You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Keith Wall (JIRA)" <ji...@apache.org> on 2011/06/17 11:26:47 UTC
[jira] [Created] (QPID-3310) Principal/Subject refactoring
Principal/Subject refactoring
-----------------------------
Key: QPID-3310
URL: https://issues.apache.org/jira/browse/QPID-3310
Project: Qpid
Issue Type: Task
Components: Java Broker
Affects Versions: 0.10
Reporter: Keith Wall
Assignee: Keith Wall
Fix For: Future
This task is to refactor the broker to pass through a Subject from the authentication layer downwards, rather than a Principal. The motivation for this change is to allow the security modules to make decisions based on all principals (including Group principals) rather than merely the UsernamePrincipal.
This task will support QPID-3283.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Updated] (QPID-3310) Principal/Subject refactoring
Posted by "Keith Wall (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Keith Wall updated QPID-3310:
-----------------------------
Attachment: (was: 0001-QPID-3310-Principal-Subject-refactoring.patch)
> Principal/Subject refactoring
> -----------------------------
>
> Key: QPID-3310
> URL: https://issues.apache.org/jira/browse/QPID-3310
> Project: Qpid
> Issue Type: Task
> Components: Java Broker
> Affects Versions: 0.10
> Reporter: Keith Wall
> Assignee: Keith Wall
> Fix For: Future
>
>
> This task is to refactor the broker to pass through a Subject from the authentication layer downwards, rather than a Principal. The motivation for this change is to allow the security modules to make decisions based on all principals (including Group principals) rather than merely the UsernamePrincipal.
> This task will support QPID-3283.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Assigned] (QPID-3310) Principal/Subject refactoring
Posted by "Keith Wall (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Keith Wall reassigned QPID-3310:
--------------------------------
Assignee: Robbie Gemmell (was: Keith Wall)
> Principal/Subject refactoring
> -----------------------------
>
> Key: QPID-3310
> URL: https://issues.apache.org/jira/browse/QPID-3310
> Project: Qpid
> Issue Type: Task
> Components: Java Broker
> Affects Versions: 0.10
> Reporter: Keith Wall
> Assignee: Robbie Gemmell
> Fix For: Future
>
> Attachments: 0001-QPID-3310-Principal-Subject-refactoring.patch
>
>
> This task is to refactor the broker to pass through a Subject from the authentication layer downwards, rather than a Principal. The motivation for this change is to allow the security modules to make decisions based on all principals (including Group principals) rather than merely the UsernamePrincipal.
> This task will support QPID-3283.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Commented] (QPID-3310) Principal/Subject refactoring
Posted by "Robbie Gemmell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13064433#comment-13064433 ]
Robbie Gemmell commented on QPID-3310:
--------------------------------------
Woops, I didn't post the comments on the JIRA when I sent you them. For anyone later wondering, they were:
The newly introduced for loop in AccessControl to validate rights depends on the ordering of rules checked to ensure the correct result, and so may return the wrong result if the iterator is not returning them in the appropriate order.
There are a couple of code style issues with braces not on new lines.
In the new control flow added in ServerConnection#setAuthorizedSubject(), whilst actually functional, looks uninentially odd due to checking things are null and then assigning them to be null once they are known to be.
> Principal/Subject refactoring
> -----------------------------
>
> Key: QPID-3310
> URL: https://issues.apache.org/jira/browse/QPID-3310
> Project: Qpid
> Issue Type: Task
> Components: Java Broker
> Affects Versions: 0.10
> Reporter: Keith Wall
> Assignee: Robbie Gemmell
> Fix For: Future
>
> Attachments: 0001-QPID-3310-Principal-Subject-refactoring.patch
>
>
> This task is to refactor the broker to pass through a Subject from the authentication layer downwards, rather than a Principal. The motivation for this change is to allow the security modules to make decisions based on all principals (including Group principals) rather than merely the UsernamePrincipal.
> This task will support QPID-3283.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Commented] (QPID-3310) Principal/Subject refactoring
Posted by "Alex Rudyy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13054537#comment-13054537 ]
Alex Rudyy commented on QPID-3310:
----------------------------------
Keith,
I reviewed your patch. It seems Ok for me.
The only question I have regarding your work is
Would not it be better to get Subject object in ServerSession from a Connection object like in example below
public Subject getAuthorizedSubject()
{
return ((ServerConnection)getConnection()).getSubject();
}
rather then keeping a reference to Subject in ServerSession field?
> Principal/Subject refactoring
> -----------------------------
>
> Key: QPID-3310
> URL: https://issues.apache.org/jira/browse/QPID-3310
> Project: Qpid
> Issue Type: Task
> Components: Java Broker
> Affects Versions: 0.10
> Reporter: Keith Wall
> Assignee: Keith Wall
> Fix For: Future
>
> Attachments: 0001-QPID-3310-Principal-Subject-refactoring.patch
>
>
> This task is to refactor the broker to pass through a Subject from the authentication layer downwards, rather than a Principal. The motivation for this change is to allow the security modules to make decisions based on all principals (including Group principals) rather than merely the UsernamePrincipal.
> This task will support QPID-3283.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Updated] (QPID-3310) Principal/Subject refactoring
Posted by "Keith Wall (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Keith Wall updated QPID-3310:
-----------------------------
Attachment: (was: 0001-QPID-3310-Principal-Subject-refactoring.patch)
> Principal/Subject refactoring
> -----------------------------
>
> Key: QPID-3310
> URL: https://issues.apache.org/jira/browse/QPID-3310
> Project: Qpid
> Issue Type: Task
> Components: Java Broker
> Affects Versions: 0.10
> Reporter: Keith Wall
> Assignee: Keith Wall
> Fix For: Future
>
>
> This task is to refactor the broker to pass through a Subject from the authentication layer downwards, rather than a Principal. The motivation for this change is to allow the security modules to make decisions based on all principals (including Group principals) rather than merely the UsernamePrincipal.
> This task will support QPID-3283.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Commented] (QPID-3310) Principal/Subject refactoring
Posted by "Alex Rudyy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13058253#comment-13058253 ]
Alex Rudyy commented on QPID-3310:
----------------------------------
Keith,
Thanks for changes. Patch is fine for me.
> Principal/Subject refactoring
> -----------------------------
>
> Key: QPID-3310
> URL: https://issues.apache.org/jira/browse/QPID-3310
> Project: Qpid
> Issue Type: Task
> Components: Java Broker
> Affects Versions: 0.10
> Reporter: Keith Wall
> Assignee: Keith Wall
> Fix For: Future
>
> Attachments: 0001-QPID-3310-Principal-Subject-refactoring.patch
>
>
> This task is to refactor the broker to pass through a Subject from the authentication layer downwards, rather than a Principal. The motivation for this change is to allow the security modules to make decisions based on all principals (including Group principals) rather than merely the UsernamePrincipal.
> This task will support QPID-3283.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Updated] (QPID-3310) Principal/Subject refactoring
Posted by "Keith Wall (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Keith Wall updated QPID-3310:
-----------------------------
Attachment: 0001-QPID-3310-Principal-Subject-refactoring.patch
Hi Alex
As discussed, I've incorporated your latest comments and recreated the patch.
Thanks Keith
> Principal/Subject refactoring
> -----------------------------
>
> Key: QPID-3310
> URL: https://issues.apache.org/jira/browse/QPID-3310
> Project: Qpid
> Issue Type: Task
> Components: Java Broker
> Affects Versions: 0.10
> Reporter: Keith Wall
> Assignee: Keith Wall
> Fix For: Future
>
> Attachments: 0001-QPID-3310-Principal-Subject-refactoring.patch
>
>
> This task is to refactor the broker to pass through a Subject from the authentication layer downwards, rather than a Principal. The motivation for this change is to allow the security modules to make decisions based on all principals (including Group principals) rather than merely the UsernamePrincipal.
> This task will support QPID-3283.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Updated] (QPID-3310) Principal/Subject refactoring
Posted by "Keith Wall (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Keith Wall updated QPID-3310:
-----------------------------
Attachment: 0001-QPID-3310-Principal-Subject-refactoring.patch
Hi Robbie,
I've addressed your review comments and re-cut the patch.
cheers Keith
> Principal/Subject refactoring
> -----------------------------
>
> Key: QPID-3310
> URL: https://issues.apache.org/jira/browse/QPID-3310
> Project: Qpid
> Issue Type: Task
> Components: Java Broker
> Affects Versions: 0.10
> Reporter: Keith Wall
> Assignee: Keith Wall
> Fix For: Future
>
> Attachments: 0001-QPID-3310-Principal-Subject-refactoring.patch
>
>
> This task is to refactor the broker to pass through a Subject from the authentication layer downwards, rather than a Principal. The motivation for this change is to allow the security modules to make decisions based on all principals (including Group principals) rather than merely the UsernamePrincipal.
> This task will support QPID-3283.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Updated] (QPID-3310) Principal/Subject refactoring
Posted by "Keith Wall (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Keith Wall updated QPID-3310:
-----------------------------
Status: Ready To Review (was: In Progress)
> Principal/Subject refactoring
> -----------------------------
>
> Key: QPID-3310
> URL: https://issues.apache.org/jira/browse/QPID-3310
> Project: Qpid
> Issue Type: Task
> Components: Java Broker
> Affects Versions: 0.10
> Reporter: Keith Wall
> Assignee: Keith Wall
> Fix For: Future
>
> Attachments: 0001-QPID-3310-Principal-Subject-refactoring.patch
>
>
> This task is to refactor the broker to pass through a Subject from the authentication layer downwards, rather than a Principal. The motivation for this change is to allow the security modules to make decisions based on all principals (including Group principals) rather than merely the UsernamePrincipal.
> This task will support QPID-3283.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Updated] (QPID-3310) Principal/Subject refactoring
Posted by "Keith Wall (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Keith Wall updated QPID-3310:
-----------------------------
Attachment: 0001-QPID-3310-Principal-Subject-refactoring.patch
Hi Alex
Could you review the attached patch?
cheers Keith
> Principal/Subject refactoring
> -----------------------------
>
> Key: QPID-3310
> URL: https://issues.apache.org/jira/browse/QPID-3310
> Project: Qpid
> Issue Type: Task
> Components: Java Broker
> Affects Versions: 0.10
> Reporter: Keith Wall
> Assignee: Keith Wall
> Fix For: Future
>
> Attachments: 0001-QPID-3310-Principal-Subject-refactoring.patch
>
>
> This task is to refactor the broker to pass through a Subject from the authentication layer downwards, rather than a Principal. The motivation for this change is to allow the security modules to make decisions based on all principals (including Group principals) rather than merely the UsernamePrincipal.
> This task will support QPID-3283.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Commented] (QPID-3310) Principal/Subject refactoring
Posted by "Robbie Gemmell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13055082#comment-13055082 ]
Robbie Gemmell commented on QPID-3310:
--------------------------------------
This issue now also incorporates QPID-3267, see the linked JIRA for details.
> Principal/Subject refactoring
> -----------------------------
>
> Key: QPID-3310
> URL: https://issues.apache.org/jira/browse/QPID-3310
> Project: Qpid
> Issue Type: Task
> Components: Java Broker
> Affects Versions: 0.10
> Reporter: Keith Wall
> Assignee: Keith Wall
> Fix For: Future
>
> Attachments: 0001-QPID-3310-Principal-Subject-refactoring.patch
>
>
> This task is to refactor the broker to pass through a Subject from the authentication layer downwards, rather than a Principal. The motivation for this change is to allow the security modules to make decisions based on all principals (including Group principals) rather than merely the UsernamePrincipal.
> This task will support QPID-3283.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Resolved] (QPID-3310) Principal/Subject refactoring
Posted by "Robbie Gemmell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robbie Gemmell resolved QPID-3310.
----------------------------------
Resolution: Fixed
Fix Version/s: (was: Future)
0.13
Patch applied.
> Principal/Subject refactoring
> -----------------------------
>
> Key: QPID-3310
> URL: https://issues.apache.org/jira/browse/QPID-3310
> Project: Qpid
> Issue Type: Task
> Components: Java Broker
> Affects Versions: 0.10
> Reporter: Keith Wall
> Assignee: Robbie Gemmell
> Fix For: 0.13
>
> Attachments: 0001-QPID-3310-Principal-Subject-refactoring.patch
>
>
> This task is to refactor the broker to pass through a Subject from the authentication layer downwards, rather than a Principal. The motivation for this change is to allow the security modules to make decisions based on all principals (including Group principals) rather than merely the UsernamePrincipal.
> This task will support QPID-3283.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Updated] (QPID-3310) Principal/Subject refactoring
Posted by "Keith Wall (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Keith Wall updated QPID-3310:
-----------------------------
Attachment: (was: 0001-QPID-3310-Principal-Subject-refactoring.patch)
> Principal/Subject refactoring
> -----------------------------
>
> Key: QPID-3310
> URL: https://issues.apache.org/jira/browse/QPID-3310
> Project: Qpid
> Issue Type: Task
> Components: Java Broker
> Affects Versions: 0.10
> Reporter: Keith Wall
> Assignee: Keith Wall
> Fix For: Future
>
>
> This task is to refactor the broker to pass through a Subject from the authentication layer downwards, rather than a Principal. The motivation for this change is to allow the security modules to make decisions based on all principals (including Group principals) rather than merely the UsernamePrincipal.
> This task will support QPID-3283.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] [Updated] (QPID-3310) Principal/Subject refactoring
Posted by "Keith Wall (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/QPID-3310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Keith Wall updated QPID-3310:
-----------------------------
Attachment: 0001-QPID-3310-Principal-Subject-refactoring.patch
This patch replaces my previous. It addresses the comments raised by Alex, and I've also renamed PrincipalHolder to AuthorisationHolder, as I believe it more accurately represents its purpose.
Hi Alex, could you take another look please?
> Principal/Subject refactoring
> -----------------------------
>
> Key: QPID-3310
> URL: https://issues.apache.org/jira/browse/QPID-3310
> Project: Qpid
> Issue Type: Task
> Components: Java Broker
> Affects Versions: 0.10
> Reporter: Keith Wall
> Assignee: Keith Wall
> Fix For: Future
>
> Attachments: 0001-QPID-3310-Principal-Subject-refactoring.patch
>
>
> This task is to refactor the broker to pass through a Subject from the authentication layer downwards, rather than a Principal. The motivation for this change is to allow the security modules to make decisions based on all principals (including Group principals) rather than merely the UsernamePrincipal.
> This task will support QPID-3283.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org