You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2015/03/12 15:13:29 UTC
svn commit: r1666200 [2/4] - in
/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java: ./
amqp-1-0-common/src/main/java/org/apache/qpid/amqp_1_0/transport/
bdbstore/src/main/java/org/apache/qpid/server/virtualhostnode/berkeleydb/
bdbstore/src/test/java/org/...
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java Thu Mar 12 14:13:28 2015
@@ -20,34 +20,54 @@ package org.apache.qpid.server.security;
import static org.apache.qpid.server.security.access.ObjectType.BROKER;
import static org.apache.qpid.server.security.access.ObjectType.EXCHANGE;
-import static org.apache.qpid.server.security.access.ObjectType.GROUP;
import static org.apache.qpid.server.security.access.ObjectType.METHOD;
import static org.apache.qpid.server.security.access.ObjectType.QUEUE;
import static org.apache.qpid.server.security.access.ObjectType.USER;
-import static org.apache.qpid.server.security.access.ObjectType.VIRTUALHOST;
-import static org.apache.qpid.server.security.access.ObjectType.VIRTUALHOSTNODE;
-import static org.apache.qpid.server.security.access.Operation.*;
+import static org.apache.qpid.server.security.access.Operation.ACCESS_LOGS;
+import static org.apache.qpid.server.security.access.Operation.PUBLISH;
+import static org.apache.qpid.server.security.access.Operation.PURGE;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
+import java.util.EnumSet;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.security.auth.Subject;
-import org.apache.qpid.server.binding.BindingImpl;
-import org.apache.qpid.server.consumer.ConsumerImpl;
-import org.apache.qpid.server.exchange.ExchangeImpl;
+import org.apache.log4j.Logger;
import org.apache.qpid.server.model.AccessControlProvider;
+import org.apache.qpid.server.model.AuthenticationProvider;
+import org.apache.qpid.server.model.Binding;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.ConfiguredObject;
+import org.apache.qpid.server.model.Connection;
+import org.apache.qpid.server.model.Consumer;
+import org.apache.qpid.server.model.Exchange;
+import org.apache.qpid.server.model.ExclusivityPolicy;
+import org.apache.qpid.server.model.Group;
+import org.apache.qpid.server.model.GroupMember;
+import org.apache.qpid.server.model.GroupProvider;
+import org.apache.qpid.server.model.KeyStore;
+import org.apache.qpid.server.model.LifetimePolicy;
+import org.apache.qpid.server.model.Model;
+import org.apache.qpid.server.model.Plugin;
+import org.apache.qpid.server.model.Port;
+import org.apache.qpid.server.model.Queue;
+import org.apache.qpid.server.model.RemoteReplicationNode;
+import org.apache.qpid.server.model.Session;
import org.apache.qpid.server.model.State;
+import org.apache.qpid.server.model.TrustStore;
+import org.apache.qpid.server.model.User;
+import org.apache.qpid.server.model.VirtualHost;
+import org.apache.qpid.server.model.VirtualHostAlias;
+import org.apache.qpid.server.model.VirtualHostNode;
import org.apache.qpid.server.protocol.AMQConnectionModel;
-import org.apache.qpid.server.queue.AMQQueue;
+import org.apache.qpid.server.queue.QueueConsumer;
import org.apache.qpid.server.security.access.ObjectProperties;
import org.apache.qpid.server.security.access.ObjectProperties.Property;
import org.apache.qpid.server.security.access.ObjectType;
@@ -58,20 +78,22 @@ import org.apache.qpid.server.security.a
public class SecurityManager
{
+ private static final Logger LOGGER = Logger.getLogger(SecurityManager.class);
+
private static final Subject SYSTEM = new Subject(true,
Collections.singleton(new SystemPrincipal()),
Collections.emptySet(),
Collections.emptySet());
private final boolean _managementMode;
- private final Broker<?> _broker;
+ private final ConfiguredObject<?> _aclProvidersParent;
- private final ConcurrentMap<PublishAccessCheckCacheEntry, PublishAccessCheck> _publishAccessCheckCache = new ConcurrentHashMap<PublishAccessCheckCacheEntry, SecurityManager.PublishAccessCheck>();
+ private final ConcurrentMap<PublishAccessCheckCacheEntry, PublishAccessCheck> _publishAccessCheckCache = new ConcurrentHashMap<>();
- public SecurityManager(Broker<?> broker, boolean managementMode)
+ public SecurityManager(ConfiguredObject<?> aclProvidersParent, boolean managementMode)
{
_managementMode = managementMode;
- _broker = broker;
+ _aclProvidersParent = aclProvidersParent;
}
public static Subject getSubjectWithAddedSystemRights()
@@ -99,11 +121,6 @@ public class SecurityManager
return subject;
}
- private String getPluginTypeName(AccessControl accessControl)
- {
- return accessControl.getClass().getName();
- }
-
public static boolean isSystemProcess()
{
Subject subject = Subject.getSubject(AccessController.getContext());
@@ -161,7 +178,7 @@ public class SecurityManager
}
- Collection<AccessControlProvider<?>> accessControlProviders = _broker.getAccessControlProviders();
+ Collection<AccessControlProvider> accessControlProviders = _aclProvidersParent.getChildren(AccessControlProvider.class);
if(accessControlProviders != null && !accessControlProviders.isEmpty())
{
AccessControlProvider<?> accessControlProvider = accessControlProviders.iterator().next();
@@ -184,22 +201,6 @@ public class SecurityManager
return true;
}
- public void authoriseCreateBinding(final BindingImpl binding)
- {
- boolean allowed = checkAllPlugins(new AccessCheck()
- {
- Result allowed(AccessControl plugin)
- {
- return plugin.authorise(BIND, EXCHANGE, new ObjectProperties(binding));
- }
- });
-
- if(!allowed)
- {
- throw new AccessControlException("Permission denied: binding " + binding.getBindingKey());
- }
- }
-
public void authoriseMethod(final Operation operation, final String componentName, final String methodName, final String virtualHostName)
{
boolean allowed = checkAllPlugins(new AccessCheck()
@@ -239,176 +240,326 @@ public class SecurityManager
}
}
- public void authoriseVirtualHostNode(final String virtualHostNodeName, final Operation operation)
+ public void authoriseCreateConnection(final AMQConnectionModel connection)
{
- if(!checkAllPlugins(new AccessCheck()
- {
- Result allowed(AccessControl plugin)
- {
- ObjectProperties properties = new ObjectProperties(virtualHostNodeName);
- return plugin.authorise(operation, VIRTUALHOSTNODE, properties);
- }
- }))
+ String virtualHostName = connection.getVirtualHostName();
+ ObjectProperties properties = new ObjectProperties(virtualHostName);
+ properties.put(Property.VIRTUALHOST_NAME, virtualHostName);
+ if (!checkAllPlugins(ObjectType.VIRTUALHOST, properties, Operation.ACCESS))
{
- throw new AccessControlException(operation + " permission denied for " + VIRTUALHOSTNODE
- + " : " + virtualHostNodeName);
+ throw new AccessControlException("Permission denied: " + virtualHostName);
}
}
- public void authoriseVirtualHost(final String virtualHostName, final Operation operation)
+ public void authoriseCreate(ConfiguredObject<?> object)
{
- if(!checkAllPlugins(new AccessCheck()
- {
- Result allowed(AccessControl plugin)
- {
- // We put the name into the properties under both name and virtualhost_name so the user may express predicates using either.
- ObjectProperties properties = new ObjectProperties(virtualHostName);
- properties.put(Property.VIRTUALHOST_NAME, virtualHostName);
- return plugin.authorise(operation, VIRTUALHOST, properties);
- }
- }))
- {
- throw new AccessControlException(operation + " permission denied for " + VIRTUALHOST
- + " : " + virtualHostName);
- }
+ authorise(Operation.CREATE, object);
}
- public void authoriseCreateConnection(final AMQConnectionModel connection)
+ public void authoriseUpdate(ConfiguredObject<?> configuredObject)
{
- String virtualHostName = connection.getVirtualHostName();
- try
+ authorise(Operation.UPDATE, configuredObject);
+ }
+
+ public void authoriseDelete(ConfiguredObject<?> configuredObject)
+ {
+ authorise(Operation.DELETE, configuredObject);
+ }
+
+ public void authorise(Operation operation, ConfiguredObject<?> configuredObject)
+ {
+ // If we are running as SYSTEM then no ACL checking
+ if(isSystemProcess() || _managementMode)
{
- authoriseVirtualHost(virtualHostName, Operation.ACCESS);
+ return;
}
- catch (AccessControlException ace)
+
+ if (Operation.CREATE == operation && configuredObject instanceof RemoteReplicationNode)
{
- throw new AccessControlException("Permission denied: " + virtualHostName);
+ // creation of remote replication node is out of control for user of this broker
+ return;
}
- }
-
- public void authoriseCreateConsumer(final ConsumerImpl consumer)
- {
- // TODO - remove cast to AMQQueue and allow testing of consumption from any MessageSource
- final AMQQueue queue = (AMQQueue) consumer.getMessageSource();
- if(!checkAllPlugins(new AccessCheck()
+ if ((Operation.CREATE == operation) && configuredObject instanceof RemoteReplicationNode)
{
- Result allowed(AccessControl plugin)
- {
- return plugin.authorise(CONSUME, QUEUE, new ObjectProperties(queue));
- }
- }))
+ // creation of remote replication node is out of control for user of this broker
+ return;
+ }
+
+ if ((EnumSet.of(Operation.CREATE, Operation.UPDATE, Operation.DELETE).contains(operation)) && configuredObject instanceof Session)
{
- throw new AccessControlException("Permission denied: consume from queue '" + queue.getName() + "'.");
+ return;
}
- }
- public void authoriseCreateExchange(final ExchangeImpl exchange)
- {
- final String exchangeName = exchange.getName();
- if(!checkAllPlugins(new AccessCheck()
+ if ((EnumSet.of(Operation.UPDATE, Operation.DELETE).contains(operation)) && (configuredObject instanceof Consumer || configuredObject instanceof Connection))
{
- Result allowed(AccessControl plugin)
- {
- return plugin.authorise(CREATE, EXCHANGE, new ObjectProperties(exchange));
- }
- }))
+ return;
+ }
+
+
+ Class<? extends ConfiguredObject> categoryClass = configuredObject.getCategoryClass();
+ LOGGER.debug("getCategoryClass " + categoryClass);
+ ObjectType objectType = getACLObjectTypeManagingConfiguredObjectOfCategory(categoryClass);
+ LOGGER.debug("objectType " + objectType);
+ if (objectType == null)
{
- throw new AccessControlException("Permission denied: exchange-name '" + exchangeName + "'");
+ LOGGER.warn("Cannot determine object type for " + configuredObject.getName() + " of category "
+ + categoryClass + ". Skipping ACL check...");
+ return;
}
- }
- public void authoriseCreateQueue(final AMQQueue queue)
- {
- final String queueName = queue.getName();
- if(! checkAllPlugins(new AccessCheck()
+ ObjectProperties properties = getACLObjectProperties(configuredObject, operation);
+ Operation authoriseOperation = validateAuthoriseOperation(operation, categoryClass);
+ if(!checkAllPlugins(objectType, properties, authoriseOperation))
{
- Result allowed(AccessControl plugin)
+ String objectName = (String)configuredObject.getAttribute(ConfiguredObject.NAME);
+ StringBuilder exceptionMessage = new StringBuilder(String.format("Permission %s %s is denied for : %s %s '%s'",
+ authoriseOperation.name(), objectType.name(), operation.name(), categoryClass.getSimpleName(), objectName ));
+ Model model = getModel();
+
+ Collection<Class<? extends ConfiguredObject>> parentClasses = model.getParentTypes(categoryClass);
+ if (parentClasses != null)
{
- return plugin.authorise(CREATE, QUEUE, new ObjectProperties(queue));
+ exceptionMessage.append(" on");
+ for (Class<? extends ConfiguredObject> parentClass: parentClasses)
+ {
+ String objectCategory = parentClass.getSimpleName();
+ ConfiguredObject<?> parent = configuredObject.getParent(parentClass);
+ exceptionMessage.append(" ").append(objectCategory);
+ if (parent != null)
+ {
+ exceptionMessage.append(" '").append(parent.getAttribute(ConfiguredObject.NAME)).append("'");
+ }
+ }
}
- }))
- {
- throw new AccessControlException("Permission denied: queue-name '" + queueName + "'");
+ throw new AccessControlException(exceptionMessage.toString());
}
}
+ private Model getModel()
+ {
+ return _aclProvidersParent.getModel();
+ }
- public void authoriseDelete(final AMQQueue queue)
+ private boolean checkAllPlugins(final ObjectType objectType, final ObjectProperties properties, final Operation authoriseOperation)
{
- if(!checkAllPlugins(new AccessCheck()
+ return checkAllPlugins(new AccessCheck()
{
Result allowed(AccessControl plugin)
{
- return plugin.authorise(DELETE, QUEUE, new ObjectProperties(queue));
+ return plugin.authorise(authoriseOperation, objectType, properties);
}
- }))
- {
- throw new AccessControlException("Permission denied, delete queue: " + queue.getName());
- }
+ });
}
-
- public void authoriseUpdate(final AMQQueue queue)
+ private Operation validateAuthoriseOperation(Operation operation, Class<? extends ConfiguredObject> category)
{
- if(!checkAllPlugins(new AccessCheck()
+ if (operation == Operation.CREATE || operation == Operation.UPDATE)
{
- Result allowed(AccessControl plugin)
+ if (Binding.class.isAssignableFrom(category))
{
- return plugin.authorise(UPDATE, QUEUE, new ObjectProperties(queue));
+ // CREATE BINDING is transformed into BIND EXCHANGE rule
+ return Operation.BIND;
}
- }))
+ else if (Consumer.class.isAssignableFrom(category))
+ {
+ // CREATE CONSUMER is transformed into CONSUME QUEUE rule
+ return Operation.CONSUME;
+ }
+ else if (GroupMember.class.isAssignableFrom(category))
+ {
+ // CREATE GROUP MEMBER is transformed into UPDATE GROUP rule
+ return Operation.UPDATE;
+ }
+ else if (isBrokerOrBrokerChild(category))
+ {
+ // CREATE/UPDATE broker child is transformed into CONFIGURE BROKER rule
+ return Operation.CONFIGURE;
+ }
+ }
+ else if (operation == Operation.DELETE)
{
- throw new AccessControlException("Permission denied: update queue: " + queue.getName());
+ if (Binding.class.isAssignableFrom(category))
+ {
+ // DELETE BINDING is transformed into UNBIND EXCHANGE rule
+ return Operation.UNBIND;
+ }
+ else if (isBrokerOrBrokerChild(category))
+ {
+ // DELETE broker child is transformed into CONFIGURE BROKER rule
+ return Operation.CONFIGURE;
+ }
+ else if (GroupMember.class.isAssignableFrom(category))
+ {
+ // DELETE GROUP MEMBER is transformed into UPDATE GROUP rule
+ return Operation.UPDATE;
+ }
}
+ return operation;
}
+ private boolean isBrokerOrBrokerChild(Class<? extends ConfiguredObject> category)
+ {
+ return Broker.class.isAssignableFrom(category)
+ || Port.class.isAssignableFrom(category)
+ || AuthenticationProvider.class.isAssignableFrom(category)
+ || AccessControlProvider.class.isAssignableFrom(category)
+ || GroupProvider.class.isAssignableFrom(category)
+ || KeyStore.class.isAssignableFrom(category)
+ || TrustStore.class.isAssignableFrom(category)
+ || Plugin.class.isAssignableFrom(category);
+ }
- public void authoriseUpdate(final ExchangeImpl exchange)
+ private ObjectProperties getACLObjectProperties(ConfiguredObject<?> configuredObject, Operation configuredObjectOperation)
{
- if(!checkAllPlugins(new AccessCheck()
+ String objectName = (String)configuredObject.getAttribute(ConfiguredObject.NAME);
+ Class<? extends ConfiguredObject> configuredObjectType = configuredObject.getCategoryClass();
+ ObjectProperties properties = new ObjectProperties(objectName);
+ if (configuredObject instanceof Binding)
{
- Result allowed(AccessControl plugin)
- {
- return plugin.authorise(UPDATE, EXCHANGE, new ObjectProperties(exchange));
- }
- }))
+ Exchange<?> exchange = (Exchange<?>)configuredObject.getParent(Exchange.class);
+ Queue<?> queue = (Queue<?>)configuredObject.getParent(Queue.class);
+ properties.setName((String)exchange.getAttribute(Exchange.NAME));
+ properties.put(Property.QUEUE_NAME, (String)queue.getAttribute(Queue.NAME));
+ properties.put(Property.ROUTING_KEY, (String)configuredObject.getAttribute(Binding.NAME));
+ properties.put(Property.VIRTUALHOST_NAME, (String)queue.getParent(VirtualHost.class).getAttribute(VirtualHost.NAME));
+
+ // The temporary attribute (inherited from the binding's queue) seems to exist to allow the user to
+ // express rules about the binding of temporary queues (whose names cannot be predicted).
+ properties.put(Property.TEMPORARY, queue.getAttribute(Queue.LIFETIME_POLICY) != LifetimePolicy.PERMANENT);
+ properties.put(Property.DURABLE, (Boolean)queue.getAttribute(Queue.DURABLE));
+ }
+ else if (configuredObject instanceof Queue)
+ {
+ setQueueProperties(configuredObject, properties);
+ }
+ else if (configuredObject instanceof Exchange)
{
- throw new AccessControlException("Permission denied: update exchange: " + exchange.getName());
+ Object lifeTimePolicy = configuredObject.getAttribute(ConfiguredObject.LIFETIME_POLICY);
+ properties.put(Property.AUTO_DELETE, lifeTimePolicy != LifetimePolicy.PERMANENT);
+ properties.put(Property.TEMPORARY, lifeTimePolicy != LifetimePolicy.PERMANENT);
+ properties.put(Property.DURABLE, (Boolean) configuredObject.getAttribute(ConfiguredObject.DURABLE));
+ properties.put(Property.TYPE, (String) configuredObject.getAttribute(Exchange.TYPE));
+ VirtualHost virtualHost = configuredObject.getParent(VirtualHost.class);
+ properties.put(Property.VIRTUALHOST_NAME, (String)virtualHost.getAttribute(virtualHost.NAME));
}
+ else if (configuredObject instanceof QueueConsumer)
+ {
+ Queue<?> queue = (Queue<?>)configuredObject.getParent(Queue.class);
+ setQueueProperties(queue, properties);
+ }
+ else if (isBrokerOrBrokerChild(configuredObjectType))
+ {
+ String description = String.format("%s %s '%s'",
+ configuredObjectOperation == null? null : configuredObjectOperation.name().toLowerCase(),
+ configuredObjectType == null ? null : configuredObjectType.getSimpleName().toLowerCase(),
+ objectName);
+ properties = new OperationLoggingDetails(description);
+ }
+ return properties;
}
- public void authoriseDelete(final ExchangeImpl exchange)
+ private void setQueueProperties(ConfiguredObject<?> queue, ObjectProperties properties)
{
- if(! checkAllPlugins(new AccessCheck()
+ properties.setName((String)queue.getAttribute(Exchange.NAME));
+ Object lifeTimePolicy = queue.getAttribute(ConfiguredObject.LIFETIME_POLICY);
+ properties.put(Property.AUTO_DELETE, lifeTimePolicy!= LifetimePolicy.PERMANENT);
+ properties.put(Property.TEMPORARY, lifeTimePolicy != LifetimePolicy.PERMANENT);
+ properties.put(Property.DURABLE, (Boolean)queue.getAttribute(ConfiguredObject.DURABLE));
+ properties.put(Property.EXCLUSIVE, queue.getAttribute(Queue.EXCLUSIVE) != ExclusivityPolicy.NONE);
+ Object alternateExchange = queue.getAttribute(Queue.ALTERNATE_EXCHANGE);
+ if (alternateExchange != null)
{
- Result allowed(AccessControl plugin)
- {
- return plugin.authorise(DELETE, EXCHANGE, new ObjectProperties(exchange));
- }
- }))
+ String name = alternateExchange instanceof ConfiguredObject ?
+ (String)((ConfiguredObject)alternateExchange).getAttribute(ConfiguredObject.NAME) :
+ String.valueOf(alternateExchange);
+ properties.put(Property.ALTERNATE,name);
+ }
+ String owner = (String)queue.getAttribute(Queue.OWNER);
+ if (owner != null)
{
- throw new AccessControlException("Permission denied, delete exchange: '" + exchange.getName() + "'");
+ properties.put(Property.OWNER, owner);
}
+ VirtualHost virtualHost = queue.getParent(VirtualHost.class);
+ properties.put(Property.VIRTUALHOST_NAME, (String)virtualHost.getAttribute(virtualHost.NAME));
}
- public void authoriseGroupOperation(final Operation operation, final String groupName)
+ private ObjectType getACLObjectTypeManagingConfiguredObjectOfCategory(Class<? extends ConfiguredObject> category)
{
- if(!checkAllPlugins(new AccessCheck()
+ if (Binding.class.isAssignableFrom(category))
{
- Result allowed(AccessControl plugin)
- {
- return plugin.authorise(operation, GROUP, new ObjectProperties(groupName));
- }
- }))
+ return ObjectType.EXCHANGE;
+ }
+ else if (VirtualHostNode.class.isAssignableFrom(category))
{
- throw new AccessControlException("Do not have permission" +
- " to perform the " + operation + " on the group " + groupName);
+ return ObjectType.VIRTUALHOSTNODE;
}
+ else if (isBrokerOrBrokerChild(category))
+ {
+ return ObjectType.BROKER;
+ }
+ else if (Group.class.isAssignableFrom(category))
+ {
+ return ObjectType.GROUP;
+ }
+ else if (GroupMember.class.isAssignableFrom(category))
+ {
+ // UPDATE GROUP
+ return ObjectType.GROUP;
+ }
+ else if (User.class.isAssignableFrom(category))
+ {
+ return ObjectType.USER;
+ }
+ else if (VirtualHost.class.isAssignableFrom(category))
+ {
+ return ObjectType.VIRTUALHOST;
+ }
+ else if (VirtualHostAlias.class.isAssignableFrom(category))
+ {
+ return ObjectType.VIRTUALHOST;
+ }
+ else if (Queue.class.isAssignableFrom(category))
+ {
+ return ObjectType.QUEUE;
+ }
+ else if (Exchange.class.isAssignableFrom(category))
+ {
+ return ObjectType.EXCHANGE;
+ }
+ else if (Connection.class.isAssignableFrom(category))
+ {
+ // ACCESS VIRTUALHOST
+ return ObjectType.VIRTUALHOST;
+ }
+ else if (Session.class.isAssignableFrom(category))
+ {
+ // PUBLISH EXCHANGE
+ return ObjectType.EXCHANGE;
+ }
+ else if (Consumer.class.isAssignableFrom(category))
+ {
+ // CONSUME QUEUE
+ return ObjectType.QUEUE;
+ }
+ else if (RemoteReplicationNode.class.isAssignableFrom(category))
+ {
+ // VHN permissions apply to remote nodes
+ return ObjectType.VIRTUALHOSTNODE;
+ }
+ return null;
}
- public void authoriseUserOperation(final Operation operation, final String userName)
+ public void authoriseUserUpdate(final String userName)
{
+ AuthenticatedPrincipal principal = getCurrentUser();
+ if (principal != null && principal.getName().equals(userName))
+ {
+ // allow user to update its own data
+ return;
+ }
+
+ final Operation operation = Operation.UPDATE;
if(! checkAllPlugins(new AccessCheck()
{
Result allowed(AccessControl plugin)
@@ -437,13 +588,15 @@ public class SecurityManager
}
}
- public void authorisePurge(final AMQQueue queue)
+ public void authorisePurge(final Queue queue)
{
+ final ObjectProperties properties = new ObjectProperties();
+ setQueueProperties(queue, properties);
if(!checkAllPlugins(new AccessCheck()
{
Result allowed(AccessControl plugin)
{
- return plugin.authorise(PURGE, QUEUE, new ObjectProperties(queue));
+ return plugin.authorise(PURGE, QUEUE, properties);
}
}))
{
@@ -451,21 +604,6 @@ public class SecurityManager
}
}
- public void authoriseUnbind(final BindingImpl binding)
- {
- if(! checkAllPlugins(new AccessCheck()
- {
- Result allowed(AccessControl plugin)
- {
- return plugin.authorise(UNBIND, EXCHANGE, new ObjectProperties(binding));
- }
- }))
- {
- throw new AccessControlException("Permission denied: unbinding " + binding.getBindingKey());
- }
- }
-
-
private class PublishAccessCheck extends AccessCheck
{
private final ObjectProperties _props;
@@ -481,22 +619,6 @@ public class SecurityManager
}
}
- public boolean authoriseConfiguringBroker(String configuredObjectName, Class<? extends ConfiguredObject> configuredObjectType, Operation configuredObjectOperation)
- {
- String description = String.format("%s %s '%s'",
- configuredObjectOperation == null? null : configuredObjectOperation.name().toLowerCase(),
- configuredObjectType == null ? null : configuredObjectType.getSimpleName().toLowerCase(),
- configuredObjectName);
- final OperationLoggingDetails properties = new OperationLoggingDetails(description);
- return checkAllPlugins(new AccessCheck()
- {
- Result allowed(AccessControl plugin)
- {
- return plugin.authorise(CONFIGURE, BROKER, properties);
- }
- });
- }
-
public boolean authoriseLogsAccess()
{
return checkAllPlugins(new AccessCheck()
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/access/ObjectProperties.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/access/ObjectProperties.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/access/ObjectProperties.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/access/ObjectProperties.java Thu Mar 12 14:13:28 2015
@@ -26,11 +26,6 @@ import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.builder.EqualsBuilder;
-import org.apache.qpid.server.binding.BindingImpl;
-import org.apache.qpid.server.exchange.ExchangeImpl;
-import org.apache.qpid.server.model.LifetimePolicy;
-import org.apache.qpid.server.model.VirtualHost;
-import org.apache.qpid.server.queue.AMQQueue;
/**
* An set of properties for an access control v2 rule {@link ObjectType}.
@@ -139,42 +134,6 @@ public class ObjectProperties
setName(name);
}
- public ObjectProperties(AMQQueue queue)
- {
- setName(queue.getName());
-
- put(Property.AUTO_DELETE, queue.getLifetimePolicy() != LifetimePolicy.PERMANENT);
- put(Property.TEMPORARY, queue.getLifetimePolicy() != LifetimePolicy.PERMANENT);
- put(Property.DURABLE, queue.isDurable());
- put(Property.EXCLUSIVE, queue.isExclusive());
- if (queue.getAlternateExchange() != null)
- {
- put(Property.ALTERNATE, queue.getAlternateExchange().getName());
- }
- if (queue.getOwner() != null)
- {
- put(Property.OWNER, queue.getOwner());
- }
- put(Property.VIRTUALHOST_NAME, queue.getParent(VirtualHost.class).getName());
- }
-
- public ObjectProperties(BindingImpl binding)
- {
- ExchangeImpl<?> exch = binding.getExchange();
- AMQQueue<?> queue = binding.getAMQQueue();
- String routingKey = binding.getBindingKey();
-
- setName(exch.getName());
-
- put(Property.QUEUE_NAME, queue.getName());
- put(Property.ROUTING_KEY, routingKey);
- put(Property.VIRTUALHOST_NAME, queue.getParent(VirtualHost.class).getName());
-
- // The temporary attribute (inherited from the binding's queue) seems to exist to allow the user to
- // express rules about the binding of temporary queues (whose names cannot be predicted).
- put(Property.TEMPORARY, queue.getLifetimePolicy() != LifetimePolicy.PERMANENT);
- put(Property.DURABLE, queue.isDurable());
- }
public ObjectProperties(String virtualHostName, String exchangeName, String routingKey, Boolean immediate)
{
@@ -187,29 +146,6 @@ public class ObjectProperties
put(Property.VIRTUALHOST_NAME, virtualHostName);
}
- public ObjectProperties(ExchangeImpl<?> exchange)
- {
- super();
-
- setName(exchange.getName());
-
- put(Property.AUTO_DELETE, exchange.isAutoDelete());
- put(Property.TEMPORARY, exchange.getLifetimePolicy() != LifetimePolicy.PERMANENT);
- put(Property.DURABLE, exchange.isDurable());
- put(Property.TYPE, exchange.getType());
- put(Property.VIRTUALHOST_NAME, exchange.getParent(VirtualHost.class).getName());
- }
-
- public ObjectProperties(Boolean exclusive, Boolean noAck, Boolean noLocal, Boolean nowait, AMQQueue queue)
- {
- this(queue);
-
- put(Property.NO_LOCAL, noLocal);
- put(Property.NO_ACK, noAck);
- put(Property.EXCLUSIVE, exclusive);
- put(Property.NO_WAIT, nowait);
- }
-
public Boolean isSet(Property key)
{
return _properties.containsKey(key) && Boolean.valueOf(_properties.get(key));
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java Thu Mar 12 14:13:28 2015
@@ -20,7 +20,6 @@
*/
package org.apache.qpid.server.security.auth.manager;
-import java.security.AccessControlException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
@@ -48,7 +47,6 @@ import org.apache.qpid.server.model.User
import org.apache.qpid.server.model.VirtualHostAlias;
import org.apache.qpid.server.model.port.AbstractPortWithAuthProvider;
import org.apache.qpid.server.security.SubjectCreator;
-import org.apache.qpid.server.security.access.Operation;
public abstract class AbstractAuthenticationManager<T extends AbstractAuthenticationManager<T>>
extends AbstractConfiguredObject<T>
@@ -155,28 +153,6 @@ public abstract class AbstractAuthentica
throw new IllegalArgumentException("Cannot create child of class " + childClass.getSimpleName());
}
-
- @Override
- protected void authoriseSetDesiredState(State desiredState) throws AccessControlException
- {
- if(desiredState == State.DELETED)
- {
- if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), AuthenticationProvider.class, Operation.DELETE))
- {
- throw new AccessControlException("Deletion of authentication provider is denied");
- }
- }
- }
-
- @Override
- protected void authoriseSetAttributes(ConfiguredObject<?> modified, Set<String> attributes) throws AccessControlException
- {
- if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), AuthenticationProvider.class, Operation.UPDATE))
- {
- throw new AccessControlException("Setting of authentication provider attributes is denied");
- }
- }
-
@StateTransition( currentState = State.UNINITIALIZED, desiredState = State.QUIESCED )
protected ListenableFuture<Void> startQuiesced()
{
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ConfigModelPasswordManagingAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ConfigModelPasswordManagingAuthenticationProvider.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ConfigModelPasswordManagingAuthenticationProvider.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ConfigModelPasswordManagingAuthenticationProvider.java Thu Mar 12 14:13:28 2015
@@ -70,27 +70,21 @@ public abstract class ConfigModelPasswor
@Override
public Boolean execute()
{
- getSecurityManager().authoriseUserOperation(Operation.CREATE, username);
- if (_users.containsKey(username))
- {
- throw new IllegalArgumentException("User '" + username + "' already exists");
- }
Map<String, Object> userAttrs = new HashMap<>();
userAttrs.put(User.ID, UUID.randomUUID());
userAttrs.put(User.NAME, username);
- userAttrs.put(User.PASSWORD, createStoredPassword(password));
+ userAttrs.put(User.PASSWORD, password);
userAttrs.put(User.TYPE, ManagedUser.MANAGED_USER_TYPE);
- ManagedUser user = new ManagedUser(userAttrs, ConfigModelPasswordManagingAuthenticationProvider.this);
- user.create();
-
- return true;
+ User user = createChild(User.class, userAttrs);
+ return user != null;
}
});
}
- SecurityManager getSecurityManager()
+ @Override
+ protected SecurityManager getSecurityManager()
{
return getBroker().getSecurityManager();
}
@@ -201,20 +195,15 @@ public abstract class ConfigModelPasswor
{
if(childClass == User.class)
{
- String username = (String) attributes.get("name");
- String password = (String) attributes.get("password");
-
- if(createUser(username, password,null))
+ String username = (String) attributes.get(User.NAME);
+ if (_users.containsKey(username))
{
- @SuppressWarnings("unchecked")
- C user = (C) getUser(username);
- return user;
- }
- else
- {
- return null;
-
+ throw new IllegalArgumentException("User '" + username + "' already exists");
}
+ attributes.put(User.PASSWORD, createStoredPassword((String) attributes.get(User.PASSWORD)));
+ ManagedUser user = new ManagedUser(attributes, ConfigModelPasswordManagingAuthenticationProvider.this);
+ user.create();
+ return (C)getUser(username);
}
return super.addChild(childClass, attributes, otherParents);
}
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ManagedUser.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ManagedUser.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ManagedUser.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ManagedUser.java Thu Mar 12 14:13:28 2015
@@ -40,7 +40,6 @@ import org.apache.qpid.server.model.Pref
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.model.User;
-import org.apache.qpid.server.security.access.Operation;
@ManagedObject( category = false, type = ManagedUser.MANAGED_USER_TYPE)
class ManagedUser extends AbstractConfiguredObject<ManagedUser> implements User<ManagedUser>
@@ -88,16 +87,6 @@ class ManagedUser extends AbstractConfig
}
}
- @Override
- protected void authoriseSetDesiredState(final State desiredState) throws AccessControlException
- {
- if(desiredState == State.DELETED)
- {
- _authenticationManager.getSecurityManager().authoriseUserOperation(Operation.DELETE, getName());
- }
-
- }
-
@StateTransition(currentState = {State.ACTIVE}, desiredState = State.DELETED)
private ListenableFuture<Void> doDelete()
{
@@ -106,31 +95,18 @@ class ManagedUser extends AbstractConfig
return Futures.immediateFuture(null);
}
-
@Override
- public void setAttributes(final Map<String, Object> attributes)
- throws IllegalStateException, AccessControlException, IllegalArgumentException
+ protected boolean changeAttribute(String name, Object expected, Object desired)
{
- runTask(new VoidTask()
+ if (User.PASSWORD.equals(name))
{
-
- @Override
- public void execute()
+ String storedPassword = _authenticationManager.createStoredPassword((String)desired);
+ if (!storedPassword.equals(getActualAttributes().get(User.PASSWORD)))
{
- Map<String, Object> modifiedAttributes = new HashMap<String, Object>(attributes);
- final String newPassword = (String) attributes.get(User.PASSWORD);
- if (attributes.containsKey(User.PASSWORD)
- && !newPassword.equals(getActualAttributes().get(User.PASSWORD)))
- {
- modifiedAttributes.put(User.PASSWORD,
- _authenticationManager.createStoredPassword(newPassword));
-
- }
- ManagedUser.super.setAttributes(modifiedAttributes);
+ desired = storedPassword;
}
- });
-
-
+ }
+ return super.changeAttribute(name, expected, desired);
}
@Override
@@ -142,10 +118,7 @@ class ManagedUser extends AbstractConfig
@Override
public void setPassword(final String password)
{
- _authenticationManager.getSecurityManager().authoriseUserOperation(Operation.UPDATE, getName());
-
- changeAttribute(User.PASSWORD, getAttribute(User.PASSWORD),
- _authenticationManager.createStoredPassword(password));
+ setAttributes(Collections.<String, Object>singletonMap(User.PASSWORD, password));
}
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java Thu Mar 12 14:13:28 2015
@@ -57,11 +57,11 @@ import org.apache.qpid.server.model.Pref
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.model.User;
-import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
+import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.util.FileHelper;
public abstract class PrincipalDatabaseAuthenticationManager<T extends PrincipalDatabaseAuthenticationManager<T>>
@@ -265,26 +265,18 @@ public abstract class PrincipalDatabaseA
@Override
public boolean createUser(String username, String password, Map<String, String> attributes)
{
- getSecurityManager().authoriseUserOperation(Operation.CREATE, username);
- Principal principal = new UsernamePrincipal(username);
- boolean created =
- getPrincipalDatabase().createPrincipal(principal, password.toCharArray());
- if(created)
- {
- principal = getPrincipalDatabase().getUser(username);
+ Map<String, Object> userAttrs = new HashMap<>();
+ userAttrs.put(User.NAME, username);
+ userAttrs.put(User.PASSWORD, password);
- PrincipalAdapter principalAdapter = new PrincipalAdapter(principal);
- principalAdapter.create();
- _userMap.put(principal, principalAdapter);
- }
- return created;
+ User user = createChild(User.class, userAttrs);
+ return user != null;
}
private void deleteUserFromDatabase(String username) throws AccountNotFoundException
{
- getSecurityManager().authoriseUserOperation(Operation.DELETE, username);
UsernamePrincipal principal = new UsernamePrincipal(username);
getPrincipalDatabase().deletePrincipal(principal);
_userMap.remove(principal);
@@ -301,11 +293,12 @@ public abstract class PrincipalDatabaseA
}
else
{
- deleteUserFromDatabase(username);
+ throw new AccountNotFoundException("No such user: '" + username + "'");
}
}
- private org.apache.qpid.server.security.SecurityManager getSecurityManager()
+ @Override
+ protected SecurityManager getSecurityManager()
{
return getBroker().getSecurityManager();
}
@@ -313,10 +306,12 @@ public abstract class PrincipalDatabaseA
@Override
public void setPassword(String username, String password) throws AccountNotFoundException
{
- getSecurityManager().authoriseUserOperation(Operation.UPDATE, username);
-
- getPrincipalDatabase().updatePassword(new UsernamePrincipal(username), password.toCharArray());
-
+ Principal principal = new UsernamePrincipal(username);
+ User user = _userMap.get(principal);
+ if (user != null)
+ {
+ user.setPassword(password);
+ }
}
@Override
@@ -346,8 +341,22 @@ public abstract class PrincipalDatabaseA
String username = (String) attributes.get("name");
String password = (String) attributes.get("password");
Principal p = new UsernamePrincipal(username);
+ if (_userMap.containsKey(p))
+ {
+ throw new IllegalArgumentException("User '" + username + "' already exists");
+ }
+
+ boolean created = getPrincipalDatabase().createPrincipal(p, password.toCharArray());
+ if(created)
+ {
+ p = getPrincipalDatabase().getUser(username);
- if(createUser(username, password,null))
+ PrincipalAdapter principalAdapter = new PrincipalAdapter(p);
+ principalAdapter.create();
+ _userMap.put(p, principalAdapter);
+ }
+
+ if(created)
{
return (C) _userMap.get(p);
}
@@ -474,14 +483,7 @@ public abstract class PrincipalDatabaseA
@Override
public void setPassword(String password)
{
- try
- {
- PrincipalDatabaseAuthenticationManager.this.setPassword(_user.getName(), password);
- }
- catch (AccountNotFoundException e)
- {
- throw new IllegalStateException(e);
- }
+ setAttributes(Collections.<String, Object>singletonMap(PASSWORD, password));
}
@Override
@@ -490,8 +492,20 @@ public abstract class PrincipalDatabaseA
{
if(name.equals(PASSWORD))
{
- setPassword((String)desired);
- return true;
+ try
+ {
+ String desiredPassword = (String) desired;
+ boolean changed = getPrincipalDatabase().updatePassword(_user, desiredPassword.toCharArray());
+ if (changed)
+ {
+ return super.changeAttribute(name, expected, desired);
+ }
+ return false;
+ }
+ catch(AccountNotFoundException e)
+ {
+ throw new IllegalStateException(e);
+ }
}
return super.changeAttribute(name, expected, desired);
}
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/store/BrokerStoreUpgraderAndRecoverer.java Thu Mar 12 14:13:28 2015
@@ -260,6 +260,11 @@ public class BrokerStoreUpgraderAndRecov
private ConfiguredObjectRecord upgradeKeyStoreRecordIfTypeTheSame(ConfiguredObjectRecord record, String expectedType)
{
Map<String, Object> attributes = new HashMap<>(record.getAttributes());
+ // Type may not be present, in which case the default type - which is the type affected - will be being used
+ if(!attributes.containsKey("type"))
+ {
+ attributes.put("type", expectedType);
+ }
if (expectedType.equals(attributes.get("type")))
{
Object path = attributes.remove("path");
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnection.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnection.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnection.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/transport/NonBlockingConnection.java Thu Mar 12 14:13:28 2015
@@ -45,7 +45,6 @@ import org.slf4j.LoggerFactory;
import org.apache.qpid.server.protocol.ServerProtocolEngine;
import org.apache.qpid.server.util.Action;
import org.apache.qpid.transport.ByteBufferSender;
-import org.apache.qpid.transport.SenderClosedException;
import org.apache.qpid.transport.SenderException;
import org.apache.qpid.transport.network.NetworkConnection;
import org.apache.qpid.transport.network.Ticker;
@@ -627,10 +626,13 @@ public class NonBlockingConnection imple
if (_closed.get())
{
- throw new SenderClosedException("I/O for thread " + _remoteSocketAddress + " is already closed");
+ LOGGER.warn("Send ignored as the connection is already closed");
+ }
+ else
+ {
+ _buffers.add(msg);
+ _protocolEngine.notifyWork();
}
- _buffers.add(msg);
- _protocolEngine.notifyWork();
}
@Override
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/transport/SelectorThread.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/transport/SelectorThread.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/transport/SelectorThread.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/transport/SelectorThread.java Thu Mar 12 14:13:28 2015
@@ -32,12 +32,16 @@ import java.util.List;
import java.util.Queue;
import java.util.Set;
import java.util.concurrent.ConcurrentLinkedQueue;
+import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledThreadPoolExecutor;
+import java.util.concurrent.ThreadFactory;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import org.slf4j.LoggerFactory;
+import org.apache.qpid.thread.LoggingUncaughtExceptionHandler;
+
public class SelectorThread extends Thread
{
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java Thu Mar 12 14:13:28 2015
@@ -21,7 +21,6 @@
package org.apache.qpid.server.virtualhost;
import java.io.File;
-import java.security.AccessControlException;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collection;
@@ -80,7 +79,6 @@ import org.apache.qpid.server.queue.AMQQ
import org.apache.qpid.server.queue.QueueConsumer;
import org.apache.qpid.server.queue.QueueEntry;
import org.apache.qpid.server.security.SecurityManager;
-import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.stats.StatisticsCounter;
import org.apache.qpid.server.store.ConfiguredObjectRecord;
import org.apache.qpid.server.store.DurableConfigurationStore;
@@ -465,25 +463,6 @@ public abstract class AbstractVirtualHos
return _connectionRegistry;
}
- @Override
- protected void authoriseSetDesiredState(State desiredState) throws AccessControlException
- {
- if(desiredState == State.DELETED)
- {
- _broker.getSecurityManager().authoriseVirtualHost(getName(), Operation.DELETE);
- }
- else
- {
- _broker.getSecurityManager().authoriseVirtualHost(getName(), Operation.UPDATE);
- }
- }
-
- @Override
- protected void authoriseSetAttributes(ConfiguredObject<?> modified, Set<String> attributes) throws AccessControlException
- {
- _broker.getSecurityManager().authoriseVirtualHost(getName(), Operation.UPDATE);
- }
-
public Collection<Connection> getConnections()
{
return getChildren(Connection.class);
@@ -709,11 +688,7 @@ public abstract class AbstractVirtualHos
public AMQQueue<?> createQueue(Map<String, Object> attributes) throws QueueExistsException
{
- checkVHostStateIsActive();
-
- AMQQueue<?> queue = addQueue(attributes);
- childAdded(queue);
- return queue;
+ return (AMQQueue<?> )createChild(Queue.class, attributes);
}
private AMQQueue<?> addQueue(Map<String, Object> attributes) throws QueueExistsException
@@ -738,7 +713,7 @@ public abstract class AbstractVirtualHos
}
catch (DuplicateNameException e)
{
- throw new QueueExistsException(getQueue(e.getName()));
+ throw new QueueExistsException(String.format("Queue with name '%s' already exists", e.getName()), getQueue(e.getName()));
}
}
@@ -797,10 +772,7 @@ public abstract class AbstractVirtualHos
throws ExchangeExistsException, ReservedExchangeNameException,
NoFactoryForTypeException
{
- checkVHostStateIsActive();
- ExchangeImpl child = addExchange(attributes);
- childAdded(child);
- return child;
+ return (ExchangeImpl)createChild(Exchange.class, attributes);
}
@@ -814,7 +786,7 @@ public abstract class AbstractVirtualHos
}
catch (DuplicateNameException e)
{
- throw new ExchangeExistsException(getExchange(e.getName()));
+ throw new ExchangeExistsException(String.format("Exchange with name '%s' already exists", e.getName()), getExchange(e.getName()));
}
}
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/ExchangeExistsException.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/ExchangeExistsException.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/ExchangeExistsException.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/ExchangeExistsException.java Thu Mar 12 14:13:28 2015
@@ -27,7 +27,12 @@ public class ExchangeExistsException ext
public ExchangeExistsException(ExchangeImpl existing)
{
- super(existing.getName());
+ this(existing.getName(), existing);
+ }
+
+ public ExchangeExistsException(String message, ExchangeImpl existing)
+ {
+ super(message);
_existing = existing;
}
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/AbstractVirtualHostNode.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/AbstractVirtualHostNode.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/AbstractVirtualHostNode.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/AbstractVirtualHostNode.java Thu Mar 12 14:13:28 2015
@@ -26,7 +26,6 @@ import java.io.Reader;
import java.io.StringReader;
import java.net.MalformedURLException;
import java.net.URL;
-import java.security.AccessControlException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -64,7 +63,6 @@ import org.apache.qpid.server.model.Virt
import org.apache.qpid.server.model.VirtualHostNode;
import org.apache.qpid.server.plugin.ConfiguredObjectRegistration;
import org.apache.qpid.server.plugin.QpidServiceLoader;
-import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
import org.apache.qpid.server.store.ConfiguredObjectRecord;
import org.apache.qpid.server.store.ConfiguredObjectRecordConverter;
@@ -312,43 +310,6 @@ public abstract class AbstractVirtualHos
closeConfigurationStore();
}
- @Override
- protected void authoriseSetDesiredState(State desiredState) throws AccessControlException
- {
- if(desiredState == State.DELETED)
- {
- _broker.getSecurityManager().authoriseVirtualHostNode(getName(), Operation.DELETE);
- }
- else
- {
- _broker.getSecurityManager().authoriseVirtualHostNode(getName(), Operation.UPDATE);
- }
- }
-
- @Override
- protected <C extends ConfiguredObject> void authoriseCreateChild(final Class<C> childClass,
- final Map<String, Object> attributes,
- final ConfiguredObject... otherParents)
- throws AccessControlException
- {
- if (childClass == VirtualHost.class)
- {
- _broker.getSecurityManager().authoriseVirtualHost(String.valueOf(attributes.get(VirtualHost.NAME)),
- Operation.CREATE);
-
- }
- else
- {
- super.authoriseCreateChild(childClass, attributes, otherParents);
- }
- }
-
- @Override
- protected void authoriseSetAttributes(ConfiguredObject<?> modified, Set<String> attributes) throws AccessControlException
- {
- _broker.getSecurityManager().authoriseVirtualHostNode(getName(), Operation.UPDATE);
- }
-
private void closeConfigurationStore()
{
DurableConfigurationStore configurationStore = getConfigurationStore();
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/exchange/FanoutExchangeTest.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/exchange/FanoutExchangeTest.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/exchange/FanoutExchangeTest.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/exchange/FanoutExchangeTest.java Thu Mar 12 14:13:28 2015
@@ -32,6 +32,9 @@ import java.util.Set;
import java.util.UUID;
import junit.framework.TestCase;
+import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.model.VirtualHost;
+import org.apache.qpid.server.model.VirtualHostNode;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;
@@ -63,14 +66,27 @@ public class FanoutExchangeTest extends
attributes.put(Exchange.NAME, "test");
attributes.put(Exchange.DURABLE, false);
+ Broker broker = mock(Broker.class);
+ SecurityManager securityManager = new SecurityManager(broker, false);
+ when(broker.getCategoryClass()).thenReturn(Broker.class);
+ when(broker.getModel()).thenReturn(BrokerModel.getInstance());
+ when(broker.getSecurityManager()).thenReturn(securityManager);
+
+ VirtualHostNode virtualHostNode = mock(VirtualHostNode.class);
+ when(virtualHostNode.getCategoryClass()).thenReturn(VirtualHostNode.class);
+ when(virtualHostNode.getParent(Broker.class)).thenReturn(broker);
+ when(virtualHostNode.getModel()).thenReturn(BrokerModel.getInstance());
+
_taskExecutor = new CurrentThreadTaskExecutor();
_taskExecutor.start();
_virtualHost = mock(VirtualHostImpl.class);
- SecurityManager securityManager = mock(SecurityManager.class);
+
when(_virtualHost.getSecurityManager()).thenReturn(securityManager);
when(_virtualHost.getEventLogger()).thenReturn(new EventLogger());
when(_virtualHost.getTaskExecutor()).thenReturn(_taskExecutor);
when(_virtualHost.getModel()).thenReturn(BrokerModel.getInstance());
+ when(_virtualHost.getParent(VirtualHostNode.class)).thenReturn(virtualHostNode);
+ when(_virtualHost.getCategoryClass()).thenReturn(VirtualHost.class);
_exchange = new FanoutExchange(attributes, _virtualHost);
_exchange.open();
}
@@ -134,6 +150,7 @@ public class FanoutExchangeTest extends
when(queue.getCategoryClass()).thenReturn(Queue.class);
when(queue.getModel()).thenReturn(BrokerModel.getInstance());
when(queue.getTaskExecutor()).thenReturn(CurrentThreadTaskExecutor.newStartedInstance());
+ when(queue.getParent(VirtualHost.class)).thenReturn(_virtualHost);
return queue;
}
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/exchange/HeadersExchangeTest.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/exchange/HeadersExchangeTest.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/exchange/HeadersExchangeTest.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/exchange/HeadersExchangeTest.java Thu Mar 12 14:13:28 2015
@@ -35,6 +35,9 @@ import java.util.Set;
import java.util.UUID;
import junit.framework.TestCase;
+import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.model.ConfiguredObject;
+import org.apache.qpid.server.model.VirtualHostNode;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;
@@ -70,7 +73,18 @@ public class HeadersExchangeTest extends
_taskExecutor = new CurrentThreadTaskExecutor();
_taskExecutor.start();
_virtualHost = mock(VirtualHostImpl.class);
- SecurityManager securityManager = mock(SecurityManager.class);
+
+ Broker broker = mock(Broker.class);
+ SecurityManager securityManager = new SecurityManager(broker, false);
+ when(broker.getCategoryClass()).thenReturn(Broker.class);
+ when(broker.getModel()).thenReturn(BrokerModel.getInstance());
+ when(broker.getSecurityManager()).thenReturn(securityManager);
+
+ VirtualHostNode virtualHostNode = mock(VirtualHostNode.class);
+ when(virtualHostNode.getCategoryClass()).thenReturn(VirtualHostNode.class);
+ when(virtualHostNode.getParent(Broker.class)).thenReturn(broker);
+ when(virtualHostNode.getModel()).thenReturn(BrokerModel.getInstance());
+
when(_virtualHost.getSecurityManager()).thenReturn(securityManager);
when(_virtualHost.getEventLogger()).thenReturn(new EventLogger());
when(_virtualHost.getCategoryClass()).thenReturn(VirtualHost.class);
@@ -78,6 +92,7 @@ public class HeadersExchangeTest extends
_factory = new ConfiguredObjectFactoryImpl(BrokerModel.getInstance());
when(_virtualHost.getObjectFactory()).thenReturn(_factory);
when(_virtualHost.getModel()).thenReturn(_factory.getModel());
+ when(_virtualHost.getParent(VirtualHostNode.class)).thenReturn(virtualHostNode);
Map<String,Object> attributes = new HashMap<String, Object>();
attributes.put(Exchange.ID, UUID.randomUUID());
attributes.put(Exchange.NAME, "test");
@@ -149,6 +164,7 @@ public class HeadersExchangeTest extends
AMQQueue q = mock(AMQQueue.class);
when(q.toString()).thenReturn(name);
when(q.getVirtualHost()).thenReturn(_virtualHost);
+ when(q.getParent(VirtualHost.class)).thenReturn(_virtualHost);
when(q.getCategoryClass()).thenReturn(Queue.class);
when(q.getObjectFactory()).thenReturn(_factory);
when(q.getModel()).thenReturn(_factory.getModel());
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/VirtualHostTest.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/VirtualHostTest.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/VirtualHostTest.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/VirtualHostTest.java Thu Mar 12 14:13:28 2015
@@ -69,7 +69,7 @@ public class VirtualHostTest extends Qpi
private final SecurityManager _mockSecurityManager = mock(SecurityManager.class);
private Broker _broker;
private TaskExecutor _taskExecutor;
- private VirtualHostNode<?> _virtualHostNode;
+ private VirtualHostNode _virtualHostNode;
private DurableConfigurationStore _configStore;
private VirtualHost<?, ?, ?> _virtualHost;
private StoreConfigurationChangeListener _storeConfigurationChangeListener;
@@ -86,6 +86,8 @@ public class VirtualHostTest extends Qpi
when(_broker.getTaskExecutor()).thenReturn(_taskExecutor);
_virtualHostNode = mock(VirtualHostNode.class);
+ when(_virtualHostNode.getParent(Broker.class)).thenReturn(_broker);
+ when(_virtualHostNode.getCategoryClass()).thenReturn(VirtualHostNode.class);
when(_virtualHostNode.isDurable()).thenReturn(true);
_configStore = mock(DurableConfigurationStore.class);
_storeConfigurationChangeListener = new StoreConfigurationChangeListener(_configStore);
@@ -333,9 +335,7 @@ public class VirtualHostTest extends Qpi
String virtualHostName = getName();
VirtualHost<?,?,?> virtualHost = createVirtualHost(virtualHostName);
- doThrow(new AccessControlException("mocked ACL exception")).when(_mockSecurityManager).authoriseVirtualHost(
- virtualHostName,
- Operation.UPDATE);
+ doThrow(new AccessControlException("mocked ACL exception")).when(_mockSecurityManager).authoriseUpdate(virtualHost);
assertNull(virtualHost.getDescription());
@@ -359,9 +359,7 @@ public class VirtualHostTest extends Qpi
String virtualHostName = getName();
VirtualHost<?,?,?> virtualHost = createVirtualHost(virtualHostName);
- doThrow(new AccessControlException("mocked ACL exception")).when(_mockSecurityManager).authoriseVirtualHost(
- virtualHostName,
- Operation.UPDATE);
+ doThrow(new AccessControlException("mocked ACL exception")).when(_mockSecurityManager).authoriseUpdate(virtualHost);
try
{
@@ -383,9 +381,7 @@ public class VirtualHostTest extends Qpi
String virtualHostName = getName();
VirtualHost<?,?,?> virtualHost = createVirtualHost(virtualHostName);
- doThrow(new AccessControlException("mocked ACL exception")).when(_mockSecurityManager).authoriseVirtualHost(
- virtualHostName,
- Operation.DELETE);
+ doThrow(new AccessControlException("mocked ACL exception")).when(_mockSecurityManager).authoriseDelete(virtualHost);
try
{
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestKitCarImpl.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestKitCarImpl.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestKitCarImpl.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestKitCarImpl.java Thu Mar 12 14:13:28 2015
@@ -25,6 +25,7 @@ import org.apache.qpid.server.model.Abst
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
+import org.apache.qpid.server.security.SecurityManager;
@ManagedObject( category = false,
type = TestKitCarImpl.TEST_KITCAR_TYPE)
@@ -32,11 +33,13 @@ public class TestKitCarImpl extends Abst
implements TestKitCar<TestKitCarImpl>
{
public static final String TEST_KITCAR_TYPE = "testkitcar";
+ private final SecurityManager _securityManager;
@ManagedObjectFactoryConstructor
public TestKitCarImpl(final Map<String, Object> attributes)
{
super(parentsMap(), attributes, newTaskExecutor(), TestModel.getInstance());
+ _securityManager = new SecurityManager(this, false);
}
@Override
@@ -53,4 +56,10 @@ public class TestKitCarImpl extends Abst
currentThreadTaskExecutor.start();
return currentThreadTaskExecutor;
}
+
+ @Override
+ protected SecurityManager getSecurityManager()
+ {
+ return _securityManager;
+ }
}
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestStandardCarImpl.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestStandardCarImpl.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestStandardCarImpl.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestStandardCarImpl.java Thu Mar 12 14:13:28 2015
@@ -29,6 +29,7 @@ import org.apache.qpid.server.configurat
import org.apache.qpid.server.model.AbstractConfiguredObject;
import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
+import org.apache.qpid.server.security.SecurityManager;
@ManagedObject( category = false,
type = TestStandardCarImpl.TEST_STANDARD_CAR_TYPE,
@@ -37,11 +38,13 @@ public class TestStandardCarImpl extends
implements TestStandardCar<TestStandardCarImpl>
{
public static final String TEST_STANDARD_CAR_TYPE = "testpertrolcar";
+ private final SecurityManager _securityManager;
@ManagedObjectFactoryConstructor
public TestStandardCarImpl(final Map<String, Object> attributes)
{
super(parentsMap(), attributes, newTaskExecutor(), TestModel.getInstance());
+ _securityManager = new SecurityManager(this, false);
}
private static CurrentThreadTaskExecutor newTaskExecutor()
@@ -57,4 +60,10 @@ public class TestStandardCarImpl extends
Collection<String> types = Arrays.asList(TestPetrolEngineImpl.TEST_PETROL_ENGINE_TYPE, TestHybridEngineImpl.TEST_HYBRID_ENGINE_TYPE);
return Collections.singletonMap(TestEngine.class.getSimpleName(), types);
}
+
+ @Override
+ protected SecurityManager getSecurityManager()
+ {
+ return _securityManager;
+ }
}
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/lifecycle/TestConfiguredObject.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/lifecycle/TestConfiguredObject.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/lifecycle/TestConfiguredObject.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/lifecycle/TestConfiguredObject.java Thu Mar 12 14:13:28 2015
@@ -42,10 +42,12 @@ import org.apache.qpid.server.model.Mode
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.plugin.ConfiguredObjectRegistration;
+import org.apache.qpid.server.security.SecurityManager;
@ManagedObject
public class TestConfiguredObject extends AbstractConfiguredObject
{
+ private final SecurityManager _securityManager;
private boolean _opened;
private boolean _validated;
private boolean _resolved;
@@ -79,6 +81,13 @@ public class TestConfiguredObject extend
{
super(parents, attributes, taskExecutor, model);
_opened = false;
+ _securityManager = new SecurityManager(this, false);
+ }
+
+ @Override
+ protected SecurityManager getSecurityManager()
+ {
+ return _securityManager;
}
@Override
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/singleton/TestSingletonImpl.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/singleton/TestSingletonImpl.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/singleton/TestSingletonImpl.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/singleton/TestSingletonImpl.java Thu Mar 12 14:13:28 2015
@@ -27,6 +27,7 @@ import org.apache.qpid.server.model.Abst
import org.apache.qpid.server.model.ManagedAttributeField;
import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
+import org.apache.qpid.server.security.SecurityManager;
@ManagedObject( category = false, type = TestSingletonImpl.TEST_SINGLETON_TYPE)
public class TestSingletonImpl extends AbstractConfiguredObject<TestSingletonImpl>
@@ -35,6 +36,7 @@ public class TestSingletonImpl extends A
public static final String TEST_SINGLETON_TYPE = "testsingleton";
public static final int DERIVED_VALUE = -100;
+ private final SecurityManager _securityManager;
@ManagedAttributeField
private String _automatedPersistedValue;
@@ -71,6 +73,7 @@ public class TestSingletonImpl extends A
public TestSingletonImpl(final Map<String, Object> attributes)
{
super(parentsMap(), attributes, newTaskExecutor(), TestModel.getInstance());
+ _securityManager = new SecurityManager(this, false);
}
private static CurrentThreadTaskExecutor newTaskExecutor()
@@ -84,6 +87,7 @@ public class TestSingletonImpl extends A
final TaskExecutor taskExecutor)
{
super(parentsMap(), attributes, taskExecutor);
+ _securityManager = new SecurityManager(this, false);
}
@@ -152,4 +156,10 @@ public class TestSingletonImpl extends A
{
return _secureValue;
}
+
+ @Override
+ protected SecurityManager getSecurityManager()
+ {
+ return _securityManager;
+ }
}
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java Thu Mar 12 14:13:28 2015
@@ -49,7 +49,7 @@ import org.apache.qpid.util.FileUtils;
public class FileKeyStoreTest extends QpidTestCase
{
- private final Broker<?> _broker = mock(Broker.class);
+ private final Broker _broker = mock(Broker.class);
private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
private final SecurityManager _securityManager = mock(SecurityManager.class);
private final Model _model = BrokerModel.getInstance();
@@ -63,6 +63,7 @@ public class FileKeyStoreTest extends Qp
when(_broker.getTaskExecutor()).thenReturn(_taskExecutor);
when(_broker.getModel()).thenReturn(_model);
when(_broker.getSecurityManager()).thenReturn(_securityManager);
+ when(_broker.getCategoryClass()).thenReturn(Broker.class);
}
public void testCreateKeyStoreFromFile_Success() throws Exception
@@ -237,9 +238,6 @@ public class FileKeyStoreTest extends Qp
public void testUpdateKeyStore_Success() throws Exception
{
-
- when(_securityManager.authoriseConfiguringBroker(any(String.class), (Class<? extends ConfiguredObject>)any(), any(Operation.class))).thenReturn(true);
-
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
@@ -278,9 +276,6 @@ public class FileKeyStoreTest extends Qp
public void testDeleteKeyStore_Success() throws Exception
{
-
- when(_securityManager.authoriseConfiguringBroker(any(String.class), (Class<? extends ConfiguredObject>)any(), any(Operation.class))).thenReturn(true);
-
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
@@ -293,10 +288,6 @@ public class FileKeyStoreTest extends Qp
public void testDeleteKeyStore_KeyManagerInUseByPort() throws Exception
{
- when(_securityManager.authoriseConfiguringBroker(any(String.class),
- any(Class.class),
- any(Operation.class))).thenReturn(true);
-
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java?rev=1666200&r1=1666199&r2=1666200&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java Thu Mar 12 14:13:28 2015
@@ -53,7 +53,7 @@ import org.apache.qpid.util.FileUtils;
public class FileTrustStoreTest extends QpidTestCase
{
- private final Broker<?> _broker = mock(Broker.class);
+ private final Broker _broker = mock(Broker.class);
private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
private final SecurityManager _securityManager = mock(SecurityManager.class);
private final Model _model = BrokerModel.getInstance();
@@ -66,7 +66,7 @@ public class FileTrustStoreTest extends
when(_broker.getTaskExecutor()).thenReturn(_taskExecutor);
when(_broker.getModel()).thenReturn(_model);
when(_broker.getSecurityManager()).thenReturn(_securityManager);
-
+ when(_broker.getCategoryClass()).thenReturn(Broker.class);
}
public void testCreateTrustStoreFromFile_Success() throws Exception
@@ -186,9 +186,6 @@ public class FileTrustStoreTest extends
public void testUpdateTrustStore_Success() throws Exception
{
-
- when(_securityManager.authoriseConfiguringBroker(any(String.class), (Class<? extends ConfiguredObject>)any(), any(Operation.class))).thenReturn(true);
-
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
@@ -228,9 +225,6 @@ public class FileTrustStoreTest extends
public void testDeleteTrustStore_Success() throws Exception
{
-
- when(_securityManager.authoriseConfiguringBroker(any(String.class), (Class<? extends ConfiguredObject>)any(), any(Operation.class))).thenReturn(true);
-
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
@@ -244,10 +238,6 @@ public class FileTrustStoreTest extends
public void testDeleteTrustStore_TrustManagerInUseByAuthProvider() throws Exception
{
- when(_securityManager.authoriseConfiguringBroker(any(String.class),
- any(Class.class),
- any(Operation.class))).thenReturn(true);
-
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
@@ -275,10 +265,6 @@ public class FileTrustStoreTest extends
public void testDeleteTrustStore_TrustManagerInUseByPort() throws Exception
{
- when(_securityManager.authoriseConfiguringBroker(any(String.class),
- any(Class.class),
- any(Operation.class))).thenReturn(true);
-
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org