org.codehaus.jettison</groupId>
|
||||
<artifactId>jettison</artifactId>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
</dependency>
|
||||
|
||||
<!-- for XML parsing -->
|
||||
<dependency>
|
||||
|
@ -229,6 +229,15 @@
|
|||
<artifactId>activemq-jmdns_1.0</artifactId>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.jasypt</groupId>
|
||||
<artifactId>jasypt</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.ibm.icu</groupId>
|
||||
<artifactId>icu4j</artifactId>
|
||||
</dependency>
|
||||
|
||||
<!-- database testing -->
|
||||
<dependency>
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
## ---------------------------------------------------------------------------
|
||||
## Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
## contributor license agreements. See the NOTICE file distributed with
|
||||
## this work for additional information regarding copyright ownership.
|
||||
## The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
## (the "License"); you may not use this file except in compliance with
|
||||
## the License. You may obtain a copy of the License at
|
||||
##
|
||||
## http://www.apache.org/licenses/LICENSE-2.0
|
||||
##
|
||||
## Unless required by applicable law or agreed to in writing, software
|
||||
## distributed under the License is distributed on an "AS IS" BASIS,
|
||||
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
## See the License for the specific language governing permissions and
|
||||
## limitations under the License.
|
||||
## ---------------------------------------------------------------------------
|
||||
|
||||
# Defines credentials that will be used by components (like web console) to access the broker
|
||||
|
||||
activemq.username=system
|
||||
#activemq.password=manager
|
||||
activemq.password=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
|
||||
#guest.password=password
|
||||
guest.password=ENC(Cf3Jf3tM+UrSOoaKU50od5CuBa8rxjoL)
|
|
@ -25,7 +25,15 @@
|
|||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
|
||||
|
||||
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
|
||||
<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
|
||||
<property name="algorithm" value="PBEWithMD5AndDES"/>
|
||||
<property name="password" value="activemq"/>
|
||||
</bean>
|
||||
|
||||
<bean id="propertyConfigurer" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
|
||||
<constructor-arg ref="configurationEncryptor" />
|
||||
<property name="location" value="classpath:credentials.properties"/>
|
||||
</bean>
|
||||
|
||||
<broker useJmx="true" persistent="false" xmlns="http://activemq.apache.org/schema/core" populateJMSXUserID="true">
|
||||
|
||||
|
@ -41,11 +49,11 @@
|
|||
<plugins>
|
||||
<simpleAuthenticationPlugin>
|
||||
<users>
|
||||
<authenticationUser username="system" password="manager"
|
||||
<authenticationUser username="system" password="${activemq.password}"
|
||||
groups="users,admins"/>
|
||||
<authenticationUser username="user" password="password"
|
||||
<authenticationUser username="user" password="${guest.password}"
|
||||
groups="users"/>
|
||||
<authenticationUser username="guest" password="password" groups="guests"/>
|
||||
<authenticationUser username="guest" password="${guest.password}" groups="guests"/>
|
||||
</users>
|
||||
</simpleAuthenticationPlugin>
|
||||
|
||||
|
|
|
@ -318,7 +318,14 @@
|
|||
<groupId>stax</groupId>
|
||||
<artifactId>stax</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.jasypt</groupId>
|
||||
<artifactId>jasypt</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.ibm.icu</groupId>
|
||||
<artifactId>icu4j</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>junit</groupId>
|
||||
|
|
|
@ -210,6 +210,8 @@
|
|||
<include>org.codehaus.jettison:jettison</include>
|
||||
<include>org.apache.velocity:velocity</include>
|
||||
<include>net.sf.josql:josql</include>
|
||||
<include>org.jasypt:jasypt</include>
|
||||
<include>com.ibm.icu:icu4j</include>
|
||||
</includes>
|
||||
</dependencySet>
|
||||
<dependencySet>
|
||||
|
|
|
@ -21,12 +21,16 @@
|
|||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
|
||||
|
||||
<!-- Allows us to use system properties as variables in this configuration file -->
|
||||
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
|
||||
<property name="locations">
|
||||
<value>file:${activemq.base}/conf/credentials.properties</value>
|
||||
</property>
|
||||
</bean>
|
||||
<!-- Allows us to use encrypted system properties as variables in this configuration file -->
|
||||
<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
|
||||
<property name="algorithm" value="PBEWithMD5AndDES"/>
|
||||
<property name="password" value="activemq"/>
|
||||
</bean>
|
||||
|
||||
<bean id="propertyConfigurer" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
|
||||
<constructor-arg ref="configurationEncryptor" />
|
||||
<property name="location" value="file:${activemq.base}/conf/credentials.properties"/>
|
||||
</bean>
|
||||
|
||||
<!--
|
||||
The <broker> element is used to configure the ActiveMQ broker.
|
||||
|
|
|
@ -18,4 +18,7 @@
|
|||
# Defines credentials that will be used by components (like web console) to access the broker
|
||||
|
||||
activemq.username=system
|
||||
activemq.password=manager
|
||||
#activemq.password=manager
|
||||
activemq.password=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
|
||||
#guest.password=password
|
||||
guest.password=ENC(Cf3Jf3tM+UrSOoaKU50od5CuBa8rxjoL)
|
|
@ -21,11 +21,16 @@
|
|||
|
||||
<import resource="webconsole-query.xml"/>
|
||||
|
||||
<bean id="placeholderConfig" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
|
||||
<property name="locations">
|
||||
<value>file:${activemq.base}/conf/credentials.properties</value>
|
||||
</property>
|
||||
</bean>
|
||||
<!-- Allows us to use encrypted system properties as variables in this configuration file -->
|
||||
<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
|
||||
<property name="algorithm" value="PBEWithMD5AndDES"/>
|
||||
<property name="password" value="activemq"/>
|
||||
</bean>
|
||||
|
||||
<bean id="propertyConfigurer" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
|
||||
<constructor-arg ref="configurationEncryptor" />
|
||||
<property name="location" value="file:${activemq.base}/conf/credentials.properties"/>
|
||||
</bean>
|
||||
|
||||
<!-- use the following bean for a local in-JVM broker -->
|
||||
<bean id="brokerQuery" class="org.apache.activemq.web.SingletonBrokerFacade" autowire="constructor" scope="prototype"/>
|
||||
|
|
|
@ -25,11 +25,16 @@
|
|||
http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd
|
||||
">
|
||||
|
||||
<bean id="placeholderConfig" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
|
||||
<property name="locations">
|
||||
<value>file:${activemq.base}/conf/credentials.properties</value>
|
||||
</property>
|
||||
</bean>
|
||||
<!-- Allows us to use encrypted system properties as variables in this configuration file -->
|
||||
<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
|
||||
<property name="algorithm" value="PBEWithMD5AndDES"/>
|
||||
<property name="password" value="activemq"/>
|
||||
</bean>
|
||||
|
||||
<bean id="propertyConfigurer" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
|
||||
<constructor-arg ref="configurationEncryptor" />
|
||||
<property name="location" value="file:${activemq.base}/conf/credentials.properties"/>
|
||||
</bean>
|
||||
|
||||
<camelContext id="camel" xmlns="http://camel.apache.org/schema/spring">
|
||||
|
||||
|
|
|
@ -32,11 +32,16 @@
|
|||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
|
||||
|
||||
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
|
||||
<property name="locations">
|
||||
<value>file:${activemq.base}/conf/credentials.properties</value>
|
||||
</property>
|
||||
</bean>
|
||||
<!-- Allows us to use encrypted system properties as variables in this configuration file -->
|
||||
<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
|
||||
<property name="algorithm" value="PBEWithMD5AndDES"/>
|
||||
<property name="password" value="activemq"/>
|
||||
</bean>
|
||||
|
||||
<bean id="propertyConfigurer" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
|
||||
<constructor-arg ref="configurationEncryptor" />
|
||||
<property name="location" value="file:${activemq.base}/conf/credentials.properties"/>
|
||||
</bean>
|
||||
|
||||
<broker useJmx="true" persistent="false" xmlns="http://activemq.apache.org/schema/core" destroyApplicationContextOnStop="true">
|
||||
|
||||
|
@ -44,11 +49,11 @@
|
|||
<!-- Configure authentication; Username, passwords and groups -->
|
||||
<simpleAuthenticationPlugin>
|
||||
<users>
|
||||
<authenticationUser username="system" password="manager"
|
||||
<authenticationUser username="system" password="${activemq.password}"
|
||||
groups="users,admins"/>
|
||||
<authenticationUser username="user" password="password"
|
||||
<authenticationUser username="user" password="${guest.password}"
|
||||
groups="users"/>
|
||||
<authenticationUser username="guest" password="password" groups="guests"/>
|
||||
<authenticationUser username="guest" password="${guest.password}" groups="guests"/>
|
||||
</users>
|
||||
</simpleAuthenticationPlugin>
|
||||
|
||||
|
|
14
pom.xml
14
pom.xml
|
@ -61,6 +61,8 @@
|
|||
<geronimo-version>1.0</geronimo-version>
|
||||
<howl-version>0.1.8</howl-version>
|
||||
<hsqldb-version>1.7.2.2</hsqldb-version>
|
||||
<icu-version>4.0.1</icu-version>
|
||||
<jasypt-version>1.6</jasypt-version>
|
||||
<jdom-version>1.0</jdom-version>
|
||||
<jetty-version>7.0.1.v20091125</jetty-version>
|
||||
<jsp-version>2.1.v20100127</jsp-version>
|
||||
|
@ -821,6 +823,18 @@
|
|||
<artifactId>aopalliance</artifactId>
|
||||
<version>${aopalliance-version}</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.jasypt</groupId>
|
||||
<artifactId>jasypt</artifactId>
|
||||
<version>${jasypt-version}</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>com.ibm.icu</groupId>
|
||||
<artifactId>icu4j</artifactId>
|
||||
<version>${icu-version}</version>
|
||||
</dependency>
|
||||
|
||||
<!-- testing dependencies -->
|
||||
<dependency>
|
||||
|
|
Loading…
Reference in New Issue