You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2013/04/02 18:59:19 UTC
svn commit: r1463626 - in /qpid/trunk/qpid/java:
broker-plugins/management-http/src/main/java/resources/
broker-plugins/management-http/src/main/java/resources/js/qpid/common/
broker-plugins/management-http/src/main/java/resources/js/qpid/management/
b...
Author: orudyy
Date: Tue Apr 2 16:59:18 2013
New Revision: 1463626
URL: http://svn.apache.org/r1463626
Log:
QPID-4691: Fix validation and UI for setting of keystore/truststore/peerstore dependant attributes on broker and ports
Modified:
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/addPort.html
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/common/util.js
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AbstractAdapter.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/PortRestTest.java
Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/addPort.html
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/addPort.html?rev=1463626&r1=1463625&r2=1463626&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/addPort.html (original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/addPort.html Tue Apr 2 16:59:18 2013
@@ -21,6 +21,7 @@
<div class="dijitHidden">
<div data-dojo-type="dijit.Dialog" style="width:600px;" data-dojo-props="title:'Port'" id="addPort">
<form id="formAddPort" method="post" dojoType="dijit.form.Form">
+ <div class="dijitDialogPaneContentArea">
<div id="formAddPort:fields">
<input type="text" required="true" name="name" id="formAddPort.name" placeholder="Name"
data-dojo-props="label: 'Name*:'" dojoType="dijit.form.ValidationTextBox"
@@ -53,7 +54,7 @@
<div id="formAddPort:fieldsAMQP">
<input id="formAddPort.bindingAddress" type="text" name="bindingAddress" placeholder="*"
dojoType="dijit.form.TextBox" data-dojo-props="label: 'Binding address:'"/>
- <input id="formAddPort.protocolsDefault" type="checkbox" name="protocolsDefault" checked="checked"
+ <input id="formAddPort.protocolsDefault" type="checkbox" checked="checked"
dojoType="dijit.form.CheckBox" data-dojo-props="label: 'Support broker default AMQP versions:'"/>
<select id="formAddPort.protocolsAMQP" name="protocols" data-dojo-type="dijit.form.MultiSelect" multiple="true"
data-dojo-props="name: 'protocols', value: '', placeHolder: 'Select AMQP versions', label: 'AMQP versions:'"
@@ -80,8 +81,11 @@
</select>
</div>
<input type="hidden" id="formAddPort.id" name="id"/>
+ </div>
+ <div class="dijitDialogPaneActionBar">
<!-- submit buttons -->
<input type="submit" value="Save Port" label="Save Port" dojoType="dijit.form.Button" />
+ </div>
</form>
</div>
</div>
Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/common/util.js
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/common/util.js?rev=1463626&r1=1463625&r2=1463626&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/common/util.js (original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/common/util.js Tue Apr 2 16:59:18 2013
@@ -171,7 +171,7 @@ define(["dojo/_base/xhr",
widgets[name] = widget;
widget.initialValue = widget.value;
layout.addChild(widget);
- if (attributeWidgetFactory.hasOwnProperty("requiredFor"))
+ if (attributeWidgetFactory.hasOwnProperty("requiredFor") && !data[name])
{
requiredFor[attributeWidgetFactory.requiredFor] = widget;
}
Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js?rev=1463626&r1=1463625&r2=1463626&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js (original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js Tue Apr 2 16:59:18 2013
@@ -141,7 +141,9 @@ define(["dojo/_base/xhr",
required: false,
label: "Keystore password:",
invalidMessage: "Missed keystore password",
- name: "keyStorePassword"});
+ name: "keyStorePassword",
+ placeholder: brokerData["keyStorePassword"] ? brokerData["keyStorePassword"] : ""
+ });
}
}, {
name: "trustStorePath",
@@ -161,7 +163,9 @@ define(["dojo/_base/xhr",
required: false,
label: "Truststore password:",
invalidMessage: "Missed trustore password",
- name: "trustStorePassword"});
+ name: "trustStorePassword",
+ placeholder: brokerData["trustStorePassword"] ? brokerData["trustStorePassword"] : ""
+ });
}
}, {
name: "peerStorePath",
@@ -180,7 +184,9 @@ define(["dojo/_base/xhr",
required: false,
label: "Peerstore password:",
invalidMessage: "Missed peerstore password",
- name: "peerStorePassword"});
+ name: "peerStorePassword",
+ placeholder: brokerData["peerStorePassword"] ? brokerData["peerStorePassword"] : ""
+ });
}
}, {
name: "queue.alertThresholdQueueDepthMessages",
Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js?rev=1463626&r1=1463625&r2=1463626&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js (original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addPort.js Tue Apr 2 16:59:18 2013
@@ -71,7 +71,7 @@ define(["dojo/_base/xhr",
{
if(formValues.hasOwnProperty(propName))
{
- if (propName === "type" || propName === "protocolsDefault")
+ if (propName == "needClientAuth" || propName == "wantClientAuth")
{
continue;
}
@@ -107,18 +107,37 @@ define(["dojo/_base/xhr",
}
}
- var needClientAuth = dijit.byId("formAddPort.needClientAuth");
- var wantClientAuth = dijit.byId("formAddPort.wantClientAuth");
- if(!needClientAuth.disabled)
+ var type = dijit.byId("formAddPort.type").value;
+ if (type == "AMQP")
{
- newPort.needClientAuth = needClientAuth.checked;
+ var needClientAuth = dijit.byId("formAddPort.needClientAuth");
+ var wantClientAuth = dijit.byId("formAddPort.wantClientAuth");
+ newPort.needClientAuth = needClientAuth.disabled ? false : needClientAuth.checked;
+ newPort.wantClientAuth = wantClientAuth.disabled ? false : wantClientAuth.checked
}
- if(!wantClientAuth.disabled)
+ return newPort;
+ };
+
+ var toggleCertificateWidgets = function toggleCertificateWidgets(protocolType, transportType)
+ {
+ var clientAuthPanel = registry.byId("formAddPort:fieldsClientAuth");
+ var display = clientAuthPanel.domNode.style.display;
+ if (transportType == "SSL" && protocolType == "AMQP")
{
- newPort.wantClientAuth = wantClientAuth.checked;
+ clientAuthPanel.domNode.style.display = "block";
+ registry.byId("formAddPort.needClientAuth").set("disabled", false);
+ registry.byId("formAddPort.wantClientAuth").set("disabled", false);
+ }
+ else
+ {
+ clientAuthPanel.domNode.style.display = "none";
+ registry.byId("formAddPort.needClientAuth").set("disabled", true);
+ registry.byId("formAddPort.wantClientAuth").set("disabled", true);
+ }
+ if (clientAuthPanel.domNode.style.display != display)
+ {
+ clientAuthPanel.resize();
}
-
- return newPort;
};
@@ -134,6 +153,11 @@ define(["dojo/_base/xhr",
dijit.byId("formAddPort.protocolsAMQP").set("disabled", isChecked);
});
+ registry.byId("formAddPort.transports").on("change", function(newValue){
+ var protocolType = registry.byId("formAddPort.type").value;
+ toggleCertificateWidgets(protocolType, newValue);
+ });
+
registry.byId("formAddPort.type").on("change", function(newValue) {
var typeWidget = registry.byId("formAddPort.type");
var store = typeWidget.store;
@@ -142,20 +166,8 @@ define(["dojo/_base/xhr",
registry.byId("formAddPort:fields" + option.value).domNode.style.display = "none";
});
- if ("AMQP" == newValue)
- {
- registry.byId("formAddPort:fieldsClientAuth").domNode.style.display = "block";
- registry.byId("formAddPort.needClientAuth").set("disabled", false);
- registry.byId("formAddPort.wantClientAuth").set("disabled", false);
- }
- else
- {
- registry.byId("formAddPort:fieldsClientAuth").domNode.style.display = "none";
- registry.byId("formAddPort.needClientAuth").set("checked", false);
- registry.byId("formAddPort.wantClientAuth").set("checked", false);
- registry.byId("formAddPort.needClientAuth").set("disabled", true);
- registry.byId("formAddPort.wantClientAuth").set("disabled", true);
- }
+ registry.byId("formAddPort.needClientAuth").set("enabled", ("AMQP" == newValue));
+ registry.byId("formAddPort.wantClientAuth").set("enabled", ("AMQP" == newValue));
registry.byId("formAddPort:fields" + newValue).domNode.style.display = "block";
var defaultsAMQPProtocols = registry.byId("formAddPort.protocolsDefault");
@@ -163,20 +175,10 @@ define(["dojo/_base/xhr",
var protocolsWidget = registry.byId("formAddPort.protocols" + newValue);
if (protocolsWidget)
{
- if ("AMQP" == newValue && defaultsAMQPProtocols.checked)
- {
- protocolsWidget.set("disabled", true);
- }
- else
- {
- protocolsWidget.set("disabled", false);
- }
- }
- var transportsWidget = registry.byId("formAddPort.transports");
- if (transportsWidget)
- {
- transportsWidget.startup();
+ protocolsWidget.set("disabled", ("AMQP" == newValue && defaultsAMQPProtocols.checked));
}
+ var transport = registry.byId("formAddPort.transports").value;
+ toggleCertificateWidgets(newValue, transport);
});
theForm = registry.byId("formAddPort");
@@ -289,7 +291,8 @@ define(["dojo/_base/xhr",
nameField.set("disabled", true);
dom.byId("formAddPort.id").value=port.id;
providerWidget.set("value", port.authenticationProvider ? port.authenticationProvider : "");
- registry.byId("formAddPort.transports").set("value", port.transports ? port.transports[0] : "");
+ var transportWidget = registry.byId("formAddPort.transports");
+ transportWidget.set("value", port.transports ? port.transports[0] : "");
registry.byId("formAddPort.port").set("value", port.port);
var protocols = port.protocols;
var typeWidget = registry.byId("formAddPort.type");
@@ -299,12 +302,6 @@ define(["dojo/_base/xhr",
registry.byId("formAddPort:fields" + option.value).domNode.style.display = "none";
});
- registry.byId("formAddPort.needClientAuth").set("checked", false);
- registry.byId("formAddPort.wantClientAuth").set("checked", false);
- registry.byId("formAddPort.needClientAuth").set("disabled", true);
- registry.byId("formAddPort.wantClientAuth").set("disabled", true);
- registry.byId("formAddPort:fieldsClientAuth").domNode.style.display = "none";
-
// identify the type of port using first protocol specified in protocol field if provided
if ( !protocols || protocols.length == 0 || protocols[0].indexOf("AMQP") == 0)
{
@@ -326,11 +323,8 @@ define(["dojo/_base/xhr",
amqpProtocolsWidget.set("disabled", true)
}
- registry.byId("formAddPort.needClientAuth").set("disabled", false);
- registry.byId("formAddPort.wantClientAuth").set("disabled", false);
registry.byId("formAddPort.needClientAuth").set("checked", port.needClientAuth);
registry.byId("formAddPort.wantClientAuth").set("checked", port.wantClientAuth);
- registry.byId("formAddPort:fieldsClientAuth").domNode.style.display = "block";
}
else if (protocols[0].indexOf("RMI") != -1)
{
@@ -348,6 +342,8 @@ define(["dojo/_base/xhr",
}
registry.byId("formAddPort:fields" + typeWidget.value).domNode.style.display = "block";
typeWidget.set("disabled", true);
+
+ toggleCertificateWidgets(typeWidget.value, transportWidget.value);
registry.byId("addPort").show();
});
}
Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AbstractAdapter.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AbstractAdapter.java?rev=1463626&r1=1463625&r2=1463626&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AbstractAdapter.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AbstractAdapter.java Tue Apr 2 16:59:18 2013
@@ -381,4 +381,9 @@ abstract class AbstractAdapter implement
{
// allowed by default
}
+
+ protected Map<String, Object> getDefaultAttributes()
+ {
+ return _defaultAttributes;
+ }
}
Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java?rev=1463626&r1=1463625&r2=1463626&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java Tue Apr 2 16:59:18 2013
@@ -1182,9 +1182,14 @@ public class BrokerAdapter extends Abstr
String passwordAttribute, String aliasAttribute)
{
String keyStoreFile = (String) convertedAttributes.get(pathAttribute);
- if (keyStoreFile != null)
+ String password = (String) convertedAttributes.get(passwordAttribute);
+ String alias = aliasAttribute!= null? (String) convertedAttributes.get(aliasAttribute) : null;
+ if (keyStoreFile != null || password != null || alias != null)
{
- String password = (String) convertedAttributes.get(passwordAttribute);
+ if (keyStoreFile == null)
+ {
+ keyStoreFile = (String) getActualAttributes().get(pathAttribute);
+ }
if (password == null)
{
password = (String) getActualAttributes().get(passwordAttribute);
@@ -1200,7 +1205,10 @@ public class BrokerAdapter extends Abstr
}
if (aliasAttribute != null)
{
- String alias = (String) convertedAttributes.get(aliasAttribute);
+ if (alias == null)
+ {
+ alias = (String) getActualAttributes().get(aliasAttribute);
+ }
if (alias != null)
{
Certificate cert = null;
Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java?rev=1463626&r1=1463625&r2=1463626&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/PortAdapter.java Tue Apr 2 16:59:18 2013
@@ -48,6 +48,7 @@ import org.apache.qpid.server.model.Virt
import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.util.MapValueConverter;
import org.apache.qpid.server.util.ParameterizedTypeImpl;
+import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.configuration.updater.TaskExecutor;
public class PortAdapter extends AbstractAdapter implements Port
@@ -362,7 +363,67 @@ public class PortAdapter extends Abstrac
{
throw new IllegalStateException("Cannot change attributes for an active port outside of Management Mode");
}
- super.changeAttributes(MapValueConverter.convert(attributes, ATTRIBUTE_TYPES));
+ Map<String, Object> converted = MapValueConverter.convert(attributes, ATTRIBUTE_TYPES);
+
+ Map<String, Object> merged = new HashMap<String, Object>(getDefaultAttributes());
+ merged.putAll(getActualAttributes());
+ merged.putAll(converted);
+
+ @SuppressWarnings("unchecked")
+ Collection<Transport> transports = (Collection<Transport>)merged.get(TRANSPORTS);
+ @SuppressWarnings("unchecked")
+ Collection<Protocol> protocols = (Collection<Protocol>)merged.get(PROTOCOLS);
+ Boolean needClientCertificate = (Boolean)merged.get(NEED_CLIENT_AUTH);
+ Boolean wantClientCertificate = (Boolean)merged.get(WANT_CLIENT_AUTH);
+ boolean requiresCertificate = (needClientCertificate != null && needClientCertificate.booleanValue())
+ || (wantClientCertificate != null && wantClientCertificate.booleanValue());
+
+ if (transports != null && transports.contains(Transport.SSL))
+ {
+ if (_broker.getKeyStores().isEmpty())
+ {
+ throw new IllegalConfigurationException("Can't create port which requires SSL as the broker has no keystore configured.");
+ }
+
+ if (_broker.getTrustStores().isEmpty() && requiresCertificate)
+ {
+ throw new IllegalConfigurationException("Can't create port which requests SSL client certificates as the broker has no trust/peer stores configured.");
+ }
+ }
+ else
+ {
+ if (requiresCertificate)
+ {
+ throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but doesn't use SSL transport.");
+ }
+ }
+
+ if (protocols != null && protocols.contains(Protocol.HTTPS) && _broker.getKeyStores().isEmpty())
+ {
+ throw new IllegalConfigurationException("Can't create port which requires SSL as the broker has no keystore configured.");
+ }
+
+ String authenticationProviderName = (String)merged.get(AUTHENTICATION_PROVIDER);
+ if (authenticationProviderName != null)
+ {
+ Collection<AuthenticationProvider> providers = _broker.getAuthenticationProviders();
+ AuthenticationProvider provider = null;
+ for (AuthenticationProvider p : providers)
+ {
+ if (p.getName().equals(authenticationProviderName))
+ {
+ provider = p;
+ break;
+ }
+ }
+
+ if (provider == null)
+ {
+ throw new IllegalConfigurationException("Cannot find authentication provider with name '"
+ + authenticationProviderName + "'");
+ }
+ }
+ super.changeAttributes(converted);
}
@Override
Modified: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/PortRestTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/PortRestTest.java?rev=1463626&r1=1463625&r2=1463626&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/PortRestTest.java (original)
+++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/PortRestTest.java Tue Apr 2 16:59:18 2013
@@ -21,16 +21,20 @@
package org.apache.qpid.systest.rest;
import java.net.URLDecoder;
+import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.List;
import java.util.Map;
import org.apache.qpid.server.model.AuthenticationProvider;
+import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.Protocol;
import org.apache.qpid.server.model.State;
+import org.apache.qpid.server.model.Transport;
import org.apache.qpid.server.plugin.AuthenticationManagerFactory;
import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManagerFactory;
import org.apache.qpid.test.utils.TestBrokerConfiguration;
@@ -159,8 +163,7 @@ public class PortRestTest extends QpidRe
responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "PUT", attributes);
assertEquals("Port cannot be updated in non management mode", 409, responseCode);
- stopBroker();
- startBroker(DEFAULT_PORT, true);
+ restartBrokerInManagementMode();
responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "PUT", attributes);
assertEquals("Port should be allwed to update in a management mode", 200, responseCode);
@@ -193,4 +196,133 @@ public class PortRestTest extends QpidRe
port = getRestTestHelper().getJsonAsSingletonList("/rest/port/" + TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT);
assertEquals("Port has been changed", portValue, port.get(Port.PORT));
}
+
+ public void testUpdatePortTransportFromTCPToSSLWhenKeystoreIsConfigured() throws Exception
+ {
+ restartBrokerInManagementMode();
+
+ String portName = TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT;
+ Map<String, Object> attributes = new HashMap<String, Object>();
+ attributes.put(Port.NAME, portName);
+ attributes.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL));
+
+ int responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "PUT", attributes);
+ assertEquals("Transport has not been changed to SSL " , 200, responseCode);
+
+ restartBroker();
+
+ Map<String, Object> port = getRestTestHelper().getJsonAsSingletonList("/rest/port/" + portName);
+
+ @SuppressWarnings("unchecked")
+ Collection<String> transports = (Collection<String>) port.get(Port.TRANSPORTS);
+ assertEquals("Unexpected auth provider", new HashSet<String>(Arrays.asList(Transport.SSL.name())),
+ new HashSet<String>(transports));
+ }
+
+ public void testUpdateTransportFromTCPToSSLWithoutKeystoreConfiguredFails() throws Exception
+ {
+ getBrokerConfiguration().setBrokerAttribute(Broker.KEY_STORE_PATH, null);
+ getBrokerConfiguration().setSaved(false);
+ restartBrokerInManagementMode();
+
+ String portName = TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT;
+ Map<String, Object> attributes = new HashMap<String, Object>();
+ attributes.put(Port.NAME, portName);
+ attributes.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL));
+
+ int responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "PUT", attributes);
+ assertEquals("Creation of SSL port without keystore should fail", 409, responseCode);
+ }
+
+ public void testUpdateWantNeedClientAuth() throws Exception
+ {
+ String portName = TestBrokerConfiguration.ENTRY_NAME_SSL_PORT;
+ Map<String, Object> attributes = new HashMap<String, Object>();
+ attributes.put(Port.NAME, portName);
+ attributes.put(Port.PORT, DEFAULT_SSL_PORT);
+ attributes.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL));
+
+ int responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "PUT", attributes);
+ assertEquals("SSL port was not added", 201, responseCode);
+
+ restartBrokerInManagementMode();
+
+ attributes.put(Port.NEED_CLIENT_AUTH, true);
+ attributes.put(Port.WANT_CLIENT_AUTH, true);
+
+ responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "PUT", attributes);
+ assertEquals("Attributes for need/want client auth are not set", 200, responseCode);
+
+ restartBroker();
+ Map<String, Object> port = getRestTestHelper().getJsonAsSingletonList("/rest/port/" + portName);
+ assertEquals("Unexpected " + Port.NEED_CLIENT_AUTH, true, port.get(Port.NEED_CLIENT_AUTH));
+ assertEquals("Unexpected " + Port.WANT_CLIENT_AUTH, true, port.get(Port.WANT_CLIENT_AUTH));
+
+ restartBrokerInManagementMode();
+
+ attributes = new HashMap<String, Object>();
+ attributes.put(Port.NAME, portName);
+ attributes.put(Port.TRANSPORTS, Collections.singleton(Transport.TCP));
+
+ responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "PUT", attributes);
+ assertEquals("Should not be able to change transport to SSL without reseting of attributes for need/want client auth", 409, responseCode);
+
+ attributes = new HashMap<String, Object>();
+ attributes.put(Port.NAME, portName);
+ attributes.put(Port.TRANSPORTS, Collections.singleton(Transport.TCP));
+ attributes.put(Port.NEED_CLIENT_AUTH, false);
+ attributes.put(Port.WANT_CLIENT_AUTH, false);
+
+ responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "PUT", attributes);
+ assertEquals("Should be able to change transport to TCP ", 200, responseCode);
+
+ restartBroker();
+ port = getRestTestHelper().getJsonAsSingletonList("/rest/port/" + portName);
+ assertEquals("Unexpected " + Port.NEED_CLIENT_AUTH, false, port.get(Port.NEED_CLIENT_AUTH));
+ assertEquals("Unexpected " + Port.WANT_CLIENT_AUTH, false, port.get(Port.WANT_CLIENT_AUTH));
+
+ @SuppressWarnings("unchecked")
+ Collection<String> transports = (Collection<String>) port.get(Port.TRANSPORTS);
+ assertEquals("Unexpected auth provider", new HashSet<String>(Arrays.asList(Transport.TCP.name())),
+ new HashSet<String>(transports));
+ }
+
+ public void testUpdateSettingWantNeedCertificateFailsForNonSSLPort() throws Exception
+ {
+ restartBrokerInManagementMode();
+
+ String portName = TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT;
+ Map<String, Object> attributes = new HashMap<String, Object>();
+ attributes.put(Port.NAME, portName);
+ attributes.put(Port.NEED_CLIENT_AUTH, true);
+ int responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "PUT", attributes);
+ assertEquals("Unexpected response when trying to set 'needClientAuth' on non-SSL port", 409, responseCode);
+
+ attributes = new HashMap<String, Object>();
+ attributes.put(Port.NAME, portName);
+ attributes.put(Port.WANT_CLIENT_AUTH, true);
+ responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "PUT", attributes);
+ assertEquals("Unexpected response when trying to set 'wantClientAuth' on non-SSL port", 409, responseCode);
+ }
+
+ public void testUpdatePortAuthenticationProvider() throws Exception
+ {
+ restartBrokerInManagementMode();
+
+ String portName = TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT;
+ Map<String, Object> attributes = new HashMap<String, Object>();
+ attributes.put(Port.NAME, portName);
+ attributes.put(Port.AUTHENTICATION_PROVIDER, "non-existing");
+ int responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "PUT", attributes);
+ assertEquals("Unexpected response when trying to change auth provider to non-existing one", 409, responseCode);
+
+ attributes = new HashMap<String, Object>();
+ attributes.put(Port.NAME, portName);
+ attributes.put(Port.AUTHENTICATION_PROVIDER, ANONYMOUS_AUTHENTICATION_PROVIDER);
+ responseCode = getRestTestHelper().submitRequest("/rest/port/" + portName, "PUT", attributes);
+ assertEquals("Unexpected response when trying to change auth provider to existing one", 200, responseCode);
+
+ Map<String, Object> port = getRestTestHelper().getJsonAsSingletonList("/rest/port/" + portName);
+ assertEquals("Unexpected auth provider", ANONYMOUS_AUTHENTICATION_PROVIDER, port.get(Port.AUTHENTICATION_PROVIDER));
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org