Tuesday, February 04, 2014

Publicly Listed Apache Axis2 Services

Google and other search engines constantly crawl the web. This allows some interesting search terms where the search engine would allow one to find directory listings of various items. This is an interesting case where people one researcher was able to find SCM directories.
With this in mind ... try googling for the following term: 
"Available services" "Service EPR"
This gives a set of publicly hosted Apache Axis2 WAR distributions. Quite a few of them still had the default version service. Interestingly, the service listings includes faulty services, which displays the full path of those faulty service archive (.aar) files. Due to obvious differences in the presented path values this "feature" also discloses whether the host system is a UNIX based system or a Windows system. This maybe something to think about when managing service your deployments.
Posted by at No comments:
Labels: ,

Sunday, February 02, 2014

Maven Archetype to Create an Apache Axis2 Service

This is a simple archetype that will create a simple axis2 service for you. The generated project includes a "setup" script and a "start" script. These hosts the built service in the simple HTTP server that is available with Apache Axis2 binary distribution.
Posted by at No comments:
Labels: , , ,

Monday, January 27, 2014

node.js + XACML

Following is one possible approach to carryout XACML authorization in node.js.

1.) Wrap WSO2 Balana PDP implementation to expose a simple interface to process incoming XACML requests. 
package edu.purdue.cs.endtoendsoa;

public class AccessController {

 public String evaluate(String policy, String request) {
  PDP pdp = this.getPDPInstance(policy);
  return this.evaluate(request, pdp);
 }
 
 private String evaluate(String request, PDP pdp) {
  String res = pdp.evaluate(request);
  ByteArrayInputStream in = new ByteArrayInputStream(res.getBytes());
  OMElement elem = OMXMLBuilderFactory.createOMBuilder(in).getDocumentElement();
  
  OMElement tmp = elem.getFirstChildWithName(new QName("urn:oasis:names:tc:xacml:3.0:core:schema:wd-17", "Result"));
  tmp = tmp.getFirstChildWithName(new QName("urn:oasis:names:tc:xacml:3.0:core:schema:wd-17", "Decision"));
  return tmp.getText();
 }
 
 private PDP getPDPInstance(String policyLocation) {
    PolicyFinder finder= new PolicyFinder();
    Set policyLocations = new HashSet();
    policyLocations.add(policyLocation);
    FileBasedPolicyFinderModule testPolicyFinderModule = new FileBasedPolicyFinderModule(policyLocations);
    Set policyModules = new HashSet();
    policyModules.add(testPolicyFinderModule);
    finder.setModules(policyModules);

    Balana balana = Balana.getInstance();
    PDPConfig pdpConfig = balana.getPdpConfig();
    pdpConfig = new PDPConfig(pdpConfig.getAttributeFinder(), finder,
                              pdpConfig.getResourceFinder(), true);
    return new PDP(pdpConfig);
 }
}
The objective of this wrapper class is only to make things easy when integrating with node.js. Source code is available here: https://code.google.com/p/end-to-end-soa/source/browse/policy. When building this project with maven it collects all the dependencies into 'target/lib' directory.

2.) Import the above implementation into Javascript and try it out. 
var java = require('java');
var xml2js = require('xml2js');
var fs = require('fs');


var jars_dir = process.cwd() + '/lib/';
java.classpath.push(jars_dir + "apache-mime4j-core-0.7.2.jar");
java.classpath.push(jars_dir + "balana-distribution-1.0.0-wso2v7.jar");
java.classpath.push(jars_dir + "geronimo-activation_1.1_spec-1.1.jar");
java.classpath.push(jars_dir + "jaxen-1.1.3.jar");
java.classpath.push(jars_dir + "wstx-asl-3.2.9.jar");
java.classpath.push(jars_dir + "axiom-api-1.2.13.jar");
java.classpath.push(jars_dir + "commons-io-1.3.2.jar");
java.classpath.push(jars_dir + "geronimo-javamail_1.4_spec-1.7.1.jar");
java.classpath.push(jars_dir + "junit-3.8.1.jar");
java.classpath.push(jars_dir + "axiom-impl-1.2.13.jar");
java.classpath.push(jars_dir + "commons-logging-1.1.1.jar");
java.classpath.push(jars_dir + "geronimo-stax-api_1.0_spec-1.0.1.jar");
java.classpath.push(jars_dir + "org.wso2.balana-1.0.0-wso2v7.jar");
java.classpath.push(jars_dir + "policy-1.0-SNAPSHOT.jar");

var req_text = fs.readFileSync('./req_1.json','utf8');

var req = JSON.parse(req_text);

//Update request template with values
for(var i in req.Request.Attributes) {
 var attr = req.Request.Attributes[i];
 var attr_id = attr.Attribute[0].$.AttributeId;
 if(attr_id == 'urn:oasis:names:tc:xacml:1.0:resource:resource-id') {
  attr.Attribute[0].AttributeValue[0]._='localhost:6102';
 } else if(attr_id == 'http://endtoendsoa.cs.purdue.edu/policy/service_uri') {
  attr.Attribute[0].AttributeValue[0]._='localhost:6101';
 } else if(attr_id == 'urn:oasis:names:tc:xacml:1.0:action:action-id') {
  attr.Attribute[0].AttributeValue[0]._='READ';
 } else if(attr_id == 'http://test.org/trust_level') {
  attr.Attribute[0].AttributeValue[0]._=10;
 }
}

//Convert populated request template to XML
var builder = new xml2js.Builder();
var req_xml = builder.buildObject(req);


var AccessController = java.import('edu.purdue.cs.endtoendsoa.AccessController');
var ac = new AccessController();
ac.evaluate(process.cwd() + '/policy_1.xml', req_xml, function(err, result) {
 if(err) {
  console.log(err);
 } else {
  console.log('Response from access controller : ' + result);
 }
});
Note that the a template was used in the above code to create a XACML request. This template was generated using a regular XML XACML request. The original XACML request was simply converted into JSON. This was loaded as a JSON object, which is very convenient to traverse in Javascript. The policy file used in the above example is available here. Request template is available here.
Posted by at 2 comments:
Labels: , , ,

Wednesday, July 24, 2013

Unlinkable Complex Identity Claims

Presented at the 2013 CERIAS Symposium.
Posted by at 1 comment:
Labels: , , , ,

Monday, April 15, 2013

National Strategy for Trusted Identities in Cyberspace

My report/summary of CERIAS 2013 Symposium panel on NSTIC, Trusted Identities and the Internet : Link to CERIAS Blog
Posted by at No comments:

Thursday, April 26, 2012

My Poster on Private Anonymous Messaging

I presented one of my projects at the CERIAS Symposium 2012.



This project is about a set of peers who wish to remain anonymous (even to each other) connected to a particular entity. In a situation where the common entity has limited connectivity to the peers, this research provides means of being able to distribute the messages transmitted by the common entity among all peers.

And I'm very happy that this poster won the honorable mention award of the poster competition! :-)
Posted by at 2 comments:
Labels: , ,

Monday, April 02, 2012

Gmail and Spam

When I tried to mark an email as spam Gmail prompted the following :
What I'm wondering now is : "Wouldn't Gmail's automated attempt to unsubscribe my email address from the spammer's list confirm the existence of a valid email address to the spammer?"
Posted by at 1 comment:
Labels: , ,
Subscribe to: Posts (Atom)