You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ri...@apache.org on 2007/04/05 18:48:00 UTC
svn commit: r525867 - in /incubator/qpid/branches/M2/java/broker: etc/access
src/main/java/org/apache/qpid/server/security/access/FileAccessManager.java
src/main/java/org/apache/qpid/server/security/access/PrincipalDatabaseAccessManager.java
Author: ritchiem
Date: Thu Apr 5 09:47:59 2007
New Revision: 525867
URL: http://svn.apache.org/viewvc?view=rev&rev=525867
Log:
QPID-416 Provided simple update to Access Control via FileAccessManager to allow access rights for a virtualhost to be stored in a separate file.
Updated PrincipalDatabaseAccessManager to use the default AccessManager if the specified PrincipalDatabase is not an AccessManager.
Added:
incubator/qpid/branches/M2/java/broker/etc/access
incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/FileAccessManager.java (with props)
Modified:
incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalDatabaseAccessManager.java
Added: incubator/qpid/branches/M2/java/broker/etc/access
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/broker/etc/access?view=auto&rev=525867
==============================================================================
--- incubator/qpid/branches/M2/java/broker/etc/access (added)
+++ incubator/qpid/branches/M2/java/broker/etc/access Thu Apr 5 09:47:59 2007
@@ -0,0 +1 @@
+guest:test
Added: incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/FileAccessManager.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/FileAccessManager.java?view=auto&rev=525867
==============================================================================
--- incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/FileAccessManager.java (added)
+++ incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/FileAccessManager.java Thu Apr 5 09:47:59 2007
@@ -0,0 +1,162 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ *
+ */
+package org.apache.qpid.server.security.access;
+
+import org.apache.qpid.server.virtualhost.VirtualHost;
+import org.apache.log4j.Logger;
+
+import java.io.IOException;
+import java.io.BufferedReader;
+import java.io.FileReader;
+import java.io.FileNotFoundException;
+import java.io.File;
+import java.util.regex.Pattern;
+
+/**
+ * Represents a user database where the account information is stored in a simple flat file.
+ *
+ * The file is expected to be in the form: username:password username1:password1 ... usernamen:passwordn
+ *
+ * where a carriage return separates each username/password pair. Passwords are assumed to be in plain text.
+ */
+public class FileAccessManager implements AccessManager
+{
+ private static final Logger _logger = Logger.getLogger(FileAccessManager.class);
+
+ protected File _accessFile;
+
+ protected Pattern _regexp = Pattern.compile(":");
+
+ private static final short USER_INDEX = 0;
+ private static final short VIRTUALHOST_INDEX = 1;
+
+ public void setAccessFile(String accessFile) throws FileNotFoundException
+ {
+ File f = new File(accessFile);
+ _logger.info("FileAccessManager using file " + f.getAbsolutePath());
+ _accessFile = f;
+ if (!f.exists())
+ {
+ throw new FileNotFoundException("Cannot find access file " + f);
+ }
+ if (!f.canRead())
+ {
+ throw new FileNotFoundException("Cannot read access file " + f +
+ ". Check permissions.");
+ }
+ }
+
+ /**
+ * Looks up the virtual hosts for a specified user in the access file.
+ *
+ * @param user The user to lookup
+ *
+ * @return a list of virtualhosts
+ */
+ private String[] lookupVirtualHost(String user)
+ {
+ return lookup(user, VIRTUALHOST_INDEX);
+ }
+
+
+ private String[] lookup(String user, int index)
+ {
+ try
+ {
+ BufferedReader reader = null;
+ try
+ {
+ reader = new BufferedReader(new FileReader(_accessFile));
+ String line;
+
+ while ((line = reader.readLine()) != null)
+ {
+ String[] result = _regexp.split(line);
+ if (result == null || result.length < (index + 1))
+ {
+ continue;
+ }
+
+ if (user.equals(result[USER_INDEX]))
+ {
+ return result[index].split(",");
+ }
+ }
+ return null;
+ }
+ finally
+ {
+ if (reader != null)
+ {
+ reader.close();
+ }
+ }
+ }
+ catch (IOException ioe)
+ {
+ //ignore
+ }
+ return null;
+ }
+
+
+ public AccessResult isAuthorized(Accessable accessObject, String username)
+ {
+ if (accessObject instanceof VirtualHost)
+ {
+ String[] hosts = lookupVirtualHost(username);
+
+ if (hosts != null)
+ {
+ for (String host : hosts)
+ {
+ if (accessObject.getAccessableName().equals(host))
+ {
+ return new AccessResult(this, AccessResult.AccessStatus.GRANTED);
+ }
+ }
+ }
+ }
+// else if (accessObject instanceof AMQQueue)
+// {
+// String[] queues = lookupQueue(username, ((AMQQueue) accessObject).getVirtualHost());
+//
+// if (queues != null)
+// {
+// for (String queue : queues)
+// {
+// if (accessObject.getAccessableName().equals(queue))
+// {
+// return new AccessResult(this, AccessResult.AccessStatus.GRANTED);
+// }
+// }
+// }
+// }
+
+ return new AccessResult(this, AccessResult.AccessStatus.REFUSED);
+ }
+
+ public String getName()
+ {
+ return "FileAccessManager";
+ }
+
+}
Propchange: incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/FileAccessManager.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/FileAccessManager.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalDatabaseAccessManager.java
URL: http://svn.apache.org/viewvc/incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalDatabaseAccessManager.java?view=diff&rev=525867&r1=525866&r2=525867
==============================================================================
--- incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalDatabaseAccessManager.java (original)
+++ incubator/qpid/branches/M2/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalDatabaseAccessManager.java Thu Apr 5 09:47:59 2007
@@ -75,7 +75,15 @@
}
else
{
- result = ((AccessManager) _database).isAuthorized(accessObject, username);
+ if (!(_database instanceof AccessManager))
+ {
+ _logger.warn("Specified PrincipalDatabase is not an AccessManager so using default AccessManager");
+ result = _default.isAuthorized(accessObject, username);
+ }
+ else
+ {
+ result = ((AccessManager) _database).isAuthorized(accessObject, username);
+ }
}
result.addAuthorizer(this);