You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ri...@apache.org on 2007/03/19 12:13:47 UTC
svn commit: r519909 - in /incubator/qpid/branches/M2/java: broker/etc/
broker/src/main/java/org/apache/qpid/server/handler/
broker/src/main/java/org/apache/qpid/server/security/access/
broker/src/main/java/org/apache/qpid/server/security/auth/database/...
Author: ritchiem
Date: Mon Mar 19 04:13:45 2007
New Revision: 519909
URL: http://svn.apache.org/viewvc?view=rev&rev=519909
Log:
Moved the principal-database and access sections in the xml under security.
Updated PlainPasswordFilePrincipalDatabase to include an AMQPLAIN authentication mechanism
Changed PlainPasswordVhostFilePrincipalDatabase to extend PlainPasswordFilePrincipalDatabase as it was the same code.
A few other whitespace changes and additional logging to better show why an error occurred such as was shown by the python tests.
Modified:
incubator/qpid/branches/M2/java/broker/etc/config.xml
incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/handler/ConnectionStartOkMethodHandler.java
incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/AccessManagerImpl.java
incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalDatabaseAccessManager.java
incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/ConfigurationFilePrincipalDatabaseManager.java
incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/MD5PasswordFilePrincipalDatabase.java
incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java
incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordVhostFilePrincipalDatabase.java
incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java
incubator/qpid/branches/M2/java/integrationtests/ (props changed)
Modified: incubator/qpid/branches/M2/java/broker/etc/config.xml
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/broker/etc/config.xml?view=diff&rev=519909&r1=519908&r2=519909
==============================================================================
--- incubator/qpid/branches/M2/java/broker/etc/config.xml (original)
+++ incubator/qpid/branches/M2/java/broker/etc/config.xml Mon Mar 19 04:13:45 2007
@@ -50,33 +50,35 @@
<compressBufferOnQueue>false</compressBufferOnQueue>
</advanced>
- <principal-databases>
- <principal-database>
- <name>passwordfile</name>
- <class>org.apache.qpid.server.security.auth.database.PlainPasswordVhostFilePrincipalDatabase</class>
- <attributes>
- <attribute>
- <name>passwordFile</name>
- <value>${conf}/passwdVhost</value>
- </attribute>
- </attributes>
- </principal-database>
-
- <principal-database>
- <name>md5passwordfile</name>
- <class>org.apache.qpid.server.security.auth.database.MD5PasswordFilePrincipalDatabase</class>
- <attributes>
- <attribute>
- <name>passwordFile</name>
- <value>${conf}/md5passwd</value>
- </attribute>
- </attributes>
- </principal-database>
- </principal-databases>
-
- <access>
- <class>org.apache.qpid.server.security.access.AllowAll</class>
- </access>
+ <security>
+ <principal-databases>
+ <principal-database>
+ <name>passwordfile</name>
+ <class>org.apache.qpid.server.security.auth.database.PlainPasswordVhostFilePrincipalDatabase</class>
+ <attributes>
+ <attribute>
+ <name>passwordFile</name>
+ <value>${conf}/passwdVhost</value>
+ </attribute>
+ </attributes>
+ </principal-database>
+
+ <!--principal-database>
+ <name>md5passwordfile</name>
+ <class>org.apache.qpid.server.security.auth.database.MD5PasswordFilePrincipalDatabase</class>
+ <attributes>
+ <attribute>
+ <name>passwordFile</name>
+ <value>${conf}/md5passwd</value>
+ </attribute>
+ </attributes>
+ </principal-database-->
+ </principal-databases>
+
+ <access>
+ <class>org.apache.qpid.server.security.access.AllowAll</class>
+ </access>
+ </security>
<virtualhosts>
<virtualhost>
@@ -89,7 +91,7 @@
</store>
<security>
- <!-- Need protocol changes to allow this-->
+ <!-- Need protocol changes to allow this-->
<authentication>
<name>passwordfile</name>
<!-- Currently this can't be used as Vhost isn't specified at connection start only connection open -->
@@ -161,3 +163,5 @@
<virtualhosts>${conf}/virtualhosts.xml</virtualhosts>
</broker>
+
+
Modified: incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/handler/ConnectionStartOkMethodHandler.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/handler/ConnectionStartOkMethodHandler.java?view=diff&rev=519909&r1=519908&r2=519909
==============================================================================
--- incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/handler/ConnectionStartOkMethodHandler.java (original)
+++ incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/handler/ConnectionStartOkMethodHandler.java Mon Mar 19 04:13:45 2007
@@ -75,9 +75,10 @@
if (ss == null)
{
- throw body.getConnectionException(AMQConstant.RESOURCE_ERROR, "Unable to create SASL Server");
+ throw body.getConnectionException(AMQConstant.RESOURCE_ERROR, "Unable to create SASL Server:" + body.mechanism
+ );
}
-
+
session.setSaslServer(ss);
AuthenticationResult authResult = authMgr.authenticate(ss, body.response);
@@ -150,5 +151,6 @@
return framesize;
}
}
+
Modified: incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/AccessManagerImpl.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/AccessManagerImpl.java?view=diff&rev=519909&r1=519908&r2=519909
==============================================================================
--- incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/AccessManagerImpl.java (original)
+++ incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/AccessManagerImpl.java Mon Mar 19 04:13:45 2007
@@ -74,7 +74,7 @@
private void initialiseAccessControl(AccessManager accessManager, Configuration config)
throws ConfigurationException
{
- String baseName = "access.attributes.attribute.";
+ String baseName = "security.access.attributes.attribute.";
List<String> argumentNames = config.getList(baseName + "name");
List<String> argumentValues = config.getList(baseName + "value");
for (int i = 0; i < argumentNames.size(); i++)
Modified: incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalDatabaseAccessManager.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalDatabaseAccessManager.java?view=diff&rev=519909&r1=519908&r2=519909
==============================================================================
--- incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalDatabaseAccessManager.java (original)
+++ incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalDatabaseAccessManager.java Mon Mar 19 04:13:45 2007
@@ -33,7 +33,7 @@
public PrincipalDatabaseAccessManager()
{
- _default = ApplicationRegistry.getInstance().getAccessManager();
+ _default = null;
}
public void setDefaultAccessManager(String defaultAM)
@@ -64,7 +64,14 @@
if (_database == null)
{
- result = _default.isAuthorized(accessObject, username);
+ if (_default != null)
+ {
+ result = _default.isAuthorized(accessObject, username);
+ }
+ else
+ {
+ throw new RuntimeException("Principal Database and default Access Manager are both null unable to perform Access Control");
+ }
}
else
{
Modified: incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/ConfigurationFilePrincipalDatabaseManager.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/ConfigurationFilePrincipalDatabaseManager.java?view=diff&rev=519909&r1=519908&r2=519909
==============================================================================
--- incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/ConfigurationFilePrincipalDatabaseManager.java (original)
+++ incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/ConfigurationFilePrincipalDatabaseManager.java Mon Mar 19 04:13:45 2007
@@ -38,7 +38,7 @@
{
private static final Logger _logger = Logger.getLogger(ConfigurationFilePrincipalDatabaseManager.class);
- private static final String _base = "principal-databases.principal-database";
+ private static final String _base = "security.principal-databases.principal-database";
Map<String, PrincipalDatabase> _databases;
Modified: incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/MD5PasswordFilePrincipalDatabase.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/MD5PasswordFilePrincipalDatabase.java?view=diff&rev=519909&r1=519908&r2=519909
==============================================================================
--- incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/MD5PasswordFilePrincipalDatabase.java (original)
+++ incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/MD5PasswordFilePrincipalDatabase.java Mon Mar 19 04:13:45 2007
@@ -21,7 +21,6 @@
package org.apache.qpid.server.security.auth.database;
import org.apache.log4j.Logger;
-import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
import org.apache.qpid.server.security.auth.sasl.AuthenticationProviderInitialiser;
import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5Initialiser;
import org.apache.qpid.server.security.auth.sasl.plain.PlainInitialiser;
Modified: incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java?view=diff&rev=519909&r1=519908&r2=519909
==============================================================================
--- incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java (original)
+++ incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java Mon Mar 19 04:13:45 2007
@@ -23,6 +23,7 @@
import org.apache.log4j.Logger;
import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
import org.apache.qpid.server.security.auth.sasl.AuthenticationProviderInitialiser;
+import org.apache.qpid.server.security.auth.sasl.amqplain.AmqPlainInitialiser;
import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5Initialiser;
import org.apache.qpid.server.security.auth.sasl.plain.PlainInitialiser;
@@ -49,11 +50,11 @@
{
private static final Logger _logger = Logger.getLogger(PlainPasswordFilePrincipalDatabase.class);
- private File _passwordFile;
+ protected File _passwordFile;
- private Pattern _regexp = Pattern.compile(":");
+ protected Pattern _regexp = Pattern.compile(":");
- private Map<String, AuthenticationProviderInitialiser> _saslServers;
+ protected Map<String, AuthenticationProviderInitialiser> _saslServers;
public PlainPasswordFilePrincipalDatabase()
{
@@ -63,6 +64,10 @@
* Create Authenticators for Plain Password file.
*/
+ // Accept AMQPlain incomming and compare it to the file.
+ AmqPlainInitialiser amqplain = new AmqPlainInitialiser();
+ amqplain.initialise(this);
+
// Accept Plain incomming and compare it to the file.
PlainInitialiser plain = new PlainInitialiser();
plain.initialise(this);
@@ -71,6 +76,7 @@
CRAMMD5Initialiser cram = new CRAMMD5Initialiser();
cram.initialise(this);
+ _saslServers.put(amqplain.getMechanismName(), amqplain);
_saslServers.put(plain.getMechanismName(), plain);
_saslServers.put(cram.getMechanismName(), cram);
}
Modified: incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordVhostFilePrincipalDatabase.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordVhostFilePrincipalDatabase.java?view=diff&rev=519909&r1=519908&r2=519909
==============================================================================
--- incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordVhostFilePrincipalDatabase.java (original)
+++ incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordVhostFilePrincipalDatabase.java Mon Mar 19 04:13:45 2007
@@ -49,121 +49,9 @@
*
* where a carriage return separates each username/password pair. Passwords are assumed to be in plain text.
*/
-public class PlainPasswordVhostFilePrincipalDatabase implements PrincipalDatabase, AccessManager
+public class PlainPasswordVhostFilePrincipalDatabase extends PlainPasswordFilePrincipalDatabase implements AccessManager
{
private static final Logger _logger = Logger.getLogger(PlainPasswordVhostFilePrincipalDatabase.class);
-
- private File _passwordFile;
-
- private Pattern _regexp = Pattern.compile(":");
-
- private Map<String, AuthenticationProviderInitialiser> _saslServers;
-
- public PlainPasswordVhostFilePrincipalDatabase()
- {
- _saslServers = new HashMap<String, AuthenticationProviderInitialiser>();
-
- /**
- * Create Authenticators for Plain Password file.
- */
-
- // Accept Plain incomming and compare it to the file.
- PlainInitialiser plain = new PlainInitialiser();
- plain.initialise(this);
-
- // Accept MD5 incomming and Hash file value for comparison
- CRAMMD5Initialiser cram = new CRAMMD5Initialiser();
- cram.initialise(this);
-
- _saslServers.put(plain.getMechanismName(), plain);
- _saslServers.put(cram.getMechanismName(), cram);
- }
-
- public void setPasswordFile(String passwordFile) throws FileNotFoundException
- {
- File f = new File(passwordFile);
- _logger.info("PlainPasswordFile using file " + f.getAbsolutePath());
- _passwordFile = f;
- if (!f.exists())
- {
- throw new FileNotFoundException("Cannot find password file " + f);
- }
- if (!f.canRead())
- {
- throw new FileNotFoundException("Cannot read password file " + f +
- ". Check permissions.");
- }
- }
-
- public void setPassword(Principal principal, PasswordCallback callback) throws IOException,
- AccountNotFoundException
- {
- if (_passwordFile == null)
- {
- throw new AccountNotFoundException("Unable to locate principal since no password file was specified during initialisation");
- }
- if (principal == null)
- {
- throw new IllegalArgumentException("principal must not be null");
- }
- char[] pwd = lookupPassword(principal.getName());
- if (pwd != null)
- {
- callback.setPassword(pwd);
- }
- else
- {
- throw new AccountNotFoundException("No account found for principal " + principal);
- }
- }
-
- public Map<String, AuthenticationProviderInitialiser> getMechanisms()
- {
- return _saslServers;
- }
-
-
- /**
- * Looks up the password for a specified user in the password file. Note this code is <b>not</b> secure since it
- * creates strings of passwords. It should be modified to create only char arrays which get nulled out.
- *
- * @param name
- *
- * @return
- *
- * @throws java.io.IOException
- */
- private char[] lookupPassword(String name) throws IOException
- {
- BufferedReader reader = null;
- try
- {
- reader = new BufferedReader(new FileReader(_passwordFile));
- String line;
-
- while ((line = reader.readLine()) != null)
- {
- String[] result = _regexp.split(line);
- if (result == null || result.length < 2)
- {
- continue;
- }
-
- if (name.equals(result[0]))
- {
- return result[1].toCharArray();
- }
- }
- return null;
- }
- finally
- {
- if (reader != null)
- {
- reader.close();
- }
- }
- }
/**
* Looks up the virtual hosts for a specified user in the password file.
Modified: incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java?view=diff&rev=519909&r1=519908&r2=519909
==============================================================================
--- incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java (original)
+++ incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java Mon Mar 19 04:13:45 2007
@@ -62,7 +62,7 @@
public PrincipalDatabaseAuthenticationManager(String name, Configuration hostConfig) throws Exception
{
- _logger.info("Initialising " + (name == null ? " Default" : "'" + name + "'")
+ _logger.info("Initialising " + (name == null ? "Default" : "'" + name + "'")
+ " PrincipleDatabase authentication manager.");
// Fixme This should be done per Vhost but allowing global hack isn't right but ...
Propchange: incubator/qpid/branches/M2/java/integrationtests/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Mon Mar 19 04:13:45 2007
@@ -0,0 +1 @@
+*.iml