From acee138537287f202c1a009c0352b9cf9d438a1f Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Tue, 17 Sep 2013 12:24:25 -0400 Subject: Added new link for resteasy dependency Resteasy 3.0.1 uses apache-commons-io. Also fixed PKIErrorInterceptor with correct method call and reformatted the interceptors. --- .../certsrv/client/PKIErrorInterceptor.java | 2 +- .../netscape/cms/authorization/ACLInterceptor.java | 11 ++++++----- .../cms/authorization/AuthMethodInterceptor.java | 21 +++++++++++---------- base/java-tools/pki | 1 + base/server/etc/default.cfg | 2 ++ .../server/deployment/scriptlets/instance_layout.py | 2 ++ base/server/scripts/operations | 1 + base/server/share/conf/pki.policy | 4 ++++ 8 files changed, 28 insertions(+), 16 deletions(-) diff --git a/base/common/src/com/netscape/certsrv/client/PKIErrorInterceptor.java b/base/common/src/com/netscape/certsrv/client/PKIErrorInterceptor.java index 7d20bab86..965b37470 100644 --- a/base/common/src/com/netscape/certsrv/client/PKIErrorInterceptor.java +++ b/base/common/src/com/netscape/certsrv/client/PKIErrorInterceptor.java @@ -34,7 +34,7 @@ public class PKIErrorInterceptor implements ClientErrorInterceptor { if (code < 400) return; - MultivaluedMap headers = response.getStringHeaders(); + MultivaluedMap headers = response.getResponseHeaders(); String contentType = headers.getFirst("Content-Type"); // handle XML content only diff --git a/base/common/src/com/netscape/cms/authorization/ACLInterceptor.java b/base/common/src/com/netscape/cms/authorization/ACLInterceptor.java index 590f548f7..1a3a09752 100644 --- a/base/common/src/com/netscape/cms/authorization/ACLInterceptor.java +++ b/base/common/src/com/netscape/cms/authorization/ACLInterceptor.java @@ -43,7 +43,6 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.ForbiddenException; import com.netscape.cmscore.realm.PKIPrincipal; - /** * @author Endi S. Dewata */ @@ -60,7 +59,8 @@ public class ACLInterceptor implements ContainerRequestFilter { public synchronized void loadAuthProperties() throws IOException { - if (authProperties != null) return; + if (authProperties != null) + return; URL url = servletContext.getResource("/WEB-INF/auth.properties"); authProperties = new Properties(); @@ -69,7 +69,8 @@ public class ACLInterceptor implements ContainerRequestFilter { @Override public void filter(ContainerRequestContext requestContext) throws IOException { - ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) requestContext.getProperty("org.jboss.resteasy.core.ResourceMethodInvoker"); + ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) requestContext + .getProperty("org.jboss.resteasy.core.ResourceMethodInvoker"); Method method = methodInvoker.getMethod(); ACLMapping aclMapping = method.getAnnotation(ACLMapping.class); @@ -100,7 +101,7 @@ public class ACLInterceptor implements ContainerRequestFilter { throw new ForbiddenException("Invalid user principal."); } - PKIPrincipal pkiPrincipal = (PKIPrincipal)principal; + PKIPrincipal pkiPrincipal = (PKIPrincipal) principal; IAuthToken authToken = pkiPrincipal.getAuthToken(); // If missing auth token, reject request. @@ -147,7 +148,7 @@ public class ACLInterceptor implements ContainerRequestFilter { CMS.debug("ACLInterceptor: " + e.getMessage()); throw new ForbiddenException(e.toString()); - } catch (IOException|EBaseException e) { + } catch (IOException | EBaseException e) { e.printStackTrace(); throw new Failure(e); } diff --git a/base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java b/base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java index 527b9f685..257e0ae81 100644 --- a/base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java +++ b/base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java @@ -42,7 +42,6 @@ import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.ForbiddenException; import com.netscape.cmscore.realm.PKIPrincipal; - /** * @author Endi S. Dewata */ @@ -59,7 +58,8 @@ public class AuthMethodInterceptor implements ContainerRequestFilter { public synchronized void loadAuthProperties() throws IOException { - if (authProperties != null) return; + if (authProperties != null) + return; authProperties = new Properties(); @@ -79,11 +79,12 @@ public class AuthMethodInterceptor implements ContainerRequestFilter { @Override public void filter(ContainerRequestContext requestContext) throws IOException { - ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) requestContext.getProperty("org.jboss.resteasy.core.ResourceMethodInvoker"); + ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) requestContext + .getProperty("org.jboss.resteasy.core.ResourceMethodInvoker"); Method method = methodInvoker.getMethod(); Class clazz = methodInvoker.getResourceClass(); - CMS.debug("AuthMethodInterceptor: "+clazz.getSimpleName()+"."+method.getName()+"()"); + CMS.debug("AuthMethodInterceptor: " + clazz.getSimpleName() + "." + method.getName() + "()"); // Get authentication mapping for the method. AuthMethodMapping authMapping = method.getAnnotation(AuthMethodMapping.class); @@ -102,7 +103,7 @@ public class AuthMethodInterceptor implements ContainerRequestFilter { name = authMapping.value(); } - CMS.debug("AuthMethodInterceptor: mapping name: "+name); + CMS.debug("AuthMethodInterceptor: mapping name: " + name); try { loadAuthProperties(); @@ -115,7 +116,7 @@ public class AuthMethodInterceptor implements ContainerRequestFilter { } } - CMS.debug("AuthMethodInterceptor: required auth methods: "+authMethods); + CMS.debug("AuthMethodInterceptor: required auth methods: " + authMethods); Principal principal = securityContext.getUserPrincipal(); @@ -135,7 +136,7 @@ public class AuthMethodInterceptor implements ContainerRequestFilter { throw new ForbiddenException("Unknown user principal"); } - PKIPrincipal pkiPrincipal = (PKIPrincipal)principal; + PKIPrincipal pkiPrincipal = (PKIPrincipal) principal; IAuthToken authToken = pkiPrincipal.getAuthToken(); // If missing auth token, reject request. @@ -144,8 +145,8 @@ public class AuthMethodInterceptor implements ContainerRequestFilter { throw new ForbiddenException("Missing authentication token."); } - String authManager = (String)authToken.get(AuthToken.TOKEN_AUTHMGR_INST_NAME); - CMS.debug("AuthMethodInterceptor: authentication manager: "+authManager); + String authManager = (String) authToken.get(AuthToken.TOKEN_AUTHMGR_INST_NAME); + CMS.debug("AuthMethodInterceptor: authentication manager: " + authManager); if (authManager == null) { CMS.debug("AuthMethodInterceptor: missing authentication manager"); @@ -153,7 +154,7 @@ public class AuthMethodInterceptor implements ContainerRequestFilter { } if (authMethods.isEmpty() || authMethods.contains(authManager) || authMethods.contains("*")) { - CMS.debug("AuthMethodInterceptor: "+authManager+" allowed"); + CMS.debug("AuthMethodInterceptor: " + authManager + " allowed"); return; } diff --git a/base/java-tools/pki b/base/java-tools/pki index b7d9bfe26..582162010 100755 --- a/base/java-tools/pki +++ b/base/java-tools/pki @@ -80,6 +80,7 @@ $ENV{CLASSPATH} = "/usr/share/java/${PRODUCT}/pki-certsrv.jar:" . "/usr/share/java/${PRODUCT}/pki-tools.jar:" . "/usr/share/java/apache-commons-cli.jar:" . "/usr/share/java/apache-commons-codec.jar:" + . "/usr/share/java/apache-commons-io.jar:" . "/usr/share/java/apache-commons-lang.jar:" . "/usr/share/java/apache-commons-logging.jar:" . "/usr/share/java/commons-httpclient.jar:" diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index 641ed7881..d8ca7fe1f 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -278,6 +278,7 @@ pki_nsutil_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-nsutil. pki_jss_jar=%(jni_jar_dir)s/jss4.jar pki_symkey_jar=%(jni_jar_dir)s/symkey.jar pki_apache_commons_collections_jar=/usr/share/java/apache-commons-collections.jar +pki_apache_commons_io_jar=/usr/share/java/apache-commons-io.jar pki_apache_commons_lang_jar=/usr/share/java/apache-commons-lang.jar pki_apache_commons_logging_jar=/usr/share/java/apache-commons-logging.jar pki_commons_codec_jar=/usr/share/java/commons-codec.jar @@ -307,6 +308,7 @@ pki_xml_commons_resolver_jar=/usr/share/java/xml-commons-resolver.jar pki_jss_jar_link=%(pki_tomcat_common_lib_path)s/jss4.jar pki_symkey_jar_link=%(pki_tomcat_common_lib_path)s/symkey.jar pki_apache_commons_collections_jar_link=%(pki_tomcat_common_lib_path)s/apache-commons-collections.jar +pki_apache_commons_io_jar_link=%(pki_tomcat_common_lib_path)s/apache-commons-io.jar pki_apache_commons_lang_jar_link=%(pki_tomcat_common_lib_path)s/apache-commons-lang.jar pki_apache_commons_logging_jar_link=%(pki_tomcat_common_lib_path)s/apache-commons-logging.jar pki_commons_codec_jar_link=%(pki_tomcat_common_lib_path)s/apache-commons-codec.jar diff --git a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py index 081d64029..6ca9a374d 100644 --- a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py @@ -86,6 +86,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # establish Tomcat instance common lib jar symbolic links deployer.symlink.create(deployer.master_dict['pki_apache_commons_collections_jar'], deployer.master_dict['pki_apache_commons_collections_jar_link']) + deployer.symlink.create(deployer.master_dict['pki_apache_commons_io_jar'], + deployer.master_dict['pki_apache_commons_io_jar_link']) deployer.symlink.create(deployer.master_dict['pki_apache_commons_lang_jar'], deployer.master_dict['pki_apache_commons_lang_jar_link']) deployer.symlink.create(deployer.master_dict['pki_apache_commons_logging_jar'], diff --git a/base/server/scripts/operations b/base/server/scripts/operations index 1537e3461..6d5ee1476 100644 --- a/base/server/scripts/operations +++ b/base/server/scripts/operations @@ -1141,6 +1141,7 @@ verify_symlinks() common_jar_symlinks=( [apache-commons-codec.jar]=${java_dir}/commons-codec.jar [apache-commons-collections.jar]=${java_dir}/apache-commons-collections.jar + [apache-commons-io.jar]=${java_dir}/apache-commons-io.jar [apache-commons-lang.jar]=${java_dir}/apache-commons-lang.jar [apache-commons-logging.jar]=${java_dir}/apache-commons-logging.jar [httpclient.jar]=${java_dir}/httpcomponents/httpclient.jar diff --git a/base/server/share/conf/pki.policy b/base/server/share/conf/pki.policy index 52e3d7fe1..df9157e70 100644 --- a/base/server/share/conf/pki.policy +++ b/base/server/share/conf/pki.policy @@ -46,6 +46,10 @@ grant codeBase "file:/usr/share/java/apache-commons-collections.jar" { permission java.security.AllPermission; }; +grant codeBase "file:/usr/share/java/apache-commons-io.jar" { + permission java.security.AllPermission; +}; + grant codeBase "file:/usr/share/java/apache-commons-lang.jar" { permission java.security.AllPermission; }; -- cgit