You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2012/09/28 14:46:32 UTC
svn commit: r1391431 - in
/qpid/trunk/qpid/java/broker-plugins/access-control/src:
main/java/org/apache/qpid/server/security/access/config/
main/java/org/apache/qpid/server/security/access/firewall/
test/java/org/apache/qpid/server/security/access/conf...
Author: kwall
Date: Fri Sep 28 12:46:31 2012
New Revision: 1391431
URL: http://svn.apache.org/viewvc?rev=1391431&view=rev
Log:
QPID-4334: addressed Keith's review comments. Also moved PlainConfigurationTest to the correct package.
Applied patch from Philip Harvey <ph...@philharveyonline.com>.
Added:
qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/ActionTest.java
qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/PlainConfigurationTest.java
- copied, changed from r1391430, qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/PlainConfigurationTest.java
Removed:
qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/PlainConfigurationTest.java
Modified:
qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/AclRulePredicates.java
qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/Action.java
qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/PlainConfiguration.java
qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/firewall/AccessControlFirewallException.java
qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/firewall/HostnameFirewallRule.java
qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/firewall/InetNetwork.java
Modified: qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/AclRulePredicates.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/AclRulePredicates.java?rev=1391431&r1=1391430&r2=1391431&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/AclRulePredicates.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/AclRulePredicates.java Fri Sep 28 12:46:31 2012
@@ -61,7 +61,10 @@ public class AclRulePredicates
_properties.put(property, value);
}
- _logger.debug("Parsed " + property + " with value " + value);
+ if (_logger.isDebugEnabled())
+ {
+ _logger.debug("Parsed " + property + " with value " + value);
+ }
}
private void checkFirewallRuleNotAlreadyDefined(String key, String value)
Modified: qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/Action.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/Action.java?rev=1391431&r1=1391430&r2=1391431&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/Action.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/Action.java Fri Sep 28 12:46:31 2012
@@ -43,9 +43,9 @@ import org.apache.qpid.server.security.a
*/
public class Action
{
- private Operation _operation;
- private ObjectType _object;
- private ObjectProperties _properties;
+ private final Operation _operation;
+ private final ObjectType _object;
+ private final ObjectProperties _properties;
public Action(Operation operation)
{
@@ -64,9 +64,9 @@ public class Action
public Action(Operation operation, ObjectType object, ObjectProperties properties)
{
- setOperation(operation);
- setObjectType(object);
- setProperties(properties);
+ _operation = operation;
+ _object = object;
+ _properties = properties;
}
public Operation getOperation()
@@ -74,44 +74,63 @@ public class Action
return _operation;
}
- public void setOperation(Operation operation)
- {
- _operation = operation;
- }
-
public ObjectType getObjectType()
{
return _object;
}
- public void setObjectType(ObjectType object)
+ public ObjectProperties getProperties()
{
- _object = object;
+ return _properties;
}
- public ObjectProperties getProperties()
+ public boolean isAllowed()
{
- return _properties;
+ return _object.isAllowed(_operation);
}
- public void setProperties(ObjectProperties properties)
+ public boolean matches(Action a)
{
- _properties = properties;
+ if (!operationsMatch(a))
+ {
+ return false;
+ }
+
+ if (!objectTypesMatch(a))
+ {
+ return false;
+ }
+
+ if (!propertiesMatch(a))
+ {
+ return false;
+ }
+
+ return true;
}
- public boolean isAllowed()
+ private boolean operationsMatch(Action a)
{
- return _object.isAllowed(_operation);
+ return Operation.ALL == a.getOperation() || getOperation() == a.getOperation();
}
- /** @see Comparable#compareTo(Object) */
- public boolean matches(Action a)
+ private boolean objectTypesMatch(Action a)
{
- boolean operationMatches = Operation.ALL == a.getOperation() || getOperation() == a.getOperation();
- boolean objectTypeMatches = ObjectType.ALL == a.getObjectType() || getObjectType() == a.getObjectType();
- boolean propertiesMatch = _properties.matches(a.getProperties());
+ return ObjectType.ALL == a.getObjectType() || getObjectType() == a.getObjectType();
+ }
- return (operationMatches && objectTypeMatches && propertiesMatch);
+ private boolean propertiesMatch(Action a)
+ {
+ boolean propertiesMatch = false;
+ if (_properties != null)
+ {
+ propertiesMatch = _properties.matches(a.getProperties());
+ }
+ else if (a.getProperties() == null)
+ {
+ propertiesMatch = true;
+ }
+ return propertiesMatch;
}
@Override
Modified: qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/PlainConfiguration.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/PlainConfiguration.java?rev=1391431&r1=1391430&r2=1391431&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/PlainConfiguration.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/PlainConfiguration.java Fri Sep 28 12:46:31 2012
@@ -49,20 +49,21 @@ public class PlainConfiguration extends
public static final String ACL = "acl";
public static final String CONFIG = "config";
- public static final String UNRECOGNISED_INITIAL_MSG = "Unrecognised initial token '%s' at line %d";
- public static final String NOT_ENOUGH_TOKENS_MSG = "Not enough tokens at line %d";
- public static final String NUMBER_NOT_ALLOWED_MSG = "Number not allowed before '%s' at line %d";
- public static final String CANNOT_LOAD_MSG = "Cannot load config file %s";
- public static final String PREMATURE_CONTINUATION_MSG = "Premature continuation character at line %d";
- public static final String PREMATURE_EOF_MSG = "Premature end of file reached at line %d";
- public static final String PARSE_TOKEN_FAILED_MSG = "Failed to parse token at line %d";
- public static final String CONFIG_NOT_FOUND_MSG = "Cannot find config file %s";
- public static final String NOT_ENOUGH_ACL_MSG = "Not enough data for an acl at line %d";
- public static final String NOT_ENOUGH_CONFIG_MSG = "Not enough data for config at line %d";
- public static final String BAD_ACL_RULE_NUMBER_MSG = "Invalid rule number at line %d";
- public static final String PROPERTY_KEY_ONLY_MSG = "Incomplete property (key only) at line %d";
- public static final String PROPERTY_NO_EQUALS_MSG = "Incomplete property (no equals) at line %d";
- public static final String PROPERTY_NO_VALUE_MSG = "Incomplete property (no value) at line %d";
+ static final String UNRECOGNISED_INITIAL_MSG = "Unrecognised initial token '%s' at line %d";
+ static final String NOT_ENOUGH_TOKENS_MSG = "Not enough tokens at line %d";
+ static final String NUMBER_NOT_ALLOWED_MSG = "Number not allowed before '%s' at line %d";
+ static final String CANNOT_LOAD_MSG = "Cannot load config file %s";
+ static final String CANNOT_CLOSE_MSG = "Cannot close config file %s";
+ static final String PREMATURE_CONTINUATION_MSG = "Premature continuation character at line %d";
+ static final String PREMATURE_EOF_MSG = "Premature end of file reached at line %d";
+ static final String PARSE_TOKEN_FAILED_MSG = "Failed to parse token at line %d";
+ static final String CONFIG_NOT_FOUND_MSG = "Cannot find config file %s";
+ static final String NOT_ENOUGH_ACL_MSG = "Not enough data for an acl at line %d";
+ static final String NOT_ENOUGH_CONFIG_MSG = "Not enough data for config at line %d";
+ static final String BAD_ACL_RULE_NUMBER_MSG = "Invalid rule number at line %d";
+ static final String PROPERTY_KEY_ONLY_MSG = "Incomplete property (key only) at line %d";
+ static final String PROPERTY_NO_EQUALS_MSG = "Incomplete property (no equals) at line %d";
+ static final String PROPERTY_NO_VALUE_MSG = "Incomplete property (no value) at line %d";
private StreamTokenizer _st;
@@ -77,6 +78,7 @@ public class PlainConfiguration extends
RuleSet ruleSet = super.load();
File file = getFile();
+ FileReader fileReader = null;
try
{
@@ -85,7 +87,8 @@ public class PlainConfiguration extends
_logger.debug("About to load ACL file " + file);
}
- _st = new StreamTokenizer(new BufferedReader(new FileReader(file)));
+ fileReader = new FileReader(file);
+ _st = new StreamTokenizer(new BufferedReader(fileReader));
_st.resetSyntax(); // setup the tokenizer
_st.commentChar(COMMENT); // single line comments
@@ -210,6 +213,21 @@ public class PlainConfiguration extends
{
throw new ConfigurationException(String.format(CANNOT_LOAD_MSG, file.getName()), ioe);
}
+ finally
+ {
+ if(fileReader != null)
+ {
+ try
+ {
+ fileReader.close();
+ }
+ catch (IOException e)
+ {
+ throw new ConfigurationException(String.format(CANNOT_CLOSE_MSG, file.getName()), e);
+ }
+ }
+ }
+
return ruleSet;
}
Modified: qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/firewall/AccessControlFirewallException.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/firewall/AccessControlFirewallException.java?rev=1391431&r1=1391430&r2=1391431&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/firewall/AccessControlFirewallException.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/firewall/AccessControlFirewallException.java Fri Sep 28 12:46:31 2012
@@ -25,19 +25,23 @@ public class AccessControlFirewallExcept
/** serialVersionUID */
private static final long serialVersionUID = 4526157149690917805L;
- public AccessControlFirewallException() {
- super();
+ public AccessControlFirewallException()
+ {
+ super();
}
- public AccessControlFirewallException(String message) {
- super(message);
+ public AccessControlFirewallException(String message)
+ {
+ super(message);
}
- public AccessControlFirewallException(String message, Throwable cause) {
+ public AccessControlFirewallException(String message, Throwable cause)
+ {
super(message, cause);
}
- public AccessControlFirewallException(Throwable cause) {
+ public AccessControlFirewallException(Throwable cause)
+ {
super(cause);
}
}
\ No newline at end of file
Modified: qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/firewall/HostnameFirewallRule.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/firewall/HostnameFirewallRule.java?rev=1391431&r1=1391430&r2=1391431&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/firewall/HostnameFirewallRule.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/firewall/HostnameFirewallRule.java Fri Sep 28 12:46:31 2012
@@ -65,13 +65,12 @@ public class HostnameFirewallRule implem
String hostname = getHostname(remote);
if (hostname == null)
{
- throw new AccessControlFirewallException("DNS lookup failed");
+ throw new AccessControlFirewallException("DNS lookup failed for address " + remote);
}
for (Pattern pattern : _hostnamePatterns)
{
boolean hostnameMatches = pattern.matcher(hostname).matches();
-
if (hostnameMatches)
{
if(_logger.isDebugEnabled())
@@ -114,6 +113,7 @@ public class HostnameFirewallRule implem
}
catch (Exception e)
{
+ _logger.warn("Unable to look up hostname from address " + remote, e);
return null;
}
finally
Modified: qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/firewall/InetNetwork.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/firewall/InetNetwork.java?rev=1391431&r1=1391430&r2=1391431&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/firewall/InetNetwork.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/firewall/InetNetwork.java Fri Sep 28 12:46:31 2012
@@ -32,7 +32,7 @@ class InetNetwork
public InetNetwork(InetAddress ip, InetAddress netmask)
{
- network = maskIP(ip, netmask);
+ this.network = maskIP(ip, netmask);
this.netmask = netmask;
}
@@ -46,20 +46,25 @@ class InetNetwork
return network.equals(maskIP(ip, netmask));
}
+ @Override
public String toString()
{
return network.getHostAddress() + "/" + netmask.getHostAddress();
}
+ @Override
public int hashCode()
{
return maskIP(network, netmask).hashCode();
}
+ @Override
public boolean equals(Object obj)
{
- return (obj != null) && (obj instanceof InetNetwork) &&
- ((((InetNetwork)obj).network.equals(network)) && (((InetNetwork)obj).netmask.equals(netmask)));
+ return (obj != null) &&
+ (obj instanceof InetNetwork) &&
+ ((InetNetwork)obj).network.equals(network) &&
+ ((InetNetwork)obj).netmask.equals(netmask);
}
public static InetNetwork getFromString(String netspec) throws java.net.UnknownHostException
@@ -81,7 +86,8 @@ class InetNetwork
}
}
- return new InetNetwork(InetAddress.getByName(netspec.substring(0, netspec.indexOf('/'))),
+ return new InetNetwork(
+ InetAddress.getByName(netspec.substring(0, netspec.indexOf('/'))),
InetAddress.getByName(netspec.substring(netspec.indexOf('/') + 1)));
}
@@ -89,15 +95,17 @@ class InetNetwork
{
try
{
- return getByAddress(new byte[]
- {
- (byte) (mask[0] & ip[0]),
- (byte) (mask[1] & ip[1]),
- (byte) (mask[2] & ip[2]),
- (byte) (mask[3] & ip[3])
- });
+ return getByAddress(
+ new byte[]
+ {
+ (byte) (mask[0] & ip[0]),
+ (byte) (mask[1] & ip[1]),
+ (byte) (mask[2] & ip[2]),
+ (byte) (mask[3] & ip[3])
+ }
+ );
}
- catch(Exception _) {}
+ catch (Exception _)
{
return null;
}
@@ -150,34 +158,9 @@ class InetNetwork
Integer.toString(mask >> 0 & 0xFF, 10);
}
- private static java.lang.reflect.Method getByAddress = null;
-
- static {
- try {
- Class<?> inetAddressClass = Class.forName("java.net.InetAddress");
- Class<?>[] parameterTypes = { byte[].class };
- getByAddress = inetAddressClass.getMethod("getByAddress", parameterTypes);
- } catch (Exception e) {
- getByAddress = null;
- }
- }
-
private static InetAddress getByAddress(byte[] ip) throws java.net.UnknownHostException
{
- InetAddress addr = null;
- if (getByAddress != null)
- {
- try
- {
- addr = (InetAddress) getByAddress.invoke(null, new Object[] { ip });
- }
- catch (IllegalAccessException e)
- {
- }
- catch (java.lang.reflect.InvocationTargetException e)
- {
- }
- }
+ InetAddress addr = InetAddress.getByAddress(ip);
if (addr == null) {
addr = InetAddress.getByName
@@ -188,6 +171,7 @@ class InetNetwork
Integer.toString(ip[3] & 0xFF, 10)
);
}
+
return addr;
}
}
\ No newline at end of file
Added: qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/ActionTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/ActionTest.java?rev=1391431&view=auto
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/ActionTest.java (added)
+++ qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/ActionTest.java Fri Sep 28 12:46:31 2012
@@ -0,0 +1,95 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.qpid.server.security.access.config;
+
+import static org.mockito.Mockito.*;
+
+import org.apache.qpid.server.security.access.ObjectProperties;
+import org.apache.qpid.server.security.access.ObjectType;
+import org.apache.qpid.server.security.access.Operation;
+
+import junit.framework.TestCase;
+
+public class ActionTest extends TestCase
+{
+ private ObjectProperties _properties1 = mock(ObjectProperties.class);
+ private ObjectProperties _properties2 = mock(ObjectProperties.class);
+
+ public void testMatchesReturnsTrueForMatchingActions()
+ {
+ when(_properties1.matches(_properties2)).thenReturn(true);
+
+ assertMatches(
+ new Action(Operation.CONSUME, ObjectType.QUEUE, _properties1),
+ new Action(Operation.CONSUME, ObjectType.QUEUE, _properties2));
+ }
+
+ public void testMatchesReturnsFalseWhenOperationsDiffer()
+ {
+ assertDoesntMatch(
+ new Action(Operation.CONSUME, ObjectType.QUEUE, _properties1),
+ new Action(Operation.CREATE, ObjectType.QUEUE, _properties1));
+ }
+
+ public void testMatchesReturnsFalseWhenOperationTypesDiffer()
+ {
+ assertDoesntMatch(
+ new Action(Operation.CREATE, ObjectType.QUEUE, _properties1),
+ new Action(Operation.CREATE, ObjectType.EXCHANGE, _properties1));
+ }
+
+ public void testMatchesReturnsFalseWhenOperationPropertiesDiffer()
+ {
+ assertDoesntMatch(
+ new Action(Operation.CREATE, ObjectType.QUEUE, _properties1),
+ new Action(Operation.CREATE, ObjectType.QUEUE, _properties2));
+ }
+
+ public void testMatchesReturnsFalseWhenMyOperationPropertiesIsNull()
+ {
+ assertDoesntMatch(
+ new Action(Operation.CREATE, ObjectType.QUEUE, (ObjectProperties)null),
+ new Action(Operation.CREATE, ObjectType.QUEUE, _properties1));
+ }
+
+ public void testMatchesReturnsFalseWhenOtherOperationPropertiesIsNull()
+ {
+ assertDoesntMatch(
+ new Action(Operation.CREATE, ObjectType.QUEUE, _properties1),
+ new Action(Operation.CREATE, ObjectType.QUEUE, (ObjectProperties)null));
+ }
+
+ public void testMatchesReturnsTrueWhenBothOperationPropertiesAreNull()
+ {
+ assertMatches(
+ new Action(Operation.CREATE, ObjectType.QUEUE, (ObjectProperties)null),
+ new Action(Operation.CREATE, ObjectType.QUEUE, (ObjectProperties)null));
+ }
+
+ private void assertMatches(Action action1, Action action2)
+ {
+ assertTrue(action1 + " should match " + action2, action1.matches(action2));
+ }
+
+ private void assertDoesntMatch(Action action1, Action action2)
+ {
+ assertFalse(action1 + " should not match " + action2, action1.matches(action2));
+ }
+
+}
Copied: qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/PlainConfigurationTest.java (from r1391430, qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/PlainConfigurationTest.java)
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/PlainConfigurationTest.java?p2=qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/PlainConfigurationTest.java&p1=qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/PlainConfigurationTest.java&r1=1391430&r2=1391431&rev=1391431&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/PlainConfigurationTest.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/config/PlainConfigurationTest.java Fri Sep 28 12:46:31 2012
@@ -16,7 +16,7 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.qpid.server.security.access.plugins;
+package org.apache.qpid.server.security.access.config;
import java.io.File;
import java.io.FileNotFoundException;
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org