You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2017/09/29 09:26:01 UTC
[2/2] qpid-broker-j git commit: QPID-7935: [Java Broker] [ACL] Allow
an ACL file format to convey a default result of DEFER
QPID-7935: [Java Broker] [ACL] Allow an ACL file format to convey a default result of DEFER
Changed AbstractCommonRuleBasedAccessControlProvider#extractRules to write a default decision CONFIG directive if the decision is not the default.
Required so that a user may use extractRules -> edit -> loadFromFile without the loss of the current default decision.
Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/16a186ba
Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/16a186ba
Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/16a186ba
Branch: refs/heads/master
Commit: 16a186babfa8ec9383b247172e255dc6a2951346
Parents: 1a9875c
Author: Keith Wall <kw...@apache.org>
Authored: Thu Sep 28 13:03:49 2017 +0100
Committer: Keith Wall <kw...@apache.org>
Committed: Fri Sep 29 10:24:34 2017 +0100
----------------------------------------------------------------------
.../security/access/config/AclFileParser.java | 13 +++++++----
...actCommonRuleBasedAccessControlProvider.java | 10 ++++++++
.../access/config/AclFileParserTest.java | 24 ++++++++++++++++----
3 files changed, 38 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/16a186ba/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/AclFileParser.java
----------------------------------------------------------------------
diff --git a/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/AclFileParser.java b/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/AclFileParser.java
index c071345..d5b61e5 100644
--- a/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/AclFileParser.java
+++ b/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/AclFileParser.java
@@ -45,8 +45,9 @@ import org.apache.qpid.server.security.access.plugins.RuleOutcome;
public final class AclFileParser
{
private static final Logger _logger = LoggerFactory.getLogger(AclFileParser.class);
- private static final String DEFAULT_ALLOW = "defaultallow";
- private static final String DEFAULT_DENY = "defaultdeny";
+ public static final String DEFAULT_ALLOW = "defaultallow";
+ public static final String DEFAULT_DEFER = "defaultdefer";
+ public static final String DEFAULT_DENY = "defaultdeny";
private static final Character COMMENT = '#';
private static final Character CONTINUATION = '\\';
@@ -138,7 +139,7 @@ public final class AclFileParser
tokenizer.wordChars(':', ':'); // colon
// parse the acl file lines
- Stack<String> stack = new Stack<String>();
+ Stack<String> stack = new Stack<>();
int current;
do {
current = tokenizer.nextToken();
@@ -301,6 +302,10 @@ public final class AclFileParser
{
ruleSetCreator.setDefaultResult(Result.ALLOWED);
}
+ if (Boolean.TRUE.equals(properties.get(DEFAULT_DEFER)))
+ {
+ ruleSetCreator.setDefaultResult(Result.DEFER);
+ }
if (Boolean.TRUE.equals(properties.get(DEFAULT_DENY)))
{
ruleSetCreator.setDefaultResult(Result.DENIED);
@@ -337,7 +342,7 @@ public final class AclFileParser
/** Converts a {@link List} of "name", "=", "value" tokens into a {@link Map}. */
private static Map<String, Boolean> toPluginProperties(List<String> args, final int line)
{
- Map<String, Boolean> properties = new HashMap<String, Boolean>();
+ Map<String, Boolean> properties = new HashMap<>();
Iterator<String> i = args.iterator();
while (i.hasNext())
{
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/16a186ba/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/AbstractCommonRuleBasedAccessControlProvider.java
----------------------------------------------------------------------
diff --git a/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/AbstractCommonRuleBasedAccessControlProvider.java b/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/AbstractCommonRuleBasedAccessControlProvider.java
index 43379ae..3b92c65 100644
--- a/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/AbstractCommonRuleBasedAccessControlProvider.java
+++ b/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/AbstractCommonRuleBasedAccessControlProvider.java
@@ -159,6 +159,16 @@ abstract class AbstractCommonRuleBasedAccessControlProvider<X extends AbstractCo
public Content extractRules()
{
StringBuilder sb = new StringBuilder();
+ switch (_defaultResult)
+ {
+ case DENIED:
+ // This is the default assumed by ResultSet for ACL files without a CONFIG directive
+ break;
+ case ALLOWED:
+ case DEFER:
+ sb.append(String.format("CONFIG %s=true\n", _defaultResult == Result.ALLOWED ? AclFileParser.DEFAULT_ALLOW : AclFileParser.DEFAULT_DEFER));
+ break;
+ }
for(AclRule rule : _rules)
{
sb.append("ACL ");
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/16a186ba/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/AclFileParserTest.java
----------------------------------------------------------------------
diff --git a/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/AclFileParserTest.java b/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/AclFileParserTest.java
index e9b8b22..8359840 100644
--- a/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/AclFileParserTest.java
+++ b/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/AclFileParserTest.java
@@ -28,6 +28,7 @@ import java.util.List;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.logging.EventLoggerProvider;
+import org.apache.qpid.server.security.Result;
import org.apache.qpid.server.security.access.config.ObjectProperties.Property;
import org.apache.qpid.test.utils.QpidTestCase;
@@ -39,18 +40,24 @@ public class AclFileParserTest extends QpidTestCase
acl.deleteOnExit();
// Write ACL file
- PrintWriter aclWriter = new PrintWriter(new FileWriter(acl));
- for (String line : aclData)
+ try (PrintWriter aclWriter = new PrintWriter(new FileWriter(acl)))
{
- aclWriter.println(line);
+ for (String line : aclData)
+ {
+ aclWriter.println(line);
+ }
}
- aclWriter.close();
// Load ruleset
return AclFileParser.parse(new FileReader(acl), mock(EventLoggerProvider.class));
-
}
+ public void testEmptyRuleSetDefaults() throws Exception
+ {
+ RuleSet ruleSet = writeACLConfig();
+ assertEquals(0, ruleSet.getRuleCount());
+ assertEquals(Result.DENIED, ruleSet.getDefault());
+ }
public void testACLFileSyntaxContinuation() throws Exception
{
try
@@ -157,6 +164,13 @@ public class AclFileParserTest extends QpidTestCase
}
}
+ public void testValidConfig() throws Exception
+ {
+ RuleSet ruleSet = writeACLConfig("CONFIG defaultdefer=true");
+ assertEquals("Unexpected number of rules", 0, ruleSet.getRuleCount());
+ assertEquals("Unexpected number of rules", Result.DEFER, ruleSet.getDefault());
+ }
+
/**
* Tests interpretation of an acl rule with no object properties.
*
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org