You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by bh...@apache.org on 2007/04/11 16:16:03 UTC
svn commit: r527499 - in /incubator/qpid/branches/M2/java: broker/etc/
broker/src/main/java/org/apache/qpid/server/management/
broker/src/main/java/org/apache/qpid/server/protocol/
management/eclipse-plugin/bin/ management/eclipse-plugin/src/main/java/...
Author: bhupendrab
Date: Wed Apr 11 07:16:02 2007
New Revision: 527499
URL: http://svn.apache.org/viewvc?view=rev&rev=527499
Log:
QPID-444 : added CRAM-MD5-HASHED mechanism for sasl
Added:
incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/sasl/CRAMMD5HashedSaslClientFactory.java (with props)
incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/sasl/JCAProvider.java (with props)
incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/sasl/UsernameHashedPasswordCallbackHandler.java (with props)
Modified:
incubator/qpid/branches/M2/java/broker/etc/config.xml
incubator/qpid/branches/M2/java/broker/etc/jmxremote.access
incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/management/JMXManagedObjectRegistry.java
incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/protocol/AMQProtocolSessionMBean.java
incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/protocol/ManagedConnection.java
incubator/qpid/branches/M2/java/management/eclipse-plugin/bin/qpidmc.sh
incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/ApplicationRegistry.java
incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/Constants.java
incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/jmx/ClientListener.java
incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/jmx/JMXServerRegistry.java
incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/jmx/MBeanUtility.java
Modified: incubator/qpid/branches/M2/java/broker/etc/config.xml
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/broker/etc/config.xml?view=diff&rev=527499&r1=527498&r2=527499
==============================================================================
--- incubator/qpid/branches/M2/java/broker/etc/config.xml (original)
+++ incubator/qpid/branches/M2/java/broker/etc/config.xml Wed Apr 11 07:16:02 2007
@@ -42,6 +42,7 @@
<management>
<enabled>true</enabled>
<jmxport>8999</jmxport>
+ <security-enabled>true</security-enabled>
</management>
<advanced>
<filterchain enableExecutorPool="true"/>
Modified: incubator/qpid/branches/M2/java/broker/etc/jmxremote.access
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/broker/etc/jmxremote.access?view=diff&rev=527499&r1=527498&r2=527499
==============================================================================
--- incubator/qpid/branches/M2/java/broker/etc/jmxremote.access (original)
+++ incubator/qpid/branches/M2/java/broker/etc/jmxremote.access Wed Apr 11 07:16:02 2007
@@ -1,4 +1,3 @@
-#guest=admin
+admin=admin
guest=readonly
-#user=readwrite
-#admin=admin
+user=readwrite
Modified: incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/management/JMXManagedObjectRegistry.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/management/JMXManagedObjectRegistry.java?view=diff&rev=527499&r1=527498&r2=527499
==============================================================================
--- incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/management/JMXManagedObjectRegistry.java (original)
+++ incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/management/JMXManagedObjectRegistry.java Wed Apr 11 07:16:02 2007
@@ -50,7 +50,10 @@
import org.apache.qpid.server.registry.ApplicationRegistry;
import org.apache.qpid.server.registry.IApplicationRegistry;
import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
+import org.apache.qpid.server.security.auth.database.Base64MD5PasswordFilePrincipalDatabase;
+import org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase;
import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal;
+import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HashedInitialiser;
/**
* This class starts up an MBeanserver. If out of the box agent is being used then there are no security features
@@ -96,20 +99,34 @@
_jmxURL = new JMXServiceURL("jmxmp", null, port);
Map env = new HashMap();
- env.put("jmx.remote.profiles", "SASL/PLAIN");
- // env.put("jmx.remote.profiles", "SASL/CRAM-MD5");
-
Map<String, PrincipalDatabase> map = appRegistry.getDatabaseManager().getDatabases();
- Map.Entry<String, PrincipalDatabase> entry = map.entrySet().iterator().next();
-
- // Callback handler used by the PLAIN SASL server mechanism to perform user authentication
- /*
- PlainInitialiser plainInitialiser = new PlainInitialiser();
- plainInitialiser.initialise(entry.getValue());
- env.put("jmx.remote.sasl.callback.handler", plainInitialiser.getCallbackHandler());
- */
+ PrincipalDatabase db = null;
+
+ for (Map.Entry<String, PrincipalDatabase> entry : map.entrySet())
+ {
+ if (entry.getValue() instanceof Base64MD5PasswordFilePrincipalDatabase)
+ {
+ db = entry.getValue();
+ break;
+ }
+ else if (entry.getValue() instanceof PlainPasswordFilePrincipalDatabase)
+ {
+ db = entry.getValue();
+ }
+ }
- env.put("jmx.remote.sasl.callback.handler", new UserCallbackHandler(entry.getValue()));
+ if (db instanceof Base64MD5PasswordFilePrincipalDatabase)
+ {
+ env.put("jmx.remote.profiles", "SASL/CRAM-MD5");
+ CRAMMD5HashedInitialiser initialiser = new CRAMMD5HashedInitialiser();
+ initialiser.initialise(db);
+ env.put("jmx.remote.sasl.callback.handler", initialiser.getCallbackHandler());
+ }
+ else if (db instanceof PlainPasswordFilePrincipalDatabase)
+ {
+ env.put("jmx.remote.profiles", "SASL/PLAIN");
+ env.put("jmx.remote.sasl.callback.handler", new UserCallbackHandler(db));
+ }
// Enable the SSL security and server authentication
/*
@@ -146,7 +163,6 @@
_log.error("Error in initialising Managed Object Registry." + ex.getMessage());
ex.printStackTrace();
}
-
}
/**
Modified: incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/protocol/AMQProtocolSessionMBean.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/protocol/AMQProtocolSessionMBean.java?view=diff&rev=527499&r1=527498&r2=527499
==============================================================================
--- incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/protocol/AMQProtocolSessionMBean.java (original)
+++ incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/protocol/AMQProtocolSessionMBean.java Wed Apr 11 07:16:02 2007
@@ -129,9 +129,9 @@
return (_session.getContextKey() == null) ? null : _session.getContextKey().toString();
}
- public Principal getAuthorizedId()
+ public String getAuthorizedId()
{
- return _session.getAuthorizedID();
+ return (_session.getAuthorizedID() != null ) ? _session.getAuthorizedID().getName() : null;
}
public String getVersion()
Modified: incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/protocol/ManagedConnection.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/protocol/ManagedConnection.java?view=diff&rev=527499&r1=527498&r2=527499
==============================================================================
--- incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/protocol/ManagedConnection.java (original)
+++ incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/protocol/ManagedConnection.java Wed Apr 11 07:16:02 2007
@@ -46,7 +46,7 @@
String getClientId();
@MBeanAttribute(name = "AuthorizedId", description = "User Name")
- Principal getAuthorizedId();
+ String getAuthorizedId();
@MBeanAttribute(name = "Version", description = "Client Version")
String getVersion();
@@ -68,16 +68,17 @@
/**
* Tells the total number of bytes written till now.
* @return number of bytes written.
- */
+ *
@MBeanAttribute(name="WrittenBytes", description="The total number of bytes written till now")
Long getWrittenBytes();
-
+ */
/**
* Tells the total number of bytes read till now.
* @return number of bytes read.
- */
+ *
@MBeanAttribute(name="ReadBytes", description="The total number of bytes read till now")
Long getReadBytes();
+ */
/**
* Threshold high value for no of channels. This is useful in setting notifications or
Modified: incubator/qpid/branches/M2/java/management/eclipse-plugin/bin/qpidmc.sh
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/management/eclipse-plugin/bin/qpidmc.sh?view=diff&rev=527499&r1=527498&r2=527499
==============================================================================
--- incubator/qpid/branches/M2/java/management/eclipse-plugin/bin/qpidmc.sh (original)
+++ incubator/qpid/branches/M2/java/management/eclipse-plugin/bin/qpidmc.sh Wed Apr 11 07:16:02 2007
@@ -61,4 +61,4 @@
os="linux"
fi
-"$JAVA_HOME/bin/java" -Xms40m -Xmx256m -Declipse.consoleLog=false -Dsecurity=true -jar $QPIDMC_HOME/eclipse/startup.jar org.eclipse.core.launcher.Main -launcher $QPIDMC_HOME/eclipse/eclipse -name "Qpid Management Console" -showsplash 600 -configuration "file:$QPIDMC_HOME/configuration" -os $os -ws $ws -arch $arch
+"$JAVA_HOME/bin/java" -Xms40m -Xmx256m -Declipse.consoleLog=false -Dsecurity=PLAIN -jar $QPIDMC_HOME/eclipse/startup.jar org.eclipse.core.launcher.Main -launcher $QPIDMC_HOME/eclipse/eclipse -name "Qpid Management Console" -showsplash 600 -configuration "file:$QPIDMC_HOME/configuration" -os $os -ws $ws -arch $arch
Modified: incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/ApplicationRegistry.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/ApplicationRegistry.java?view=diff&rev=527499&r1=527498&r2=527499
==============================================================================
--- incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/ApplicationRegistry.java (original)
+++ incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/ApplicationRegistry.java Wed Apr 11 07:16:02 2007
@@ -41,8 +41,9 @@
{
private static ImageRegistry imageRegistry = new ImageRegistry();
private static FontRegistry fontRegistry = new FontRegistry();
- public static final boolean enableSecurity = Boolean.getBoolean("security");
-
+ public static final boolean debug = Boolean.getBoolean("debug");
+ public static final String securityMechanism = System.getProperty("security", null);
+
static
{
imageRegistry.put(Constants.CONSOLE_IMAGE,
@@ -130,5 +131,10 @@
List<ManagedServer> list = new CopyOnWriteArrayList<ManagedServer>(_closedServerList);
_closedServerList.clear();
return list;
+ }
+
+ public static String getSecurityMechanism()
+ {
+ return securityMechanism;
}
}
Modified: incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/Constants.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/Constants.java?view=diff&rev=527499&r1=527498&r2=527499
==============================================================================
--- incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/Constants.java (original)
+++ incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/Constants.java Wed Apr 11 07:16:02 2007
@@ -123,4 +123,9 @@
public final static String INFO_HOST_PORT = "Please enter the port number";
public final static String INFO_USERNAME = "Please enter the " + USERNAME;
public final static String INFO_PASSWORD = "Please enter the " + PASSWORD;
+
+ public final static String MECH_CRAMMD5 = "CRAM-MD5";
+ public final static String MECH_PLAIN = "PLAIN";
+ public final static String SASL_CRAMMD5 = "SASL/CRAM-MD5";
+ public final static String SASL_PLAIN = "SASL/PLAIN";
}
Modified: incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/jmx/ClientListener.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/jmx/ClientListener.java?view=diff&rev=527499&r1=527498&r2=527499
==============================================================================
--- incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/jmx/ClientListener.java (original)
+++ incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/jmx/ClientListener.java Wed Apr 11 07:16:02 2007
@@ -45,10 +45,7 @@
{
ObjectName objName = null;
String type = notification.getType();
- if (MBeanUtility.isDebug())
- {
- System.out.println(type + ":" + objName);
- }
+ MBeanUtility.printOutput(type + ":" + objName);
if (MBeanServerNotification.REGISTRATION_NOTIFICATION.equals(type))
{
Modified: incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/jmx/JMXServerRegistry.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/jmx/JMXServerRegistry.java?view=diff&rev=527499&r1=527498&r2=527499
==============================================================================
--- incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/jmx/JMXServerRegistry.java (original)
+++ incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/jmx/JMXServerRegistry.java Wed Apr 11 07:16:02 2007
@@ -20,6 +20,8 @@
*/
package org.apache.qpid.management.ui.jmx;
+import static org.apache.qpid.management.ui.Constants.*;
+
import java.lang.reflect.Constructor;
import java.security.Security;
import java.util.ArrayList;
@@ -37,9 +39,9 @@
import javax.management.remote.JMXConnector;
import javax.management.remote.JMXConnectorFactory;
import javax.management.remote.JMXServiceURL;
+import javax.security.sasl.SaslClientFactory;
import org.apache.qpid.management.ui.ApplicationRegistry;
-import org.apache.qpid.management.ui.Constants;
import org.apache.qpid.management.ui.ManagedBean;
import org.apache.qpid.management.ui.ManagedServer;
import org.apache.qpid.management.ui.ServerRegistry;
@@ -47,8 +49,10 @@
import org.apache.qpid.management.ui.model.NotificationInfoModel;
import org.apache.qpid.management.ui.model.NotificationObject;
import org.apache.qpid.management.ui.model.OperationDataModel;
+import org.apache.qpid.management.ui.sasl.JCAProvider;
import org.apache.qpid.management.ui.sasl.SaslProvider;
import org.apache.qpid.management.ui.sasl.UserPasswordCallbackHandler;
+import org.apache.qpid.management.ui.sasl.UsernameHashedPasswordCallbackHandler;
public class JMXServerRegistry extends ServerRegistry
@@ -89,37 +93,58 @@
super(server);
JMXServiceURL jmxUrl = new JMXServiceURL(server.getUrl());
Map<String, Object> env = null;
+ String securityMechanism = ApplicationRegistry.getSecurityMechanism();
- if (ApplicationRegistry.enableSecurity)
+ if (securityMechanism != null)
{
try
{
// Check if the JMXMP connector is available
Class klass = Class.forName("javax.management.remote.jmxmp.JMXMPConnector");
- // Now create the instance of JMXMPConnector
- Security.addProvider(new SaslProvider());
jmxUrl = new JMXServiceURL("jmxmp", server.getHost(), server.getPort());
-
env = new HashMap<String, Object>();
- env.put("jmx.remote.profiles", "SASL/PLAIN");
- //env.put("jmx.remote.profiles", "SASL/CRAM-MD5");
- env.put("jmx.remote.sasl.callback.handler",
- new UserPasswordCallbackHandler(server.getUser(), server.getPassword()));
+ if (MECH_CRAMMD5.equals(securityMechanism))
+ {
+ // For SASL/CRAM-MD5
+ Map<String, Class<? extends SaslClientFactory>> map = new HashMap<String, Class<? extends SaslClientFactory>>();
+ Class<?> clazz = Class.forName("org.apache.qpid.management.ui.sasl.CRAMMD5HashedSaslClientFactory");
+ map.put("CRAM-MD5-HASHED", (Class<? extends SaslClientFactory>) clazz);
+
+ Security.addProvider(new JCAProvider(map));
+ env.put("jmx.remote.profiles", SASL_CRAMMD5);
+ env.put("jmx.remote.sasl.callback.handler",
+ new UsernameHashedPasswordCallbackHandler(server.getUser(), server.getPassword()));
+ }
+ else if (MECH_PLAIN.equals(securityMechanism))
+ {
+ // For SASL/PLAIN
+ Security.addProvider(new SaslProvider());
+ env.put("jmx.remote.profiles", SASL_PLAIN);
+ env.put("jmx.remote.sasl.callback.handler",
+ new UserPasswordCallbackHandler(server.getUser(), server.getPassword()));
+ }
+ else
+ {
+ MBeanUtility.printOutput("Security mechanism " + securityMechanism + " is not supported.");
+ }
+
+ // Now create the instance of JMXMPConnector
Class[] paramTypes = {JMXServiceURL.class, Map.class};
Constructor cons = klass.getConstructor(paramTypes);
Object[] args = {jmxUrl, env};
Object theObject = cons.newInstance(args);
+
_jmxc = (JMXConnector)theObject;
_jmxc.connect();
- System.out.println("Starting JMXConnector with SASL. Server=" + server.getName());
+ MBeanUtility.printOutput("Starting JMXConnector with SASL. Server=" + server.getName());
}
catch (Exception ex)
{
// When JMXMPConnector is not available
- System.out.println("Starting JMXConnector. Server=" + server.getName());
+ MBeanUtility.printOutput("Starting JMXConnector. Server=" + server.getName());
jmxUrl = new JMXServiceURL(server.getUrl());
_jmxc = JMXConnectorFactory.connect(jmxUrl, null);
}
@@ -197,10 +222,7 @@
public void removeManagedObject(ManagedBean mbean)
{
- if (MBeanUtility.isDebug())
- {
- System.out.println("Removing MBean:" + mbean.getUniqueName());
- }
+ MBeanUtility.printOutput("Removing MBean:" + mbean.getUniqueName());
if (mbean.isQueue())
{
@@ -296,7 +318,7 @@
map.put(name, list);
}
// Now add the notification type to the list
- if (Constants.ALL.equals(type))
+ if (ALL.equals(type))
{
List<NotificationInfoModel> infoList = _notificationInfoMap.get(mbean.getUniqueName());
for (NotificationInfoModel model : infoList)
@@ -355,7 +377,7 @@
HashMap<String, List<String>> map = _subscribedNotificationMap.get(mbean.getUniqueName());
if (map.containsKey(name))
{
- if (Constants.ALL.equals(type))
+ if (ALL.equals(type))
{
map.remove(name);
}
Modified: incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/jmx/MBeanUtility.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/jmx/MBeanUtility.java?view=diff&rev=527499&r1=527498&r2=527499
==============================================================================
--- incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/jmx/MBeanUtility.java (original)
+++ incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/jmx/MBeanUtility.java Wed Apr 11 07:16:02 2007
@@ -60,13 +60,6 @@
*/
public class MBeanUtility
{
- private static boolean _debug;
- static
- {
- String debug = System.getProperty("debug");
- _debug = "true".equalsIgnoreCase(debug) ? true : false;
- }
-
public static final BigInteger MAX_LONG = BigInteger.valueOf(Long.MAX_VALUE);
public static final BigInteger MAX_INT = BigInteger.valueOf(Integer.MAX_VALUE);
/**
@@ -461,18 +454,17 @@
return Arrays.asList(domains);
}
- /**
- * return true if System property is set to true -Ddebug=true
- * @return
- */
- public static boolean isDebug()
+ public static void printOutput(String statement)
{
- return _debug;
+ if (ApplicationRegistry.debug)
+ {
+ System.out.println(statement);
+ }
}
private static void printStackTrace(Throwable ex)
{
- if (isDebug())
+ if (ApplicationRegistry.debug)
{
ex.printStackTrace();
}
Added: incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/sasl/CRAMMD5HashedSaslClientFactory.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/sasl/CRAMMD5HashedSaslClientFactory.java?view=auto&rev=527499
==============================================================================
--- incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/sasl/CRAMMD5HashedSaslClientFactory.java (added)
+++ incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/sasl/CRAMMD5HashedSaslClientFactory.java Wed Apr 11 07:16:02 2007
@@ -0,0 +1,60 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.management.ui.sasl;
+
+import java.util.Map;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.sasl.Sasl;
+import javax.security.sasl.SaslClient;
+import javax.security.sasl.SaslClientFactory;
+import javax.security.sasl.SaslException;
+
+public class CRAMMD5HashedSaslClientFactory implements SaslClientFactory
+{
+ /** The name of this mechanism */
+ public static final String MECHANISM = "CRAM-MD5-HASHED";
+
+ public SaslClient createSaslClient(String[] mechanisms, String authorizationId, String protocol,
+ String serverName, Map<String, ?> props, CallbackHandler cbh)
+ throws SaslException
+ {
+ for (int i = 0; i < mechanisms.length; i++)
+ {
+ if (mechanisms[i].equals(MECHANISM))
+ {
+ if (cbh == null)
+ {
+ throw new SaslException("CallbackHandler must not be null");
+ }
+
+ String[] mechs = {"CRAM-MD5"};
+ return Sasl.createSaslClient(mechs, authorizationId, protocol, serverName, props, cbh);
+ }
+ }
+ return null;
+ }
+
+ public String[] getMechanismNames(Map props)
+ {
+ return new String[]{MECHANISM};
+ }
+}
Propchange: incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/sasl/CRAMMD5HashedSaslClientFactory.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/sasl/JCAProvider.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/sasl/JCAProvider.java?view=auto&rev=527499
==============================================================================
--- incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/sasl/JCAProvider.java (added)
+++ incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/sasl/JCAProvider.java Wed Apr 11 07:16:02 2007
@@ -0,0 +1,56 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.management.ui.sasl;
+
+import java.security.Provider;
+import java.util.Map;
+
+import javax.security.sasl.SaslClientFactory;
+
+public class JCAProvider extends Provider
+{
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * Creates the security provider with a map from SASL mechanisms to implementing factories.
+ *
+ * @param providerMap The map from SASL mechanims to implementing factory classes.
+ */
+ public JCAProvider(Map<String, Class<? extends SaslClientFactory>> providerMap)
+ {
+ super("AMQSASLProvider", 1.0, "A JCA provider that registers all "
+ + "AMQ SASL providers that want to be registered");
+ register(providerMap);
+ }
+
+ /**
+ * Registers client factory classes for a map of mechanism names to client factory classes.
+ *
+ * @param providerMap The map from SASL mechanims to implementing factory classes.
+ */
+ private void register(Map<String, Class<? extends SaslClientFactory>> providerMap)
+ {
+ for (Map.Entry<String, Class<? extends SaslClientFactory>> me : providerMap.entrySet())
+ {
+ put("SaslClientFactory." + me.getKey(), me.getValue().getName());
+ }
+ }
+}
Propchange: incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/sasl/JCAProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/sasl/UsernameHashedPasswordCallbackHandler.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/sasl/UsernameHashedPasswordCallbackHandler.java?view=auto&rev=527499
==============================================================================
--- incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/sasl/UsernameHashedPasswordCallbackHandler.java (added)
+++ incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/sasl/UsernameHashedPasswordCallbackHandler.java Wed Apr 11 07:16:02 2007
@@ -0,0 +1,108 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.management.ui.sasl;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+public class UsernameHashedPasswordCallbackHandler implements CallbackHandler
+{
+ private String user;
+ private char[] pwchars;
+
+ public UsernameHashedPasswordCallbackHandler(String user, String password) throws Exception
+ {
+ this.user = user;
+ this.pwchars = getHash(password);
+ }
+
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
+ {
+ for (int i = 0; i < callbacks.length; i++)
+ {
+ if (callbacks[i] instanceof NameCallback)
+ {
+ NameCallback ncb = (NameCallback) callbacks[i];
+ ncb.setName(user);
+ }
+ else if (callbacks[i] instanceof PasswordCallback)
+ {
+ PasswordCallback pcb = (PasswordCallback) callbacks[i];
+ pcb.setPassword(pwchars);
+ }
+ else
+ {
+ throw new UnsupportedCallbackException(callbacks[i]);
+ }
+ }
+ }
+
+ private char[] getHash(String text) throws NoSuchAlgorithmException, UnsupportedEncodingException
+ {
+
+ byte[] data = text.getBytes("utf-8");
+
+ MessageDigest md = MessageDigest.getInstance("MD5");
+
+ for (byte b : data)
+ {
+ md.update(b);
+ }
+
+ byte[] digest = md.digest();
+
+ char[] hash = new char[digest.length + 1];
+
+ int index = 0;
+ for (byte b : digest)
+ {
+ index++;
+ hash[index] = (char) b;
+ }
+
+ return hash;
+ }
+
+ private void clearPassword()
+ {
+ if (pwchars != null)
+ {
+ for (int i = 0 ; i < pwchars.length ; i++)
+ {
+ pwchars[i] = 0;
+ }
+ pwchars = null;
+ }
+ }
+
+ protected void finalize()
+ {
+ clearPassword();
+ }
+}
Propchange: incubator/qpid/branches/M2/java/management/eclipse-plugin/src/main/java/org/apache/qpid/management/ui/sasl/UsernameHashedPasswordCallbackHandler.java
------------------------------------------------------------------------------
svn:eol-style = native