You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kp...@apache.org on 2013/02/28 17:14:57 UTC
svn commit: r1451244 [29/45] - in /qpid/branches/asyncstore: ./ bin/ cpp/
cpp/bindings/ cpp/bindings/qmf/ cpp/bindings/qmf/python/
cpp/bindings/qmf/ruby/ cpp/bindings/qmf2/ cpp/bindings/qmf2/examples/cpp/
cpp/bindings/qmf2/python/ cpp/bindings/qmf2/rub...
Modified: qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java
URL: http://svn.apache.org/viewvc/qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java?rev=1451244&r1=1451243&r2=1451244&view=diff
==============================================================================
--- qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java (original)
+++ qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/SecurityManager.java Thu Feb 28 16:14:30 2013
@@ -18,22 +18,23 @@
*/
package org.apache.qpid.server.security;
-import org.apache.commons.configuration.Configuration;
-import org.apache.commons.configuration.ConfigurationException;
import org.apache.log4j.Logger;
import org.apache.qpid.framing.AMQShortString;
-import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
-import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory;
import org.apache.qpid.server.exchange.Exchange;
-import org.apache.qpid.server.plugins.PluginManager;
+
+import org.apache.qpid.server.plugin.AccessControlFactory;
+import org.apache.qpid.server.plugin.QpidServiceLoader;
import org.apache.qpid.server.queue.AMQQueue;
import org.apache.qpid.server.security.access.ObjectProperties;
+import org.apache.qpid.server.security.access.ObjectType;
import org.apache.qpid.server.security.access.Operation;
import static org.apache.qpid.server.security.access.ObjectType.EXCHANGE;
+import static org.apache.qpid.server.security.access.ObjectType.GROUP;
import static org.apache.qpid.server.security.access.ObjectType.METHOD;
import static org.apache.qpid.server.security.access.ObjectType.QUEUE;
+import static org.apache.qpid.server.security.access.ObjectType.USER;
import static org.apache.qpid.server.security.access.ObjectType.VIRTUALHOST;
import static org.apache.qpid.server.security.access.Operation.BIND;
import static org.apache.qpid.server.security.access.Operation.CONSUME;
@@ -45,103 +46,105 @@ import static org.apache.qpid.server.sec
import javax.security.auth.Subject;
import java.net.SocketAddress;
-import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashMap;
-import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.concurrent.ConcurrentHashMap;
/**
- * The security manager contains references to all loaded {@link SecurityPlugin}s and delegates security decisions to them based
+ * The security manager contains references to all loaded {@link AccessControl}s and delegates security decisions to them based
* on virtual host name. The plugins can be external <em>OSGi</em> .jar files that export the required classes or just internal
* objects for simpler plugins.
- *
- * @see SecurityPlugin
+ *
+ * @see AccessControl
*/
public class SecurityManager
{
private static final Logger _logger = Logger.getLogger(SecurityManager.class);
-
+
/** Container for the {@link java.security.Principal} that is using to this thread. */
private static final ThreadLocal<Subject> _subject = new ThreadLocal<Subject>();
- private static final ThreadLocal<Boolean> _accessChecksDisabled = new ThreadLocal<Boolean>()
+
+ public static final ThreadLocal<Boolean> _accessChecksDisabled = new ClearingThreadLocal(false);
+
+ private Map<String, AccessControl> _globalPlugins = new HashMap<String, AccessControl>();
+ private Map<String, AccessControl> _hostPlugins = new HashMap<String, AccessControl>();
+
+ /**
+ * A special ThreadLocal, which calls remove() on itself whenever the value is
+ * the default, to avoid leaving a default value set after its use has passed.
+ */
+ private static final class ClearingThreadLocal extends ThreadLocal<Boolean>
{
- protected Boolean initialValue()
+ private Boolean _defaultValue;
+
+ public ClearingThreadLocal(Boolean defaultValue)
{
- return false;
+ super();
+ _defaultValue = defaultValue;
}
- };
- private PluginManager _pluginManager;
- private Map<String, SecurityPluginFactory> _pluginFactories = new HashMap<String, SecurityPluginFactory>();
- private Map<String, SecurityPlugin> _globalPlugins = new HashMap<String, SecurityPlugin>();
- private Map<String, SecurityPlugin> _hostPlugins = new HashMap<String, SecurityPlugin>();
+ @Override
+ protected Boolean initialValue()
+ {
+ return _defaultValue;
+ }
- public static class SecurityConfiguration extends ConfigurationPlugin
- {
- public static final ConfigurationPluginFactory FACTORY = new ConfigurationPluginFactory()
+ @Override
+ public void set(Boolean value)
{
- public ConfigurationPlugin newInstance(String path, Configuration config) throws ConfigurationException
+ if (value == _defaultValue)
{
- ConfigurationPlugin instance = new SecurityConfiguration();
- instance.setConfiguration(path, config);
- return instance;
+ super.remove();
}
-
- public List<String> getParentPaths()
+ else
{
- return Arrays.asList("security", "virtualhosts.virtualhost.security");
+ super.set(value);
}
- };
-
- @Override
- public String[] getElementsProcessed()
- {
- return new String[]{"security"};
}
- public void validateConfiguration() throws ConfigurationException
+ @Override
+ public Boolean get()
{
- if (getConfig().isEmpty())
+ Boolean value = super.get();
+ if (value == _defaultValue)
{
- throw new ConfigurationException("security section is incomplete, no elements found.");
+ super.remove();
}
+ return value;
}
}
-
- public SecurityManager(SecurityManager parent) throws ConfigurationException
+ /*
+ * Used by the VirtualHost to allow deferring to the broker level security plugins if required.
+ */
+ public SecurityManager(SecurityManager parent, String aclFile)
{
- _pluginManager = parent._pluginManager;
- _pluginFactories = parent._pluginFactories;
-
+ this(aclFile);
+
// our global plugins are the parent's host plugins
_globalPlugins = parent._hostPlugins;
}
- public SecurityManager(ConfigurationPlugin configuration, PluginManager manager) throws ConfigurationException
+ public SecurityManager(String aclFile)
{
- this(configuration, manager, null);
- }
-
- public SecurityManager(ConfigurationPlugin configuration, PluginManager manager, SecurityPluginFactory plugin) throws ConfigurationException
- {
- _pluginManager = manager;
- if (manager == null) // No plugin manager, no plugins
+ Map<String, Object> attributes = new HashMap<String, Object>();
+ attributes.put("aclFile", aclFile);
+ for (AccessControlFactory provider : (new QpidServiceLoader<AccessControlFactory>()).instancesOf(AccessControlFactory.class))
{
- return;
+ AccessControl accessControl = provider.createInstance(attributes);
+ if(accessControl != null)
+ {
+ addHostPlugin(accessControl);
+ }
}
- _pluginFactories = _pluginManager.getSecurityPlugins();
- if (plugin != null)
+ if(_logger.isDebugEnabled())
{
- _pluginFactories.put(plugin.getPluginName(), plugin);
+ _logger.debug("Configured " + _hostPlugins.size() + " access control plugins");
}
-
- configureHostPlugins(configuration);
}
public static Subject getThreadSubject()
@@ -154,41 +157,6 @@ public class SecurityManager
_subject.set(subject);
}
- public void configureHostPlugins(ConfigurationPlugin hostConfig) throws ConfigurationException
- {
- _hostPlugins = configurePlugins(hostConfig);
- }
-
- public void configureGlobalPlugins(ConfigurationPlugin configuration) throws ConfigurationException
- {
- _globalPlugins = configurePlugins(configuration);
- }
-
- public Map<String, SecurityPlugin> configurePlugins(ConfigurationPlugin hostConfig) throws ConfigurationException
- {
- Map<String, SecurityPlugin> plugins = new HashMap<String, SecurityPlugin>();
- SecurityConfiguration securityConfig = hostConfig.getConfiguration(SecurityConfiguration.class.getName());
-
- // If we have no security Configuration then there is nothing to configure.
- if (securityConfig != null)
- {
- for (SecurityPluginFactory<?> factory : _pluginFactories.values())
- {
- SecurityPlugin plugin = factory.newInstance(securityConfig);
- if (plugin != null)
- {
- plugins.put(factory.getPluginName(), plugin);
- }
- }
- }
- return plugins;
- }
-
- public void addHostPlugin(SecurityPlugin plugin)
- {
- _hostPlugins.put(plugin.getClass().getName(), plugin);
- }
-
public static Logger getLogger()
{
return _logger;
@@ -205,7 +173,7 @@ public class SecurityManager
private abstract class AccessCheck
{
- abstract Result allowed(SecurityPlugin plugin);
+ abstract Result allowed(AccessControl plugin);
}
private boolean checkAllPlugins(AccessCheck checker)
@@ -215,16 +183,16 @@ public class SecurityManager
return true;
}
- Map<String, SecurityPlugin> remainingPlugins = _globalPlugins.isEmpty()
- ? Collections.<String, SecurityPlugin>emptyMap()
- : _hostPlugins.isEmpty() ? _globalPlugins : new HashMap<String, SecurityPlugin>(_globalPlugins);
-
- if(!_hostPlugins.isEmpty())
+ Map<String, AccessControl> remainingPlugins = _globalPlugins.isEmpty()
+ ? Collections.<String, AccessControl>emptyMap()
+ : _hostPlugins.isEmpty() ? _globalPlugins : new HashMap<String, AccessControl>(_globalPlugins);
+
+ if(!_hostPlugins.isEmpty())
{
- for (Entry<String, SecurityPlugin> hostEntry : _hostPlugins.entrySet())
+ for (Entry<String, AccessControl> hostEntry : _hostPlugins.entrySet())
{
// Create set of global only plugins
- SecurityPlugin globalPlugin = remainingPlugins.get(hostEntry.getKey());
+ AccessControl globalPlugin = remainingPlugins.get(hostEntry.getKey());
if (globalPlugin != null)
{
remainingPlugins.remove(hostEntry.getKey());
@@ -272,7 +240,7 @@ public class SecurityManager
}
}
- for (SecurityPlugin plugin : remainingPlugins.values())
+ for (AccessControl plugin : remainingPlugins.values())
{
Result remaining = checker.allowed(plugin);
if (remaining == Result.DEFER)
@@ -284,16 +252,16 @@ public class SecurityManager
return false;
}
}
-
+
// getting here means either allowed or abstained from all plugins
return true;
}
-
+
public boolean authoriseBind(final Exchange exch, final AMQQueue queue, final AMQShortString routingKey)
{
return checkAllPlugins(new AccessCheck()
{
- Result allowed(SecurityPlugin plugin)
+ Result allowed(AccessControl plugin)
{
return plugin.authorise(BIND, EXCHANGE, new ObjectProperties(exch, queue, routingKey));
}
@@ -304,7 +272,7 @@ public class SecurityManager
{
return checkAllPlugins(new AccessCheck()
{
- Result allowed(SecurityPlugin plugin)
+ Result allowed(AccessControl plugin)
{
ObjectProperties properties = new ObjectProperties();
properties.setName(methodName);
@@ -318,11 +286,22 @@ public class SecurityManager
});
}
+ public boolean accessManagement()
+ {
+ return checkAllPlugins(new AccessCheck()
+ {
+ Result allowed(AccessControl plugin)
+ {
+ return plugin.access(ObjectType.MANAGEMENT, null);
+ }
+ });
+ }
+
public boolean accessVirtualhost(final String vhostname, final SocketAddress remoteAddress)
{
return checkAllPlugins(new AccessCheck()
{
- Result allowed(SecurityPlugin plugin)
+ Result allowed(AccessControl plugin)
{
return plugin.access(VIRTUALHOST, remoteAddress);
}
@@ -333,7 +312,7 @@ public class SecurityManager
{
return checkAllPlugins(new AccessCheck()
{
- Result allowed(SecurityPlugin plugin)
+ Result allowed(AccessControl plugin)
{
return plugin.authorise(CONSUME, QUEUE, new ObjectProperties(queue));
}
@@ -345,7 +324,7 @@ public class SecurityManager
{
return checkAllPlugins(new AccessCheck()
{
- Result allowed(SecurityPlugin plugin)
+ Result allowed(AccessControl plugin)
{
return plugin.authorise(CREATE, EXCHANGE, new ObjectProperties(autoDelete, durable, exchangeName,
internal, nowait, passive, exchangeType));
@@ -358,7 +337,7 @@ public class SecurityManager
{
return checkAllPlugins(new AccessCheck()
{
- Result allowed(SecurityPlugin plugin)
+ Result allowed(AccessControl plugin)
{
return plugin.authorise(CREATE, QUEUE, new ObjectProperties(autoDelete, durable, exclusive, nowait, passive, queueName, owner));
}
@@ -369,7 +348,7 @@ public class SecurityManager
{
return checkAllPlugins(new AccessCheck()
{
- Result allowed(SecurityPlugin plugin)
+ Result allowed(AccessControl plugin)
{
return plugin.authorise(DELETE, QUEUE, new ObjectProperties(queue));
}
@@ -380,13 +359,34 @@ public class SecurityManager
{
return checkAllPlugins(new AccessCheck()
{
- Result allowed(SecurityPlugin plugin)
+ Result allowed(AccessControl plugin)
{
return plugin.authorise(DELETE, EXCHANGE, new ObjectProperties(exchange.getName()));
}
});
}
+ public boolean authoriseGroupOperation(final Operation operation, final String groupName)
+ {
+ return checkAllPlugins(new AccessCheck()
+ {
+ Result allowed(AccessControl plugin)
+ {
+ return plugin.authorise(operation, GROUP, new ObjectProperties(groupName));
+ }
+ });
+ }
+
+ public boolean authoriseUserOperation(final Operation operation, final String userName)
+ {
+ return checkAllPlugins(new AccessCheck()
+ {
+ Result allowed(AccessControl plugin)
+ {
+ return plugin.authorise(operation, USER, new ObjectProperties(userName));
+ }
+ });
+ }
private ConcurrentHashMap<String, ConcurrentHashMap<String, PublishAccessCheck>> _immediatePublishPropsCache
= new ConcurrentHashMap<String, ConcurrentHashMap<String, PublishAccessCheck>>();
@@ -428,7 +428,7 @@ public class SecurityManager
{
return checkAllPlugins(new AccessCheck()
{
- Result allowed(SecurityPlugin plugin)
+ Result allowed(AccessControl plugin)
{
return plugin.authorise(PURGE, QUEUE, new ObjectProperties(queue));
}
@@ -439,7 +439,7 @@ public class SecurityManager
{
return checkAllPlugins(new AccessCheck()
{
- Result allowed(SecurityPlugin plugin)
+ Result allowed(AccessControl plugin)
{
return plugin.authorise(UNBIND, EXCHANGE, new ObjectProperties(exch, queue, routingKey));
}
@@ -465,9 +465,16 @@ public class SecurityManager
_props = props;
}
- Result allowed(SecurityPlugin plugin)
+ Result allowed(AccessControl plugin)
{
return plugin.authorise(PUBLISH, EXCHANGE, _props);
}
}
+
+
+ public void addHostPlugin(AccessControl plugin)
+ {
+ _hostPlugins.put(plugin.getClass().getName(), plugin);
+ }
+
}
Modified: qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/access/ObjectProperties.java
URL: http://svn.apache.org/viewvc/qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/access/ObjectProperties.java?rev=1451244&r1=1451243&r2=1451244&view=diff
==============================================================================
--- qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/access/ObjectProperties.java (original)
+++ qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/access/ObjectProperties.java Thu Feb 28 16:14:30 2013
@@ -18,33 +18,31 @@
*/
package org.apache.qpid.server.security.access;
-import org.apache.commons.lang.StringUtils;
-
-import org.apache.qpid.framing.AMQShortString;
-import org.apache.qpid.server.exchange.Exchange;
-import org.apache.qpid.server.queue.AMQQueue;
-
import java.util.ArrayList;
import java.util.EnumMap;
+import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang.builder.EqualsBuilder;
+import org.apache.qpid.framing.AMQShortString;
+import org.apache.qpid.server.exchange.Exchange;
+import org.apache.qpid.server.queue.AMQQueue;
+
/**
* An set of properties for an access control v2 rule {@link ObjectType}.
- *
+ *
* The {@link #matches(ObjectProperties)} method is intended to be used when determining precedence of rules, and
* {@link #equals(Object)} and {@link #hashCode()} are intended for use in maps. This is due to the wildcard matching
* described above.
*/
public class ObjectProperties
{
- /** serialVersionUID */
- private static final long serialVersionUID = -1356019341374170495L;
-
public static final String STAR= "*";
public static final ObjectProperties EMPTY = new ObjectProperties();
-
+
public enum Property
{
ROUTING_KEY,
@@ -65,81 +63,89 @@ public class ObjectProperties
AUTO_DELETE,
COMPONENT,
PACKAGE,
- CLASS;
-
- public static Property parse(String text)
+ CLASS,
+ FROM_NETWORK,
+ FROM_HOSTNAME;
+
+ private static final Map<String, Property> _canonicalNameToPropertyMap = new HashMap<String, ObjectProperties.Property>();
+
+ static
{
for (Property property : values())
{
- if (property.getName().equalsIgnoreCase(text))
- {
- return property;
- }
+ _canonicalNameToPropertyMap.put(getCanonicalName(property.name()), property);
}
- throw new IllegalArgumentException("Not a valid property: " + text);
}
-
- public String getName()
+
+ /**
+ * Properties are parsed using their canonical name (see {@link #getCanonicalName(String)})
+ * so that, for the sake of user-friendliness, the ACL file parses is insensitive to
+ * case and underscores.
+ */
+ public static Property parse(String text)
{
- return StringUtils.remove(name(), '_').toLowerCase();
+ String propertyName = getCanonicalName(text);
+ Property property = _canonicalNameToPropertyMap.get(propertyName);
+
+ if(property == null)
+ {
+ throw new IllegalArgumentException("Not a valid property: " + text
+ + " because " + propertyName
+ + " is not in " + _canonicalNameToPropertyMap.keySet());
+ }
+ else
+ {
+ return property;
+ }
+ }
+
+ private static String getCanonicalName(String name)
+ {
+ return StringUtils.remove(name, '_').toLowerCase();
}
-
- public static List<String> getPropertyNames()
- {
- List<String> properties = new ArrayList<String>();
- for (Property property : values())
- {
- properties.add(property.getName());
- }
- return properties;
- }
}
private final EnumMap<Property, String> _properties = new EnumMap<Property, String>(Property.class);
- public static List<String> getAllPropertyNames()
+ public static List<String> getAllPropertyNames()
{
- List<String> properties = new ArrayList<String>();
- for (Property property : Property.values())
- {
- properties.add(StringUtils.remove(property.name(), '_').toLowerCase());
- }
- return properties;
- }
-
+ List<String> properties = new ArrayList<String>();
+ for (Property property : Property.values())
+ {
+ properties.add(StringUtils.remove(property.name(), '_').toLowerCase());
+ }
+ return properties;
+ }
+
public ObjectProperties()
{
- super();
}
-
+
+ public ObjectProperties(Property property, String value)
+ {
+ _properties.put(property, value);
+ }
+
public ObjectProperties(ObjectProperties copy)
{
- super();
-
_properties.putAll(copy._properties);
}
-
+
public ObjectProperties(String name)
{
- super();
-
setName(name);
}
-
+
public ObjectProperties(AMQShortString name)
{
- super();
-
setName(name);
}
-
+
public ObjectProperties(AMQQueue queue)
{
- super();
-
setName(queue.getName());
-
+
put(Property.AUTO_DELETE, queue.isAutoDelete());
put(Property.TEMPORARY, queue.isAutoDelete());
put(Property.DURABLE, queue.isDurable());
@@ -157,45 +163,45 @@ public class ObjectProperties
put(Property.OWNER, queue.getAuthorizationHolder().getAuthorizedPrincipal().getName());
}
}
-
+
public ObjectProperties(Exchange exch, AMQQueue queue, AMQShortString routingKey)
{
this(queue);
-
- setName(exch.getName());
-
+
+ setName(exch.getName());
+
put(Property.QUEUE_NAME, queue.getName());
put(Property.ROUTING_KEY, routingKey);
}
-
+
public ObjectProperties(Exchange exch, AMQShortString routingKey)
{
this(exch.getName(), routingKey.asString());
}
-
+
public ObjectProperties(String exchangeName, String routingKey, Boolean immediate)
{
this(exchangeName, routingKey);
-
+
put(Property.IMMEDIATE, immediate);
}
-
+
public ObjectProperties(String exchangeName, String routingKey)
{
super();
-
+
setName(exchangeName);
-
+
put(Property.ROUTING_KEY, routingKey);
}
-
+
public ObjectProperties(Boolean autoDelete, Boolean durable, AMQShortString exchangeName,
Boolean internal, Boolean nowait, Boolean passive, AMQShortString exchangeType)
{
super();
-
+
setName(exchangeName);
-
+
put(Property.AUTO_DELETE, autoDelete);
put(Property.TEMPORARY, autoDelete);
put(Property.DURABLE, durable);
@@ -204,14 +210,14 @@ public class ObjectProperties
put(Property.PASSIVE, passive);
put(Property.TYPE, exchangeType);
}
-
+
public ObjectProperties(Boolean autoDelete, Boolean durable, Boolean exclusive, Boolean nowait, Boolean passive,
AMQShortString queueName, String owner)
{
super();
-
+
setName(queueName);
-
+
put(Property.AUTO_DELETE, autoDelete);
put(Property.TEMPORARY, autoDelete);
put(Property.DURABLE, durable);
@@ -220,7 +226,7 @@ public class ObjectProperties
put(Property.PASSIVE, passive);
put(Property.OWNER, owner);
}
-
+
public ObjectProperties(Boolean exclusive, Boolean noAck, Boolean noLocal, Boolean nowait, AMQQueue queue)
{
this(queue);
@@ -230,17 +236,7 @@ public class ObjectProperties
put(Property.EXCLUSIVE, exclusive);
put(Property.NO_WAIT, nowait);
}
-
- public List<String> getPropertyNames()
- {
- List<String> properties = new ArrayList<String>();
- for (Property property : _properties.keySet())
- {
- properties.add(property.getName());
- }
- return properties;
- }
-
+
public Boolean isSet(Property key)
{
return _properties.containsKey(key) && Boolean.valueOf(_properties.get(key));
@@ -255,17 +251,17 @@ public class ObjectProperties
{
return _properties.get(Property.NAME);
}
-
+
public void setName(String name)
{
_properties.put(Property.NAME, name);
}
-
+
public void setName(AMQShortString name)
{
put(Property.NAME, name);
}
-
+
public String put(Property key, AMQShortString value)
{
return put(key, value == null ? "" : value.asString());
@@ -275,7 +271,7 @@ public class ObjectProperties
{
return _properties.put(key, value == null ? "" : value.trim());
}
-
+
public void put(Property key, Boolean value)
{
if (value != null)
@@ -283,66 +279,64 @@ public class ObjectProperties
_properties.put(key, Boolean.toString(value));
}
}
-
+
public boolean matches(ObjectProperties properties)
{
if (properties._properties.keySet().isEmpty())
{
return true;
}
-
+
if (!_properties.keySet().containsAll(properties._properties.keySet()))
{
return false;
}
-
+
for (Map.Entry<Property,String> entry : properties._properties.entrySet())
{
Property key = entry.getKey();
String ruleValue = entry.getValue();
-
+
String thisValue = _properties.get(key);
- if (!valueMatches(thisValue, ruleValue))
+ if (!valueMatches(thisValue, ruleValue))
{
return false;
}
}
-
+
return true;
}
-
+
private boolean valueMatches(String thisValue, String ruleValue)
{
return (StringUtils.isEmpty(ruleValue)
|| StringUtils.equals(thisValue, ruleValue))
|| ruleValue.equals(STAR)
- || (ruleValue.endsWith(STAR)
+ || (ruleValue.endsWith(STAR)
&& thisValue != null
&& thisValue.length() >= ruleValue.length() - 1
&& thisValue.startsWith(ruleValue.substring(0, ruleValue.length() - 1)));
}
@Override
- public boolean equals(Object o)
+ public boolean equals(Object obj)
{
- if (this == o)
+ if (obj == null)
{
- return true;
+ return false;
}
- if (o == null || getClass() != o.getClass())
+ if (obj == this)
{
- return false;
+ return true;
}
-
- ObjectProperties that = (ObjectProperties) o;
-
- if (_properties != null ? !_properties.equals(that._properties) : that._properties != null)
+ if (obj.getClass() != getClass())
{
return false;
}
-
- return true;
+ ObjectProperties rhs = (ObjectProperties) obj;
+ return new EqualsBuilder()
+ .append(_properties, rhs._properties).isEquals();
}
@Override
Modified: qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/access/ObjectType.java
URL: http://svn.apache.org/viewvc/qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/access/ObjectType.java?rev=1451244&r1=1451243&r2=1451244&view=diff
==============================================================================
--- qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/access/ObjectType.java (original)
+++ qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/access/ObjectType.java Thu Feb 28 16:14:30 2013
@@ -41,12 +41,15 @@ public enum ObjectType
{
ALL(Operation.ALL),
VIRTUALHOST(Operation.ALL, ACCESS),
+ MANAGEMENT(Operation.ALL, ACCESS),
QUEUE(Operation.ALL, CREATE, DELETE, PURGE, CONSUME),
EXCHANGE(Operation.ALL, ACCESS, CREATE, DELETE, BIND, UNBIND, PUBLISH),
LINK, // Not allowed in the Java broker
ROUTE, // Not allowed in the Java broker
- METHOD(Operation.ALL, ACCESS, UPDATE);
-
+ METHOD(Operation.ALL, ACCESS, UPDATE),
+ USER(Operation.ALL, CREATE, DELETE, UPDATE),
+ GROUP(Operation.ALL, CREATE, DELETE, UPDATE);
+
private EnumSet<Operation> _actions;
private ObjectType()
Modified: qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/AuthenticationResult.java
URL: http://svn.apache.org/viewvc/qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/AuthenticationResult.java?rev=1451244&r1=1451243&r2=1451244&view=diff
==============================================================================
--- qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/AuthenticationResult.java (original)
+++ qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/AuthenticationResult.java Thu Feb 28 16:14:30 2013
@@ -7,9 +7,9 @@
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
@@ -20,15 +20,20 @@
*/
package org.apache.qpid.server.security.auth;
-import javax.security.auth.Subject;
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.qpid.server.security.auth.manager.AuthenticationManager;
/**
- * Encapsulates the result of an attempt to authenticate.
+ * Encapsulates the result of an attempt to authenticate using an {@link AuthenticationManager}.
* <p>
* The authentication status describes the overall outcome.
* <p>
* <ol>
- * <li>If authentication status is SUCCESS, the subject will be populated.
+ * <li>If authentication status is SUCCESS, at least one {@link Principal} will be populated.
* </li>
* <li>If authentication status is CONTINUE, the authentication has failed because the user
* supplied incorrect credentials (etc). If the authentication requires it, the next challenge
@@ -40,6 +45,8 @@ import javax.security.auth.Subject;
* </li>
* </ol>
*
+ * The main principal provided to the constructor is wrapped in an {@link AuthenticatedPrincipal}
+ * to make it easier for the rest of the application to identify it among the set of other principals.
*/
public class AuthenticationResult
{
@@ -56,37 +63,59 @@ public class AuthenticationResult
private final AuthenticationStatus _status;
private final byte[] _challenge;
private final Exception _cause;
- private final Subject _subject;
+ private final Set<Principal> _principals = new HashSet<Principal>();
+ private final Principal _mainPrincipal;
public AuthenticationResult(final AuthenticationStatus status)
{
this(null, status, null);
}
+ public AuthenticationResult(Principal mainPrincipal)
+ {
+ this(mainPrincipal, Collections.<Principal>emptySet());
+ }
+
+ public AuthenticationResult(Principal mainPrincipal, Set<Principal> otherPrincipals)
+ {
+ AuthenticatedPrincipal specialQpidAuthenticatedPrincipal = new AuthenticatedPrincipal(mainPrincipal);
+ _principals.addAll(otherPrincipals);
+ _principals.remove(mainPrincipal);
+ _principals.add(specialQpidAuthenticatedPrincipal);
+ _mainPrincipal = mainPrincipal;
+
+ _status = AuthenticationStatus.SUCCESS;
+ _challenge = null;
+ _cause = null;
+ }
+
public AuthenticationResult(final byte[] challenge, final AuthenticationStatus status)
{
- this(challenge, status, null);
+ _challenge = challenge;
+ _status = status;
+ _cause = null;
+ _mainPrincipal = null;
}
public AuthenticationResult(final AuthenticationStatus error, final Exception cause)
{
- this(null, error, cause);
+ _status = error;
+ _challenge = null;
+ _cause = cause;
+ _mainPrincipal = null;
}
public AuthenticationResult(final byte[] challenge, final AuthenticationStatus status, final Exception cause)
{
- this._status = status;
- this._challenge = challenge;
- this._cause = cause;
- this._subject = null;
- }
-
- public AuthenticationResult(final Subject subject)
- {
- this._status = AuthenticationStatus.SUCCESS;
- this._challenge = null;
- this._cause = null;
- this._subject = subject;
+ if(status == AuthenticationStatus.SUCCESS)
+ {
+ throw new IllegalArgumentException("Successful authentication requires at least one principal");
+ }
+
+ _status = status;
+ _challenge = challenge;
+ _cause = cause;
+ _mainPrincipal = null;
}
public Exception getCause()
@@ -104,9 +133,13 @@ public class AuthenticationResult
return _challenge;
}
- public Subject getSubject()
+ public Set<Principal> getPrincipals()
{
- return _subject;
+ return _principals;
}
+ public Principal getMainPrincipal()
+ {
+ return _mainPrincipal;
+ }
}
Modified: qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/AbstractPasswordFilePrincipalDatabase.java
URL: http://svn.apache.org/viewvc/qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/AbstractPasswordFilePrincipalDatabase.java?rev=1451244&r1=1451243&r2=1451244&view=diff
==============================================================================
--- qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/AbstractPasswordFilePrincipalDatabase.java (original)
+++ qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/AbstractPasswordFilePrincipalDatabase.java Thu Feb 28 16:14:30 2013
@@ -21,9 +21,9 @@
package org.apache.qpid.server.security.auth.database;
import org.apache.log4j.Logger;
+import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.sasl.AuthenticationProviderInitialiser;
import org.apache.qpid.server.security.auth.sasl.UsernamePasswordInitialiser;
-import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.AccountNotFoundException;
Modified: qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabase.java
URL: http://svn.apache.org/viewvc/qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabase.java?rev=1451244&r1=1451243&r2=1451244&view=diff
==============================================================================
--- qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabase.java (original)
+++ qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabase.java Thu Feb 28 16:14:30 2013
@@ -32,6 +32,8 @@ import java.util.Map;
/** Represents a "user database" which is really a way of storing principals (i.e. usernames) and passwords. */
public interface PrincipalDatabase
{
+ void setPasswordFile(String passwordFile) throws IOException;
+
/**
* Set the password for a given principal in the specified callback. This is used for certain SASL providers. The
* user database implementation should look up the password in any way it chooses and set it in the callback by
Modified: qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java?rev=1451244&r1=1451243&r2=1451244&view=diff
==============================================================================
--- qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java (original)
+++ qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java Thu Feb 28 16:14:30 2013
@@ -21,31 +21,25 @@
package org.apache.qpid.server.security.auth.manager;
import java.security.Principal;
-import java.util.Arrays;
-import java.util.List;
+
import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
-import org.apache.commons.configuration.Configuration;
-import org.apache.commons.configuration.ConfigurationException;
-import org.apache.log4j.Logger;
-import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
-import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory;
+
import org.apache.qpid.server.security.auth.AuthenticationResult;
-import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal;
+import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.sasl.anonymous.AnonymousInitialiser;
import org.apache.qpid.server.security.auth.sasl.anonymous.AnonymousSaslServer;
public class AnonymousAuthenticationManager implements AuthenticationManager
{
- private static final Logger _logger = Logger.getLogger(AnonymousAuthenticationManager.class);
-
private static final AnonymousInitialiser SASL_INITIALISER = new AnonymousInitialiser();
private static final String ANONYMOUS = SASL_INITIALISER.getMechanismName();
- private static final Principal ANONYMOUS_PRINCIPAL = new UsernamePrincipal("ANONYMOUS");
+ public static final String ANONYMOUS_USERNAME = "ANONYMOUS";
+
+ public static final Principal ANONYMOUS_PRINCIPAL = new UsernamePrincipal(ANONYMOUS_USERNAME);
public static final Subject ANONYMOUS_SUBJECT = new Subject();
static
@@ -53,76 +47,11 @@ public class AnonymousAuthenticationMana
ANONYMOUS_SUBJECT.getPrincipals().add(ANONYMOUS_PRINCIPAL);
}
- private static final AuthenticationResult ANONYMOUS_AUTHENTICATION = new AuthenticationResult(ANONYMOUS_SUBJECT);
-
-
- private static CallbackHandler _callbackHandler = SASL_INITIALISER.getCallbackHandler();
+ private static final AuthenticationResult ANONYMOUS_AUTHENTICATION = new AuthenticationResult(ANONYMOUS_PRINCIPAL);
static final AnonymousAuthenticationManager INSTANCE = new AnonymousAuthenticationManager();
- public static class AnonymousAuthenticationManagerConfiguration extends ConfigurationPlugin
- {
-
- public static final ConfigurationPluginFactory FACTORY =
- new ConfigurationPluginFactory()
- {
- public List<String> getParentPaths()
- {
- return Arrays.asList("security.anonymous-auth-manager");
- }
-
- public ConfigurationPlugin newInstance(final String path, final Configuration config) throws ConfigurationException
- {
- final ConfigurationPlugin instance = new AnonymousAuthenticationManagerConfiguration();
-
- instance.setConfiguration(path, config);
- return instance;
- }
- };
-
- public String[] getElementsProcessed()
- {
- return new String[0];
- }
-
- public void validateConfiguration() throws ConfigurationException
- {
- }
-
- }
-
-
- public static final AuthenticationManagerPluginFactory<AnonymousAuthenticationManager> FACTORY = new AuthenticationManagerPluginFactory<AnonymousAuthenticationManager>()
- {
- public AnonymousAuthenticationManager newInstance(final ConfigurationPlugin config) throws ConfigurationException
- {
- AnonymousAuthenticationManagerConfiguration configuration =
- config == null
- ? null
- : (AnonymousAuthenticationManagerConfiguration) config.getConfiguration(AnonymousAuthenticationManagerConfiguration.class.getName());
-
- // If there is no configuration for this plugin then don't load it.
- if (configuration == null)
- {
- _logger.info("No authentication-manager configuration found for AnonymousAuthenticationManager");
- return null;
- }
- return INSTANCE;
- }
-
- public Class<AnonymousAuthenticationManager> getPluginClass()
- {
- return AnonymousAuthenticationManager.class;
- }
-
- public String getPluginName()
- {
- return AnonymousAuthenticationManager.class.getName();
- }
- };
-
-
- private AnonymousAuthenticationManager()
+ AnonymousAuthenticationManager()
{
}
@@ -184,9 +113,4 @@ public class AnonymousAuthenticationMana
public void close()
{
}
-
- @Override
- public void configure(ConfigurationPlugin config) throws ConfigurationException
- {
- }
}
Modified: qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java?rev=1451244&r1=1451243&r2=1451244&view=diff
==============================================================================
--- qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java (original)
+++ qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java Thu Feb 28 16:14:30 2013
@@ -24,22 +24,22 @@ import java.security.Principal;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.qpid.common.Closeable;
-import org.apache.qpid.server.plugins.Plugin;
import org.apache.qpid.server.security.auth.AuthenticationResult;
/**
* Implementations of the AuthenticationManager are responsible for determining
* the authenticity of a user's credentials.
- *
- * If the authentication is successful, the manager is responsible for producing a populated
- * {@link javax.security.auth.Subject} containing the user's identity and zero or more principals representing
- * groups to which the user belongs.
+ * <p>
+ * If the authentication is successful, the manager is responsible for producing an
+ * {@link AuthenticationResult} containing the user's main {@link Principal} and zero or
+ * more other implementation-specific principals.
+ * </p>
* <p>
* The {@link #initialise()} method is responsible for registering SASL mechanisms required by
* the manager. The {@link #close()} method must reverse this registration.
- *
+ * </p>
*/
-public interface AuthenticationManager extends Closeable, Plugin
+public interface AuthenticationManager extends Closeable
{
/** The name for the required SASL Server mechanisms */
public static final String PROVIDER_NAME= "AMQSASLProvider-Server";
@@ -88,5 +88,4 @@ public interface AuthenticationManager e
* @return authentication result
*/
AuthenticationResult authenticate(String username, String password);
-
}
Modified: qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java?rev=1451244&r1=1451243&r2=1451244&view=diff
==============================================================================
--- qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java (original)
+++ qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java Thu Feb 28 16:14:30 2013
@@ -19,90 +19,19 @@
package org.apache.qpid.server.security.auth.manager;
import java.security.Principal;
-import java.util.Arrays;
-import java.util.List;
-import javax.security.auth.Subject;
+
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
-import org.apache.commons.configuration.Configuration;
-import org.apache.commons.configuration.ConfigurationException;
-import org.apache.log4j.Logger;
-import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
-import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory;
+
import org.apache.qpid.server.security.auth.AuthenticationResult;
+import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.sasl.external.ExternalSaslServer;
public class ExternalAuthenticationManager implements AuthenticationManager
{
- private static final Logger _logger = Logger.getLogger(ExternalAuthenticationManager.class);
-
private static final String EXTERNAL = "EXTERNAL";
- static final ExternalAuthenticationManager INSTANCE = new ExternalAuthenticationManager();
-
- public static class ExternalAuthenticationManagerConfiguration extends ConfigurationPlugin
- {
-
- public static final ConfigurationPluginFactory FACTORY =
- new ConfigurationPluginFactory()
- {
- public List<String> getParentPaths()
- {
- return Arrays.asList("security.external-auth-manager");
- }
-
- public ConfigurationPlugin newInstance(final String path, final Configuration config) throws ConfigurationException
- {
- final ConfigurationPlugin instance = new ExternalAuthenticationManagerConfiguration();
-
- instance.setConfiguration(path, config);
- return instance;
- }
- };
-
- public String[] getElementsProcessed()
- {
- return new String[0];
- }
-
- public void validateConfiguration() throws ConfigurationException
- {
- }
-
- }
-
-
- public static final AuthenticationManagerPluginFactory<ExternalAuthenticationManager> FACTORY = new AuthenticationManagerPluginFactory<ExternalAuthenticationManager>()
- {
- public ExternalAuthenticationManager newInstance(final ConfigurationPlugin config) throws ConfigurationException
- {
- ExternalAuthenticationManagerConfiguration configuration =
- config == null
- ? null
- : (ExternalAuthenticationManagerConfiguration) config.getConfiguration(ExternalAuthenticationManagerConfiguration.class.getName());
-
- // If there is no configuration for this plugin then don't load it.
- if (configuration == null)
- {
- _logger.info("No authentication-manager configuration found for ExternalAuthenticationManager");
- return null;
- }
- return INSTANCE;
- }
-
- public Class<ExternalAuthenticationManager> getPluginClass()
- {
- return ExternalAuthenticationManager.class;
- }
-
- public String getPluginName()
- {
- return ExternalAuthenticationManager.class.getName();
- }
- };
-
-
- private ExternalAuthenticationManager()
+ ExternalAuthenticationManager()
{
}
@@ -137,15 +66,13 @@ public class ExternalAuthenticationManag
// Process response from the client
try
{
- byte[] challenge = server.evaluateResponse(response != null ? response : new byte[0]);
+ server.evaluateResponse(response != null ? response : new byte[0]);
Principal principal = ((ExternalSaslServer)server).getAuthenticatedPrincipal();
if(principal != null)
{
- final Subject subject = new Subject();
- subject.getPrincipals().add(principal);
- return new AuthenticationResult(subject);
+ return new AuthenticationResult(principal);
}
else
{
@@ -162,16 +89,11 @@ public class ExternalAuthenticationManag
@Override
public AuthenticationResult authenticate(String username, String password)
{
- return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR);
+ return new AuthenticationResult(new UsernamePrincipal(username));
}
@Override
public void close()
{
}
-
- @Override
- public void configure(ConfigurationPlugin config) throws ConfigurationException
- {
- }
}
Modified: qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java?rev=1451244&r1=1451243&r2=1451244&view=diff
==============================================================================
--- qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java (original)
+++ qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java Thu Feb 28 16:14:30 2013
@@ -20,10 +20,7 @@ package org.apache.qpid.server.security.
import java.io.IOException;
import java.security.Principal;
-import java.util.Arrays;
import java.util.HashMap;
-import java.util.List;
-import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
@@ -31,86 +28,15 @@ import javax.security.sasl.AuthorizeCall
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
-import org.apache.commons.configuration.Configuration;
-import org.apache.commons.configuration.ConfigurationException;
-import org.apache.log4j.Logger;
-import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
-import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory;
import org.apache.qpid.server.security.auth.AuthenticationResult;
-import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal;
+import org.apache.qpid.server.security.auth.UsernamePrincipal;
public class KerberosAuthenticationManager implements AuthenticationManager
{
- private static final Logger _logger = Logger.getLogger(KerberosAuthenticationManager.class);
-
private static final String GSSAPI_MECHANISM = "GSSAPI";
private final CallbackHandler _callbackHandler = new GssApiCallbackHandler();
- public static class KerberosAuthenticationManagerConfiguration extends ConfigurationPlugin
- {
-
- public static final ConfigurationPluginFactory FACTORY =
- new ConfigurationPluginFactory()
- {
- public List<String> getParentPaths()
- {
- return Arrays.asList("security.kerberos-auth-manager");
- }
-
- public ConfigurationPlugin newInstance(final String path, final Configuration config) throws ConfigurationException
- {
- final ConfigurationPlugin instance = new KerberosAuthenticationManagerConfiguration();
-
- instance.setConfiguration(path, config);
- return instance;
- }
- };
-
- public String[] getElementsProcessed()
- {
- return new String[0];
- }
-
- public void validateConfiguration() throws ConfigurationException
- {
- }
-
- }
-
-
- public static final AuthenticationManagerPluginFactory<KerberosAuthenticationManager> FACTORY = new AuthenticationManagerPluginFactory<KerberosAuthenticationManager>()
- {
- public KerberosAuthenticationManager newInstance(final ConfigurationPlugin config) throws ConfigurationException
- {
- KerberosAuthenticationManagerConfiguration configuration =
- config == null
- ? null
- : (KerberosAuthenticationManagerConfiguration) config.getConfiguration(KerberosAuthenticationManagerConfiguration.class.getName());
-
- // If there is no configuration for this plugin then don't load it.
- if (configuration == null)
- {
- _logger.info("No authentication-manager configuration found for KerberosAuthenticationManager");
- return null;
- }
- KerberosAuthenticationManager kerberosAuthenticationManager = new KerberosAuthenticationManager();
- kerberosAuthenticationManager.configure(configuration);
- return kerberosAuthenticationManager;
- }
-
- public Class<KerberosAuthenticationManager> getPluginClass()
- {
- return KerberosAuthenticationManager.class;
- }
-
- public String getPluginName()
- {
- return KerberosAuthenticationManager.class.getName();
- }
- };
-
-
- private KerberosAuthenticationManager()
+ KerberosAuthenticationManager()
{
}
@@ -158,10 +84,7 @@ public class KerberosAuthenticationManag
if (server.isComplete())
{
- final Subject subject = new Subject();
- _logger.debug("Authenticated as " + server.getAuthorizationID());
- subject.getPrincipals().add(new UsernamePrincipal(server.getAuthorizationID()));
- return new AuthenticationResult(subject);
+ return new AuthenticationResult(new UsernamePrincipal(server.getAuthorizationID()));
}
else
{
@@ -186,11 +109,6 @@ public class KerberosAuthenticationManag
{
}
- @Override
- public void configure(ConfigurationPlugin config) throws ConfigurationException
- {
- }
-
private static class GssApiCallbackHandler implements CallbackHandler
{
Modified: qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java?rev=1451244&r1=1451243&r2=1451244&view=diff
==============================================================================
--- qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java (original)
+++ qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java Thu Feb 28 16:14:30 2013
@@ -21,38 +21,25 @@
package org.apache.qpid.server.security.auth.manager;
import java.security.Principal;
-import org.apache.commons.configuration.Configuration;
-import org.apache.commons.configuration.ConfigurationException;
import org.apache.log4j.Logger;
-import org.apache.qpid.configuration.PropertyException;
-import org.apache.qpid.configuration.PropertyUtils;
-import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
-import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
import org.apache.qpid.server.security.auth.sasl.AuthenticationProviderInitialiser;
import org.apache.qpid.server.security.auth.sasl.JCAProvider;
-import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal;
+import org.apache.qpid.server.security.auth.UsernamePrincipal;
-import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
+
import java.security.Security;
-import java.util.Arrays;
-import java.util.Collections;
import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
import java.util.Map;
-import java.util.Map.Entry;
import java.util.TreeMap;
@@ -60,27 +47,10 @@ import java.util.TreeMap;
* Concrete implementation of the AuthenticationManager that determines if supplied
* user credentials match those appearing in a PrincipalDatabase. The implementation
* of the PrincipalDatabase is determined from the configuration.
- *
- * This implementation also registers the JMX UserManagemement MBean.
- *
- * This plugin expects configuration such as:
- *
- * <pre>
- * <pd-auth-manager>
- * <principal-database>
- * <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>
- * <attributes>
- * <attribute>
- * <name>passwordFile</name>
- * <value>${conf}/passwd</value>
- * </attribute>
- * </attributes>
- * </principal-database>
- * </pd-auth-manager>
- * </pre>
*/
public class PrincipalDatabaseAuthenticationManager implements AuthenticationManager
{
+
private static final Logger _logger = Logger.getLogger(PrincipalDatabaseAuthenticationManager.class);
/** The list of mechanisms, in the order in which they are configured (i.e. preferred order) */
@@ -95,95 +65,11 @@ public class PrincipalDatabaseAuthentica
*/
private final Map<String, Map<String, ?>> _serverCreationProperties = new HashMap<String, Map<String, ?>>();
- private PrincipalDatabase _principalDatabase = null;
-
- public static final AuthenticationManagerPluginFactory<PrincipalDatabaseAuthenticationManager> FACTORY = new AuthenticationManagerPluginFactory<PrincipalDatabaseAuthenticationManager>()
- {
- public PrincipalDatabaseAuthenticationManager newInstance(final ConfigurationPlugin config) throws ConfigurationException
- {
- final PrincipalDatabaseAuthenticationManagerConfiguration configuration =
- config == null
- ? null
- : (PrincipalDatabaseAuthenticationManagerConfiguration) config.getConfiguration(PrincipalDatabaseAuthenticationManagerConfiguration.class.getName());
-
- // If there is no configuration for this plugin then don't load it.
- if (configuration == null)
- {
- _logger.info("No authentication-manager configuration found for PrincipalDatabaseAuthenticationManager");
- return null;
- }
-
- final PrincipalDatabaseAuthenticationManager pdam = new PrincipalDatabaseAuthenticationManager();
- pdam.configure(configuration);
- pdam.initialise();
- return pdam;
- }
-
- public Class<PrincipalDatabaseAuthenticationManager> getPluginClass()
- {
- return PrincipalDatabaseAuthenticationManager.class;
- }
-
- public String getPluginName()
- {
- return PrincipalDatabaseAuthenticationManager.class.getName();
- }
- };
-
- public static class PrincipalDatabaseAuthenticationManagerConfiguration extends ConfigurationPlugin {
-
- public static final ConfigurationPluginFactory FACTORY = new ConfigurationPluginFactory()
- {
- public List<String> getParentPaths()
- {
- return Arrays.asList("security.pd-auth-manager");
- }
-
- public ConfigurationPlugin newInstance(final String path, final Configuration config) throws ConfigurationException
- {
- final ConfigurationPlugin instance = new PrincipalDatabaseAuthenticationManagerConfiguration();
-
- instance.setConfiguration(path, config);
- return instance;
- }
- };
-
- public String[] getElementsProcessed()
- {
- return new String[] {"principal-database.class",
- "principal-database.attributes.attribute.name",
- "principal-database.attributes.attribute.value"};
- }
-
- public void validateConfiguration() throws ConfigurationException
- {
- }
-
- public String getPrincipalDatabaseClass()
- {
- return getConfig().getString("principal-database.class");
- }
-
- public Map<String,String> getPdClassAttributeMap() throws ConfigurationException
- {
- final List<String> argumentNames = (List) getConfig().getList("principal-database.attributes.attribute.name");
- final List<String> argumentValues = (List) getConfig().getList("principal-database.attributes.attribute.value");
- final Map<String,String> attributes = new HashMap<String,String>(argumentNames.size());
-
- for (int i = 0; i < argumentNames.size(); i++)
- {
- final String argName = argumentNames.get(i);
- final String argValue = argumentValues.get(i);
+ private final PrincipalDatabase _principalDatabase;
- attributes.put(argName, argValue);
- }
-
- return Collections.unmodifiableMap(attributes);
- }
- }
-
- protected PrincipalDatabaseAuthenticationManager()
+ public PrincipalDatabaseAuthenticationManager(PrincipalDatabase pd)
{
+ _principalDatabase = pd;
}
public void initialise()
@@ -246,21 +132,6 @@ public class PrincipalDatabaseAuthentica
_logger.info("Initialised " + mechanism + " SASL provider successfully");
}
- /**
- * @see org.apache.qpid.server.plugins.Plugin#configure(org.apache.qpid.server.configuration.plugins.ConfigurationPlugin)
- */
- public void configure(final ConfigurationPlugin config) throws ConfigurationException
- {
- final PrincipalDatabaseAuthenticationManagerConfiguration pdamConfig = (PrincipalDatabaseAuthenticationManagerConfiguration) config;
- final String pdClazz = pdamConfig.getPrincipalDatabaseClass();
-
- _logger.info("PrincipalDatabase concrete implementation : " + pdClazz);
-
- _principalDatabase = createPrincipalDatabaseImpl(pdClazz);
-
- configPrincipalDatabase(_principalDatabase, pdamConfig);
- }
-
public String getMechanisms()
{
return _mechanisms;
@@ -268,8 +139,11 @@ public class PrincipalDatabaseAuthentica
public SaslServer createSaslServer(String mechanism, String localFQDN, Principal externalPrincipal) throws SaslException
{
- return Sasl.createSaslServer(mechanism, "AMQP", localFQDN, _serverCreationProperties.get(mechanism),
- _callbackHandlerMap.get(mechanism));
+ Map<String, ?> properties = _serverCreationProperties.get(mechanism);
+ CallbackHandler callbackHandler = _callbackHandlerMap.get(mechanism);
+
+ return Sasl.createSaslServer(mechanism, "AMQP", localFQDN, properties,
+ callbackHandler);
}
/**
@@ -284,9 +158,8 @@ public class PrincipalDatabaseAuthentica
if (server.isComplete())
{
- final Subject subject = new Subject();
- subject.getPrincipals().add(new UsernamePrincipal(server.getAuthorizationID()));
- return new AuthenticationResult(subject);
+ final String userId = server.getAuthorizationID();
+ return new AuthenticationResult(new UsernamePrincipal(userId));
}
else
{
@@ -308,9 +181,7 @@ public class PrincipalDatabaseAuthentica
{
if (_principalDatabase.verifyPassword(username, password.toCharArray()))
{
- final Subject subject = new Subject();
- subject.getPrincipals().add(new UsernamePrincipal(username));
- return new AuthenticationResult(subject);
+ return new AuthenticationResult(new UsernamePrincipal(username));
}
else
{
@@ -329,100 +200,8 @@ public class PrincipalDatabaseAuthentica
Security.removeProvider(PROVIDER_NAME);
}
- private PrincipalDatabase createPrincipalDatabaseImpl(final String pdClazz) throws ConfigurationException
- {
- try
- {
- return (PrincipalDatabase) Class.forName(pdClazz).newInstance();
- }
- catch (InstantiationException ie)
- {
- throw new ConfigurationException("Cannot instantiate " + pdClazz, ie);
- }
- catch (IllegalAccessException iae)
- {
- throw new ConfigurationException("Cannot access " + pdClazz, iae);
- }
- catch (ClassNotFoundException cnfe)
- {
- throw new ConfigurationException("Cannot load " + pdClazz + " implementation", cnfe);
- }
- catch (ClassCastException cce)
- {
- throw new ConfigurationException("Expecting a " + PrincipalDatabase.class + " implementation", cce);
- }
- }
-
- private void configPrincipalDatabase(final PrincipalDatabase principalDatabase, final PrincipalDatabaseAuthenticationManagerConfiguration config)
- throws ConfigurationException
- {
-
- final Map<String,String> attributes = config.getPdClassAttributeMap();
-
- for (Iterator<Entry<String, String>> iterator = attributes.entrySet().iterator(); iterator.hasNext();)
- {
- final Entry<String, String> nameValuePair = iterator.next();
- final String methodName = generateSetterName(nameValuePair.getKey());
- final Method method;
- try
- {
- method = principalDatabase.getClass().getMethod(methodName, String.class);
- }
- catch (Exception e)
- {
- throw new ConfigurationException("No method " + methodName + " found in class "
- + principalDatabase.getClass()
- + " hence unable to configure principal database. The method must be public and "
- + "have a single String argument with a void return type", e);
- }
- try
- {
- method.invoke(principalDatabase, PropertyUtils.replaceProperties(nameValuePair.getValue()));
- }
- catch (IllegalArgumentException e)
- {
- throw new ConfigurationException(e.getMessage(), e);
- }
- catch (PropertyException e)
- {
- throw new ConfigurationException(e.getMessage(), e);
- }
- catch (IllegalAccessException e)
- {
- throw new ConfigurationException(e.getMessage(), e);
- }
- catch (InvocationTargetException e)
- {
- // QPID-1347.. InvocationTargetException wraps the checked exception thrown from the reflective
- // method call. Pull out the underlying message and cause to make these more apparent to the user.
- throw new ConfigurationException(e.getCause().getMessage(), e.getCause());
- }
- }
- }
-
public PrincipalDatabase getPrincipalDatabase()
{
return _principalDatabase;
}
-
- private String generateSetterName(String argName) throws ConfigurationException
- {
- if ((argName == null) || (argName.length() == 0))
- {
- throw new ConfigurationException("Argument names must have length >= 1 character");
- }
-
- if (Character.isLowerCase(argName.charAt(0)))
- {
- argName = Character.toUpperCase(argName.charAt(0)) + argName.substring(1);
- }
-
- final String methodName = "set" + argName;
- return methodName;
- }
-
- protected void setPrincipalDatabase(final PrincipalDatabase principalDatabase)
- {
- _principalDatabase = principalDatabase;
- }
}
Modified: qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java?rev=1451244&r1=1451243&r2=1451244&view=diff
==============================================================================
--- qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java (original)
+++ qpid/branches/asyncstore/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java Thu Feb 28 16:14:30 2013
@@ -21,10 +21,10 @@ package org.apache.qpid.server.security.
import java.io.IOException;
import java.security.Principal;
-import java.util.Arrays;
import java.util.HashMap;
import java.util.Hashtable;
-import java.util.List;
+
+import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
@@ -32,7 +32,6 @@ import javax.naming.directory.DirContext
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
-import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
@@ -41,13 +40,10 @@ import javax.security.sasl.AuthorizeCall
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
-import org.apache.commons.configuration.Configuration;
-import org.apache.commons.configuration.ConfigurationException;
import org.apache.log4j.Logger;
-import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
-import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory;
import org.apache.qpid.server.security.auth.AuthenticationResult;
-import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal;
+import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
+import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.sasl.plain.PlainPasswordCallback;
public class SimpleLDAPAuthenticationManager implements AuthenticationManager
@@ -55,123 +51,25 @@ public class SimpleLDAPAuthenticationMan
private static final Logger _logger = Logger.getLogger(SimpleLDAPAuthenticationManager.class);
private static final String PLAIN_MECHANISM = "PLAIN";
- private static final String DEFAULT_LDAP_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
- private String _providerSearchURL;
- private String _searchContext;
- private String _searchFilter;
- private String _providerAuthURL;
- private String _ldapContextFactory;
-
- public static class SimpleLDAPAuthenticationManagerConfiguration extends ConfigurationPlugin
- {
-
- public static final ConfigurationPluginFactory FACTORY =
- new ConfigurationPluginFactory()
- {
- public List<String> getParentPaths()
- {
- return Arrays.asList("security.simple-ldap-auth-manager");
- }
-
- public ConfigurationPlugin newInstance(final String path, final Configuration config) throws ConfigurationException
- {
- final ConfigurationPlugin instance = new SimpleLDAPAuthenticationManagerConfiguration();
-
- instance.setConfiguration(path, config);
- return instance;
- }
- };
-
- private static final String PROVIDER_URL = "provider-url";
- private static final String PROVIDER_SEARCH_URL = "provider-search-url";
- private static final String PROVIDER_AUTH_URL = "provider-auth-url";
- private static final String SEARCH_CONTEXT = "search-context";
- private static final String SEARCH_FILTER = "search-filter";
- private static final String LDAP_CONTEXT_FACTORY = "ldap-context-factory";
-
- public String[] getElementsProcessed()
- {
- return new String[] {PROVIDER_URL, PROVIDER_SEARCH_URL, PROVIDER_AUTH_URL, SEARCH_CONTEXT, SEARCH_FILTER,
- LDAP_CONTEXT_FACTORY};
- }
-
- public void validateConfiguration() throws ConfigurationException
- {
- }
-
- public String getLDAPContextFactory()
- {
- return getConfig().getString(LDAP_CONTEXT_FACTORY, DEFAULT_LDAP_CONTEXT_FACTORY);
- }
-
-
- public String getProviderURL()
- {
- return getConfig().getString(PROVIDER_URL);
- }
-
- public String getProviderSearchURL()
- {
- return getConfig().getString(PROVIDER_SEARCH_URL, getProviderURL());
- }
-
- public String getSearchContext()
- {
- return getConfig().getString(SEARCH_CONTEXT);
- }
-
- public String getSearchFilter()
- {
- return getConfig().getString(SEARCH_FILTER);
- }
-
- public String getProviderAuthURL()
- {
- return getConfig().getString(PROVIDER_AUTH_URL, getProviderURL());
- }
- }
-
-
- public static final AuthenticationManagerPluginFactory<SimpleLDAPAuthenticationManager> FACTORY = new AuthenticationManagerPluginFactory<SimpleLDAPAuthenticationManager>()
- {
- public SimpleLDAPAuthenticationManager newInstance(final ConfigurationPlugin config) throws ConfigurationException
- {
- SimpleLDAPAuthenticationManagerConfiguration configuration =
- config == null
- ? null
- : (SimpleLDAPAuthenticationManagerConfiguration) config.getConfiguration(SimpleLDAPAuthenticationManagerConfiguration.class.getName());
-
- // If there is no configuration for this plugin then don't load it.
- if (configuration == null)
- {
- _logger.info("No authentication-manager configuration found for SimpleLDAPAuthenticationManager");
- return null;
- }
- SimpleLDAPAuthenticationManager simpleLDAPAuthenticationManager = new SimpleLDAPAuthenticationManager();
- simpleLDAPAuthenticationManager.configure(configuration);
- return simpleLDAPAuthenticationManager;
- }
-
- public Class<SimpleLDAPAuthenticationManager> getPluginClass()
- {
- return SimpleLDAPAuthenticationManager.class;
- }
-
- public String getPluginName()
- {
- return SimpleLDAPAuthenticationManager.class.getName();
- }
- };
-
-
- private SimpleLDAPAuthenticationManager()
- {
+ private final String _providerSearchURL;
+ private final String _providerAuthURL;
+ private final String _searchContext;
+ private final String _searchFilter;
+ private final String _ldapContextFactory;
+
+ SimpleLDAPAuthenticationManager(String providerSearchUrl, String providerAuthUrl, String searchContext, String searchFilter, String ldapContextFactory)
+ {
+ _providerSearchURL = providerSearchUrl;
+ _providerAuthURL = providerAuthUrl;
+ _searchContext = searchContext;
+ _searchFilter = searchFilter;
+ _ldapContextFactory = ldapContextFactory;
}
@Override
public void initialise()
{
-
+ validateInitialDirContext();
}
@Override
@@ -205,10 +103,10 @@ public class SimpleLDAPAuthenticationMan
if (server.isComplete())
{
- final Subject subject = new Subject();
- _logger.debug("Authenticated as " + server.getAuthorizationID());
- subject.getPrincipals().add(new UsernamePrincipal(server.getAuthorizationID()));
- return new AuthenticationResult(subject);
+ String authorizationID = server.getAuthorizationID();
+ _logger.debug("Authenticated as " + authorizationID);
+
+ return new AuthenticationResult(new UsernamePrincipal(authorizationID));
}
else
{
@@ -224,34 +122,74 @@ public class SimpleLDAPAuthenticationMan
@Override
public AuthenticationResult authenticate(String username, String password)
{
-
try
{
- return doLDAPNameAuthentication(getNameFromId(username), password);
+ AuthenticationResult result = doLDAPNameAuthentication(getNameFromId(username), password);
+ if(result.getStatus() == AuthenticationStatus.SUCCESS)
+ {
+ //Return a result based on the supplied username rather than the search name
+ return new AuthenticationResult(new UsernamePrincipal(username));
+ }
+ else
+ {
+ return result;
+ }
}
catch (NamingException e)
{
-
return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
-
}
}
- private AuthenticationResult doLDAPNameAuthentication(String username, String password) throws NamingException
+ private AuthenticationResult doLDAPNameAuthentication(String name, String password)
{
+ if(name == null)
+ {
+ //The search didn't return anything, class as not-authenticated before it NPEs below
+ return new AuthenticationResult(AuthenticationStatus.CONTINUE);
+ }
+
Hashtable<Object,Object> env = new Hashtable<Object,Object>();
env.put(Context.INITIAL_CONTEXT_FACTORY, _ldapContextFactory);
env.put(Context.PROVIDER_URL, _providerAuthURL);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
- env.put(Context.SECURITY_PRINCIPAL, username);
+ env.put(Context.SECURITY_PRINCIPAL, name);
env.put(Context.SECURITY_CREDENTIALS, password);
- DirContext ctx = new InitialDirContext(env);
- ctx.close();
- final Subject subject = new Subject();
- subject.getPrincipals().add(new UsernamePrincipal(username));
- return new AuthenticationResult(subject);
+
+ DirContext ctx = null;
+ try
+ {
+ ctx = new InitialDirContext(env);
+
+ //Authentication succeeded
+ return new AuthenticationResult(new UsernamePrincipal(name));
+ }
+ catch(AuthenticationException ae)
+ {
+ //Authentication failed
+ return new AuthenticationResult(AuthenticationStatus.CONTINUE);
+ }
+ catch (NamingException e)
+ {
+ //Some other failure
+ return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
+ }
+ finally
+ {
+ if(ctx != null)
+ {
+ try
+ {
+ ctx.close();
+ }
+ catch (Exception e)
+ {
+ _logger.warn("Exception closing InitialDirContext", e);
+ }
+ }
+ }
}
@Override
@@ -259,17 +197,8 @@ public class SimpleLDAPAuthenticationMan
{
}
- @Override
- public void configure(ConfigurationPlugin config) throws ConfigurationException
+ private void validateInitialDirContext()
{
- SimpleLDAPAuthenticationManagerConfiguration ldapConfig = (SimpleLDAPAuthenticationManagerConfiguration) config;
-
- _ldapContextFactory = ldapConfig.getLDAPContextFactory();
- _providerSearchURL = ldapConfig.getProviderSearchURL();
- _providerAuthURL = ldapConfig.getProviderAuthURL();
- _searchContext = ldapConfig.getSearchContext();
- _searchFilter = ldapConfig.getSearchFilter();
-
Hashtable<String,Object> env = new Hashtable<String, Object>();
env.put(Context.INITIAL_CONTEXT_FACTORY, _ldapContextFactory);
env.put(Context.PROVIDER_URL, _providerSearchURL);
@@ -277,11 +206,11 @@ public class SimpleLDAPAuthenticationMan
try
{
- new InitialDirContext(env);
+ new InitialDirContext(env).close();
}
catch (NamingException e)
{
- throw new ConfigurationException("Unable to establish anonymous connection to the ldap server at " + _providerSearchURL, e);
+ throw new RuntimeException("Unable to establish anonymous connection to the ldap server at " + _providerSearchURL, e);
}
}
@@ -305,19 +234,11 @@ public class SimpleLDAPAuthenticationMan
}
catch (NamingException e)
{
- _logger.info("SASL Authentication Error", e);
+ _logger.warn("SASL Authentication Exception", e);
}
if(password != null)
{
- try
- {
- authenticated = doLDAPNameAuthentication(name, password);
-
- }
- catch (NamingException e)
- {
- authenticated = new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
- }
+ authenticated = doLDAPNameAuthentication(name, password);
}
}
else if (callback instanceof PlainPasswordCallback)
@@ -325,17 +246,10 @@ public class SimpleLDAPAuthenticationMan
password = ((PlainPasswordCallback)callback).getPlainPassword();
if(name != null)
{
- try
+ authenticated = doLDAPNameAuthentication(name, password);
+ if(authenticated.getStatus()== AuthenticationResult.AuthenticationStatus.SUCCESS)
{
- authenticated = doLDAPNameAuthentication(name, password);
- if(authenticated.getStatus()== AuthenticationResult.AuthenticationStatus.SUCCESS)
- {
- ((PlainPasswordCallback)callback).setAuthenticated(true);
- }
- }
- catch (NamingException e)
- {
- authenticated = new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
+ ((PlainPasswordCallback)callback).setAuthenticated(true);
}
}
}
@@ -357,7 +271,6 @@ public class SimpleLDAPAuthenticationMan
env.put(Context.INITIAL_CONTEXT_FACTORY, _ldapContextFactory);
env.put(Context.PROVIDER_URL, _providerSearchURL);
-
env.put(Context.SECURITY_AUTHENTICATION, "none");
DirContext ctx = null;
@@ -382,7 +295,14 @@ public class SimpleLDAPAuthenticationMan
}
finally
{
- ctx.close();
+ try
+ {
+ ctx.close();
+ }
+ catch (Exception e)
+ {
+ _logger.warn("Exception closing InitialDirContext", e);
+ }
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org