001: /*
002: * BEGIN_HEADER - DO NOT EDIT
003: *
004: * The contents of this file are subject to the terms
005: * of the Common Development and Distribution License
006: * (the "License"). You may not use this file except
007: * in compliance with the License.
008: *
009: * You can obtain a copy of the license at
010: * https://open-esb.dev.java.net/public/CDDLv1.0.html.
011: * See the License for the specific language governing
012: * permissions and limitations under the License.
013: *
014: * When distributing Covered Code, include this CDDL
015: * HEADER in each file and include the License file at
016: * https://open-esb.dev.java.net/public/CDDLv1.0.html.
017: * If applicable add the following below this CDDL HEADER,
018: * with the fields enclosed by brackets "[]" replaced with
019: * your own identifying information: Portions Copyright
020: * [year] [name of copyright owner]
021: */
022:
023: /*
024: * @(#)SecurityTestServlet.java
025: * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
026: *
027: * END_HEADER - DO NOT EDIT
028: */
029: package com.sun.jbi.internal.security.https.jregress.server;
030:
031: import com.sun.jbi.binding.security.Endpoint;
032: import com.sun.jbi.binding.security.DeploymentListener;
033: import com.sun.jbi.binding.security.HttpSecurityHandler;
034: import com.sun.jbi.binding.security.HttpErrorResponseException;
035: import com.sun.jbi.binding.security.SecurityHandler;
036: import com.sun.jbi.internal.security.config.SecurityConfiguration;
037: import com.sun.jbi.internal.security.ExtendedSecurityService;
038: import com.sun.jbi.internal.security.SampleBindingContext;
039: import com.sun.jbi.internal.security.https.jregress.SecurityConfigImpl;
040: import com.sun.jbi.internal.security.https.jregress.Helper;
041: import com.sun.jbi.internal.security.Util;
042:
043: import java.io.*;
044: import java.net.*;
045:
046: import javax.servlet.*;
047: import javax.servlet.http.*;
048: import java.util.Enumeration;
049: import java.util.HashMap;
050: import java.util.Iterator;
051:
052: /**
053: *
054: * @author Sun Microsystems, Inc.
055: * @version
056: */
057: public class SecurityTestServlet extends HttpServlet {
058: /** Some Constants */
059: private static String EP_PREFIX = "endpoint";
060: private static String SVC_NAME = "testService";
061: private static String SVC_TNS = "http://www.sun.com";
062:
063: /**
064: * Binding Id
065: */
066: private String mBindingId;
067:
068: /**
069: * Binding Name.
070: */
071: private String mBindingName;
072:
073: /**
074: * Security Handler
075: */
076: private SecurityHandler mSecHandler;
077:
078: /**
079: * The HttpSecurityHandler
080: */
081: private HttpSecurityHandler mHttpSecHandler;
082:
083: /**
084: * The Security Service.
085: */
086: private ExtendedSecurityService mSecSvc;
087:
088: /**
089: * Dummy Deployment Registry
090: */
091: private HashMap mEndpoints;
092:
093: /** Initializes the servlet.
094: */
095: public void init(ServletConfig config) throws ServletException {
096: super .init(config);
097: System.out.println("TestSecurity Servlet initialized.");
098: mEndpoints = new HashMap();
099: try {
100: // -- Create Security Handler
101: System.out.println("Creating the Security Handler.");
102: createSecurityHandler(config);
103: mHttpSecHandler = mSecHandler.getHttpSecurityHandler();
104: System.out.println("Security Handler created.");
105:
106: // -- Simulate the deployments
107: addDeployments(config);
108: } catch (Exception ex) {
109: // -- ex.printStackTrace();
110: throw new ServletException(ex);
111: }
112:
113: }
114:
115: /** Destroys the servlet.
116: */
117: public void destroy() {
118: // -- Remove the deployments
119: removeDeployments();
120:
121: // -- Remove Security Handler
122: System.out.println("Removing the Security Handler.");
123: removeSecurityHandler();
124: System.out.println("TestSecurity Servlet destroyed.");
125:
126: }
127:
128: /**
129: * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
130: *
131: * The request URL will be of the form http(s)://host:port/security/endpointX[/testX.]
132: * endpointX identifies the endpoint to whom the request is directed.
133: *
134: * @param request servlet request
135: * @param response servlet response
136: */
137: protected void processRequest(HttpServletRequest request,
138: HttpServletResponse response) throws ServletException,
139: IOException {
140: try {
141: // -- Dispatch the requests to various request handlers.
142: Endpoint ep = getEndpointFromRequest(request);
143: try {
144: mHttpSecHandler.authenticateSenderRequest(request, ep,
145: null);
146: process(request, response, ep);
147: sendSuccessResponse(ep, response);
148:
149: } catch (HttpErrorResponseException httpEx) {
150: response.sendError(httpEx.getErrorCode(), httpEx
151: .getErrorMessage());
152: }
153: } catch (Exception ex) {
154: throw new ServletException(ex);
155: }
156: }
157:
158: /**
159: *
160: * @param ep is the Endpoint to send the response to.
161: * @param response is the HttpServletResponse
162: * @throws IOException on IO errors.
163: */
164: private void sendSuccessResponse(Endpoint ep,
165: HttpServletResponse response) throws IOException {
166: response.setContentType("text/html");
167: PrintWriter out = response.getWriter();
168: /* TODO output your page here*/
169: out.println("<html>");
170: out.println("<head>");
171: out.println("<title>Test for endpoint " + ep.getEndpointName()
172: + " Succeeded</title>");
173: out.println("</head>");
174: out.println("<body>");
175:
176: out.println("</body>");
177: out.println("</html>");
178:
179: out.close();
180: }
181:
182: /** Handles the HTTP <code>GET</code> method.
183: * @param request servlet request
184: * @param response servlet response
185: */
186: protected void doGet(HttpServletRequest request,
187: HttpServletResponse response) throws ServletException,
188: IOException {
189: processRequest(request, response);
190: }
191:
192: /** Handles the HTTP <code>POST</code> method.
193: * @param request servlet request
194: * @param response servlet response
195: */
196: protected void doPost(HttpServletRequest request,
197: HttpServletResponse response) throws ServletException,
198: IOException {
199: processRequest(request, response);
200: }
201:
202: /** Returns a short description of the servlet.
203: */
204: public String getServletInfo() {
205: return "Test Servlet to test TLS";
206: }
207:
208: /**
209: * Create a Security Handler
210: *
211: * @throws Exception
212: */
213: private void createSecurityHandler(ServletConfig config)
214: throws Exception {
215: if (config.getInitParameter("userfile") == null)
216: throw new Exception(
217: "Init parameter userfile missing from ServletConfig");
218: if (config.getInitParameter("userfile2") == null)
219: throw new Exception(
220: "Init parameter userfile missing from ServletConfig");
221: if (config.getInitParameter("keystorebase") == null)
222: throw new Exception(
223: "Init parameter keystorebase missing from ServletConfig");
224:
225: SecurityConfiguration installConfig = SecurityConfigImpl
226: .getTestSecurityConfiguration(
227: config.getInitParameter("userfile"),
228: config.getInitParameter("userfile2"),
229: config.getInitParameter("keystorebase"),
230: Util
231: .getStringTranslator("com.sun.jbi.internal.security"));
232:
233: mBindingId = (config.getInitParameter("bindingid") == null ? "def-123"
234: : config.getInitParameter("bindingid"));
235:
236: mBindingName = (config.getInitParameter("bindingname") == null ? "def-binding"
237: : config.getInitParameter("bindingname"));
238:
239: // -- Create the Installtime Setup
240: mSecSvc = new ExtendedSecurityService(installConfig);
241: // -- Initialize the Service here, pass the ctx to it.
242: com.sun.jbi.component.ComponentContext bndCtx = new SampleBindingContext(
243: mBindingId, mSecSvc);
244: mSecHandler = bndCtx.getSecurityHandler();
245: }
246:
247: /**
248: * Remove the Security Handler
249: *
250: * @throws Exception
251: */
252: private void removeSecurityHandler() {
253: mSecHandler = null;
254: mSecSvc.removeSecurityHandler(mBindingId);
255: }
256:
257: /**
258: * Add deployments, making this as dynamic as possible.
259: *
260: * @param config is the ServletConfig from where one could get the endpoint info
261: */
262: private void addDeployments(ServletConfig config) throws Exception {
263: createTestEndpoints(config);
264: DeploymentListener listener = mSecHandler
265: .getDeploymentListener();
266:
267: Iterator itr = mEndpoints.keySet().iterator();
268: while (itr.hasNext()) {
269: listener.addDeployment((Endpoint) mEndpoints
270: .get((String) itr.next()));
271: }
272: }
273:
274: /**
275: * Create Test Endpoints from the ServletConfig
276: *
277: * @param config is the ServletConfig from where one could get the endpoint info
278: */
279: private void createTestEndpoints(ServletConfig config)
280: throws Exception {
281: // -- Check the init parameters for all endpoint* parameters, create Endpoints
282: // -- from these.
283:
284: Enumeration params = config.getInitParameterNames();
285:
286: while (params.hasMoreElements()) {
287: String param = (String) params.nextElement();
288: if (param.startsWith(EP_PREFIX)) {
289: // -- This is an endpoint
290: String secFileName = config.getInitParameter(param);
291: if (!(new File(secFileName).exists())) {
292: throw new Exception("The file : " + secFileName
293: + " does not exist.");
294: }
295: System.out.println("Creating Endpoint "
296: + param
297: + " Svc "
298: + (new javax.xml.namespace.QName(SVC_TNS,
299: SVC_NAME)).toString() + " id "
300: + mBindingId + " secFileName " + secFileName);
301: mEndpoints.put(param,
302: new EndpointImpl(param,
303: new javax.xml.namespace.QName(SVC_TNS,
304: SVC_NAME), mBindingId,
305: secFileName));
306: }
307: }
308: }
309:
310: /**
311: * Remove all the Endpoint deployments
312: *
313: */
314: private void removeDeployments() {
315: DeploymentListener listener = mSecHandler
316: .getDeploymentListener();
317: Iterator itr = mEndpoints.keySet().iterator();
318: while (itr.hasNext()) {
319: listener.removeDeployment((Endpoint) mEndpoints
320: .get((String) itr.next()));
321: }
322: }
323:
324: /**
325: * Get the Endpoint from the Request
326: *
327: */
328: private Endpoint getEndpointFromRequest(HttpServletRequest request)
329: throws Exception {
330: String serviceURL = request.getRequestURL().toString();
331: System.out.println("Request URL : " + serviceURL);
332:
333: int startIndex = serviceURL.indexOf(EP_PREFIX);
334: int endIndex = serviceURL.indexOf("/", startIndex);
335:
336: if (startIndex != -1) {
337:
338: String endpoint = (endIndex == -1) ? serviceURL
339: .substring(startIndex) : serviceURL.substring(
340: startIndex, endIndex);
341: System.out.println("Request is for endpoint : " + endpoint);
342: return (Endpoint) mEndpoints.get(endpoint);
343: } else {
344: throw new Exception(
345: "Could not identify the Endpoint the request is for.");
346: }
347: }
348:
349: /**
350: * This is hook to test the outbound tls functionality.
351: *
352: * @param request is the HttpServletRequest
353: * @param ep is the Endpoint
354: */
355: private void process(HttpServletRequest request,
356: HttpServletResponse response, Endpoint ep) throws Exception {
357: if (ep.getEndpointName().equals("endpoint4")) {
358: // -- Simulate a outbound connection.
359: String serviceURL = request.getRequestURL().toString();
360: System.out.println("Request URL : " + serviceURL);
361:
362: int insertPos = serviceURL.indexOf(EP_PREFIX);
363:
364: if (mEndpoints.get("endpoint3") != null) {
365: String connectURL = serviceURL.substring(0, insertPos)
366: .concat("endpoint3");
367: // -- Connect to a secure endpoint i.e. endpoint3
368: System.out.println("Connecting to : " + connectURL);
369: HttpURLConnection conxn = (HttpURLConnection) mHttpSecHandler
370: .createSecureClientConnection(new java.net.URL(
371: connectURL), ep);
372: Helper.getResponse(conxn, response.getWriter());
373:
374: }
375:
376: }
377: }
378: }
|