You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2015/03/12 16:13:17 UTC
svn commit: r1666219 - in /qpid/branches/QPID-6262-JavaBrokerNIO: ./ qpid/
qpid/java/
qpid/java/bdbstore/src/main/java/org/apache/qpid/server/virtualhost/berkeleydb/
qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/
qpid/java/broker-...
Author: kwall
Date: Thu Mar 12 15:13:16 2015
New Revision: 1666219
URL: http://svn.apache.org/r1666219
Log:
Merge from trunk
Added:
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/TestSecurityManager.java
- copied unchanged from r1666214, qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/TestSecurityManager.java
Modified:
qpid/branches/QPID-6262-JavaBrokerNIO/ (props changed)
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/ (props changed)
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/ (props changed)
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/bdbstore/src/main/java/org/apache/qpid/server/virtualhost/berkeleydb/BDBHAReplicaVirtualHostImpl.java
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/RedirectingVirtualHostImpl.java
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestKitCarImpl.java
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestStandardCarImpl.java
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/lifecycle/TestConfiguredObject.java
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/singleton/TestSingletonImpl.java
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/virtualhost/AbstractVirtualHostTest.java
Propchange: qpid/branches/QPID-6262-JavaBrokerNIO/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Mar 12 15:13:16 2015
@@ -3,4 +3,4 @@
/qpid/branches/java-broker-bdb-ha2:1576683-1583556
/qpid/branches/java-network-refactor:805429-825319
/qpid/branches/mcpierce-QPID-4719:1477004-1477093
-/qpid/trunk:1643238-1666204
+/qpid/trunk:1643238-1666214
Propchange: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Mar 12 15:13:16 2015
@@ -6,4 +6,4 @@
/qpid/branches/mcpierce-QPID-4719/qpid:1477004-1477093
/qpid/branches/qpid-2935/qpid:1061302-1072333
/qpid/branches/qpid-3346/qpid:1144319-1179855
-/qpid/trunk/qpid:1643238-1666204
+/qpid/trunk/qpid:1643238-1666214
Propchange: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Mar 12 15:13:16 2015
@@ -9,4 +9,4 @@
/qpid/branches/java-network-refactor/qpid/java:805429-821809
/qpid/branches/qpid-2935/qpid/java:1061302-1072333
/qpid/trunk/qpid:796646-796653
-/qpid/trunk/qpid/java:1643238-1666204
+/qpid/trunk/qpid/java:1643238-1666214
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/bdbstore/src/main/java/org/apache/qpid/server/virtualhost/berkeleydb/BDBHAReplicaVirtualHostImpl.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/bdbstore/src/main/java/org/apache/qpid/server/virtualhost/berkeleydb/BDBHAReplicaVirtualHostImpl.java?rev=1666219&r1=1666218&r2=1666219&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/bdbstore/src/main/java/org/apache/qpid/server/virtualhost/berkeleydb/BDBHAReplicaVirtualHostImpl.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/bdbstore/src/main/java/org/apache/qpid/server/virtualhost/berkeleydb/BDBHAReplicaVirtualHostImpl.java Thu Mar 12 15:13:16 2015
@@ -47,6 +47,7 @@ import org.apache.qpid.server.model.port
import org.apache.qpid.server.protocol.AMQConnectionModel;
import org.apache.qpid.server.protocol.LinkRegistry;
import org.apache.qpid.server.queue.AMQQueue;
+import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.stats.StatisticsCounter;
import org.apache.qpid.server.store.DurableConfigurationStore;
import org.apache.qpid.server.store.MessageStore;
@@ -355,9 +356,9 @@ public class BDBHAReplicaVirtualHostImpl
}
@Override
- public org.apache.qpid.server.security.SecurityManager getSecurityManager()
+ public SecurityManager getSecurityManager()
{
- return null;
+ return super.getSecurityManager();
}
@Override
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java?rev=1666219&r1=1666218&r2=1666219&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java Thu Mar 12 15:13:16 2015
@@ -39,9 +39,7 @@ import java.util.concurrent.ConcurrentMa
import javax.security.auth.Subject;
-import org.apache.log4j.Logger;
import org.apache.qpid.server.model.AccessControlProvider;
-import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.Binding;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.ConfiguredObject;
@@ -51,17 +49,13 @@ import org.apache.qpid.server.model.Exch
import org.apache.qpid.server.model.ExclusivityPolicy;
import org.apache.qpid.server.model.Group;
import org.apache.qpid.server.model.GroupMember;
-import org.apache.qpid.server.model.GroupProvider;
-import org.apache.qpid.server.model.KeyStore;
import org.apache.qpid.server.model.LifetimePolicy;
import org.apache.qpid.server.model.Model;
-import org.apache.qpid.server.model.Plugin;
-import org.apache.qpid.server.model.Port;
+import org.apache.qpid.server.model.PreferencesProvider;
import org.apache.qpid.server.model.Queue;
import org.apache.qpid.server.model.RemoteReplicationNode;
import org.apache.qpid.server.model.Session;
import org.apache.qpid.server.model.State;
-import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.model.User;
import org.apache.qpid.server.model.VirtualHost;
import org.apache.qpid.server.model.VirtualHostAlias;
@@ -78,7 +72,6 @@ import org.apache.qpid.server.security.a
public class SecurityManager
{
- private static final Logger LOGGER = Logger.getLogger(SecurityManager.class);
private static final Subject SYSTEM = new Subject(true,
Collections.singleton(new SystemPrincipal()),
@@ -274,38 +267,17 @@ public class SecurityManager
return;
}
- if (Operation.CREATE == operation && configuredObject instanceof RemoteReplicationNode)
+ if (isAllowedOperation(operation, configuredObject))
{
// creation of remote replication node is out of control for user of this broker
return;
}
- if ((Operation.CREATE == operation) && configuredObject instanceof RemoteReplicationNode)
- {
- // creation of remote replication node is out of control for user of this broker
- return;
- }
-
- if ((EnumSet.of(Operation.CREATE, Operation.UPDATE, Operation.DELETE).contains(operation)) && configuredObject instanceof Session)
- {
- return;
- }
-
- if ((EnumSet.of(Operation.UPDATE, Operation.DELETE).contains(operation)) && (configuredObject instanceof Consumer || configuredObject instanceof Connection))
- {
- return;
- }
-
-
Class<? extends ConfiguredObject> categoryClass = configuredObject.getCategoryClass();
- LOGGER.debug("getCategoryClass " + categoryClass);
ObjectType objectType = getACLObjectTypeManagingConfiguredObjectOfCategory(categoryClass);
- LOGGER.debug("objectType " + objectType);
if (objectType == null)
{
- LOGGER.warn("Cannot determine object type for " + configuredObject.getName() + " of category "
- + categoryClass + ". Skipping ACL check...");
- return;
+ throw new IllegalArgumentException("Cannot identify object type for category " + categoryClass );
}
ObjectProperties properties = getACLObjectProperties(configuredObject, operation);
@@ -336,6 +308,28 @@ public class SecurityManager
}
}
+ private boolean isAllowedOperation(Operation operation, ConfiguredObject<?> configuredObject)
+ {
+ if (configuredObject instanceof Session && (operation == Operation.CREATE || operation == Operation.UPDATE
+ || operation == Operation.DELETE))
+ {
+ return true;
+
+ }
+
+ if (configuredObject instanceof Consumer && (operation == Operation.UPDATE || operation == Operation.DELETE))
+ {
+ return true;
+ }
+
+ if (configuredObject instanceof Connection && (operation == Operation.UPDATE || operation == Operation.DELETE))
+ {
+ return true;
+ }
+
+ return false;
+ }
+
private Model getModel()
{
return _aclProvidersParent.getModel();
@@ -371,7 +365,7 @@ public class SecurityManager
// CREATE GROUP MEMBER is transformed into UPDATE GROUP rule
return Operation.UPDATE;
}
- else if (isBrokerOrBrokerChild(category))
+ else if (isBrokerOrBrokerChildOrPreferencesProvider(category))
{
// CREATE/UPDATE broker child is transformed into CONFIGURE BROKER rule
return Operation.CONFIGURE;
@@ -384,10 +378,11 @@ public class SecurityManager
// DELETE BINDING is transformed into UNBIND EXCHANGE rule
return Operation.UNBIND;
}
- else if (isBrokerOrBrokerChild(category))
+ else if (isBrokerOrBrokerChildOrPreferencesProvider(category))
{
// DELETE broker child is transformed into CONFIGURE BROKER rule
return Operation.CONFIGURE;
+
}
else if (GroupMember.class.isAssignableFrom(category))
{
@@ -398,16 +393,11 @@ public class SecurityManager
return operation;
}
- private boolean isBrokerOrBrokerChild(Class<? extends ConfiguredObject> category)
+ private boolean isBrokerOrBrokerChildOrPreferencesProvider(Class<? extends ConfiguredObject> category)
{
- return Broker.class.isAssignableFrom(category)
- || Port.class.isAssignableFrom(category)
- || AuthenticationProvider.class.isAssignableFrom(category)
- || AccessControlProvider.class.isAssignableFrom(category)
- || GroupProvider.class.isAssignableFrom(category)
- || KeyStore.class.isAssignableFrom(category)
- || TrustStore.class.isAssignableFrom(category)
- || Plugin.class.isAssignableFrom(category);
+ return Broker.class.isAssignableFrom(category) ||
+ PreferencesProvider.class.isAssignableFrom(category) ||
+ ( !VirtualHostNode.class.isAssignableFrom(category) && getModel().getChildTypes(Broker.class).contains(category));
}
private ObjectProperties getACLObjectProperties(ConfiguredObject<?> configuredObject, Operation configuredObjectOperation)
@@ -448,7 +438,7 @@ public class SecurityManager
Queue<?> queue = (Queue<?>)configuredObject.getParent(Queue.class);
setQueueProperties(queue, properties);
}
- else if (isBrokerOrBrokerChild(configuredObjectType))
+ else if (isBrokerOrBrokerChildOrPreferencesProvider(configuredObjectType))
{
String description = String.format("%s %s '%s'",
configuredObjectOperation == null? null : configuredObjectOperation.name().toLowerCase(),
@@ -494,7 +484,7 @@ public class SecurityManager
{
return ObjectType.VIRTUALHOSTNODE;
}
- else if (isBrokerOrBrokerChild(category))
+ else if (isBrokerOrBrokerChildOrPreferencesProvider(category))
{
return ObjectType.BROKER;
}
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/RedirectingVirtualHostImpl.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/RedirectingVirtualHostImpl.java?rev=1666219&r1=1666218&r2=1666219&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/RedirectingVirtualHostImpl.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/RedirectingVirtualHostImpl.java Thu Mar 12 15:13:16 2015
@@ -48,6 +48,7 @@ import org.apache.qpid.server.model.port
import org.apache.qpid.server.protocol.AMQConnectionModel;
import org.apache.qpid.server.protocol.LinkRegistry;
import org.apache.qpid.server.queue.AMQQueue;
+import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.stats.StatisticsCounter;
import org.apache.qpid.server.store.DurableConfigurationStore;
import org.apache.qpid.server.store.MessageStore;
@@ -355,9 +356,9 @@ class RedirectingVirtualHostImpl
}
@Override
- public org.apache.qpid.server.security.SecurityManager getSecurityManager()
+ public SecurityManager getSecurityManager()
{
- return null;
+ return super.getSecurityManager();
}
@Override
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestKitCarImpl.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestKitCarImpl.java?rev=1666219&r1=1666218&r2=1666219&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestKitCarImpl.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestKitCarImpl.java Thu Mar 12 15:13:16 2015
@@ -25,6 +25,7 @@ import org.apache.qpid.server.model.Abst
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
+import org.apache.qpid.server.model.testmodels.TestSecurityManager;
import org.apache.qpid.server.security.SecurityManager;
@ManagedObject( category = false,
@@ -39,7 +40,7 @@ public class TestKitCarImpl extends Abst
public TestKitCarImpl(final Map<String, Object> attributes)
{
super(parentsMap(), attributes, newTaskExecutor(), TestModel.getInstance());
- _securityManager = new SecurityManager(this, false);
+ _securityManager = new TestSecurityManager(this);
}
@Override
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestStandardCarImpl.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestStandardCarImpl.java?rev=1666219&r1=1666218&r2=1666219&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestStandardCarImpl.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestStandardCarImpl.java Thu Mar 12 15:13:16 2015
@@ -29,6 +29,7 @@ import org.apache.qpid.server.configurat
import org.apache.qpid.server.model.AbstractConfiguredObject;
import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
+import org.apache.qpid.server.model.testmodels.TestSecurityManager;
import org.apache.qpid.server.security.SecurityManager;
@ManagedObject( category = false,
@@ -44,7 +45,7 @@ public class TestStandardCarImpl extends
public TestStandardCarImpl(final Map<String, Object> attributes)
{
super(parentsMap(), attributes, newTaskExecutor(), TestModel.getInstance());
- _securityManager = new SecurityManager(this, false);
+ _securityManager = new TestSecurityManager(this);
}
private static CurrentThreadTaskExecutor newTaskExecutor()
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/lifecycle/TestConfiguredObject.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/lifecycle/TestConfiguredObject.java?rev=1666219&r1=1666218&r2=1666219&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/lifecycle/TestConfiguredObject.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/lifecycle/TestConfiguredObject.java Thu Mar 12 15:13:16 2015
@@ -41,6 +41,7 @@ import org.apache.qpid.server.model.Mana
import org.apache.qpid.server.model.Model;
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.StateTransition;
+import org.apache.qpid.server.model.testmodels.TestSecurityManager;
import org.apache.qpid.server.plugin.ConfiguredObjectRegistration;
import org.apache.qpid.server.security.SecurityManager;
@@ -81,7 +82,7 @@ public class TestConfiguredObject extend
{
super(parents, attributes, taskExecutor, model);
_opened = false;
- _securityManager = new SecurityManager(this, false);
+ _securityManager = new TestSecurityManager(this);
}
@Override
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/singleton/TestSingletonImpl.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/singleton/TestSingletonImpl.java?rev=1666219&r1=1666218&r2=1666219&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/singleton/TestSingletonImpl.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/singleton/TestSingletonImpl.java Thu Mar 12 15:13:16 2015
@@ -24,9 +24,11 @@ import java.util.Set;
import org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor;
import org.apache.qpid.server.configuration.updater.TaskExecutor;
import org.apache.qpid.server.model.AbstractConfiguredObject;
+import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.ManagedAttributeField;
import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
+import org.apache.qpid.server.model.testmodels.TestSecurityManager;
import org.apache.qpid.server.security.SecurityManager;
@ManagedObject( category = false, type = TestSingletonImpl.TEST_SINGLETON_TYPE)
@@ -73,7 +75,7 @@ public class TestSingletonImpl extends A
public TestSingletonImpl(final Map<String, Object> attributes)
{
super(parentsMap(), attributes, newTaskExecutor(), TestModel.getInstance());
- _securityManager = new SecurityManager(this, false);
+ _securityManager = new TestSecurityManager(this);
}
private static CurrentThreadTaskExecutor newTaskExecutor()
@@ -87,7 +89,7 @@ public class TestSingletonImpl extends A
final TaskExecutor taskExecutor)
{
super(parentsMap(), attributes, taskExecutor);
- _securityManager = new SecurityManager(this, false);
+ _securityManager = new TestSecurityManager(this);
}
Modified: qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/virtualhost/AbstractVirtualHostTest.java
URL: http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/virtualhost/AbstractVirtualHostTest.java?rev=1666219&r1=1666218&r2=1666219&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/virtualhost/AbstractVirtualHostTest.java (original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/test/java/org/apache/qpid/server/virtualhost/AbstractVirtualHostTest.java Thu Mar 12 15:13:16 2015
@@ -62,6 +62,7 @@ public class AbstractVirtualHostTest ext
when(systemConfig.getEventLogger()).thenReturn(mock(EventLogger.class));
Broker<?> broker = mock(Broker.class);
when(broker.getParent(SystemConfig.class)).thenReturn(systemConfig);
+ when(broker.getModel()).thenReturn(BrokerModel.getInstance());
when(broker.getSecurityManager()).thenReturn(new SecurityManager(broker, false));
_taskExecutor = new TaskExecutorImpl();
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org