You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by rg...@apache.org on 2014/02/19 22:44:20 UTC
svn commit: r1569934 [2/2] - in /qpid/trunk/qpid/java:
broker-core/src/main/java/org/apache/qpid/server/configuration/updater/
broker-core/src/main/java/org/apache/qpid/server/connection/
broker-core/src/main/java/org/apache/qpid/server/model/adapter/ ...
Modified: qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlTest.java?rev=1569934&r1=1569933&r2=1569934&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlTest.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlTest.java Wed Feb 19 21:44:19 2014
@@ -24,17 +24,20 @@ import static org.mockito.Mockito.*;
import java.net.InetAddress;
import java.net.InetSocketAddress;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import junit.framework.TestCase;
import org.apache.commons.configuration.ConfigurationException;
+import org.apache.qpid.server.connection.ConnectionPrincipal;
import org.apache.qpid.server.logging.UnitTestMessageLogger;
import org.apache.qpid.server.logging.actors.CurrentActor;
import org.apache.qpid.server.logging.actors.TestLogActor;
+import org.apache.qpid.server.protocol.AMQConnectionModel;
import org.apache.qpid.server.security.Result;
-import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.security.access.ObjectProperties;
import org.apache.qpid.server.security.access.ObjectType;
import org.apache.qpid.server.security.access.Operation;
@@ -64,7 +67,6 @@ public class DefaultAccessControlTest ex
private void configureAccessControl(final RuleSet rs) throws ConfigurationException
{
_plugin = new DefaultAccessControl(rs);
- SecurityManager.setThreadSubject(null);
CurrentActor.set(new TestLogActor(messageLogger));
}
@@ -86,7 +88,6 @@ public class DefaultAccessControlTest ex
protected void tearDown() throws Exception
{
super.tearDown();
- SecurityManager.setThreadSubject(null);
}
/**
@@ -95,8 +96,6 @@ public class DefaultAccessControlTest ex
public void testNoSubjectAlwaysAbstains() throws ConfigurationException
{
setUpGroupAccessControl();
- SecurityManager.setThreadSubject(null);
-
final Result result = _plugin.authorise(Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
assertEquals(Result.ABSTAIN, result);
}
@@ -108,10 +107,16 @@ public class DefaultAccessControlTest ex
public void testUsernameAllowsOperation() throws ConfigurationException
{
setUpGroupAccessControl();
- SecurityManager.setThreadSubject(TestPrincipalUtils.createTestSubject("user1"));
-
- final Result result = _plugin.authorise(Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
- assertEquals(Result.ALLOWED, result);
+ Subject.doAs(TestPrincipalUtils.createTestSubject("user1"), new PrivilegedAction<Object>()
+ {
+ @Override
+ public Object run()
+ {
+ final Result result = _plugin.authorise(Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
+ assertEquals(Result.ALLOWED, result);
+ return null;
+ }
+ });
}
/**
@@ -143,14 +148,22 @@ public class DefaultAccessControlTest ex
public void testCatchAllRuleDeniesUnrecognisedUsername() throws ConfigurationException
{
setUpGroupAccessControl();
- SecurityManager.setThreadSubject(TestPrincipalUtils.createTestSubject("unknown", "unkgroup1", "unkgroup2"));
+ Subject.doAs(TestPrincipalUtils.createTestSubject("unknown", "unkgroup1", "unkgroup2"),
+ new PrivilegedAction<Object>()
+ {
+ @Override
+ public Object run()
+ {
+ assertEquals("Expecting zero messages before test", 0, messageLogger.getLogMessages().size());
+ final Result result = _plugin.authorise(Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
+ assertEquals(Result.DENIED, result);
+
+ assertEquals("Expecting one message before test", 1, messageLogger.getLogMessages().size());
+ assertTrue("Logged message does not contain expected string", messageLogger.messageContains(0, "ACL-1002"));
+ return null;
+ }
+ });
- assertEquals("Expecting zero messages before test", 0, messageLogger.getLogMessages().size());
- final Result result = _plugin.authorise(Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
- assertEquals(Result.DENIED, result);
-
- assertEquals("Expecting one message before test", 1, messageLogger.getLogMessages().size());
- assertTrue("Logged message does not contain expected string", messageLogger.messageContains(0, "ACL-1002"));
}
/**
@@ -163,13 +176,20 @@ public class DefaultAccessControlTest ex
// grant user4 access right on any method in any component
rs.grant(1, "user4", Permission.ALLOW, Operation.ACCESS, ObjectType.METHOD, new ObjectProperties(ObjectProperties.STAR));
configureAccessControl(rs);
- SecurityManager.setThreadSubject(TestPrincipalUtils.createTestSubject("user4"));
-
- ObjectProperties actionProperties = new ObjectProperties("getName");
- actionProperties.put(ObjectProperties.Property.COMPONENT, "Test");
+ Subject.doAs(TestPrincipalUtils.createTestSubject("user4"), new PrivilegedAction<Object>()
+ {
+ @Override
+ public Object run()
+ {
+ ObjectProperties actionProperties = new ObjectProperties("getName");
+ actionProperties.put(ObjectProperties.Property.COMPONENT, "Test");
+
+ final Result result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, actionProperties);
+ assertEquals(Result.ALLOWED, result);
+ return null;
+ }
+ });
- final Result result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, actionProperties);
- assertEquals(Result.ALLOWED, result);
}
/**
@@ -184,55 +204,91 @@ public class DefaultAccessControlTest ex
ruleProperties.put(ObjectProperties.Property.COMPONENT, "Test");
rs.grant(1, "user5", Permission.ALLOW, Operation.ACCESS, ObjectType.METHOD, ruleProperties);
configureAccessControl(rs);
- SecurityManager.setThreadSubject(TestPrincipalUtils.createTestSubject("user5"));
+ Subject.doAs(TestPrincipalUtils.createTestSubject("user5"), new PrivilegedAction<Object>()
+ {
+ @Override
+ public Object run()
+ {
+ ObjectProperties actionProperties = new ObjectProperties("getName");
+ actionProperties.put(ObjectProperties.Property.COMPONENT, "Test");
+ Result result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, actionProperties);
+ assertEquals(Result.ALLOWED, result);
+
+ actionProperties.put(ObjectProperties.Property.COMPONENT, "Test2");
+ result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, actionProperties);
+ assertEquals(Result.DEFER, result);
+ return null;
+ }
+ });
+
- ObjectProperties actionProperties = new ObjectProperties("getName");
- actionProperties.put(ObjectProperties.Property.COMPONENT, "Test");
- Result result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, actionProperties);
- assertEquals(Result.ALLOWED, result);
-
- actionProperties.put(ObjectProperties.Property.COMPONENT, "Test2");
- result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, actionProperties);
- assertEquals(Result.DEFER, result);
}
public void testAccess() throws Exception
{
- Subject subject = TestPrincipalUtils.createTestSubject("user1");
- SecurityManager.setThreadSubject(subject);
+ final Subject subject = TestPrincipalUtils.createTestSubject("user1");
+ final InetAddress inetAddress = InetAddress.getLocalHost();
+ final InetSocketAddress inetSocketAddress = new InetSocketAddress(inetAddress, 1);
- RuleSet mockRuleSet = mock(RuleSet.class);
+ AMQConnectionModel connectionModel = mock(AMQConnectionModel.class);
+ when(connectionModel.getRemoteAddress()).thenReturn(inetSocketAddress);
- InetAddress inetAddress = InetAddress.getLocalHost();
- InetSocketAddress inetSocketAddress = new InetSocketAddress(inetAddress, 1);
+ subject.getPrincipals().add(new ConnectionPrincipal(connectionModel));
- DefaultAccessControl accessControl = new DefaultAccessControl(mockRuleSet);
+ Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
+ {
+ @Override
+ public Object run() throws Exception
+ {
+ RuleSet mockRuleSet = mock(RuleSet.class);
- accessControl.access(ObjectType.VIRTUALHOST, inetSocketAddress);
- verify(mockRuleSet).check(subject, Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY, inetAddress);
- }
- public void testAccessIsDeniedIfRuleThrowsException() throws Exception
- {
- Subject subject = TestPrincipalUtils.createTestSubject("user1");
- SecurityManager.setThreadSubject(subject);
+ DefaultAccessControl accessControl = new DefaultAccessControl(mockRuleSet);
- InetAddress inetAddress = InetAddress.getLocalHost();
- InetSocketAddress inetSocketAddress = new InetSocketAddress(inetAddress, 1);
+ accessControl.access(ObjectType.VIRTUALHOST);
- RuleSet mockRuleSet = mock(RuleSet.class);
- when(mockRuleSet.check(
- subject,
- Operation.ACCESS,
- ObjectType.VIRTUALHOST,
- ObjectProperties.EMPTY,
- inetAddress)).thenThrow(new RuntimeException());
+ verify(mockRuleSet).check(subject, Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY, inetAddress);
+ return null;
+ }
+ });
- DefaultAccessControl accessControl = new DefaultAccessControl(mockRuleSet);
- Result result = accessControl.access(ObjectType.VIRTUALHOST, inetSocketAddress);
+ }
+
+ public void testAccessIsDeniedIfRuleThrowsException() throws Exception
+ {
+ final Subject subject = TestPrincipalUtils.createTestSubject("user1");
+ final InetAddress inetAddress = InetAddress.getLocalHost();
+ final InetSocketAddress inetSocketAddress = new InetSocketAddress(inetAddress, 1);
+
+ AMQConnectionModel connectionModel = mock(AMQConnectionModel.class);
+ when(connectionModel.getRemoteAddress()).thenReturn(inetSocketAddress);
+
+ subject.getPrincipals().add(new ConnectionPrincipal(connectionModel));
+
+ Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
+ {
+ @Override
+ public Object run() throws Exception
+ {
+
+
+ RuleSet mockRuleSet = mock(RuleSet.class);
+ when(mockRuleSet.check(
+ subject,
+ Operation.ACCESS,
+ ObjectType.VIRTUALHOST,
+ ObjectProperties.EMPTY,
+ inetAddress)).thenThrow(new RuntimeException());
+
+ DefaultAccessControl accessControl = new DefaultAccessControl(mockRuleSet);
+ Result result = accessControl.access(ObjectType.VIRTUALHOST);
+
+ assertEquals(Result.DENIED, result);
+ return null;
+ }
+ });
- assertEquals(Result.DENIED, result);
}
@@ -248,21 +304,29 @@ public class DefaultAccessControlTest ex
ruleProperties.put(ObjectProperties.Property.COMPONENT, "Test");
rs.grant(1, "user6", Permission.ALLOW, Operation.ACCESS, ObjectType.METHOD, ruleProperties);
configureAccessControl(rs);
- SecurityManager.setThreadSubject(TestPrincipalUtils.createTestSubject("user6"));
+ Subject.doAs(TestPrincipalUtils.createTestSubject("user6"), new PrivilegedAction<Object>()
+ {
+ @Override
+ public Object run()
+ {
+ ObjectProperties properties = new ObjectProperties("getAttribute");
+ properties.put(ObjectProperties.Property.COMPONENT, "Test");
+ Result result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
+ assertEquals(Result.ALLOWED, result);
+
+ properties.put(ObjectProperties.Property.COMPONENT, "Test2");
+ result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
+ assertEquals(Result.DEFER, result);
+
+ properties = new ObjectProperties("getAttribute2");
+ properties.put(ObjectProperties.Property.COMPONENT, "Test");
+ result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
+ assertEquals(Result.DEFER, result);
+
+ return null;
+ }
+ });
- ObjectProperties properties = new ObjectProperties("getAttribute");
- properties.put(ObjectProperties.Property.COMPONENT, "Test");
- Result result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
- assertEquals(Result.ALLOWED, result);
-
- properties.put(ObjectProperties.Property.COMPONENT, "Test2");
- result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
- assertEquals(Result.DEFER, result);
-
- properties = new ObjectProperties("getAttribute2");
- properties.put(ObjectProperties.Property.COMPONENT, "Test");
- result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
- assertEquals(Result.DEFER, result);
}
/**
@@ -275,25 +339,33 @@ public class DefaultAccessControlTest ex
// grant user8 all rights on method queryNames in all component
rs.grant(1, "user8", Permission.ALLOW, Operation.ALL, ObjectType.METHOD, new ObjectProperties("queryNames"));
configureAccessControl(rs);
- SecurityManager.setThreadSubject(TestPrincipalUtils.createTestSubject("user8"));
-
- ObjectProperties properties = new ObjectProperties();
- properties.put(ObjectProperties.Property.COMPONENT, "Test");
- properties.put(ObjectProperties.Property.NAME, "queryNames");
-
- Result result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
- assertEquals(Result.ALLOWED, result);
-
- result = _plugin.authorise(Operation.UPDATE, ObjectType.METHOD, properties);
- assertEquals(Result.ALLOWED, result);
+ Subject.doAs(TestPrincipalUtils.createTestSubject("user8"), new PrivilegedAction<Object>()
+ {
+ @Override
+ public Object run()
+ {
+ ObjectProperties properties = new ObjectProperties();
+ properties.put(ObjectProperties.Property.COMPONENT, "Test");
+ properties.put(ObjectProperties.Property.NAME, "queryNames");
+
+ Result result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
+ assertEquals(Result.ALLOWED, result);
+
+ result = _plugin.authorise(Operation.UPDATE, ObjectType.METHOD, properties);
+ assertEquals(Result.ALLOWED, result);
+
+ properties = new ObjectProperties("getAttribute");
+ properties.put(ObjectProperties.Property.COMPONENT, "Test");
+ result = _plugin.authorise(Operation.UPDATE, ObjectType.METHOD, properties);
+ assertEquals(Result.DEFER, result);
+
+ result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
+ assertEquals(Result.DEFER, result);
+ return null;
+ }
+ });
- properties = new ObjectProperties("getAttribute");
- properties.put(ObjectProperties.Property.COMPONENT, "Test");
- result = _plugin.authorise(Operation.UPDATE, ObjectType.METHOD, properties);
- assertEquals(Result.DEFER, result);
- result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
- assertEquals(Result.DEFER, result);
}
/**
@@ -306,24 +378,32 @@ public class DefaultAccessControlTest ex
// grant user9 all rights on any method in all component
rs.grant(1, "user9", Permission.ALLOW, Operation.ALL, ObjectType.METHOD, new ObjectProperties());
configureAccessControl(rs);
- SecurityManager.setThreadSubject(TestPrincipalUtils.createTestSubject("user9"));
-
- ObjectProperties properties = new ObjectProperties("queryNames");
- properties.put(ObjectProperties.Property.COMPONENT, "Test");
-
- Result result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
- assertEquals(Result.ALLOWED, result);
-
- result = _plugin.authorise(Operation.UPDATE, ObjectType.METHOD, properties);
- assertEquals(Result.ALLOWED, result);
+ Subject.doAs(TestPrincipalUtils.createTestSubject("user9"), new PrivilegedAction<Object>()
+ {
+ @Override
+ public Object run()
+ {
+ ObjectProperties properties = new ObjectProperties("queryNames");
+ properties.put(ObjectProperties.Property.COMPONENT, "Test");
+
+ Result result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
+ assertEquals(Result.ALLOWED, result);
+
+ result = _plugin.authorise(Operation.UPDATE, ObjectType.METHOD, properties);
+ assertEquals(Result.ALLOWED, result);
+
+ properties = new ObjectProperties("getAttribute");
+ properties.put(ObjectProperties.Property.COMPONENT, "Test");
+ result = _plugin.authorise(Operation.UPDATE, ObjectType.METHOD, properties);
+ assertEquals(Result.ALLOWED, result);
+
+ result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
+ assertEquals(Result.ALLOWED, result);
+ return null;
+ }
+ });
- properties = new ObjectProperties("getAttribute");
- properties.put(ObjectProperties.Property.COMPONENT, "Test");
- result = _plugin.authorise(Operation.UPDATE, ObjectType.METHOD, properties);
- assertEquals(Result.ALLOWED, result);
- result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
- assertEquals(Result.ALLOWED, result);
}
/**
@@ -340,29 +420,43 @@ public class DefaultAccessControlTest ex
rs.grant(1, "user9", Permission.ALLOW, Operation.ACCESS, ObjectType.METHOD, ruleProperties);
configureAccessControl(rs);
- SecurityManager.setThreadSubject(TestPrincipalUtils.createTestSubject("user9"));
-
- ObjectProperties properties = new ObjectProperties("getAttributes");
- properties.put(ObjectProperties.Property.COMPONENT, "Test");
- Result result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
- assertEquals(Result.ALLOWED, result);
-
- properties = new ObjectProperties("getAttribute");
- properties.put(ObjectProperties.Property.COMPONENT, "Test");
- result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
- assertEquals(Result.ALLOWED, result);
-
- properties = new ObjectProperties("getAttribut");
- properties.put(ObjectProperties.Property.COMPONENT, "Test");
- result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
- assertEquals(Result.DEFER, result);
- }
-
- private void authoriseAndAssertResult(Result expectedResult, String userName, String... groups)
- {
- SecurityManager.setThreadSubject(TestPrincipalUtils.createTestSubject(userName, groups));
+ Subject.doAs(TestPrincipalUtils.createTestSubject("user9"), new PrivilegedAction<Object>()
+ {
+ @Override
+ public Object run()
+ {
+ ObjectProperties properties = new ObjectProperties("getAttributes");
+ properties.put(ObjectProperties.Property.COMPONENT, "Test");
+ Result result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
+ assertEquals(Result.ALLOWED, result);
+
+ properties = new ObjectProperties("getAttribute");
+ properties.put(ObjectProperties.Property.COMPONENT, "Test");
+ result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
+ assertEquals(Result.ALLOWED, result);
+
+ properties = new ObjectProperties("getAttribut");
+ properties.put(ObjectProperties.Property.COMPONENT, "Test");
+ result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
+ assertEquals(Result.DEFER, result);
+ return null;
+ }
+ });
+ }
+
+ private void authoriseAndAssertResult(final Result expectedResult, String userName, String... groups)
+ {
+
+ Subject.doAs(TestPrincipalUtils.createTestSubject(userName, groups), new PrivilegedAction<Object>()
+ {
+ @Override
+ public Object run()
+ {
+ Result result = _plugin.authorise(Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
+ assertEquals(expectedResult, result);
+ return null;
+ }
+ });
- Result result = _plugin.authorise(Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
- assertEquals(expectedResult, result);
}
}
Modified: qpid/trunk/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java?rev=1569934&r1=1569933&r2=1569934&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java Wed Feb 19 21:44:19 2014
@@ -22,6 +22,7 @@ package org.apache.qpid.server.protocol.
import java.net.SocketAddress;
import java.security.Principal;
+import java.security.PrivilegedAction;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.List;
@@ -30,6 +31,7 @@ import java.util.concurrent.atomic.Atomi
import java.util.concurrent.atomic.AtomicLong;
import javax.security.auth.Subject;
import org.apache.qpid.protocol.AMQConstant;
+import org.apache.qpid.server.connection.ConnectionPrincipal;
import org.apache.qpid.server.logging.LogActor;
import org.apache.qpid.server.logging.LogSubject;
import org.apache.qpid.server.logging.actors.AMQPConnectionActor;
@@ -65,7 +67,7 @@ public class ServerConnection extends Co
private AtomicBoolean _logClosed = new AtomicBoolean(false);
private LogActor _actor;
- private Subject _authorizedSubject = null;
+ private final Subject _authorizedSubject = new Subject();
private Principal _authorizedPrincipal = null;
private StatisticsCounter _messagesDelivered, _dataDelivered, _messagesReceived, _dataReceived;
private final long _connectionId;
@@ -84,6 +86,7 @@ public class ServerConnection extends Co
public ServerConnection(final long connectionId, Broker broker)
{
_connectionId = connectionId;
+ _authorizedSubject.getPrincipals().add(new ConnectionPrincipal(this));
_actor = new AMQPConnectionActor(this, broker.getRootMessageLogger());
}
@@ -249,29 +252,43 @@ public class ServerConnection extends Co
}
@Override
- public void received(ProtocolEvent event)
+ public void received(final ProtocolEvent event)
{
_lastIoTime.set(System.currentTimeMillis());
+ Subject subject;
if (event.isConnectionControl())
{
CurrentActor.set(_actor);
+ subject = _authorizedSubject;
}
else
{
ServerSession channel = (ServerSession) getSession(event.getChannel());
LogActor channelActor = null;
-
if (channel != null)
{
+ subject = channel.getAuthorizedSubject();
channelActor = channel.getLogActor();
}
+ else
+ {
+ subject = _authorizedSubject;
+ }
CurrentActor.set(channelActor == null ? _actor : channelActor);
}
try
{
- super.received(event);
+ Subject.doAs(subject, new PrivilegedAction<Void>()
+ {
+ @Override
+ public Void run()
+ {
+ ServerConnection.super.received(event);
+ return null;
+ }
+ });
}
finally
{
@@ -461,12 +478,12 @@ public class ServerConnection extends Co
{
if (authorizedSubject == null)
{
- _authorizedSubject = null;
_authorizedPrincipal = null;
}
else
{
- _authorizedSubject = authorizedSubject;
+ _authorizedSubject.getPrincipals().addAll(authorizedSubject.getPrincipals());
+
_authorizedPrincipal = AuthenticatedPrincipal.getAuthenticatedPrincipalFromSubject(authorizedSubject);
}
}
Modified: qpid/trunk/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnectionDelegate.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnectionDelegate.java?rev=1569934&r1=1569933&r2=1569934&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnectionDelegate.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnectionDelegate.java Wed Feb 19 21:44:19 2014
@@ -38,7 +38,6 @@ import org.apache.qpid.properties.Connec
import org.apache.qpid.server.configuration.BrokerProperties;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.protocol.AMQConnectionModel;
-import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
@@ -190,7 +189,7 @@ public class ServerConnectionDelegate ex
}
vhost = _broker.getVirtualHostRegistry().getVirtualHost(vhostName);
- SecurityManager.setThreadSubject(sconn.getAuthorizedSubject());
+
if(vhost != null)
{
@@ -198,7 +197,7 @@ public class ServerConnectionDelegate ex
try
{
- vhost.getSecurityManager().accessVirtualhost(vhostName, sconn.getRemoteAddress());
+ vhost.getSecurityManager().accessVirtualhost(vhostName);
}
catch (AccessControlException e)
{
Modified: qpid/trunk/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java?rev=1569934&r1=1569933&r2=1569934&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java Wed Feb 19 21:44:19 2014
@@ -41,6 +41,8 @@ import java.util.concurrent.atomic.Atomi
import java.util.concurrent.atomic.AtomicReference;
import javax.security.auth.Subject;
+
+import org.apache.qpid.server.connection.SessionPrincipal;
import org.apache.qpid.server.store.StoreException;
import org.apache.qpid.protocol.AMQConstant;
import org.apache.qpid.server.TransactionTimeoutHelper;
@@ -100,6 +102,7 @@ public class ServerSession extends Sessi
private static final int UNFINISHED_COMMAND_QUEUE_THRESHOLD = 500;
private final UUID _id = UUID.randomUUID();
+ private final Subject _subject = new Subject();
private long _createTime = System.currentTimeMillis();
private LogActor _actor = GenericActor.getInstance(this);
@@ -147,6 +150,9 @@ public class ServerSession extends Sessi
_transaction = new AsyncAutoCommitTransaction(this.getMessageStore(),this);
_logSubject = new ChannelLogSubject(this);
+ _subject.getPrincipals().addAll(((ServerConnection) connection).getAuthorizedSubject().getPrincipals());
+ _subject.getPrincipals().add(new SessionPrincipal(this));
+
_transactionTimeoutHelper = new TransactionTimeoutHelper(_logSubject, new CloseAction()
{
@Override
@@ -610,7 +616,7 @@ public class ServerSession extends Sessi
public Subject getAuthorizedSubject()
{
- return getConnection().getAuthorizedSubject();
+ return _subject;
}
public void addDeleteTask(Action<? super ServerSession> task)
Modified: qpid/trunk/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSessionDelegate.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSessionDelegate.java?rev=1569934&r1=1569933&r2=1569934&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSessionDelegate.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSessionDelegate.java Wed Feb 19 21:44:19 2014
@@ -45,7 +45,6 @@ import org.apache.qpid.server.model.UUID
import org.apache.qpid.server.plugin.ExchangeType;
import org.apache.qpid.server.queue.AMQQueue;
import org.apache.qpid.server.queue.QueueArgumentsConverter;
-import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.store.DurableConfigurationStore;
import org.apache.qpid.server.store.MessageStore;
import org.apache.qpid.server.store.StoreFuture;
@@ -61,6 +60,7 @@ import org.apache.qpid.server.txn.Server
import org.apache.qpid.server.txn.SuspendAndFailDtxException;
import org.apache.qpid.server.txn.TimeoutDtxException;
import org.apache.qpid.server.txn.UnknownDtxBranchException;
+import org.apache.qpid.server.util.ServerScopedRuntimeException;
import org.apache.qpid.server.virtualhost.ExchangeExistsException;
import org.apache.qpid.server.virtualhost.ExchangeIsAlternateException;
import org.apache.qpid.server.virtualhost.RequiredExchangeException;
@@ -89,8 +89,6 @@ public class ServerSessionDelegate exten
{
try
{
- setThreadSubject(session);
-
if(!session.isClosing())
{
Object asyncCommandMark = ((ServerSession)session).getAsyncCommandMark();
@@ -117,6 +115,10 @@ public class ServerSessionDelegate exten
{
LOGGER.error("Exception processing command", e);
exception(session, method, ExecutionErrorCode.INTERNAL_ERROR, "Exception processing command: " + e);
+ if(e instanceof ServerScopedRuntimeException)
+ {
+ throw e;
+ }
}
}
@@ -1222,7 +1224,7 @@ public class ServerSessionDelegate exten
arguments.put(Queue.EXCLUSIVE, exclusivityPolicy);
- queue = virtualHost.createQueue((ServerSession)session, arguments);
+ queue = virtualHost.createQueue(arguments);
}
catch(QueueExistsException qe)
@@ -1437,7 +1439,6 @@ public class ServerSessionDelegate exten
@Override
public void closed(Session session)
{
- setThreadSubject(session);
ServerSession serverSession = (ServerSession)session;
serverSession.stopSubscriptions();
@@ -1451,12 +1452,6 @@ public class ServerSessionDelegate exten
closed(session);
}
- private void setThreadSubject(Session session)
- {
- final ServerConnection scon = (ServerConnection) session.getConnection();
- SecurityManager.setThreadSubject(scon.getAuthorizedSubject());
- }
-
private static class CommandProcessedAction implements ServerTransaction.Action
{
private final ServerSession _serverSession;
Modified: qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQChannel.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQChannel.java?rev=1569934&r1=1569933&r2=1569934&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQChannel.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQChannel.java Wed Feb 19 21:44:19 2014
@@ -31,6 +31,7 @@ import java.util.concurrent.locks.Lock;
import org.apache.log4j.Logger;
import org.apache.qpid.AMQConnectionException;
import org.apache.qpid.AMQException;
+import org.apache.qpid.server.connection.SessionPrincipal;
import org.apache.qpid.server.filter.AMQInvalidArgumentException;
import org.apache.qpid.server.filter.Filterable;
import org.apache.qpid.server.filter.MessageFilter;
@@ -87,6 +88,8 @@ import org.apache.qpid.server.util.Conne
import org.apache.qpid.server.virtualhost.VirtualHost;
import org.apache.qpid.transport.TransportException;
+import javax.security.auth.Subject;
+
public class AMQChannel<T extends AMQProtocolSession<T>>
implements AMQSessionModel<AMQChannel<T>,T>,
AsyncAutoCommitTransaction.FutureRecorder
@@ -172,6 +175,7 @@ public class AMQChannel<T extends AMQPro
private final CapacityCheckAction _capacityCheckAction = new CapacityCheckAction();
private final ImmediateAction _immediateAction = new ImmediateAction();
+ private Subject _subject;
public AMQChannel(T session, int channelId, MessageStore messageStore)
@@ -181,6 +185,10 @@ public class AMQChannel<T extends AMQPro
_channelId = channelId;
_actor = new AMQPChannelActor(this, session.getLogActor().getRootMessageLogger());
+ _subject = new Subject(false, session.getAuthorizedSubject().getPrincipals(),
+ session.getAuthorizedSubject().getPublicCredentials(),
+ session.getAuthorizedSubject().getPrivateCredentials());
+ _subject.getPrincipals().add(new SessionPrincipal(this));
_logSubject = new ChannelLogSubject(this);
_actor.message(ChannelMessages.CREATE());
@@ -1253,6 +1261,11 @@ public class AMQChannel<T extends AMQPro
_taskList.remove(task);
}
+ public Subject getSubject()
+ {
+ return _subject;
+ }
+
private class ImmediateAction<C extends Consumer> implements Action<MessageInstance<?,C>>
{
Modified: qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQProtocolEngine.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQProtocolEngine.java?rev=1569934&r1=1569933&r2=1569934&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQProtocolEngine.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQProtocolEngine.java Wed Feb 19 21:44:19 2014
@@ -25,6 +25,7 @@ import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.nio.ByteBuffer;
import java.security.Principal;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
@@ -53,6 +54,7 @@ import org.apache.qpid.properties.Connec
import org.apache.qpid.protocol.AMQConstant;
import org.apache.qpid.protocol.AMQMethodEvent;
import org.apache.qpid.protocol.ServerProtocolEngine;
+import org.apache.qpid.server.connection.ConnectionPrincipal;
import org.apache.qpid.server.message.InstanceProperties;
import org.apache.qpid.server.message.ServerMessage;
import org.apache.qpid.server.configuration.BrokerProperties;
@@ -135,7 +137,7 @@ public class AMQProtocolEngine implement
private Map<Integer, Long> _closingChannelsList = new ConcurrentHashMap<Integer, Long>();
private ProtocolOutputConverter _protocolOutputConverter;
- private Subject _authorizedSubject;
+ private final Subject _authorizedSubject = new Subject();
private MethodDispatcher _dispatcher;
private final long _connectionID;
@@ -187,6 +189,7 @@ public class AMQProtocolEngine implement
_connectionID = connectionId;
_actor = new AMQPConnectionActor(this, _broker.getRootMessageLogger());
+ _authorizedSubject.getPrincipals().add(new ConnectionPrincipal(this));
_logSubject = new ConnectionLogSubject(this);
@@ -247,62 +250,71 @@ public class AMQProtocolEngine implement
public void received(final ByteBuffer msg)
{
- final long arrivalTime = System.currentTimeMillis();
- _lastReceivedTime = arrivalTime;
- _lastIoTime = arrivalTime;
- _readBytes += msg.remaining();
-
- _receivedLock.lock();
- try
+ Subject.doAs(_authorizedSubject, new PrivilegedAction<Void>()
{
- final ArrayList<AMQDataBlock> dataBlocks = _codecFactory.getDecoder().decodeBuffer(msg);
- for (AMQDataBlock dataBlock : dataBlocks)
+ @Override
+ public Void run()
{
+ final long arrivalTime = System.currentTimeMillis();
+ _lastReceivedTime = arrivalTime;
+ _lastIoTime = arrivalTime;
+ _readBytes += msg.remaining();
+
+ _receivedLock.lock();
try
{
- dataBlockReceived(dataBlock);
- }
- catch(AMQConnectionException e)
- {
- if(_logger.isDebugEnabled())
+ final ArrayList<AMQDataBlock> dataBlocks = _codecFactory.getDecoder().decodeBuffer(msg);
+ for (AMQDataBlock dataBlock : dataBlocks)
{
- _logger.debug("Caught AMQConnectionException but will simply stop processing data blocks - the connection should already be closed.", e);
+ try
+ {
+ dataBlockReceived(dataBlock);
+ }
+ catch(AMQConnectionException e)
+ {
+ if(_logger.isDebugEnabled())
+ {
+ _logger.debug("Caught AMQConnectionException but will simply stop processing data blocks - the connection should already be closed.", e);
+ }
+ break;
+ }
+ catch (Exception e)
+ {
+ _logger.error("Unexpected exception when processing datablock", e);
+ closeProtocolSession();
+ break;
+ }
}
- break;
+ receivedComplete();
}
- catch (Exception e)
+ catch (ConnectionScopedRuntimeException e)
{
- _logger.error("Unexpected exception when processing datablock", e);
+ _logger.error("Unexpected exception", e);
closeProtocolSession();
- break;
}
+ catch (AMQProtocolVersionException e)
+ {
+ _logger.error("Unexpected protocol version", e);
+ closeProtocolSession();
+ }
+ catch (AMQFrameDecodingException e)
+ {
+ _logger.error("Frame decoding", e);
+ closeProtocolSession();
+ }
+ catch (IOException e)
+ {
+ _logger.error("I/O Exception", e);
+ closeProtocolSession();
+ }
+ finally
+ {
+ _receivedLock.unlock();
+ }
+ return null;
}
- receivedComplete();
- }
- catch (ConnectionScopedRuntimeException e)
- {
- _logger.error("Unexpected exception", e);
- closeProtocolSession();
- }
- catch (AMQProtocolVersionException e)
- {
- _logger.error("Unexpected protocol version", e);
- closeProtocolSession();
- }
- catch (AMQFrameDecodingException e)
- {
- _logger.error("Frame decoding", e);
- closeProtocolSession();
- }
- catch (IOException e)
- {
- _logger.error("I/O Exception", e);
- closeProtocolSession();
- }
- finally
- {
- _receivedLock.unlock();
- }
+ });
+
}
private void receivedComplete()
@@ -1126,7 +1138,9 @@ public class AMQProtocolEngine implement
{
throw new IllegalArgumentException("authorizedSubject cannot be null");
}
- _authorizedSubject = authorizedSubject;
+
+ _authorizedSubject.getPrincipals().addAll(authorizedSubject.getPrincipals());
+
}
public Subject getAuthorizedSubject()
@@ -1136,7 +1150,8 @@ public class AMQProtocolEngine implement
public Principal getAuthorizedPrincipal()
{
- return _authorizedSubject == null ? null : AuthenticatedPrincipal.getAuthenticatedPrincipalFromSubject(_authorizedSubject);
+
+ return _authorizedSubject.getPrincipals(AuthenticatedPrincipal.class).size() == 0 ? null : AuthenticatedPrincipal.getAuthenticatedPrincipalFromSubject(_authorizedSubject);
}
public SocketAddress getRemoteAddress()
Modified: qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/handler/ConnectionOpenMethodHandler.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/handler/ConnectionOpenMethodHandler.java?rev=1569934&r1=1569933&r2=1569934&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/handler/ConnectionOpenMethodHandler.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/handler/ConnectionOpenMethodHandler.java Wed Feb 19 21:44:19 2014
@@ -83,7 +83,7 @@ public class ConnectionOpenMethodHandler
// Check virtualhost access
try
{
- virtualHost.getSecurityManager().accessVirtualhost(virtualHostName, session.getRemoteAddress());
+ virtualHost.getSecurityManager().accessVirtualhost(virtualHostName);
}
catch (AccessControlException e)
{
Modified: qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/handler/QueueDeclareHandler.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/handler/QueueDeclareHandler.java?rev=1569934&r1=1569933&r2=1569934&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/handler/QueueDeclareHandler.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/handler/QueueDeclareHandler.java Wed Feb 19 21:44:19 2014
@@ -215,7 +215,7 @@ public class QueueDeclareHandler impleme
attributes.put(Queue.LIFETIME_POLICY, lifetimePolicy);
- final AMQQueue queue = virtualHost.createQueue(channel, attributes);
+ final AMQQueue queue = virtualHost.createQueue(attributes);
return queue;
}
Modified: qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/state/AMQStateManager.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/state/AMQStateManager.java?rev=1569934&r1=1569933&r2=1569934&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/state/AMQStateManager.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/state/AMQStateManager.java Wed Feb 19 21:44:19 2014
@@ -32,11 +32,17 @@ import org.apache.qpid.protocol.AMQConst
import org.apache.qpid.protocol.AMQMethodEvent;
import org.apache.qpid.protocol.AMQMethodListener;
import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.protocol.v0_8.AMQChannel;
import org.apache.qpid.server.protocol.v0_8.AMQProtocolSession;
import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.security.SubjectCreator;
+import org.apache.qpid.server.util.ServerScopedRuntimeException;
import org.apache.qpid.server.virtualhost.VirtualHostRegistry;
+import javax.security.auth.Subject;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.concurrent.CopyOnWriteArraySet;
/**
@@ -85,12 +91,13 @@ public class AMQStateManager implements
public <B extends AMQMethodBody> boolean methodReceived(AMQMethodEvent<B> evt) throws AMQException
{
- MethodDispatcher dispatcher = _protocolSession.getMethodDispatcher();
+ final MethodDispatcher dispatcher = _protocolSession.getMethodDispatcher();
final int channelId = evt.getChannelId();
- B body = evt.getMethod();
+ final B body = evt.getMethod();
- if(channelId != 0 && _protocolSession.getChannel(channelId)== null)
+ final AMQChannel channel = _protocolSession.getChannel(channelId);
+ if(channelId != 0 && channel == null)
{
if(! ((body instanceof ChannelOpenBody)
@@ -101,8 +108,37 @@ public class AMQStateManager implements
}
}
+ if(channel == null)
+ {
+ return body.execute(dispatcher, channelId);
+ }
+ else
+ {
+ try
+ {
+ return Subject.doAs(channel.getSubject(), new PrivilegedExceptionAction<Boolean>()
+ {
+ @Override
+ public Boolean run() throws AMQException
+ {
+ return body.execute(dispatcher, channelId);
+ }
+ });
+ }
+ catch (PrivilegedActionException e)
+ {
+ if(e.getCause() instanceof AMQException)
+ {
+ throw (AMQException) e.getCause();
+ }
+ else
+ {
+ throw new ServerScopedRuntimeException(e.getCause());
+ }
+ }
- return body.execute(dispatcher, channelId);
+
+ }
}
@@ -113,7 +149,6 @@ public class AMQStateManager implements
public AMQProtocolSession getProtocolSession()
{
- SecurityManager.setThreadSubject(_protocolSession.getAuthorizedSubject());
return _protocolSession;
}
Modified: qpid/trunk/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Connection_1_0.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Connection_1_0.java?rev=1569934&r1=1569933&r2=1569934&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Connection_1_0.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Connection_1_0.java Wed Feb 19 21:44:19 2014
@@ -20,28 +20,38 @@
*/
package org.apache.qpid.server.protocol.v1_0;
+import java.net.InetAddress;
+import java.net.SocketAddress;
import java.security.Principal;
+import java.security.PrivilegedAction;
import java.text.MessageFormat;
import java.util.Collection;
import org.apache.qpid.amqp_1_0.transport.ConnectionEndpoint;
import org.apache.qpid.amqp_1_0.transport.ConnectionEventListener;
+import org.apache.qpid.amqp_1_0.transport.LinkEndpoint;
import org.apache.qpid.amqp_1_0.transport.SessionEndpoint;
+import org.apache.qpid.amqp_1_0.transport.SessionEventListener;
import org.apache.qpid.amqp_1_0.type.transport.*;
import org.apache.qpid.amqp_1_0.type.transport.Error;
import org.apache.qpid.protocol.AMQConstant;
+import org.apache.qpid.server.connection.ConnectionPrincipal;
import org.apache.qpid.server.logging.LogSubject;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.Transport;
import org.apache.qpid.server.protocol.AMQConnectionModel;
+import org.apache.qpid.server.security.SubjectCreator;
+import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
import org.apache.qpid.server.stats.StatisticsCounter;
import org.apache.qpid.server.util.Action;
import org.apache.qpid.server.virtualhost.VirtualHost;
+import javax.security.auth.Subject;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
+import java.util.Set;
import static org.apache.qpid.server.logging.subjects.LogSubjectFormat.CONNECTION_FORMAT;
@@ -50,12 +60,14 @@ public class Connection_1_0 implements C
private final Port _port;
private final Broker _broker;
+ private final SubjectCreator _subjectCreator;
private VirtualHost _vhost;
private final Transport _transport;
private final ConnectionEndpoint _conn;
private final long _connectionId;
private final Collection<Session_1_0> _sessions = Collections.synchronizedCollection(new ArrayList<Session_1_0>());
private final Object _reference = new Object();
+ private final Subject _subject = new Subject();
private StatisticsCounter _messageDeliveryStatistics = new StatisticsCounter();
@@ -91,13 +103,15 @@ public class Connection_1_0 implements C
ConnectionEndpoint conn,
long connectionId,
Port port,
- Transport transport)
+ Transport transport, final SubjectCreator subjectCreator)
{
_broker = broker;
_port = port;
_transport = transport;
_conn = conn;
_connectionId = connectionId;
+ _subject.getPrincipals().add(new ConnectionPrincipal(this));
+ _subjectCreator = subjectCreator;
//_vhost.getConnectionRegistry().registerConnection(this);
}
@@ -109,9 +123,38 @@ public class Connection_1_0 implements C
public void remoteSessionCreation(SessionEndpoint endpoint)
{
- Session_1_0 session = new Session_1_0(_vhost, this, endpoint);
+ final Session_1_0 session = new Session_1_0(_vhost, this, endpoint);
_sessions.add(session);
- endpoint.setSessionEventListener(session);
+ endpoint.setSessionEventListener(new SessionEventListener()
+ {
+ @Override
+ public void remoteLinkCreation(final LinkEndpoint endpoint)
+ {
+ Subject.doAs(session.getSubject(),new PrivilegedAction<Object>()
+ {
+ @Override
+ public Object run()
+ {
+ session.remoteLinkCreation(endpoint);
+ return null;
+ }
+ });
+ }
+
+ @Override
+ public void remoteEnd(final End end)
+ {
+ Subject.doAs(session.getSubject(),new PrivilegedAction<Object>()
+ {
+ @Override
+ public Object run()
+ {
+ session.remoteEnd(end);
+ return null;
+ }
+ });
+ }
+ });
}
void sessionEnded(Session_1_0 session)
@@ -209,6 +252,11 @@ public class Connection_1_0 implements C
return String.valueOf(_conn.getRemoteAddress());
}
+ public SocketAddress getRemoteAddress()
+ {
+ return _conn.getRemoteAddress();
+ }
+
@Override
public String getClientId()
{
@@ -235,7 +283,8 @@ public class Connection_1_0 implements C
public Principal getAuthorizedPrincipal()
{
- return _conn.getUser();
+ Set<AuthenticatedPrincipal> authPrincipals = _subject.getPrincipals(AuthenticatedPrincipal.class);
+ return authPrincipals.isEmpty() ? null : authPrincipals.iterator().next();
}
@Override
@@ -365,7 +414,16 @@ public class Connection_1_0 implements C
err.setDescription("Unknown hostname " + _conn.getLocalHostname());
_conn.close(err);
}
+ Subject authSubject = _subjectCreator.createSubjectWithGroups(_conn.getUser());
+ _subject.getPrincipals().addAll(authSubject.getPrincipals());
+ _subject.getPublicCredentials().addAll(authSubject.getPublicCredentials());
+ _subject.getPrivateCredentials().addAll(authSubject.getPrivateCredentials());
}
}
+
+ Subject getSubject()
+ {
+ return _subject;
+ }
}
Modified: qpid/trunk/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ProtocolEngine_1_0_0_SASL.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ProtocolEngine_1_0_0_SASL.java?rev=1569934&r1=1569933&r2=1569934&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ProtocolEngine_1_0_0_SASL.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ProtocolEngine_1_0_0_SASL.java Wed Feb 19 21:44:19 2014
@@ -25,10 +25,12 @@ import java.io.PrintWriter;
import java.net.SocketAddress;
import java.nio.ByteBuffer;
import java.security.Principal;
+import java.security.PrivilegedAction;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.security.auth.Subject;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.qpid.amqp_1_0.codec.FrameWriter;
@@ -194,7 +196,7 @@ public class ProtocolEngine_1_0_0_SASL i
_endpoint.setProperties(serverProperties);
_endpoint.setRemoteAddress(getRemoteAddress());
- _connection = new Connection_1_0(_broker, _endpoint, _connectionId, _port, _transport);
+ _connection = new Connection_1_0(_broker, _endpoint, _connectionId, _port, _transport, subjectCreator);
_endpoint.setConnectionEventListener(_connection);
_endpoint.setFrameOutputHandler(this);
_endpoint.setSaslFrameOutput(this);
@@ -256,7 +258,7 @@ public class ProtocolEngine_1_0_0_SASL i
private final Logger RAW_LOGGER = Logger.getLogger("RAW");
- public synchronized void received(ByteBuffer msg)
+ public synchronized void received(final ByteBuffer msg)
{
try
{
@@ -357,8 +359,17 @@ public class ProtocolEngine_1_0_0_SASL i
case FRAME:
if (msg.hasRemaining())
{
- _frameHandler = _frameHandler.parse(msg);
- _connection.frameReceived();
+ Subject.doAs(_connection.getSubject(), new PrivilegedAction<Void>()
+ {
+ @Override
+ public Void run()
+ {
+ _frameHandler = _frameHandler.parse(msg);
+ _connection.frameReceived();
+ return null;
+ }
+ });
+
}
}
}
Modified: qpid/trunk/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/SendingLink_1_0.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/SendingLink_1_0.java?rev=1569934&r1=1569933&r2=1569934&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/SendingLink_1_0.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/SendingLink_1_0.java Wed Feb 19 21:44:19 2014
@@ -216,7 +216,7 @@ public class SendingLink_1_0 implements
attributes.put(Queue.LIFETIME_POLICY, LifetimePolicy.DELETE_ON_NO_OUTBOUND_LINKS);
attributes.put(Queue.EXCLUSIVE, ExclusivityPolicy.LINK);
- queue = _vhost.createQueue(getSession(), attributes);
+ queue = _vhost.createQueue(attributes);
}
else
{
Modified: qpid/trunk/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Session_1_0.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Session_1_0.java?rev=1569934&r1=1569933&r2=1569934&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Session_1_0.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Session_1_0.java Wed Feb 19 21:44:19 2014
@@ -21,12 +21,15 @@
package org.apache.qpid.server.protocol.v1_0;
import java.security.AccessControlException;
+import java.security.PrivilegedAction;
import java.text.MessageFormat;
import org.apache.log4j.Logger;
import org.apache.qpid.amqp_1_0.transport.LinkEndpoint;
import org.apache.qpid.amqp_1_0.transport.ReceivingLinkEndpoint;
+import org.apache.qpid.amqp_1_0.transport.ReceivingLinkListener;
import org.apache.qpid.amqp_1_0.transport.SendingLinkEndpoint;
+import org.apache.qpid.amqp_1_0.transport.SendingLinkListener;
import org.apache.qpid.amqp_1_0.transport.SessionEndpoint;
import org.apache.qpid.amqp_1_0.transport.SessionEventListener;
import org.apache.qpid.amqp_1_0.type.*;
@@ -39,6 +42,7 @@ import org.apache.qpid.amqp_1_0.type.tra
import org.apache.qpid.amqp_1_0.type.transport.*;
import org.apache.qpid.amqp_1_0.type.transport.Error;
+import org.apache.qpid.server.connection.SessionPrincipal;
import org.apache.qpid.server.model.*;
import org.apache.qpid.protocol.AMQConstant;
import org.apache.qpid.server.exchange.Exchange;
@@ -55,6 +59,7 @@ import org.apache.qpid.server.util.Conne
import org.apache.qpid.server.virtualhost.VirtualHost;
import org.apache.qpid.server.virtualhost.QueueExistsException;
+import javax.security.auth.Subject;
import java.util.*;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.atomic.AtomicBoolean;
@@ -78,6 +83,8 @@ public class Session_1_0 implements Sess
private final Connection_1_0 _connection;
private UUID _id = UUID.randomUUID();
private AtomicBoolean _closed = new AtomicBoolean();
+ private final Subject _subject = new Subject();
+
public Session_1_0(VirtualHost vhost, final Connection_1_0 connection, final SessionEndpoint endpoint)
@@ -86,13 +93,13 @@ public class Session_1_0 implements Sess
_endpoint = endpoint;
_transaction = new AutoCommitTransaction(vhost.getMessageStore());
_connection = connection;
-
+ _subject.getPrincipals().addAll(connection.getSubject().getPrincipals());
+ _subject.getPrincipals().add(new SessionPrincipal(this));
}
public void remoteLinkCreation(final LinkEndpoint endpoint)
{
-
Destination destination;
Link_1_0 link = null;
Error error = null;
@@ -105,7 +112,7 @@ public class Session_1_0 implements Sess
if(endpoint.getRole() == Role.SENDER)
{
- SendingLink_1_0 previousLink = (SendingLink_1_0) linkRegistry.getDurableSendingLink(endpoint.getName());
+ final SendingLink_1_0 previousLink = (SendingLink_1_0) linkRegistry.getDurableSendingLink(endpoint.getName());
if(previousLink == null)
{
@@ -161,7 +168,9 @@ public class Session_1_0 implements Sess
_vhost,
(SendingDestination) destination
);
- sendingLinkEndpoint.setLinkEventListener(sendingLink);
+
+ sendingLinkEndpoint.setLinkEventListener(new SubjectSpecificSendingLinkListener(sendingLink));
+
link = sendingLink;
if(TerminusDurability.UNSETTLED_STATE.equals(source.getDurable()))
{
@@ -194,7 +203,7 @@ public class Session_1_0 implements Sess
endpoint.setSource(oldSource);
SendingLinkEndpoint sendingLinkEndpoint = (SendingLinkEndpoint) endpoint;
previousLink.setLinkAttachment(new SendingLinkAttachment(this, sendingLinkEndpoint));
- sendingLinkEndpoint.setLinkEventListener(previousLink);
+ sendingLinkEndpoint.setLinkEventListener(new SubjectSpecificSendingLinkListener(previousLink));
link = previousLink;
endpoint.setLocalUnsettled(previousLink.getUnsettledOutcomeMap());
}
@@ -237,7 +246,7 @@ public class Session_1_0 implements Sess
final ReceivingLinkEndpoint receivingLinkEndpoint = (ReceivingLinkEndpoint) endpoint;
final TxnCoordinatorLink_1_0 coordinatorLink =
new TxnCoordinatorLink_1_0(_vhost, this, receivingLinkEndpoint, _openTransactions);
- receivingLinkEndpoint.setLinkEventListener(coordinatorLink);
+ receivingLinkEndpoint.setLinkEventListener(new SubjectSpecificReceivingLinkListener(coordinatorLink));
link = coordinatorLink;
@@ -296,7 +305,9 @@ public class Session_1_0 implements Sess
final ReceivingLinkEndpoint receivingLinkEndpoint = (ReceivingLinkEndpoint) endpoint;
final ReceivingLink_1_0 receivingLink = new ReceivingLink_1_0(new ReceivingLinkAttachment(this, receivingLinkEndpoint), _vhost,
(ReceivingDestination) destination);
- receivingLinkEndpoint.setLinkEventListener(receivingLink);
+
+ receivingLinkEndpoint.setLinkEventListener(new SubjectSpecificReceivingLinkListener(receivingLink));
+
link = receivingLink;
if(TerminusDurability.UNSETTLED_STATE.equals(target.getDurable()))
{
@@ -377,7 +388,7 @@ public class Session_1_0 implements Sess
// TODO convert AMQP 1-0 node properties to queue attributes
- final AMQQueue tempQueue = queue = _vhost.createQueue(this, attributes );
+ final AMQQueue tempQueue = queue = _vhost.createQueue(attributes );
}
catch (AccessControlException e)
{
@@ -640,4 +651,86 @@ public class Session_1_0 implements Sess
{
_taskList.remove(task);
}
+
+ public Subject getSubject()
+ {
+ return _subject;
+ }
+
+
+ private class SubjectSpecificReceivingLinkListener implements ReceivingLinkListener
+ {
+ private final ReceivingLinkListener _linkListener;
+
+ public SubjectSpecificReceivingLinkListener(final ReceivingLinkListener linkListener)
+ {
+ _linkListener = linkListener;
+ }
+
+ @Override
+ public void messageTransfer(final Transfer xfr)
+ {
+ Subject.doAs(_subject, new PrivilegedAction<Object>()
+ {
+ @Override
+ public Object run()
+ {
+ _linkListener.messageTransfer(xfr);
+ return null;
+ }
+ });
+ }
+
+ @Override
+ public void remoteDetached(final LinkEndpoint endpoint, final Detach detach)
+ {
+ Subject.doAs(_subject, new PrivilegedAction<Object>()
+ {
+ @Override
+ public Object run()
+ {
+ _linkListener.remoteDetached(endpoint, detach);
+ return null;
+ }
+ });
+ }
+ }
+
+ private class SubjectSpecificSendingLinkListener implements SendingLinkListener
+ {
+ private final SendingLink_1_0 _previousLink;
+
+ public SubjectSpecificSendingLinkListener(final SendingLink_1_0 previousLink)
+ {
+ _previousLink = previousLink;
+ }
+
+ @Override
+ public void flowStateChanged()
+ {
+ Subject.doAs(_subject, new PrivilegedAction<Object>()
+ {
+ @Override
+ public Object run()
+ {
+ _previousLink.flowStateChanged();
+ return null;
+ }
+ });
+ }
+
+ @Override
+ public void remoteDetached(final LinkEndpoint endpoint, final Detach detach)
+ {
+ Subject.doAs(_subject, new PrivilegedAction<Object>()
+ {
+ @Override
+ public Object run()
+ {
+ _previousLink.remoteDetached(endpoint, detach);
+ return null;
+ }
+ });
+ }
+ }
}
Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java?rev=1569934&r1=1569933&r2=1569934&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java Wed Feb 19 21:44:19 2014
@@ -24,6 +24,7 @@ import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.AccessControlException;
import java.security.Principal;
+import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
@@ -119,37 +120,22 @@ public class HttpManagementUtil
public static void assertManagementAccess(final SecurityManager securityManager, Subject subject, LogActor actor)
{
// TODO: We should eliminate SecurityManager.setThreadSubject in favour of Subject.doAs
- SecurityManager.setThreadSubject(subject); // Required for accessManagement check
CurrentActor.set(actor);
try
{
- try
+ Subject.doAs(subject, new PrivilegedAction<Void>()
{
- Subject.doAs(subject, new PrivilegedExceptionAction<Void>()
+ @Override
+ public Void run()
{
- @Override
- public Void run()
- {
- securityManager.accessManagement();
- return null;
- }
- });
- }
- catch (PrivilegedActionException e)
- {
- throw new ServerScopedRuntimeException("Unable to perform access check", e);
- }
+ securityManager.accessManagement();
+ return null;
+ }
+ });
}
finally
{
- try
- {
- CurrentActor.remove();
- }
- finally
- {
- SecurityManager.setThreadSubject(null);
- }
+ CurrentActor.remove();
}
}
Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java?rev=1569934&r1=1569933&r2=1569934&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java Wed Feb 19 21:44:19 2014
@@ -198,43 +198,36 @@ public abstract class AbstractServlet ex
return;
}
- SecurityManager.setThreadSubject(subject);
+ HttpManagementActor logActor = HttpManagementUtil.getOrCreateAndCacheLogActor(request, _broker);
+ CurrentActor.set(logActor);
try
{
- HttpManagementActor logActor = HttpManagementUtil.getOrCreateAndCacheLogActor(request, _broker);
- CurrentActor.set(logActor);
- try
- {
- Subject.doAs(subject, privilegedExceptionAction);
- }
- catch(RuntimeException e)
- {
- LOGGER.error("Unable to perform action", e);
- throw e;
- }
- catch (PrivilegedActionException e)
+ Subject.doAs(subject, privilegedExceptionAction);
+ }
+ catch(RuntimeException e)
+ {
+ LOGGER.error("Unable to perform action", e);
+ throw e;
+ }
+ catch (PrivilegedActionException e)
+ {
+ LOGGER.error("Unable to perform action", e);
+ Throwable cause = e.getCause();
+ if(cause instanceof RuntimeException)
{
- LOGGER.error("Unable to perform action", e);
- Throwable cause = e.getCause();
- if(cause instanceof RuntimeException)
- {
- throw (RuntimeException)cause;
- }
- if(cause instanceof Error)
- {
- throw (Error)cause;
- }
- throw new ConnectionScopedRuntimeException(e.getCause());
+ throw (RuntimeException)cause;
}
- finally
+ if(cause instanceof Error)
{
- CurrentActor.remove();
+ throw (Error)cause;
}
+ throw new ConnectionScopedRuntimeException(e.getCause());
}
finally
{
- SecurityManager.setThreadSubject(null);
+ CurrentActor.remove();
}
+
}
protected Subject getAuthorisedSubject(HttpServletRequest request)
Modified: qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/MBeanInvocationHandlerImpl.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/MBeanInvocationHandlerImpl.java?rev=1569934&r1=1569933&r2=1569934&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/MBeanInvocationHandlerImpl.java (original)
+++ qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/MBeanInvocationHandlerImpl.java Wed Feb 19 21:44:19 2014
@@ -162,7 +162,6 @@ public class MBeanInvocationHandlerImpl
}
// Save the subject
- SecurityManager.setThreadSubject(subject);
CurrentActor.set(_logActor);
try
{
Modified: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/store/MessageStoreTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/store/MessageStoreTest.java?rev=1569934&r1=1569933&r2=1569934&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/store/MessageStoreTest.java (original)
+++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/store/MessageStoreTest.java Wed Feb 19 21:44:19 2014
@@ -27,7 +27,6 @@ import java.util.Collection;
import org.apache.commons.configuration.PropertiesConfiguration;
import org.apache.log4j.Logger;
-import org.apache.qpid.AMQException;
import org.apache.qpid.common.AMQPFilterTypes;
import org.apache.qpid.framing.AMQShortString;
import org.apache.qpid.framing.BasicContentHeaderProperties;
@@ -701,7 +700,7 @@ public class MessageStoreTest extends Qp
AMQQueue queue = null;
//Ideally we would be able to use the QueueDeclareHandler here.
- queue = getVirtualHost().createQueue(null, queueArguments);
+ queue = getVirtualHost().createQueue(queueArguments);
validateQueueProperties(queue, usePriority, durable, exclusive, lastValueQueue);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org