Package org.wso2.carbon.security

Examples of org.wso2.carbon.security.SecurityConfigException


            this.registry = SecurityServiceHolder.getRegistryService().getConfigSystemRegistry();
            this.govRegistry = SecurityServiceHolder.getRegistryService().getGovernanceSystemRegistry();
        } catch (Exception e) {
            String msg = "Error when retrieving a registry instance";
            log.error(msg);
            throw new SecurityConfigException(msg,e);
        }
    }
View Full Code Here


        try {
            this.govRegistry = SecurityServiceHolder.getRegistryService().getGovernanceSystemRegistry(
                    ((UserRegistry)registry).getTenantId());
        } catch (Exception e) {
            log.error("Error when obtaining the governance registry instance.");
            throw new SecurityConfigException(
                    "Error when obtaining the governance registry instance.", e);
        }
    }
View Full Code Here

        try {
            SecurityScenarioData data = null;
            AxisService service = axisConfig.getServiceForActivation(serviceName);
            if (service == null) {
                throw new SecurityConfigException("AxisService is Null");
            }

            String servicePath = RegistryResources.SERVICE_GROUPS
                    + service.getAxisServiceGroup().getServiceGroupName()
                    + RegistryResources.SERVICES + serviceName;

            String policyResourcePath = servicePath + RegistryResources.POLICIES;

            if (!registry.resourceExists(policyResourcePath)) {
                return data;
            }

            /**
             * First check whether there's a custom policy engaged from registry. If it is not
             * the case, we check whether a default scenario is applied.
             */
            Parameter param = service.getParameter(SecurityConstants.SECURITY_POLICY_PATH);
            if (param != null) {
                data = new SecurityScenarioData();
                data.setPolicyRegistryPath((String) param.getValue());
                data.setScenarioId(SecurityConstants.POLICY_FROM_REG_SCENARIO);
            } else {
                SecurityScenario scenario = this.readCurrentScenario(serviceName);
                if (scenario != null) {
                    data = new SecurityScenarioData();
                    data.setCategory(scenario.getCategory());
                    data.setDescription(scenario.getDescription());
                    data.setScenarioId(scenario.getScenarioId());
                    data.setSummary(scenario.getSummary());
                }
            }

            return data;
        } catch (RegistryException e) {
            throw new SecurityConfigException("readingSecurity");
        }
    }
View Full Code Here

        try {

            AxisService service = axisConfig.getServiceForActivation(serviceName);
            if (service == null) {
                throw new SecurityConfigException("AxisService is Null");
            }

            // at registry
            String servicePath = RegistryResources.SERVICE_GROUPS
                    + service.getAxisServiceGroup().getServiceGroupName()
                    + RegistryResources.SERVICES + serviceName;

            String policyResourcePath = servicePath + RegistryResources.POLICIES;

            log.debug("Removing " + policyResourcePath);
            if (!registry.resourceExists(policyResourcePath)) {
                return;
            }
            SecurityScenario scenario = readCurrentScenario(serviceName);
            if (scenario == null) {
                return;
            }

            String secPolicyPath = servicePath + RegistryResources.POLICIES + scenario.getWsuId();
            if (registry.resourceExists(secPolicyPath)) {
                registry.delete(secPolicyPath);
            }

            String[] moduleNames = scenario.getModules().toArray(
                    new String[scenario.getModules().size()]);

            // disengage modules
            for (String moduleName : moduleNames) {
                AxisModule module = service.getAxisConfiguration().getModule(moduleName);
                service.disengageModule(module);

                String modPath = RegistryResources.MODULES + module.getName() + "/" + module.getVersion();
                registry.removeAssociation(servicePath, modPath,
                        RegistryResources.Associations.ENGAGED_MODULES);
            }

            // remove poicy
            SecurityServiceAdmin admin = new SecurityServiceAdmin(axisConfig, registry);
            admin.removeSecurityPolicyFromAllBindings(service, scenario.getWsuId());

            String scenarioId = scenario.getScenarioId();
            String resourceUri = SecurityConstants.SECURITY_POLICY + "/" + scenarioId;

            // unpersist data
            try {
                boolean transactionStarted = Transaction.isStarted();
                if (!transactionStarted) {
                    registry.beginTransaction();
                }
                registry.removeAssociation(resourceUri, servicePath,
                        SecurityConstants.ASSOCIATION_SERVICE_SECURING_POLICY);
                AuthorizationManager acAdmin = realm.getAuthorizationManager();
                String[] roles = acAdmin.getAllowedRolesForResource(servicePath,
                        UserCoreConstants.INVOKE_SERVICE_PERMISSION);
                for (int i = 0; i < roles.length; i++) {
                    acAdmin.clearRoleAuthorization(roles[i], servicePath,
                            UserCoreConstants.INVOKE_SERVICE_PERMISSION);
                }

                Association[] kss = registry.getAssociations(RegistryConstants.CONFIG_REGISTRY_BASE_PATH +
                                                                 servicePath,
                                                                 SecurityConstants.ASSOCIATION_PRIVATE_KEYSTORE);
                for (int i = 0; i < kss.length; i++) {
                    registry.removeAssociation(RegistryConstants.CONFIG_REGISTRY_BASE_PATH + servicePath, kss[i].getDestinationPath(),
                                                    SecurityConstants.ASSOCIATION_PRIVATE_KEYSTORE);
                }

                Association[] tkss = registry.getAssociations(RegistryConstants.CONFIG_REGISTRY_BASE_PATH + servicePath,
                                                              SecurityConstants.ASSOCIATION_TRUSTED_KEYSTORE);
                for (int i = 0; i < tkss.length; i++) {
                    registry.removeAssociation(RegistryConstants.CONFIG_REGISTRY_BASE_PATH +
                                               servicePath, tkss[i].getDestinationPath(),
                                               SecurityConstants.ASSOCIATION_TRUSTED_KEYSTORE);
                }
                // remove the policy path parameter if it is set..
                String paramPath = servicePath + RegistryResources.PARAMETERS
                        + SecurityConstants.SECURITY_POLICY_PATH;
                if (registry.resourceExists(paramPath)) {
                    registry.delete(paramPath);
                }
                if (!transactionStarted) {
                    registry.commitTransaction();
                }
            } catch (RegistryException e) {
                registry.rollbackTransaction();
                String msg = "Unable to remove persisted data.";
                log.error(msg);
                throw new AxisFault(msg, e);
            }

            Parameter param = new Parameter();
            param.setName(WSHandlerConstants.PW_CALLBACK_REF);
            service.removeParameter(param);

            Parameter param2 = new Parameter();
            param2.setName("disableREST"); // TODO Find the constant
            service.removeParameter(param2);

            Parameter pathParam = service.getParameter(SecurityConstants.SECURITY_POLICY_PATH);
            String policyPath = null;
            if (pathParam != null) {
                policyPath = (String) pathParam.getValue();
                service.removeParameter(pathParam);
            }

            // unlock transports
            Policy policy = this.loadPolicy(scenarioId, policyPath);
            if (isHttpsTransportOnly(policy)) {
                try {
                    boolean transactionStarted = Transaction.isStarted();
                    if (!transactionStarted) {
                        registry.beginTransaction();
                    }
                    Resource resource = registry.get(servicePath);
                    resource.removeProperty(RegistryResources.ServiceProperties.IS_UT_ENABLED);
                    List<String> transports = getAllTransports();
                    setServiceTransports(serviceName, transports);

                    // Fire the transport binding added event
                    AxisEvent event = new AxisEvent(CarbonConstants.AxisEvent.TRANSPORT_BINDING_ADDED,
                            service);
                    axisConfig.notifyObservers(event, service);

                    resource.setProperty(
                            RegistryResources.ServiceProperties.EXPOSED_ON_ALL_TANSPORTS,
                            Boolean.TRUE.toString());

                    for (String trans : transports) {
                        if (trans.endsWith("https")) {
                            continue;
                        }
                        String transPath = RegistryResources.TRANSPORTS + trans;
                        if (registry.resourceExists(transPath)) {
                            registry.addAssociation(servicePath, transPath,
                                    RegistryResources.Associations.EXPOSED_TRANSPORTS);
                        } else {
                            String msg = "Transport path " + transPath + " does not exist in the registry";
                            log.error(msg);
                            throw new AxisFault(msg);
                        }
                    }

                    registry.put(resource.getPath(), resource);
                    if (!transactionStarted) {
                        registry.commitTransaction();
                    }

                } catch (RegistryException e) {
                    registry.rollbackTransaction();
                    String msg = "Service with name " + serviceName + " not found.";
                    log.error(msg);
                    throw new AxisFault(msg, e);
                }
            }

        } catch (AxisFault e) {
            e.printStackTrace();
        } catch (SecurityConfigException e) {
            throw e;
        } catch (Exception e) {
            log.error(e);
            throw new SecurityConfigException("removingPolicy", e);
        }
    }
View Full Code Here

        } catch (RegistryException e) {
            String msg = "An error occurred while retreiving kerberos configuration data for service "
                    + service.getName();
            log.error(msg, e);
            throw new SecurityConfigException(msg);
        }

    }
View Full Code Here

            addRegistryResource(servicePrincipalPasswordResource, KerberosConfig.SERVICE_PRINCIPLE_PASSWORD,
                    getEncryptedPassword(kerberosConfigData.getServicePrinciplePassword()));

        } catch (RegistryException e) {
            log.error("Error adding kerberos parameters to registry.", e);
            throw new SecurityConfigException("Unable to add kerberos parameters to registry.", e);
        }
    }
View Full Code Here

        try {
            return cryptoUtil.encryptAndBase64Encode(password.getBytes());
        } catch (CryptoException e) {
            String msg = "Unable to encrypt and encode password string.";
            log.error(msg, e);
            throw new SecurityConfigException(msg, e);
        }
    }
View Full Code Here

    public void applySecurity(String serviceName, String scenarioId, KerberosConfigData kerberosConfigurations)
            throws SecurityConfigException {

        if (kerberosConfigurations == null) {
            log.error("Kerberos configurations provided are invalid.");
            throw new SecurityConfigException("Kerberos configuration parameters are null. " +
                    "Please specify valid kerberos configurations.");
        }

        try {

            // Begin registry transaction
            boolean transactionStarted = Transaction.isStarted();
            if (!transactionStarted) {
                registry.beginTransaction();
            }

            // Disable security if already a policy is applied
            this.disableSecurityOnService(serviceName);

            AxisService service = axisConfig.getServiceForActivation(serviceName);
            if (service == null) {
                throw new SecurityConfigException("nullService");
            }

            boolean isRahasEngaged = false;
            applyPolicy(service, scenarioId, null, null, null, kerberosConfigurations);

            isRahasEngaged = engageModules(scenarioId, serviceName, service);

            if (!isRahasEngaged) {
                log.info("Rahas engaged to service - " + serviceName);
            }

            disableRESTCalls(serviceName, scenarioId);

            persistsKerberosData(service, kerberosConfigurations);

            if (!transactionStarted) {
                registry.commitTransaction();
            }
        } catch (RegistryException e) {
            StringBuilder str = new StringBuilder("Error persisting security scenario ").
                    append(scenarioId).append(" for service ").append(serviceName);
            log.error(str.toString(),e);
            try {
                registry.rollbackTransaction();
            } catch (RegistryException ex) {
                log.error("An error occurred while rollback, registry.", ex);
            }
            throw new SecurityConfigException(str.toString(), e);
        }
    }
View Full Code Here

            if (userGroups != null) {
                Arrays.sort(userGroups);
                if (Arrays.binarySearch(userGroups, CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME) > -1) {
                    log
                            .error("Security breach. A user is attempting to enable annonymous for UT access");
                    throw new SecurityConfigException("Invalid data provided"); // obscure error message
                }
            }

            boolean transactionStarted = Transaction.isStarted();
            if (!transactionStarted) {
                registry.beginTransaction();
            }
            this.disableSecurityOnService(serviceName);

            AxisService service = axisConfig.getServiceForActivation(serviceName);
            if (service == null) {
                throw new SecurityConfigException("nullService");
            }
            boolean isRahasEngaged = false;
            applyPolicy(service, scenrioId, policyPath, trustedStores, privateStore);
            isRahasEngaged = engageModules(scenrioId, serviceName, service);
            disableRESTCalls(serviceName, scenrioId);
View Full Code Here

    public void applyKerberosSecurityPolicy(String serviceName, String policyId, String servicePrincipalName,
                                            String servicePrincipalPassword)
            throws SecurityConfigException {

        if (servicePrincipalName == null || servicePrincipalName.trim().equals("")) {
            throw new SecurityConfigException("Please specify a valid service principal. " +
                    "Service principal should not be null");
        }

        if (servicePrincipalPassword == null || servicePrincipalPassword.trim().equals("")) {
            throw new SecurityConfigException("Please specify a valid service principal password. " +
                    "Service principal password should not be null");
        }

        SecurityConfigAdmin admin = new SecurityConfigAdmin(getUserRealm(), getConfigSystemRegistry(), getAxisConfig());
View Full Code Here

TOP

Related Classes of org.wso2.carbon.security.SecurityConfigException

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.