You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2016/10/31 16:32:03 UTC
svn commit: r1767325 - in /qpid/java/trunk/broker-core/src:
main/java/org/apache/qpid/server/security/auth/manager/
test/java/org/apache/qpid/server/security/auth/manager/
Author: orudyy
Date: Mon Oct 31 16:32:03 2016
New Revision: 1767325
URL: http://svn.apache.org/viewvc?rev=1767325&view=rev
Log:
QPID-7485: [Java Broker] File based authentication providers should not allow changing of password file to non-existing file
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java
qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java?rev=1767325&r1=1767324&r2=1767325&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java Mon Oct 31 16:32:03 2016
@@ -374,6 +374,23 @@ public abstract class PrincipalDatabaseA
{
throw new IllegalConfigurationException("Changing the type of authentication provider is not supported");
}
+
+ if (changedAttributes.contains(PATH) && !updated.getPath().equals(getPath()))
+ {
+ PrincipalDatabase db = createDatabase();
+ try
+ {
+ db.open(new File(updated.getPath()));
+ }
+ catch (FileNotFoundException e)
+ {
+ throw new IllegalConfigurationException("User database does not exists at specified location : " + e.getMessage(), e);
+ }
+ catch (IOException e)
+ {
+ throw new IllegalConfigurationException("Cannot use password database at :" + _path, e);
+ }
+ }
}
@Override
Modified: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java?rev=1767325&r1=1767324&r2=1767325&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java (original)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java Mon Oct 31 16:32:03 2016
@@ -27,6 +27,7 @@ import static org.mockito.Mockito.when;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
+import java.io.IOException;
import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
@@ -147,6 +148,16 @@ public class PrincipalDatabaseAuthentica
_principalDatabase = new PlainPasswordFilePrincipalDatabase(mockAuthProvider);
setupManager(true);
+ createPasswordFile();
+ _manager.initialise();
+ List<Principal> users = _principalDatabase.getUsers();
+ assertEquals("Unexpected uses size", 1, users.size());
+ Principal p = _principalDatabase.getUser("admin");
+ assertEquals("Unexpected principal name", "admin", p.getName());
+ }
+
+ private void createPasswordFile() throws IOException
+ {
File f = new File(_passwordFileLocation);
f.createNewFile();
FileOutputStream fos = null;
@@ -162,11 +173,32 @@ public class PrincipalDatabaseAuthentica
fos.close();
}
}
+ }
+
+ public void testChangePathToNonExistentFile() throws Exception
+ {
+ AuthenticationProvider mockAuthProvider = mock(AuthenticationProvider.class);
+ when(mockAuthProvider.getContextValue(Integer.class, AbstractScramAuthenticationManager.QPID_AUTHMANAGER_SCRAM_ITERATION_COUNT)).thenReturn(4096);
+ _principalDatabase = new PlainPasswordFilePrincipalDatabase(mockAuthProvider);
+ setupManager(true);
+
+ createPasswordFile();
_manager.initialise();
- List<Principal> users = _principalDatabase.getUsers();
- assertEquals("Unexpected uses size", 1, users.size());
- Principal p = _principalDatabase.getUser("admin");
- assertEquals("Unexpected principal name", "admin", p.getName());
+
+ File file = new File(_passwordFileLocation + System.currentTimeMillis());
+ assertFalse("Password file should not exist", file.exists());
+
+ try
+ {
+ _manager.setAttributes(Collections.singletonMap(PrincipalDatabaseAuthenticationManager.PATH,
+ file.getAbsoluteFile()));
+ fail("Changing password file location to nonexisting file should not be allowed");
+ }
+ catch (IllegalConfigurationException e)
+ {
+ // pass
+ }
+
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org