You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by rg...@apache.org on 2016/06/29 23:23:10 UTC
svn commit: r1750734 [4/4] - in /qpid/java/trunk:
broker-core/src/main/java/org/apache/qpid/server/logging/
broker-core/src/main/java/org/apache/qpid/server/model/
broker-core/src/main/java/org/apache/qpid/server/model/adapter/
broker-core/src/main/jav...
Modified: qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ExchangeDestination.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ExchangeDestination.java?rev=1750734&r1=1750733&r2=1750734&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ExchangeDestination.java (original)
+++ qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ExchangeDestination.java Wed Jun 29 23:23:09 2016
@@ -20,6 +20,9 @@
*/
package org.apache.qpid.server.protocol.v1_0;
+import java.util.Collections;
+
+import org.apache.qpid.server.model.VirtualHost;
import org.apache.qpid.server.protocol.v1_0.type.Outcome;
import org.apache.qpid.server.protocol.v1_0.type.messaging.Accepted;
import org.apache.qpid.server.protocol.v1_0.type.messaging.Rejected;
@@ -27,6 +30,8 @@ import org.apache.qpid.server.protocol.v
import org.apache.qpid.server.protocol.v1_0.type.messaging.TerminusExpiryPolicy;
import org.apache.qpid.server.message.InstanceProperties;
import org.apache.qpid.server.model.Exchange;
+import org.apache.qpid.server.security.SecurityManager;
+import org.apache.qpid.server.security.SecurityToken;
import org.apache.qpid.server.txn.ServerTransaction;
public class ExchangeDestination implements ReceivingDestination, SendingDestination
@@ -96,6 +101,19 @@ public class ExchangeDestination impleme
}
@Override
+ public void authorizePublish(final SecurityToken securityToken, final Message_1_0 message)
+ {
+ final SecurityManager securityManager =
+ _exchange.getParent(VirtualHost.class).getBroker().getSecurityManager();
+
+ securityManager
+ .authoriseExecute(securityToken, _exchange, "publish",
+ Collections.<String,Object>singletonMap("routingKey", getRoutingAddress(message)));
+
+
+ }
+
+ @Override
public String getRoutingAddress(final Message_1_0 message)
{
String routingAddress;
Modified: qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/NodeReceivingDestination.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/NodeReceivingDestination.java?rev=1750734&r1=1750733&r2=1750734&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/NodeReceivingDestination.java (original)
+++ qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/NodeReceivingDestination.java Wed Jun 29 23:23:09 2016
@@ -20,6 +20,11 @@
*/
package org.apache.qpid.server.protocol.v1_0;
+import java.util.Collections;
+
+import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.model.ConfiguredObject;
+import org.apache.qpid.server.model.VirtualHost;
import org.apache.qpid.server.protocol.v1_0.type.Outcome;
import org.apache.qpid.server.protocol.v1_0.type.messaging.Accepted;
import org.apache.qpid.server.protocol.v1_0.type.messaging.Rejected;
@@ -27,6 +32,8 @@ import org.apache.qpid.server.protocol.v
import org.apache.qpid.server.protocol.v1_0.type.messaging.TerminusExpiryPolicy;
import org.apache.qpid.server.message.InstanceProperties;
import org.apache.qpid.server.message.MessageDestination;
+import org.apache.qpid.server.security.SecurityManager;
+import org.apache.qpid.server.security.SecurityToken;
import org.apache.qpid.server.txn.ServerTransaction;
public class NodeReceivingDestination implements ReceivingDestination
@@ -97,6 +104,24 @@ public class NodeReceivingDestination im
}
@Override
+ public void authorizePublish(final SecurityToken securityToken, final Message_1_0 message)
+ {
+ if(_destination instanceof ConfiguredObject)
+ {
+ ConfiguredObject<?> object = (ConfiguredObject)_destination;
+ final SecurityManager securityManager =
+ object.getModel().getAncestor(Broker.class, object).getSecurityManager();
+
+ securityManager
+ .authoriseExecute(securityToken, object, "publish",
+ Collections.<String, Object>singletonMap("routingKey",
+ getRoutingAddress(message)));
+ }
+
+
+ }
+
+ @Override
public String getRoutingAddress(final Message_1_0 message)
{
MessageMetaData_1_0.MessageHeader_1_0 messageHeader = message.getMessageHeader();
Modified: qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/QueueDestination.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/QueueDestination.java?rev=1750734&r1=1750733&r2=1750734&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/QueueDestination.java (original)
+++ qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/QueueDestination.java Wed Jun 29 23:23:09 2016
@@ -20,10 +20,15 @@
*/
package org.apache.qpid.server.protocol.v1_0;
+import java.util.Collections;
+
+import org.apache.qpid.server.model.VirtualHost;
import org.apache.qpid.server.protocol.v1_0.type.Outcome;
import org.apache.qpid.server.protocol.v1_0.type.messaging.Accepted;
import org.apache.qpid.server.message.MessageReference;
import org.apache.qpid.server.model.Queue;
+import org.apache.qpid.server.security.SecurityManager;
+import org.apache.qpid.server.security.SecurityToken;
import org.apache.qpid.server.store.MessageEnqueueRecord;
import org.apache.qpid.server.txn.ServerTransaction;
@@ -32,11 +37,13 @@ public class QueueDestination extends Me
private static final Accepted ACCEPTED = new Accepted();
private static final Outcome[] OUTCOMES = new Outcome[] { ACCEPTED };
private final String _address;
+ private final Queue<?> _queue;
public QueueDestination(Queue<?> queue, final String address)
{
super(queue);
+ _queue = queue;
_address = address;
}
@@ -93,6 +100,20 @@ public class QueueDestination extends Me
}
@Override
+ public void authorizePublish(final SecurityToken securityToken, final Message_1_0 message)
+ {
+
+ final SecurityManager securityManager =
+ _queue.getParent(VirtualHost.class).getBroker().getSecurityManager();
+
+ securityManager
+ .authoriseExecute(securityToken, _queue, "publish",
+ Collections.<String,Object>singletonMap("routingKey", getRoutingAddress(message)));
+
+
+ }
+
+ @Override
public String getAddress()
{
return _address;
Modified: qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ReceivingDestination.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ReceivingDestination.java?rev=1750734&r1=1750733&r2=1750734&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ReceivingDestination.java (original)
+++ qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ReceivingDestination.java Wed Jun 29 23:23:09 2016
@@ -22,6 +22,7 @@ package org.apache.qpid.server.protocol.
import org.apache.qpid.server.protocol.v1_0.type.Outcome;
+import org.apache.qpid.server.security.SecurityToken;
import org.apache.qpid.server.txn.ServerTransaction;
public interface ReceivingDestination extends Destination
@@ -36,4 +37,6 @@ public interface ReceivingDestination ex
String getRoutingAddress(Message_1_0 message);
String getAddress();
+
+ void authorizePublish(SecurityToken securityToken, final Message_1_0 message);
}
Modified: qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ReceivingLink_1_0.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ReceivingLink_1_0.java?rev=1750734&r1=1750733&r2=1750734&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ReceivingLink_1_0.java (original)
+++ qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/ReceivingLink_1_0.java Wed Jun 29 23:23:09 2016
@@ -199,13 +199,11 @@ public class ReceivingLink_1_0 implement
final SecurityManager securityManager = getSession().getConnection().getBroker().getSecurityManager();
try
{
- securityManager.authorisePublish(false,
- _destination.getRoutingAddress(message),
- _destination.getAddress(),
- _addressSpace.getName(),
- _attachment.getSession().getSubject(),
- message.getMessageHeader().getUserId(),
- _attachment.getSession().getAMQPConnection());
+ Session_1_0 session = getSession();
+
+ session.getAMQPConnection()
+ .checkAuthorizedMessagePrincipal(message.getMessageHeader().getUserId());
+ _destination.authorizePublish(session.getSecurityToken(), message);
Outcome outcome = _destination.send(message, transaction);
Modified: qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Session_1_0.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Session_1_0.java?rev=1750734&r1=1750733&r2=1750734&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Session_1_0.java (original)
+++ qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Session_1_0.java Wed Jun 29 23:23:09 2016
@@ -91,6 +91,7 @@ import org.apache.qpid.server.model.Sess
import org.apache.qpid.server.protocol.AMQSessionModel;
import org.apache.qpid.server.protocol.ConsumerListener;
import org.apache.qpid.server.protocol.LinkRegistry;
+import org.apache.qpid.server.security.SecurityToken;
import org.apache.qpid.server.transport.AMQPConnection;
import org.apache.qpid.server.txn.AutoCommitTransaction;
import org.apache.qpid.server.txn.ServerTransaction;
@@ -104,6 +105,7 @@ public class Session_1_0 implements AMQS
private static final Logger _logger = LoggerFactory.getLogger(Session_1_0.class);
private static final Symbol LIFETIME_POLICY = Symbol.valueOf("lifetime-policy");
private final AccessControlContext _accessControllerContext;
+ private final SecurityToken _securityToken;
private AutoCommitTransaction _transaction;
private final LinkedHashMap<Integer, ServerTransaction> _openTransactions =
@@ -180,6 +182,7 @@ public class Session_1_0 implements AMQS
_subject.getPrincipals().addAll(connection.getSubject().getPrincipals());
_subject.getPrincipals().add(new SessionPrincipal(this));
_accessControllerContext = org.apache.qpid.server.security.SecurityManager.getAccessControlContextFromSubject(_subject);
+ _securityToken = connection.getBroker().getSecurityManager().newToken(_subject);
}
public void setReceivingChannel(final short receivingChannel)
@@ -1387,6 +1390,11 @@ public class Session_1_0 implements AMQS
return _connection.getAddressSpace();
}
+ public SecurityToken getSecurityToken()
+ {
+ return _securityToken;
+ }
+
private class SubjectSpecificReceivingLinkListener implements ReceivingLinkListener
{
Modified: qpid/java/trunk/broker-plugins/management-amqp/src/main/java/org/apache/qpid/server/management/amqp/ManagementAddressSpace.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-amqp/src/main/java/org/apache/qpid/server/management/amqp/ManagementAddressSpace.java?rev=1750734&r1=1750733&r2=1750734&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-amqp/src/main/java/org/apache/qpid/server/management/amqp/ManagementAddressSpace.java (original)
+++ qpid/java/trunk/broker-plugins/management-amqp/src/main/java/org/apache/qpid/server/management/amqp/ManagementAddressSpace.java Wed Jun 29 23:23:09 2016
@@ -157,8 +157,7 @@ public class ManagementAddressSpace impl
public boolean authoriseCreateConnection(final AMQPConnection<?> connection)
{
SecurityManager securityManager = _broker.getSecurityManager();
- securityManager.authoriseCreateConnection(connection);
- securityManager.accessManagement();
+ securityManager.authoriseExecute(_broker, "manage", Collections.<String,Object>emptyMap());
return true;
}
Modified: qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java?rev=1750734&r1=1750733&r2=1750734&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java (original)
+++ qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagementUtil.java Wed Jun 29 23:23:09 2016
@@ -113,7 +113,7 @@ public class HttpManagementUtil
subject = createServletConnectionSubject(request, subject);
- assertManagementAccess(broker.getSecurityManager(), subject);
+ assertManagementAccess(broker, subject);
saveAuthorisedSubject(request, subject);
}
@@ -130,14 +130,14 @@ public class HttpManagementUtil
return subject;
}
- public static void assertManagementAccess(final SecurityManager securityManager, Subject subject)
+ public static void assertManagementAccess(final Broker<?> broker, Subject subject)
{
Subject.doAs(subject, new PrivilegedAction<Void>()
{
@Override
public Void run()
{
- securityManager.accessManagement();
+ broker.getSecurityManager().authoriseExecute(broker,"manage",Collections.<String,Object>emptyMap());
return null;
}
});
Modified: qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java?rev=1750734&r1=1750733&r2=1750734&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java (original)
+++ qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticator.java Wed Jun 29 23:23:09 2016
@@ -206,7 +206,7 @@ public class OAuth2InteractiveAuthentica
private void authoriseManagement(final Subject subject)
{
Broker broker = (Broker) oauth2Provider.getParent(Broker.class);
- HttpManagementUtil.assertManagementAccess(broker.getSecurityManager(), subject);
+ HttpManagementUtil.assertManagementAccess(broker, subject);
}
};
}
Modified: qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java?rev=1750734&r1=1750733&r2=1750734&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java (original)
+++ qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java Wed Jun 29 23:23:09 2016
@@ -220,7 +220,7 @@ public class SaslServlet extends Abstrac
Broker broker = getBroker();
try
{
- HttpManagementUtil.assertManagementAccess(broker.getSecurityManager(), original);
+ HttpManagementUtil.assertManagementAccess(broker, original);
Subject subject = HttpManagementUtil.createServletConnectionSubject(request, original);
HttpManagementUtil.saveAuthorisedSubject(request, subject);
Modified: qpid/java/trunk/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticatorTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticatorTest.java?rev=1750734&r1=1750733&r2=1750734&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticatorTest.java (original)
+++ qpid/java/trunk/broker-plugins/management-http/src/test/java/org/apache/qpid/server/management/plugin/auth/OAuth2InteractiveAuthenticatorTest.java Wed Jun 29 23:23:09 2016
@@ -22,6 +22,7 @@ package org.apache.qpid.server.managemen
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.anyInt;
+import static org.mockito.Matchers.anyMap;
import static org.mockito.Matchers.anyString;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.doAnswer;
@@ -307,7 +308,7 @@ public class OAuth2InteractiveAuthentica
}
return null;
}
- }).when(mockSecurityManager).accessManagement();
+ }).when(mockSecurityManager).authoriseExecute(eq(mockBroker), eq("manage"), anyMap());
when(mockBroker.getSecurityManager()).thenReturn(mockSecurityManager);
when(authenticationProvider.getAuthorizationEndpointURI()).thenReturn(new URI(TEST_AUTHORIZATION_ENDPOINT));
Modified: qpid/java/trunk/systests/src/test/java/org/apache/qpid/server/security/acl/ExternalACLTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/test/java/org/apache/qpid/server/security/acl/ExternalACLTest.java?rev=1750734&r1=1750733&r2=1750734&view=diff
==============================================================================
--- qpid/java/trunk/systests/src/test/java/org/apache/qpid/server/security/acl/ExternalACLTest.java (original)
+++ qpid/java/trunk/systests/src/test/java/org/apache/qpid/server/security/acl/ExternalACLTest.java Wed Jun 29 23:23:09 2016
@@ -76,7 +76,7 @@ public class ExternalACLTest extends Abs
private void assertAccessDeniedException(JMSException e)
{
- assertEquals("Unexpected exception message", "Error creating connection: Permission denied: test", e.getMessage());
+ assertEquals("Unexpected exception message", "Error creating connection: Permission denied on VirtualHost 'test' to perform 'connect' operation", e.getMessage());
// JMSException -> linkedException -> cause = AMQException (403 or 320)
Exception linkedException = e.getLinkedException();
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org