https://issues.apache.org/activemq/browse/AMQ-2460 - encrypted passwords

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@991934 13f79535-47bb-0310-9956-ffa450edef68
2010-09-02 13:47:40 +00:00 · 2010-09-02 13:47:40 +00:00 · 28bc447954
parent 17e87adb2e
commit 28bc447954
15 changed files with 263 additions and 31 deletions
--- a/activemq-console/pom.xml
+++ b/activemq-console/pom.xml
@ -118,6 +118,14 @@
      <groupId>net.sf.josql</groupId>
      <artifactId>gentlyweb-utils</artifactId>
    </dependency>
    <dependency>
      <groupId>org.jasypt</groupId>
      <artifactId>jasypt</artifactId>
    </dependency>
    <dependency>
      <groupId>com.ibm.icu</groupId>
      <artifactId>icu4j</artifactId>
    </dependency>  
  </dependencies>
  <build>
--- a/activemq-console/src/main/java/org/apache/activemq/console/command/DecryptCommand.java
+++ b/activemq-console/src/main/java/org/apache/activemq/console/command/DecryptCommand.java
@ -0,0 +1,53 @@
 /*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.apache.activemq.console.command;
 import java.util.List;
 import org.jasypt.exceptions.EncryptionOperationNotPossibleException;
 public class DecryptCommand extends EncryptCommand {
    protected String[] helpFile = new String[] {
            "Task Usage: Main decrypt --password <password> --input <input>",
            "Description: Decrypts given text.",
            "", 
            "Encrypt Options:",
            "    --password <password>      Password to be used by the encryptor.",
            "    --input <input>            Text to be encrypted.",
            "    --version                  Display the version information.",
            "    -h,-?,--help               Display the stop broker help information.",
            ""
        };    
    @Override
    protected void runTask(List<String> tokens) throws Exception {
        if (password == null || input == null) {
            context.printException(new IllegalArgumentException("input and password parameters are mandatory"));
            return;
        }
        encryptor.setPassword(password);
        try {
            context.print("Decrypted text: " + encryptor.decrypt(input));
        } catch (EncryptionOperationNotPossibleException e) {
            context.print("ERROR: Text cannot be decrypted, check your input and password and try again!");
        }
    }
 }
--- a/activemq-console/src/main/java/org/apache/activemq/console/command/EncryptCommand.java
+++ b/activemq-console/src/main/java/org/apache/activemq/console/command/EncryptCommand.java
@ -0,0 +1,79 @@
 /*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.apache.activemq.console.command;
 import java.util.List;
 import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
 public class EncryptCommand extends AbstractCommand {
    protected String[] helpFile = new String[] {
            "Task Usage: Main encrypt --password <password> --input <input>",
            "Description: Encrypts given text.",
            "", 
            "Encrypt Options:",
            "    --password <password>      Password to be used by the encryptor.",
            "    --input <input>            Text to be encrypted.",
            "    --version                  Display the version information.",
            "    -h,-?,--help               Display the stop broker help information.",
            ""
        };
    StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
    String input;
    String password;
    @Override
    protected void printHelp() {
        context.printHelp(helpFile);
    }
    @Override
    protected void runTask(List<String> tokens) throws Exception {
        if (password == null || input == null) {
            context.printException(new IllegalArgumentException("input and password parameters are mandatory"));
            return;
        }
        encryptor.setPassword(password);
        context.print("Encrypted text: " + encryptor.encrypt(input));
    }
    @Override
    protected void handleOption(String token, List<String> tokens) throws Exception {
        if (token.startsWith("--input")) {
            if (tokens.isEmpty() || ((String)tokens.get(0)).startsWith("-")) {
                context.printException(new IllegalArgumentException("input not specified"));
                return;
            }
            input=(String)tokens.remove(0);
        } else if (token.startsWith("--password")) {
            if (tokens.isEmpty() || ((String)tokens.get(0)).startsWith("-")) {
                context.printException(new IllegalArgumentException("password not specified"));
                return;
            }
            password=(String)tokens.remove(0);            
        } else {
            super.handleOption(token, tokens);
        }
    }
 }
--- a/activemq-console/src/main/java/org/apache/activemq/console/command/ShellCommand.java
+++ b/activemq-console/src/main/java/org/apache/activemq/console/command/ShellCommand.java
@ -49,6 +49,8 @@ public class ShellCommand extends AbstractCommand {
            "    browse          - Display selected messages in a specified destination.",
            "    journal-audit   - Allows you to view records stored in the persistent journal.",
            "    purge           - Delete selected destination's messages that matches the message selector",
            "    encrypt         - Encrypts given text",
            "    decrypt         - Decrypts given text",
            "",
            "Task Options (Options specific to each task):",
            "    --extdir <dir>  - Add the jar files in the directory to the classpath.",
@ -126,6 +128,10 @@ public class ShellCommand extends AbstractCommand {
                command = new PurgeCommand();
            } else if (taskToken.equals("journal-audit")) {
                command = new AMQJournalToolCommand();
            } else if (taskToken.equals("encrypt")) {
                command = new EncryptCommand();
            } else if (taskToken.equals("decrypt")) {
                command = new DecryptCommand();
            } else if (taskToken.equals("help")) {
                printHelp();
            } else {
--- a/activemq-core/pom.xml
+++ b/activemq-core/pom.xml
@ -230,6 +230,15 @@
      <optional>true</optional>
    </dependency>
    <dependency>
      <groupId>org.jasypt</groupId>
      <artifactId>jasypt</artifactId>
    </dependency>
    <dependency>
      <groupId>com.ibm.icu</groupId>
      <artifactId>icu4j</artifactId>
    </dependency> 
    <!-- database testing -->
    <dependency>
      <groupId>commons-collections</groupId>
--- a/activemq-core/src/test/resources/credentials.properties
+++ b/activemq-core/src/test/resources/credentials.properties
@ -0,0 +1,24 @@
 ## ---------------------------------------------------------------------------
 ## Licensed to the Apache Software Foundation (ASF) under one or more
 ## contributor license agreements.  See the NOTICE file distributed with
 ## this work for additional information regarding copyright ownership.
 ## The ASF licenses this file to You under the Apache License, Version 2.0
 ## (the "License"); you may not use this file except in compliance with
 ## the License.  You may obtain a copy of the License at
 ## 
 ## http://www.apache.org/licenses/LICENSE-2.0
 ## 
 ## Unless required by applicable law or agreed to in writing, software
 ## distributed under the License is distributed on an "AS IS" BASIS,
 ## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 ## See the License for the specific language governing permissions and
 ## limitations under the License.
 ## ---------------------------------------------------------------------------
 # Defines credentials that will be used by components (like web console) to access the broker
 activemq.username=system
 #activemq.password=manager
 activemq.password=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
 #guest.password=password
 guest.password=ENC(Cf3Jf3tM+UrSOoaKU50od5CuBa8rxjoL)
--- a/activemq-core/src/test/resources/org/apache/activemq/security/simple-auth-broker.xml
+++ b/activemq-core/src/test/resources/org/apache/activemq/security/simple-auth-broker.xml
@ -25,7 +25,15 @@
  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
  http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
-  <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+  <bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> 
      <property name="algorithm" value="PBEWithMD5AndDES"/> 
      <property name="password" value="activemq"/> 
  </bean> 
  <bean id="propertyConfigurer" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer"> 
      <constructor-arg ref="configurationEncryptor" /> 
      <property name="location" value="classpath:credentials.properties"/> 
  </bean> 
  <broker useJmx="true" persistent="false" xmlns="http://activemq.apache.org/schema/core" populateJMSXUserID="true">
@ -41,11 +49,11 @@
    <plugins>
 		<simpleAuthenticationPlugin>
 			<users>
-				<authenticationUser username="system" password="manager"
+				<authenticationUser username="system" password="${activemq.password}"
 					groups="users,admins"/>
-				<authenticationUser username="user" password="password"
+				<authenticationUser username="user" password="${guest.password}"
 					groups="users"/>
-				<authenticationUser username="guest" password="password" groups="guests"/>
+				<authenticationUser username="guest" password="${guest.password}" groups="guests"/>
 			</users>
 		</simpleAuthenticationPlugin>
--- a/assembly/pom.xml
+++ b/assembly/pom.xml
@ -318,7 +318,14 @@
      <groupId>stax</groupId>
      <artifactId>stax</artifactId>
    </dependency>
-      
+    <dependency>
      <groupId>org.jasypt</groupId>
      <artifactId>jasypt</artifactId>
    </dependency>
    <dependency>
      <groupId>com.ibm.icu</groupId>
      <artifactId>icu4j</artifactId>
    </dependency>      
    <dependency>
      <groupId>junit</groupId>
--- a/assembly/src/main/descriptors/common-bin.xml
+++ b/assembly/src/main/descriptors/common-bin.xml
@ -210,6 +210,8 @@
        <include>org.codehaus.jettison:jettison</include>
        <include>org.apache.velocity:velocity</include>
        <include>net.sf.josql:josql</include>
        <include>org.jasypt:jasypt</include>
        <include>com.ibm.icu:icu4j</include>
      </includes>
    </dependencySet>
    <dependencySet>
--- a/assembly/src/release/conf/activemq.xml
+++ b/assembly/src/release/conf/activemq.xml
@ -21,11 +21,15 @@
  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
  http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
-    <!-- Allows us to use system properties as variables in this configuration file -->
+    <!-- Allows us to use encrypted system properties as variables in this configuration file -->
-    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+    <bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> 
-        <property name="locations">
+        <property name="algorithm" value="PBEWithMD5AndDES"/> 
-            <value>file:${activemq.base}/conf/credentials.properties</value>
+        <property name="password" value="activemq"/> 
-        </property>      
+    </bean> 
    <bean id="propertyConfigurer" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer"> 
        <constructor-arg ref="configurationEncryptor" /> 
        <property name="location" value="file:${activemq.base}/conf/credentials.properties"/> 
    </bean> 
    <!-- 
--- a/assembly/src/release/conf/credentials.properties
+++ b/assembly/src/release/conf/credentials.properties
@ -18,4 +18,7 @@
 # Defines credentials that will be used by components (like web console) to access the broker
 activemq.username=system
-activemq.password=manager
+#activemq.password=manager
 activemq.password=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
 #guest.password=password
 guest.password=ENC(Cf3Jf3tM+UrSOoaKU50od5CuBa8rxjoL)
--- a/assembly/src/release/webapps/admin/WEB-INF/webconsole-embedded.xml
+++ b/assembly/src/release/webapps/admin/WEB-INF/webconsole-embedded.xml
@ -21,10 +21,15 @@
  <import resource="webconsole-query.xml"/>
-  <bean id="placeholderConfig" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+  <!-- Allows us to use encrypted system properties as variables in this configuration file -->
-        <property name="locations">
+  <bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> 
-                <value>file:${activemq.base}/conf/credentials.properties</value>
+      <property name="algorithm" value="PBEWithMD5AndDES"/> 
-        </property>  
+      <property name="password" value="activemq"/> 
  </bean> 
  <bean id="propertyConfigurer" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer"> 
      <constructor-arg ref="configurationEncryptor" /> 
      <property name="location" value="file:${activemq.base}/conf/credentials.properties"/> 
  </bean> 
  <!-- use the following bean for a local in-JVM broker -->
--- a/assembly/src/release/webapps/camel/WEB-INF/applicationContext.xml
+++ b/assembly/src/release/webapps/camel/WEB-INF/applicationContext.xml
@ -25,10 +25,15 @@
       http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd
    ">
-    <bean id="placeholderConfig" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+    <!-- Allows us to use encrypted system properties as variables in this configuration file -->
-        <property name="locations">
+    <bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> 
-                <value>file:${activemq.base}/conf/credentials.properties</value>
+        <property name="algorithm" value="PBEWithMD5AndDES"/> 
-        </property>  
+        <property name="password" value="activemq"/> 
    </bean> 
    <bean id="propertyConfigurer" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer"> 
        <constructor-arg ref="configurationEncryptor" /> 
        <property name="location" value="file:${activemq.base}/conf/credentials.properties"/> 
    </bean> 
    <camelContext id="camel" xmlns="http://camel.apache.org/schema/spring">
--- a/assembly/src/sample-conf/activemq-security.xml
+++ b/assembly/src/sample-conf/activemq-security.xml
@ -32,10 +32,15 @@
  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
  http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
-  <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+  <!-- Allows us to use encrypted system properties as variables in this configuration file -->
-      <property name="locations">
+  <bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> 
-          <value>file:${activemq.base}/conf/credentials.properties</value>
+      <property name="algorithm" value="PBEWithMD5AndDES"/> 
-      </property>      
+      <property name="password" value="activemq"/> 
  </bean> 
  <bean id="propertyConfigurer" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer"> 
      <constructor-arg ref="configurationEncryptor" /> 
      <property name="location" value="file:${activemq.base}/conf/credentials.properties"/> 
  </bean> 
  <broker useJmx="true" persistent="false" xmlns="http://activemq.apache.org/schema/core" destroyApplicationContextOnStop="true">
@ -44,11 +49,11 @@
        <!-- Configure authentication; Username, passwords and groups -->
        <simpleAuthenticationPlugin>
            <users>
-                <authenticationUser username="system" password="manager"
+                <authenticationUser username="system" password="${activemq.password}"
                    groups="users,admins"/>
-                <authenticationUser username="user" password="password"
+                <authenticationUser username="user" password="${guest.password}"
                    groups="users"/>
-                <authenticationUser username="guest" password="password" groups="guests"/>
+                <authenticationUser username="guest" password="${guest.password}" groups="guests"/>
            </users>
        </simpleAuthenticationPlugin>
--- a/pom.xml
+++ b/pom.xml
@ -61,6 +61,8 @@
    <geronimo-version>1.0</geronimo-version>
    <howl-version>0.1.8</howl-version>
    <hsqldb-version>1.7.2.2</hsqldb-version>
    <icu-version>4.0.1</icu-version>
    <jasypt-version>1.6</jasypt-version>
    <jdom-version>1.0</jdom-version>
    <jetty-version>7.0.1.v20091125</jetty-version>
    <jsp-version>2.1.v20100127</jsp-version>
@ -822,6 +824,18 @@
        <version>${aopalliance-version}</version>
      </dependency>
      <dependency>
        <groupId>org.jasypt</groupId>
        <artifactId>jasypt</artifactId>
        <version>${jasypt-version}</version>
      </dependency>
      <dependency>
        <groupId>com.ibm.icu</groupId>
        <artifactId>icu4j</artifactId>
        <version>${icu-version}</version>
      </dependency>                    
      <!-- testing dependencies -->
      <dependency>
        <groupId>junit</groupId>