You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicemix.apache.org by cc...@apache.org on 2010/01/12 21:35:11 UTC
svn commit: r898499 - in
/servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi:
nmr/flow/AbstractFlow.java security/GroupPrincipal.java
security/SecuredBroker.java security/UserPrincipal.java
Author: ccustine
Date: Tue Jan 12 20:35:11 2010
New Revision: 898499
URL: http://svn.apache.org/viewvc?rev=898499&view=rev
Log:
SM-1925 Add security check on remote broker when using JMSFlow/JCAFlow
Modified:
servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/nmr/flow/AbstractFlow.java
servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/GroupPrincipal.java
servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java
servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/UserPrincipal.java
Modified: servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/nmr/flow/AbstractFlow.java
URL: http://svn.apache.org/viewvc/servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/nmr/flow/AbstractFlow.java?rev=898499&r1=898498&r2=898499&view=diff
==============================================================================
--- servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/nmr/flow/AbstractFlow.java (original)
+++ servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/nmr/flow/AbstractFlow.java Tue Jan 12 20:35:11 2010
@@ -40,6 +40,7 @@
import org.apache.servicemix.jbi.messaging.ExchangePacket;
import org.apache.servicemix.jbi.messaging.MessageExchangeImpl;
import org.apache.servicemix.jbi.nmr.Broker;
+import org.apache.servicemix.jbi.security.SecuredBroker;
import org.apache.servicemix.jbi.servicedesc.InternalEndpoint;
/**
@@ -169,6 +170,18 @@
if (lcc.getDeliveryChannel() != null) {
try {
lock.readLock().lock();
+ if (!me.getSourceId().getContainerName().equalsIgnoreCase(broker.getContainer().getName())
+ && broker instanceof SecuredBroker) {
+ try {
+ ((SecuredBroker)broker).checkSecurity(me);
+ } catch (Exception e) {
+ me.handleAccept();
+ me.setError(e);
+ me.handleSend(false);
+ broker.getContainer().sendExchange(me.getMirror());
+ throw new MessagingException(e);
+ }
+ }
lcc.getDeliveryChannel().processInBound(me);
} finally {
lock.readLock().unlock();
Modified: servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/GroupPrincipal.java
URL: http://svn.apache.org/viewvc/servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/GroupPrincipal.java?rev=898499&r1=898498&r2=898499&view=diff
==============================================================================
--- servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/GroupPrincipal.java (original)
+++ servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/GroupPrincipal.java Tue Jan 12 20:35:11 2010
@@ -16,6 +16,7 @@
*/
package org.apache.servicemix.jbi.security;
+import java.io.Serializable;
import java.security.Principal;
@@ -24,7 +25,7 @@
* usually checked.
*
*/
-public class GroupPrincipal implements Principal {
+public class GroupPrincipal implements Principal, Serializable {
public static final GroupPrincipal ANY = new GroupPrincipal("*");
Modified: servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java
URL: http://svn.apache.org/viewvc/servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java?rev=898499&r1=898498&r2=898499&view=diff
==============================================================================
--- servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java (original)
+++ servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java Tue Jan 12 20:35:11 2010
@@ -65,27 +65,32 @@
public void sendExchangePacket(MessageExchange me) throws JBIException {
LOG.debug("send exchange with secure broker");
MessageExchangeImpl exchange = (MessageExchangeImpl) me;
- if (exchange.getRole() == Role.PROVIDER && exchange.getDestinationId() == null) {
+ if (exchange.getRole() == Role.PROVIDER) {
+ checkSecurity(exchange);
+ }
+ super.sendExchangePacket(me);
+ }
+
+ public void checkSecurity(MessageExchangeImpl exchange) throws SecurityException, JBIException {
+ if (exchange.getDestinationId() == null) {
resolveAddress(exchange);
- ServiceEndpoint se = exchange.getEndpoint();
- if (se != null) {
- LOG.debug("service name :" + se.getServiceName());
- LOG.debug("operation name :" + me.getOperation());
- Set<Principal> acls = authorizationMap.getAcls(se, me.getOperation());
- if (!acls.contains(GroupPrincipal.ANY)) {
- Subject subject = exchange.getMessage("in").getSecuritySubject();
- if (subject == null) {
- throw new SecurityException("User not authenticated");
- }
- LOG.debug("authorization for " + subject);
- acls.retainAll(subject.getPrincipals());
- if (acls.size() == 0) {
- throw new SecurityException("Endpoint is not authorized for this user");
- }
+ }
+ ServiceEndpoint se = exchange.getEndpoint();
+ if (se != null) {
+ LOG.debug("service name :" + se.getServiceName());
+ LOG.debug("operation name :" + exchange.getOperation());
+ Set<Principal> acls = authorizationMap.getAcls(se, exchange.getOperation());
+ if (!acls.contains(GroupPrincipal.ANY)) {
+ Subject subject = exchange.getMessage("in").getSecuritySubject();
+ if (subject == null) {
+ throw new SecurityException("User not authenticated");
+ }
+ LOG.debug("authorization for " + subject);
+ acls.retainAll(subject.getPrincipals());
+ if (acls.size() == 0) {
+ throw new SecurityException("Endpoint is not authorized for this user");
}
}
}
- super.sendExchangePacket(me);
}
-
}
Modified: servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/UserPrincipal.java
URL: http://svn.apache.org/viewvc/servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/UserPrincipal.java?rev=898499&r1=898498&r2=898499&view=diff
==============================================================================
--- servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/UserPrincipal.java (original)
+++ servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/UserPrincipal.java Tue Jan 12 20:35:11 2010
@@ -16,13 +16,14 @@
*/
package org.apache.servicemix.jbi.security;
+import java.io.Serializable;
import java.security.Principal;
/**
*
*/
-public class UserPrincipal implements Principal {
+public class UserPrincipal implements Principal, Serializable {
private final String name;
private transient int hash;