diff options
| author | Robert Gemmell <robbie@apache.org> | 2011-07-15 08:55:58 +0000 |
|---|---|---|
| committer | Robert Gemmell <robbie@apache.org> | 2011-07-15 08:55:58 +0000 |
| commit | 0a816b7543bd5262b9789662fb812d445518b562 (patch) | |
| tree | df76210cfa5053721a037b0bcef47b3a888fcce9 /qpid/java | |
| parent | d58b837942a135533f3ec576a133c7ceecad3eee (diff) | |
| download | qpid-python-0a816b7543bd5262b9789662fb812d445518b562.tar.gz | |
QPID-3283: make Authentication Manager pluggable.
Refactors AuthenticationManager and collaborators to allow of AuthenticationManager to be plugged in from the configuration XML. Change PrincipalDatabaseAuthenticationManager to become a pluggable implementation. This change removes support for the <principal-databases> element within the config.xml. Existing use-cases are supported by the new element <pd-auth-manager/> which enables use of the PDAM implementation. Also resolves QPID-1347.
Applied patch by Keith Wall <keith.wall@gmail.com>
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1147036 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/java')
26 files changed, 667 insertions, 764 deletions
diff --git a/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java b/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java index 24b8bbe36c..e078675efc 100644 --- a/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java +++ b/qpid/java/broker-plugins/firewall/src/test/java/org/apache/qpid/server/security/access/FirewallConfigurationTest.java @@ -80,9 +80,8 @@ public class FirewallConfigurationTest extends QpidTestCase out.write("\t<cache-directory>${QPID_WORK}/cache</cache-directory>\n"); out.write("\t<management><enabled>false</enabled></management>\n"); out.write("\t<security>\n"); - out.write("\t\t<principal-databases>\n"); + out.write("\t\t<pd-auth-manager>\n"); out.write("\t\t\t<principal-database>\n"); - out.write("\t\t\t\t<name>passwordfile</name>\n"); out.write("\t\t\t\t<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>\n"); out.write("\t\t\t\t<attributes>\n"); out.write("\t\t\t\t\t<attribute>\n"); @@ -91,7 +90,7 @@ public class FirewallConfigurationTest extends QpidTestCase out.write("\t\t\t\t\t</attribute>\n"); out.write("\t\t\t\t</attributes>\n"); out.write("\t\t\t</principal-database>\n"); - out.write("\t\t</principal-databases>\n"); + out.write("\t\t</pd-auth-manager>\n"); out.write("\t\t<firewall>\n"); out.write("\t\t\t<xml fileName=\"" + fileB.getAbsolutePath() + "\"/>"); out.write("\t\t</firewall>\n"); @@ -163,9 +162,8 @@ public class FirewallConfigurationTest extends QpidTestCase out.write("\t<plugin-directory>${QPID_HOME}/lib/plugins</plugin-directory>\n"); out.write("\t<management><enabled>false</enabled></management>\n"); out.write("\t<security>\n"); - out.write("\t\t<principal-databases>\n"); + out.write("\t\t<pd-auth-manager>\n"); out.write("\t\t\t<principal-database>\n"); - out.write("\t\t\t\t<name>passwordfile</name>\n"); out.write("\t\t\t\t<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>\n"); out.write("\t\t\t\t<attributes>\n"); out.write("\t\t\t\t\t<attribute>\n"); @@ -174,7 +172,7 @@ public class FirewallConfigurationTest extends QpidTestCase out.write("\t\t\t\t\t</attribute>\n"); out.write("\t\t\t\t</attributes>\n"); out.write("\t\t\t</principal-database>\n"); - out.write("\t\t</principal-databases>\n"); + out.write("\t\t</pd-auth-manager>\n"); out.write("\t\t<firewall>\n"); out.write("\t\t\t<xml fileName=\"" + fileB.getAbsolutePath() + "\"/>"); out.write("\t\t</firewall>\n"); @@ -262,9 +260,8 @@ public class FirewallConfigurationTest extends QpidTestCase out.write("\t<plugin-directory>${QPID_HOME}/lib/plugins</plugin-directory>\n"); out.write("\t<management><enabled>false</enabled></management>\n"); out.write("\t<security>\n"); - out.write("\t\t<principal-databases>\n"); + out.write("\t\t<pd-auth-manager>\n"); out.write("\t\t\t<principal-database>\n"); - out.write("\t\t\t\t<name>passwordfile</name>\n"); out.write("\t\t\t\t<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>\n"); out.write("\t\t\t\t<attributes>\n"); out.write("\t\t\t\t\t<attribute>\n"); @@ -273,7 +270,7 @@ public class FirewallConfigurationTest extends QpidTestCase out.write("\t\t\t\t\t</attribute>\n"); out.write("\t\t\t\t</attributes>\n"); out.write("\t\t\t</principal-database>\n"); - out.write("\t\t</principal-databases>\n"); + out.write("\t\t</pd-auth-manager>\n"); out.write("\t\t<firewall>\n"); out.write("\t\t\t<rule access=\""+ ((allow) ? "allow" : "deny") +"\" network=\"127.0.0.1\"/>"); out.write("\t\t</firewall>\n"); diff --git a/qpid/java/broker/etc/access b/qpid/java/broker/etc/access deleted file mode 100644 index 58b7443fa9..0000000000 --- a/qpid/java/broker/etc/access +++ /dev/null @@ -1,19 +0,0 @@ -#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-guest:localhost(rw),test(rw)
\ No newline at end of file diff --git a/qpid/java/broker/etc/config.xml b/qpid/java/broker/etc/config.xml index f4758d77a8..61f1c832b1 100644 --- a/qpid/java/broker/etc/config.xml +++ b/qpid/java/broker/etc/config.xml @@ -62,10 +62,8 @@ </advanced> <security> - <principal-databases> - <!-- Example use of Base64 encoded MD5 hashes for authentication via CRAM-MD5-Hashed --> + <pd-auth-manager> <principal-database> - <name>passwordfile</name> <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class> <attributes> <attribute> @@ -74,7 +72,7 @@ </attribute> </attributes> </principal-database> - </principal-databases> + </pd-auth-manager> <allow-all /> diff --git a/qpid/java/broker/etc/passwdVhost b/qpid/java/broker/etc/passwdVhost deleted file mode 100644 index 48ce8299b6..0000000000 --- a/qpid/java/broker/etc/passwdVhost +++ /dev/null @@ -1,19 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# -guest:guest:localhost,test diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java index 14de7c1723..0621b87f0a 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java @@ -217,6 +217,13 @@ public class ServerConfiguration extends ConfigurationPlugin implements SignalHa + (_configFile == null ? "" : " Configuration file : " + _configFile); throw new ConfigurationException(message); } + + if (getListValue("security.principal-databases.principal-database(0).class").size() > 0) + { + String message = "Validation error : security/principal-databases is no longer supported within the configuration xml." + + (_configFile == null ? "" : " Configuration file : " + _configFile); + throw new ConfigurationException(message); + } } /* @@ -514,28 +521,6 @@ public class ServerConfiguration extends ConfigurationPlugin implements SignalHa _virtualHosts.put(config.getName(), config); } - public List<String> getPrincipalDatabaseNames() - { - return getListValue("security.principal-databases.principal-database.name"); - } - - public List<String> getPrincipalDatabaseClass() - { - return getListValue("security.principal-databases.principal-database.class"); - } - - public List<String> getPrincipalDatabaseAttributeNames(int index) - { - String name = "security.principal-databases.principal-database(" + index + ")." + "attributes.attribute.name"; - return getListValue(name); - } - - public List<String> getPrincipalDatabaseAttributeValues(int index) - { - String name = "security.principal-databases.principal-database(" + index + ")." + "attributes.attribute.value"; - return getListValue(name); - } - public int getFrameSize() { return getIntValue("advanced.framesize", DEFAULT_FRAME_SIZE); diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/Plugin.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/Plugin.java index e7f9983fff..804a9d5027 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/Plugin.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/Plugin.java @@ -27,5 +27,5 @@ public interface Plugin /** * Provide Configuration to this plugin */ - public void configure(ConfigurationPlugin config); + public void configure(ConfigurationPlugin config) throws ConfigurationException; } diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java index 4e40305dbb..c8a7b56ccb 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java @@ -18,8 +18,16 @@ */ package org.apache.qpid.server.plugins; -import static org.apache.felix.framework.util.FelixConstants.*; -import static org.apache.felix.main.AutoProcessor.*; +import static org.apache.felix.framework.util.FelixConstants.SYSTEMBUNDLE_ACTIVATORS_PROP; +import static org.apache.felix.main.AutoProcessor.AUTO_DEPLOY_ACTION_PROPERY; +import static org.apache.felix.main.AutoProcessor.AUTO_DEPLOY_DIR_PROPERY; +import static org.apache.felix.main.AutoProcessor.AUTO_DEPLOY_INSTALL_VALUE; +import static org.apache.felix.main.AutoProcessor.AUTO_DEPLOY_START_VALUE; +import static org.apache.felix.main.AutoProcessor.process; +import static org.osgi.framework.Constants.FRAMEWORK_STORAGE; +import static org.osgi.framework.Constants.FRAMEWORK_STORAGE_CLEAN; +import static org.osgi.framework.Constants.FRAMEWORK_STORAGE_CLEAN_ONFIRSTINIT; +import static org.osgi.framework.Constants.FRAMEWORK_SYSTEMPACKAGES; import java.io.File; import java.util.ArrayList; @@ -35,18 +43,20 @@ import org.apache.felix.framework.util.StringMap; import org.apache.log4j.Logger; import org.apache.qpid.common.Closeable; import org.apache.qpid.server.configuration.TopicConfiguration; +import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory; import org.apache.qpid.server.configuration.plugins.SlowConsumerDetectionConfiguration.SlowConsumerDetectionConfigurationFactory; import org.apache.qpid.server.configuration.plugins.SlowConsumerDetectionPolicyConfiguration.SlowConsumerDetectionPolicyConfigurationFactory; import org.apache.qpid.server.configuration.plugins.SlowConsumerDetectionQueueConfiguration.SlowConsumerDetectionQueueConfigurationFactory; -import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory; import org.apache.qpid.server.exchange.ExchangeType; import org.apache.qpid.server.security.SecurityManager; import org.apache.qpid.server.security.SecurityPluginFactory; import org.apache.qpid.server.security.access.plugins.AllowAll; import org.apache.qpid.server.security.access.plugins.DenyAll; import org.apache.qpid.server.security.access.plugins.LegacyAccess; -import org.apache.qpid.server.virtualhost.plugins.VirtualHostPluginFactory; +import org.apache.qpid.server.security.auth.manager.AuthenticationManagerPluginFactory; +import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager; import org.apache.qpid.server.virtualhost.plugins.SlowConsumerDetection; +import org.apache.qpid.server.virtualhost.plugins.VirtualHostPluginFactory; import org.apache.qpid.server.virtualhost.plugins.policies.TopicDeletePolicy; import org.apache.qpid.slowconsumerdetection.policies.SlowConsumerPolicyPluginFactory; import org.osgi.framework.BundleActivator; @@ -72,6 +82,7 @@ public class PluginManager implements Closeable private ServiceTracker _configTracker = null; private ServiceTracker _virtualHostTracker = null; private ServiceTracker _policyTracker = null; + private ServiceTracker _authenticationManagerTracker = null; private Activator _activator; @@ -79,6 +90,7 @@ public class PluginManager implements Closeable private Map<List<String>, ConfigurationPluginFactory> _configPlugins = new IdentityHashMap<List<String>, ConfigurationPluginFactory>(); private Map<String, VirtualHostPluginFactory> _vhostPlugins = new HashMap<String, VirtualHostPluginFactory>(); private Map<String, SlowConsumerPolicyPluginFactory> _policyPlugins = new HashMap<String, SlowConsumerPolicyPluginFactory>(); + private Map<String, AuthenticationManagerPluginFactory<? extends Plugin>> _authenticationManagerPlugins = new HashMap<String, AuthenticationManagerPluginFactory<? extends Plugin>>(); public PluginManager(String pluginPath, String cachePath) throws Exception { @@ -97,7 +109,8 @@ public class PluginManager implements Closeable LegacyAccess.LegacyAccessConfiguration.FACTORY, new SlowConsumerDetectionConfigurationFactory(), new SlowConsumerDetectionPolicyConfigurationFactory(), - new SlowConsumerDetectionQueueConfigurationFactory())) + new SlowConsumerDetectionQueueConfigurationFactory(), + PrincipalDatabaseAuthenticationManager.PrincipalDatabaseAuthenticationManagerConfiguration.FACTORY)) { _configPlugins.put(configFactory.getParentPaths(), configFactory); } @@ -112,6 +125,12 @@ public class PluginManager implements Closeable _vhostPlugins.put(pluginFactory.getClass().getName(), pluginFactory); } + for (AuthenticationManagerPluginFactory<? extends Plugin> pluginFactory : Arrays.asList( + PrincipalDatabaseAuthenticationManager.FACTORY)) + { + _authenticationManagerPlugins.put(pluginFactory.getPluginName(), pluginFactory); + } + // Check the plugin directory path is set and exist if (pluginPath == null) { @@ -232,6 +251,9 @@ public class PluginManager implements Closeable _policyTracker = new ServiceTracker(_activator.getContext(), SlowConsumerPolicyPluginFactory.class.getName(), null); _policyTracker.open(); + _authenticationManagerTracker = new ServiceTracker(_activator.getContext(), AuthenticationManagerPluginFactory.class.getName(), null); + _authenticationManagerTracker.open(); + _logger.info("Opened service trackers"); } @@ -302,6 +324,11 @@ public class PluginManager implements Closeable return getServices(_securityTracker, _securityPlugins); } + public Map<String, AuthenticationManagerPluginFactory<? extends Plugin>> getAuthenticationManagerPlugins() + { + return getServices(_authenticationManagerTracker, _authenticationManagerPlugins); + } + public void close() { if (_felix != null) @@ -314,6 +341,7 @@ public class PluginManager implements Closeable _configTracker.close(); _virtualHostTracker.close(); _policyTracker.close(); + _authenticationManagerTracker.close(); } finally { diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java index 3c6497d8be..7c804fc1fd 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java @@ -21,7 +21,9 @@ package org.apache.qpid.server.registry; import java.net.InetSocketAddress; +import java.util.Collection; import java.util.HashMap; +import java.util.Iterator; import java.util.Map; import java.util.Timer; import java.util.TimerTask; @@ -52,12 +54,12 @@ import org.apache.qpid.server.logging.messages.BrokerMessages; import org.apache.qpid.server.logging.messages.VirtualHostMessages; import org.apache.qpid.server.management.ManagedObjectRegistry; import org.apache.qpid.server.management.NoopManagedObjectRegistry; +import org.apache.qpid.server.plugins.Plugin; import org.apache.qpid.server.plugins.PluginManager; import org.apache.qpid.server.security.SecurityManager; -import org.apache.qpid.server.security.auth.database.ConfigurationFilePrincipalDatabaseManager; -import org.apache.qpid.server.security.auth.database.PrincipalDatabaseManager; +import org.apache.qpid.server.security.SecurityManager.SecurityConfiguration; import org.apache.qpid.server.security.auth.manager.AuthenticationManager; -import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager; +import org.apache.qpid.server.security.auth.manager.AuthenticationManagerPluginFactory; import org.apache.qpid.server.stats.StatisticsCounter; import org.apache.qpid.server.transport.QpidAcceptor; import org.apache.qpid.server.virtualhost.VirtualHost; @@ -89,8 +91,6 @@ public abstract class ApplicationRegistry implements IApplicationRegistry protected SecurityManager _securityManager; - protected PrincipalDatabaseManager _databaseManager; - protected PluginManager _pluginManager; protected ConfigurationManager _configurationManager; @@ -253,11 +253,7 @@ public abstract class ApplicationRegistry implements IApplicationRegistry _securityManager = new SecurityManager(_configuration, _pluginManager); - createDatabaseManager(_configuration); - - _authenticationManager = new PrincipalDatabaseAuthenticationManager(); - - _databaseManager.initialiseManagement(_configuration); + _authenticationManager = createAuthenticationManager(); _managedObjectRegistry.start(); } @@ -280,9 +276,51 @@ public abstract class ApplicationRegistry implements IApplicationRegistry } } - protected void createDatabaseManager(ServerConfiguration configuration) throws Exception + /** + * Iterates across all discovered authentication manager factories, offering the security configuration to each. + * Expects <b>exactly</b> one authentication manager to configure and initialise itself. + * + * It is an error to configure more than one authentication manager, or to configure none. + * + * @return authentication manager + * @throws ConfigurationException + */ + protected AuthenticationManager createAuthenticationManager() throws ConfigurationException { - _databaseManager = new ConfigurationFilePrincipalDatabaseManager(_configuration); + final SecurityConfiguration securityConfiguration = _configuration.getConfiguration(SecurityConfiguration.class.getName()); + final Collection<AuthenticationManagerPluginFactory<? extends Plugin>> factories = _pluginManager.getAuthenticationManagerPlugins().values(); + + if (factories.size() == 0) + { + throw new ConfigurationException("No authentication manager factory plugins found. Check the desired authentication" + + "manager plugin has been placed in the plugins directory."); + } + + AuthenticationManager authMgr = null; + + for (final Iterator<AuthenticationManagerPluginFactory<? extends Plugin>> iterator = factories.iterator(); iterator.hasNext();) + { + final AuthenticationManagerPluginFactory<? extends Plugin> factory = (AuthenticationManagerPluginFactory<? extends Plugin>) iterator.next(); + final AuthenticationManager tmp = factory.newInstance(securityConfiguration); + if (tmp != null) + { + if (authMgr != null) + { + throw new ConfigurationException("Cannot configure more than one authentication manager." + + " Both " + tmp.getClass() + " and " + authMgr.getClass() + " are configured." + + " Remove configuration for one of the authentication manager, or remove the plugin JAR" + + " from the classpath."); + } + authMgr = tmp; + } + } + + if (authMgr == null) + { + throw new ConfigurationException("No authentication managers configured within the configure file."); + } + + return authMgr; } protected void initialiseVirtualHosts() throws Exception @@ -422,10 +460,6 @@ public abstract class ApplicationRegistry implements IApplicationRegistry //Shutdown virtualhosts close(_virtualHostRegistry); -// close(_accessManager); -// -// close(_databaseManager); - close(_authenticationManager); close(_managedObjectRegistry); @@ -487,11 +521,6 @@ public abstract class ApplicationRegistry implements IApplicationRegistry return _managedObjectRegistry; } - public PrincipalDatabaseManager getDatabaseManager() - { - return _databaseManager; - } - public AuthenticationManager getAuthenticationManager() { return _authenticationManager; diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java index dbd3780c73..c27e0d19ec 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java @@ -33,7 +33,6 @@ import org.apache.qpid.server.logging.RootMessageLogger; import org.apache.qpid.server.management.ManagedObjectRegistry; import org.apache.qpid.server.plugins.PluginManager; import org.apache.qpid.server.security.SecurityManager; -import org.apache.qpid.server.security.auth.database.PrincipalDatabaseManager; import org.apache.qpid.server.security.auth.manager.AuthenticationManager; import org.apache.qpid.server.stats.StatisticsGatherer; import org.apache.qpid.server.transport.QpidAcceptor; @@ -63,8 +62,6 @@ public interface IApplicationRegistry extends StatisticsGatherer ManagedObjectRegistry getManagedObjectRegistry(); - PrincipalDatabaseManager getDatabaseManager(); - AuthenticationManager getAuthenticationManager(); VirtualHostRegistry getVirtualHostRegistry(); diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/ConfigurationFilePrincipalDatabaseManager.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/ConfigurationFilePrincipalDatabaseManager.java deleted file mode 100644 index a22c66c73d..0000000000 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/ConfigurationFilePrincipalDatabaseManager.java +++ /dev/null @@ -1,190 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.server.security.auth.database; - -import java.io.FileNotFoundException; -import java.io.IOException; -import java.lang.reflect.Method; -import java.util.Collection; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.apache.commons.configuration.Configuration; -import org.apache.commons.configuration.ConfigurationException; - -import org.apache.log4j.Logger; - -import org.apache.qpid.configuration.PropertyUtils; -import org.apache.qpid.configuration.PropertyException; -import org.apache.qpid.server.configuration.ServerConfiguration; -import org.apache.qpid.server.registry.ApplicationRegistry; -import org.apache.qpid.server.security.auth.database.PrincipalDatabase; -import org.apache.qpid.server.security.auth.database.PrincipalDatabaseManager; -import org.apache.qpid.server.security.auth.management.AMQUserManagementMBean; -import org.apache.qpid.AMQException; - -import javax.management.JMException; - -public class ConfigurationFilePrincipalDatabaseManager implements PrincipalDatabaseManager -{ - private static final Logger _logger = Logger.getLogger(ConfigurationFilePrincipalDatabaseManager.class); - - Map<String, PrincipalDatabase> _databases; - - public ConfigurationFilePrincipalDatabaseManager(ServerConfiguration _configuration) throws Exception - { - _logger.info("Initialising PrincipalDatabase authentication manager"); - _databases = initialisePrincipalDatabases(_configuration); - } - - private Map<String, PrincipalDatabase> initialisePrincipalDatabases(ServerConfiguration _configuration) throws Exception - { - List<String> databaseNames = _configuration.getPrincipalDatabaseNames(); - List<String> databaseClasses = _configuration.getPrincipalDatabaseClass(); - Map<String, PrincipalDatabase> databases = new HashMap<String, PrincipalDatabase>(); - - if (databaseNames.size() == 0) - { - _logger.warn("No Principal databases specified. Broker running with NO AUTHENTICATION"); - } - - for (int i = 0; i < databaseNames.size(); i++) - { - Object o; - try - { - o = Class.forName(databaseClasses.get(i)).newInstance(); - } - catch (Exception e) - { - throw new Exception("Error initialising principal database: " + e, e); - } - - if (!(o instanceof PrincipalDatabase)) - { - throw new Exception("Principal databases must implement the PrincipalDatabase interface"); - } - - initialisePrincipalDatabase((PrincipalDatabase) o, _configuration, i); - - String name = databaseNames.get(i); - if ((name == null) || (name.length() == 0)) - { - throw new Exception("Principal database names must have length greater than or equal to one character"); - } - - PrincipalDatabase pd = databases.get(name); - if (pd != null) - { - throw new Exception("Duplicate principal database name not permitted"); - } - - _logger.info("Initialised principal database '" + name + "' successfully"); - databases.put(name, (PrincipalDatabase) o); - } - - return databases; - } - - private void initialisePrincipalDatabase(PrincipalDatabase principalDatabase, ServerConfiguration _configuration, int index) - throws FileNotFoundException, ConfigurationException - { - List<String> argumentNames = _configuration.getPrincipalDatabaseAttributeNames(index); - List<String> argumentValues = _configuration.getPrincipalDatabaseAttributeValues(index); - for (int i = 0; i < argumentNames.size(); i++) - { - String argName = argumentNames.get(i); - if ((argName == null) || (argName.length() == 0)) - { - throw new ConfigurationException("Argument names must have length >= 1 character"); - } - - if (Character.isLowerCase(argName.charAt(0))) - { - argName = Character.toUpperCase(argName.charAt(0)) + argName.substring(1); - } - - String methodName = "set" + argName; - Method method = null; - try - { - method = principalDatabase.getClass().getMethod(methodName, String.class); - } - catch (Exception e) - { - // do nothing.. as on error method will be null - } - - if (method == null) - { - throw new ConfigurationException("No method " + methodName + " found in class " - + principalDatabase.getClass() - + " hence unable to configure principal database. The method must be public and " - + "have a single String argument with a void return type"); - } - - try - { - method.invoke(principalDatabase, PropertyUtils.replaceProperties(argumentValues.get(i))); - } - catch (Exception ite) - { - if (ite instanceof ConfigurationException) - { - throw(ConfigurationException) ite; - } - else - { - throw new ConfigurationException(ite.getMessage(), ite); - } - } - } - } - - public Map<String, PrincipalDatabase> getDatabases() - { - return _databases; - } - - public void initialiseManagement(ServerConfiguration config) throws ConfigurationException - { - try - { - AMQUserManagementMBean _mbean = new AMQUserManagementMBean(); - - - final Collection<PrincipalDatabase> dbs = getDatabases().values(); - if (dbs.size() == 0) - { - throw new ConfigurationException("Principal-database not found"); - } - final PrincipalDatabase database = dbs.iterator().next(); - - _mbean.setPrincipalDatabase(database); - _mbean.register(); - } - catch (JMException e) - { - _logger.warn("User management disabled as unable to create MBean:" + e); - } - } -} diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabaseManager.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabaseManager.java deleted file mode 100644 index f9882f8810..0000000000 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabaseManager.java +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - * - */ -package org.apache.qpid.server.security.auth.database; - -import org.apache.qpid.server.configuration.ServerConfiguration; -import org.apache.qpid.server.security.auth.database.PrincipalDatabase; -import org.apache.commons.configuration.Configuration; -import org.apache.commons.configuration.ConfigurationException; - -import java.util.Map; - -public interface PrincipalDatabaseManager -{ - public Map<String, PrincipalDatabase> getDatabases(); - - public void initialiseManagement(ServerConfiguration _configuration) throws ConfigurationException; -} diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PropertiesPrincipalDatabaseManager.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PropertiesPrincipalDatabaseManager.java deleted file mode 100644 index 8658101cd8..0000000000 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PropertiesPrincipalDatabaseManager.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - * - */ -package org.apache.qpid.server.security.auth.database; - -import org.apache.commons.configuration.ConfigurationException; -import org.apache.qpid.server.configuration.ServerConfiguration; - -import java.util.Map; -import java.util.Properties; -import java.util.HashMap; - -public class PropertiesPrincipalDatabaseManager implements PrincipalDatabaseManager -{ - - Map<String, PrincipalDatabase> _databases = new HashMap<String, PrincipalDatabase>(); - - public PropertiesPrincipalDatabaseManager(String name, Properties users) - { - _databases.put(name, new PropertiesPrincipalDatabase(users)); - } - - public Map<String, PrincipalDatabase> getDatabases() - { - return _databases; - } - - public void initialiseManagement(ServerConfiguration _configuration) throws ConfigurationException - { - //todo - } -} diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java index c1ef4c8ff5..4c59c25d84 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java @@ -20,18 +20,36 @@ */ package org.apache.qpid.server.security.auth.manager; +import javax.security.auth.Subject; import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; import org.apache.qpid.common.Closeable; +import org.apache.qpid.server.plugins.Plugin; import org.apache.qpid.server.security.auth.AuthenticationResult; /** - * The AuthenticationManager class is the entity responsible for - * determining the authenticity of user credentials. + * Implementations of the AuthenticationManager are responsible for determining + * the authenticity of a user's credentials. + * + * If the authentication is successful, the manager is responsible for producing a populated + * {@link Subject} containing the user's identity and zero or more principals representing + * groups to which the user belongs. + * <p> + * The {@link #initialise()} method is responsible for registering SASL mechanisms required by + * the manager. The {@link #close()} method must reverse this registration. + * */ -public interface AuthenticationManager extends Closeable +public interface AuthenticationManager extends Closeable, Plugin { + /** The name for the required SASL Server mechanisms */ + public static final String PROVIDER_NAME= "AMQSASLProvider-Server"; + + /** + * Initialise the authentication plugin. + * + */ + void initialise(); /** * Gets the SASL mechanisms known to this manager. diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerPluginFactory.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerPluginFactory.java new file mode 100644 index 0000000000..a51f195761 --- /dev/null +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerPluginFactory.java @@ -0,0 +1,32 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.qpid.server.security.auth.manager; + +import org.apache.qpid.server.plugins.PluginFactory; + +/** + * Factory producing authentication producing configured, initialised authentication + * managers. + */ +public interface AuthenticationManagerPluginFactory<S extends AuthenticationManager> extends PluginFactory<S> +{ + +} diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java index d36bbc4f46..de0fd3d4e2 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java @@ -20,32 +20,64 @@ */ package org.apache.qpid.server.security.auth.manager; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.security.Security; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.TreeMap; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.AccountNotFoundException; +import javax.security.sasl.Sasl; +import javax.security.sasl.SaslException; +import javax.security.sasl.SaslServer; +import javax.security.sasl.SaslServerFactory; + +import org.apache.commons.configuration.Configuration; +import org.apache.commons.configuration.ConfigurationException; import org.apache.log4j.Logger; -import org.apache.qpid.server.registry.ApplicationRegistry; -import org.apache.qpid.server.security.auth.manager.AuthenticationManager; +import org.apache.qpid.configuration.PropertyException; +import org.apache.qpid.configuration.PropertyUtils; +import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin; +import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory; +import org.apache.qpid.server.security.auth.AuthenticationResult; import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus; import org.apache.qpid.server.security.auth.database.PrincipalDatabase; -import org.apache.qpid.server.security.auth.sasl.JCAProvider; +import org.apache.qpid.server.security.auth.management.AMQUserManagementMBean; import org.apache.qpid.server.security.auth.sasl.AuthenticationProviderInitialiser; +import org.apache.qpid.server.security.auth.sasl.JCAProvider; import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal; -import org.apache.qpid.server.security.auth.AuthenticationResult; -import javax.security.auth.Subject; -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.login.AccountNotFoundException; -import javax.security.sasl.SaslServerFactory; -import javax.security.sasl.SaslServer; -import javax.security.sasl.SaslException; -import javax.security.sasl.Sasl; -import java.util.Map; -import java.util.HashMap; -import java.util.TreeMap; -import java.security.Security; /** * Concrete implementation of the AuthenticationManager that determines if supplied - * user credentials match those appearing in a PrincipalDatabase. + * user credentials match those appearing in a PrincipalDatabase. The implementation + * of the PrincipalDatabase is determined from the configuration. + * + * This implementation also registers the JMX UserManagemement MBean. + * + * This plugin expects configuration such as: * + * <pre> + * <pd-auth-manager> + * <principal-database> + * <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class> + * <attributes> + * <attribute> + * <name>passwordFile</name> + * <value>${conf}/passwd</value> + * </attribute> + * </attributes> + * </principal-database> + * </pd-auth-manager> + * </pre> */ public class PrincipalDatabaseAuthenticationManager implements AuthenticationManager { @@ -55,58 +87,125 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan private String _mechanisms; /** Maps from the mechanism to the callback handler to use for handling those requests */ - private Map<String, CallbackHandler> _callbackHandlerMap = new HashMap<String, CallbackHandler>(); + private final Map<String, CallbackHandler> _callbackHandlerMap = new HashMap<String, CallbackHandler>(); /** * Maps from the mechanism to the properties used to initialise the server. See the method Sasl.createSaslServer for * details of the use of these properties. This map is populated during initialisation of each provider. */ - private Map<String, Map<String, ?>> _serverCreationProperties = new HashMap<String, Map<String, ?>>(); + private final Map<String, Map<String, ?>> _serverCreationProperties = new HashMap<String, Map<String, ?>>(); + + protected PrincipalDatabase _principalDatabase = null; - /** The name for the required SASL Server mechanisms */ - public static final String PROVIDER_NAME= "AMQSASLProvider-Server"; + protected AMQUserManagementMBean _mbean = null; - public PrincipalDatabaseAuthenticationManager() + public static final AuthenticationManagerPluginFactory<PrincipalDatabaseAuthenticationManager> FACTORY = new AuthenticationManagerPluginFactory<PrincipalDatabaseAuthenticationManager>() { - _logger.info("Initialising PrincipalDatabase authentication manager."); + public PrincipalDatabaseAuthenticationManager newInstance(final ConfigurationPlugin config) throws ConfigurationException + { + final PrincipalDatabaseAuthenticationManagerConfiguration configuration = config.getConfiguration(PrincipalDatabaseAuthenticationManagerConfiguration.class.getName()); - Map<String, Class<? extends SaslServerFactory>> providerMap = new TreeMap<String, Class<? extends SaslServerFactory>>(); + // If there is no configuration for this plugin then don't load it. + if (configuration == null) + { + _logger.info("No authentication-manager configuration found for PrincipalDatabaseAuthenticationManager"); + return null; + } + final PrincipalDatabaseAuthenticationManager pdam = new PrincipalDatabaseAuthenticationManager(); + pdam.configure(configuration); + pdam.initialise(); + return pdam; + } - initialiseAuthenticationMechanisms(providerMap, ApplicationRegistry.getInstance().getDatabaseManager().getDatabases()); + public Class<PrincipalDatabaseAuthenticationManager> getPluginClass() + { + return PrincipalDatabaseAuthenticationManager.class; + } - if (providerMap.size() > 0) + public String getPluginName() { - // Ensure we are used before the defaults - if (Security.insertProviderAt(new JCAProvider(PROVIDER_NAME, providerMap), 1) == -1) + return PrincipalDatabaseAuthenticationManager.class.getName(); + } + }; + + public static class PrincipalDatabaseAuthenticationManagerConfiguration extends ConfigurationPlugin { + + public static final ConfigurationPluginFactory FACTORY = new ConfigurationPluginFactory() + { + public List<String> getParentPaths() { - _logger.error("Unable to load custom SASL providers. Qpid custom SASL authenticators unavailable."); + return Arrays.asList("security.pd-auth-manager"); } - else + + public ConfigurationPlugin newInstance(final String path, final Configuration config) throws ConfigurationException { - _logger.info("Additional SASL providers successfully registered."); + final ConfigurationPlugin instance = new PrincipalDatabaseAuthenticationManagerConfiguration(); + + instance.setConfiguration(path, config); + return instance; } + }; + public String[] getElementsProcessed() + { + return new String[] {"principal-database.class", + "principal-database.attributes.attribute.name", + "principal-database.attributes.attribute.value"}; } - else + + public void validateConfiguration() throws ConfigurationException { - _logger.warn("No additional SASL providers registered."); + } + + public String getPrincipalDatabaseClass() + { + return _configuration.getString("principal-database.class"); + } + + public Map<String,String> getPdClassAttributeMap() throws ConfigurationException + { + final List<String> argumentNames = _configuration.getList("principal-database.attributes.attribute.name"); + final List<String> argumentValues = _configuration.getList("principal-database.attributes.attribute.value"); + final Map<String,String> attributes = new HashMap<String,String>(argumentNames.size()); + + for (int i = 0; i < argumentNames.size(); i++) + { + final String argName = argumentNames.get(i); + final String argValue = argumentValues.get(i); + + attributes.put(argName, argValue); + } + + return Collections.unmodifiableMap(attributes); } } - private void initialiseAuthenticationMechanisms(Map<String, Class<? extends SaslServerFactory>> providerMap, Map<String, PrincipalDatabase> databases) + protected PrincipalDatabaseAuthenticationManager() { - if (databases.size() > 1) + } + + public void initialise() + { + final Map<String, Class<? extends SaslServerFactory>> providerMap = new TreeMap<String, Class<? extends SaslServerFactory>>(); + + initialiseAuthenticationMechanisms(providerMap, _principalDatabase); + + if (providerMap.size() > 0) { - _logger.warn("More than one principle database provided currently authentication mechanism will override each other."); + // Ensure we are used before the defaults + if (Security.insertProviderAt(new JCAProvider(PROVIDER_NAME, providerMap), 1) == -1) + { + _logger.error("Unable to load custom SASL providers. Qpid custom SASL authenticators unavailable."); + } + else + { + _logger.info("Additional SASL providers successfully registered."); + } } - - for (Map.Entry<String, PrincipalDatabase> entry : databases.entrySet()) + else { - // fixme As the database now provide the mechanisms they support, they will ... - // overwrite each other in the map. There should only be one database per vhost. - // But currently we must have authentication before vhost definition. - initialiseAuthenticationMechanisms(providerMap, entry.getValue()); + _logger.warn("No additional SASL providers registered."); } } @@ -126,7 +225,6 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan private void initialiseAuthenticationMechanism(String mechanism, AuthenticationProviderInitialiser initialiser, Map<String, Class<? extends SaslServerFactory>> providerMap) - { if (_mechanisms == null) { @@ -147,6 +245,21 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan _logger.info("Initialised " + mechanism + " SASL provider successfully"); } + /** + * @see org.apache.qpid.server.plugins.Plugin#configure(org.apache.qpid.server.configuration.plugins.ConfigurationPlugin) + */ + public void configure(final ConfigurationPlugin config) throws ConfigurationException + { + final PrincipalDatabaseAuthenticationManagerConfiguration pdamConfig = (PrincipalDatabaseAuthenticationManagerConfiguration) config; + final String pdClazz = pdamConfig.getPrincipalDatabaseClass(); + + _logger.info("PrincipalDatabase concrete implementation : " + pdClazz); + + _principalDatabase = createPrincipalDatabaseImpl(pdClazz); + + configPrincipalDatabase(_principalDatabase, pdamConfig); + } + public String getMechanisms() { return _mechanisms; @@ -158,6 +271,9 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan _callbackHandlerMap.get(mechanism)); } + /** + * @see org.apache.qpid.server.security.auth.manager.AuthenticationManager#authenticate(SaslServer, byte[]) + */ public AuthenticationResult authenticate(SaslServer server, byte[] response) { try @@ -182,23 +298,14 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan } } - public void close() - { - _mechanisms = null; - Security.removeProvider(PROVIDER_NAME); - } - /** * @see org.apache.qpid.server.security.auth.manager.AuthenticationManager#authenticate(String, String) */ - @Override public AuthenticationResult authenticate(final String username, final String password) { - final PrincipalDatabase db = ApplicationRegistry.getInstance().getDatabaseManager().getDatabases().values().iterator().next(); - try { - if (db.verifyPassword(username, password.toCharArray())) + if (_principalDatabase.verifyPassword(username, password.toCharArray())) { final Subject subject = new Subject(); subject.getPrincipals().add(new UsernamePrincipal(username)); @@ -214,4 +321,139 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan return new AuthenticationResult(AuthenticationStatus.CONTINUE); } } + + public void close() + { + _mechanisms = null; + Security.removeProvider(PROVIDER_NAME); + } + + private PrincipalDatabase createPrincipalDatabaseImpl(final String pdClazz) throws ConfigurationException + { + try + { + return (PrincipalDatabase) Class.forName(pdClazz).newInstance(); + } + catch (InstantiationException ie) + { + throw new ConfigurationException("Cannot instantiate " + pdClazz, ie); + } + catch (IllegalAccessException iae) + { + throw new ConfigurationException("Cannot access " + pdClazz, iae); + } + catch (ClassNotFoundException cnfe) + { + throw new ConfigurationException("Cannot load " + pdClazz + " implementation", cnfe); + } + catch (ClassCastException cce) + { + throw new ConfigurationException("Expecting a " + PrincipalDatabase.class + " implementation", cce); + } + } + + private void configPrincipalDatabase(final PrincipalDatabase principalDatabase, final PrincipalDatabaseAuthenticationManagerConfiguration config) + throws ConfigurationException + { + + final Map<String,String> attributes = config.getPdClassAttributeMap(); + + for (Iterator<Entry<String, String>> iterator = attributes.entrySet().iterator(); iterator.hasNext();) + { + final Entry<String, String> nameValuePair = iterator.next(); + final String methodName = generateSetterName(nameValuePair.getKey()); + final Method method; + try + { + method = principalDatabase.getClass().getMethod(methodName, String.class); + } + catch (Exception e) + { + throw new ConfigurationException("No method " + methodName + " found in class " + + principalDatabase.getClass() + + " hence unable to configure principal database. The method must be public and " + + "have a single String argument with a void return type", e); + } + try + { + method.invoke(principalDatabase, PropertyUtils.replaceProperties(nameValuePair.getValue())); + } + catch (IllegalArgumentException e) + { + throw new ConfigurationException(e.getMessage(), e); + } + catch (PropertyException e) + { + throw new ConfigurationException(e.getMessage(), e); + } + catch (IllegalAccessException e) + { + throw new ConfigurationException(e.getMessage(), e); + } + catch (InvocationTargetException e) + { + // QPID-1347.. InvocationTargetException wraps the checked exception thrown from the reflective + // method call. Pull out the underlying message and cause to make these more apparent to the user. + throw new ConfigurationException(e.getCause().getMessage(), e.getCause()); + } + } + } + + private String generateSetterName(String argName) throws ConfigurationException + { + if ((argName == null) || (argName.length() == 0)) + { + throw new ConfigurationException("Argument names must have length >= 1 character"); + } + + if (Character.isLowerCase(argName.charAt(0))) + { + argName = Character.toUpperCase(argName.charAt(0)) + argName.substring(1); + } + + final String methodName = "set" + argName; + return methodName; + } + + protected void setPrincipalDatabase(final PrincipalDatabase principalDatabase) + { + _principalDatabase = principalDatabase; + } + + protected void registerManagement() + { + try + { + _logger.info("Registering UserManagementMBean"); + + _mbean = new AMQUserManagementMBean(); + _mbean.setPrincipalDatabase(_principalDatabase); + _mbean.register(); + } + catch (Exception e) + { + _logger.warn("User management disabled as unable to create MBean:", e); + _mbean = null; + } + } + + protected void unregisterManagement() + { + try + { + if (_mbean != null) + { + _logger.info("Unregistering UserManagementMBean"); + _mbean.unregister(); + } + } + catch (Exception e) + { + _logger.warn("Failed to unregister User management MBean:", e); + } + finally + { + _mbean = null; + } + } } diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/AuthenticationProviderInitialiser.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/AuthenticationProviderInitialiser.java index 89e545d6f5..bc5d8a4f2b 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/AuthenticationProviderInitialiser.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/AuthenticationProviderInitialiser.java @@ -25,9 +25,6 @@ import java.util.Map; import javax.security.auth.callback.CallbackHandler; import javax.security.sasl.SaslServerFactory; -import org.apache.commons.configuration.Configuration; -import org.apache.qpid.server.security.auth.database.PrincipalDatabase; - public interface AuthenticationProviderInitialiser { /** @@ -37,24 +34,6 @@ public interface AuthenticationProviderInitialiser String getMechanismName(); /** - * Initialise the authentication provider. - * @param baseConfigPath the path in the config file that points to any config options for this provider. Each - * provider can have its own set of configuration options - * @param configuration the Apache Commons Configuration instance used to configure this provider - * @param principalDatabases the set of principal databases that are available - * @throws Exception needs refined Exception is too broad. - */ - void initialise(String baseConfigPath, Configuration configuration, - Map<String, PrincipalDatabase> principalDatabases) throws Exception; - - /** - * Initialise the authentication provider. - * @param db The principal database to initialise with - */ - void initialise(PrincipalDatabase db); - - - /** * @return the callback handler that should be used to process authentication requests for this mechanism. This will * be called after initialise and will be stored by the authentication manager. The callback handler <b>must</b> be * fully threadsafe. diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHostImpl.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHostImpl.java index 33c713c62a..52acd9085b 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHostImpl.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHostImpl.java @@ -72,7 +72,6 @@ import org.apache.qpid.server.registry.ApplicationRegistry; import org.apache.qpid.server.registry.IApplicationRegistry; import org.apache.qpid.server.security.SecurityManager; import org.apache.qpid.server.security.auth.manager.AuthenticationManager; -import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager; import org.apache.qpid.server.stats.StatisticsCounter; import org.apache.qpid.server.store.ConfigurationRecoveryHandler; import org.apache.qpid.server.store.DurableConfigurationStore; diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java index c8a35e4405..b0893eb53f 100644 --- a/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java +++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java @@ -25,7 +25,6 @@ import static org.apache.qpid.transport.ConnectionSettings.WILDCARD_ADDRESS; import java.io.File; import java.io.FileWriter; import java.io.IOException; -import java.util.List; import java.util.Locale; import org.apache.commons.configuration.ConfigurationException; @@ -111,76 +110,6 @@ public class ServerConfigurationTest extends QpidTestCase assertEquals("/path/to/cache", _serverConfig.getCacheDirectory()); } - public void testGetPrincipalDatabaseNames() throws ConfigurationException - { - // Check default - _serverConfig.initialise(); - assertEquals(0, _serverConfig.getPrincipalDatabaseNames().size()); - - // Check value we set - _config.setProperty("security.principal-databases.principal-database(0).name", "a"); - _config.setProperty("security.principal-databases.principal-database(1).name", "b"); - _serverConfig = new ServerConfiguration(_config); - _serverConfig.initialise(); - List<String> dbs = _serverConfig.getPrincipalDatabaseNames(); - assertEquals(2, dbs.size()); - assertEquals("a", dbs.get(0)); - assertEquals("b", dbs.get(1)); - } - - public void testGetPrincipalDatabaseClass() throws ConfigurationException - { - // Check default - _serverConfig.initialise(); - assertEquals(0, _serverConfig.getPrincipalDatabaseClass().size()); - - // Check value we set - _config.setProperty("security.principal-databases.principal-database(0).class", "a"); - _config.setProperty("security.principal-databases.principal-database(1).class", "b"); - _serverConfig = new ServerConfiguration(_config); - _serverConfig.initialise(); - List<String> dbs = _serverConfig.getPrincipalDatabaseClass(); - assertEquals(2, dbs.size()); - assertEquals("a", dbs.get(0)); - assertEquals("b", dbs.get(1)); - } - - public void testGetPrincipalDatabaseAttributeNames() throws ConfigurationException - { - // Check default - _serverConfig.initialise(); - assertEquals(0, _serverConfig.getPrincipalDatabaseAttributeNames(1).size()); - - // Check value we set - _config.setProperty("security.principal-databases.principal-database(0).attributes(0).attribute.name", "a"); - _config.setProperty("security.principal-databases.principal-database(0).attributes(1).attribute.name", "b"); - _serverConfig = new ServerConfiguration(_config); - _serverConfig.initialise(); - List<String> dbs = _serverConfig.getPrincipalDatabaseAttributeNames(0); - assertEquals(2, dbs.size()); - assertEquals("a", dbs.get(0)); - assertEquals("b", dbs.get(1)); - } - - public void testGetPrincipalDatabaseAttributeValues() throws ConfigurationException - { - // Check default - _serverConfig.initialise(); - assertEquals(0, _serverConfig.getPrincipalDatabaseAttributeValues(1).size()); - - // Check value we set - _config.setProperty("security.principal-databases.principal-database(0).attributes(0).attribute.value", "a"); - _config.setProperty("security.principal-databases.principal-database(0).attributes(1).attribute.value", "b"); - _serverConfig = new ServerConfiguration(_config); - _serverConfig.initialise(); - List<String> dbs = _serverConfig.getPrincipalDatabaseAttributeValues(0); - assertEquals(2, dbs.size()); - assertEquals("a", dbs.get(0)); - assertEquals("b", dbs.get(1)); - } - - - public void testGetFrameSize() throws ConfigurationException { // Check default @@ -720,9 +649,8 @@ public class ServerConfigurationTest extends QpidTestCase out.write("<broker>\n"); out.write("\t<management><enabled>false</enabled></management>\n"); out.write("\t<security>\n"); - out.write("\t\t<principal-databases>\n"); + out.write("\t\t<pd-auth-manager>\n"); out.write("\t\t\t<principal-database>\n"); - out.write("\t\t\t\t<name>passwordfile</name>\n"); out.write("\t\t\t\t<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>\n"); out.write("\t\t\t\t<attributes>\n"); out.write("\t\t\t\t\t<attribute>\n"); @@ -731,7 +659,7 @@ public class ServerConfigurationTest extends QpidTestCase out.write("\t\t\t\t\t</attribute>\n"); out.write("\t\t\t\t</attributes>\n"); out.write("\t\t\t</principal-database>\n"); - out.write("\t\t</principal-databases>\n"); + out.write("\t\t</pd-auth-manager>\n"); out.write("\t\t<firewall>\n"); out.write("\t\t\t<rule access=\""+ ((allow) ? "allow" : "deny") +"\" network=\"127.0.0.1\"/>"); out.write("\t\t</firewall>\n"); @@ -767,9 +695,8 @@ public class ServerConfigurationTest extends QpidTestCase out.write("<broker>\n"); out.write("\t<management><enabled>false</enabled></management>\n"); out.write("\t<security>\n"); - out.write("\t\t<principal-databases>\n"); + out.write("\t\t<pd-auth-manager>\n"); out.write("\t\t\t<principal-database>\n"); - out.write("\t\t\t\t<name>passwordfile</name>\n"); out.write("\t\t\t\t<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>\n"); out.write("\t\t\t\t<attributes>\n"); out.write("\t\t\t\t\t<attribute>\n"); @@ -778,7 +705,7 @@ public class ServerConfigurationTest extends QpidTestCase out.write("\t\t\t\t\t</attribute>\n"); out.write("\t\t\t\t</attributes>\n"); out.write("\t\t\t</principal-database>\n"); - out.write("\t\t</principal-databases>\n"); + out.write("\t\t</pd-auth-manager>\n"); out.write("\t\t<firewall>\n"); out.write("\t\t\t<rule access=\"allow\" network=\"127.0.0.1\"/>"); out.write("\t\t</firewall>\n"); @@ -869,9 +796,8 @@ public class ServerConfigurationTest extends QpidTestCase out.write("<broker>\n"); out.write("\t<management><enabled>false</enabled></management>\n"); out.write("\t<security>\n"); - out.write("\t\t<principal-databases>\n"); + out.write("\t\t<pd-auth-manager>\n"); out.write("\t\t\t<principal-database>\n"); - out.write("\t\t\t\t<name>passwordfile</name>\n"); out.write("\t\t\t\t<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>\n"); out.write("\t\t\t\t<attributes>\n"); out.write("\t\t\t\t\t<attribute>\n"); @@ -880,7 +806,7 @@ public class ServerConfigurationTest extends QpidTestCase out.write("\t\t\t\t\t</attribute>\n"); out.write("\t\t\t\t</attributes>\n"); out.write("\t\t\t</principal-database>\n"); - out.write("\t\t</principal-databases>\n"); + out.write("\t\t</pd-auth-manager>\n"); out.write("\t\t<firewall>\n"); out.write("\t\t\t<rule access=\"allow\" network=\"127.0.0.1\"/>"); out.write("\t\t</firewall>\n"); @@ -1387,7 +1313,7 @@ public class ServerConfigurationTest extends QpidTestCase } /* - * Tests that the old element security.jmx.principal-databases (that used to define the + * Tests that the old element security.jmx.principal-database (that used to define the * principal database used for JMX authentication) is rejected. */ public void testManagementPrincipalDatabaseRejected() throws ConfigurationException @@ -1411,4 +1337,29 @@ public class ServerConfigurationTest extends QpidTestCase ce.getMessage()); } } + + /* + * Tests that the old element security.principal-databases. ... (that used to define + * principal databases) is rejected. + */ + public void testPrincipalDatabasesRejected() throws ConfigurationException + { + _serverConfig.initialise(); + + // Check value we set + _config.setProperty("security.principal-databases.principal-database.class", "myclass"); + _serverConfig = new ServerConfiguration(_config); + + try + { + _serverConfig.initialise(); + fail("Exception not thrown"); + } + catch (ConfigurationException ce) + { + assertEquals("Incorrect error message", + "Validation error : security/principal-databases is no longer supported within the configuration xml.", + ce.getMessage()); + } + } } diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java index ade27ed62b..b10442d7db 100644 --- a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java +++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java @@ -20,6 +20,10 @@ */ package org.apache.qpid.server.security.auth.manager; +import java.io.BufferedWriter; +import java.io.File; +import java.io.FileNotFoundException; +import java.io.FileWriter; import java.security.Provider; import java.security.Security; @@ -27,8 +31,13 @@ import javax.security.auth.Subject; import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; +import org.apache.commons.configuration.CompositeConfiguration; +import org.apache.commons.configuration.ConfigurationException; +import org.apache.commons.configuration.XMLConfiguration; +import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin; import org.apache.qpid.server.security.auth.AuthenticationResult; import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus; +import org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase; import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal; import org.apache.qpid.server.util.InternalBrokerBaseCase; @@ -39,8 +48,10 @@ import org.apache.qpid.server.util.InternalBrokerBaseCase; */ public class PrincipalDatabaseAuthenticationManagerTest extends InternalBrokerBaseCase { - private PrincipalDatabaseAuthenticationManager _manager = null; - + private AuthenticationManager _manager = null; // Class under test + private String TEST_USERNAME = "guest"; + private String TEST_PASSWORD = "guest"; + /** * @see org.apache.qpid.server.util.InternalBrokerBaseCase#tearDown() */ @@ -62,7 +73,79 @@ public class PrincipalDatabaseAuthenticationManagerTest extends InternalBrokerBa { super.setUp(); - _manager = new PrincipalDatabaseAuthenticationManager(); + final String passwdFilename = createPasswordFile().getCanonicalPath(); + final ConfigurationPlugin config = getConfig(PlainPasswordFilePrincipalDatabase.class.getName(), + "passwordFile", passwdFilename); + + _manager = PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(config); + } + + /** + * Tests where the case where the config specifies a PD implementation + * that is not found. + */ + public void testPrincipalDatabaseImplementationNotFound() throws Exception + { + try + { + _manager = PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(getConfig("not.Found", null, null)); + fail("Exception not thrown"); + } + catch (ConfigurationException ce) + { + // PASS + } + } + + /** + * Tests where the case where the config specifies a PD implementation + * of the wrong type. + */ + public void testPrincipalDatabaseImplementationWrongType() throws Exception + { + try + { + _manager = PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(getConfig(String.class.getName(), null, null)); // Not a PrincipalDatabase implementation + fail("Exception not thrown"); + } + catch (ConfigurationException ce) + { + // PASS + } + } + + /** + * Tests the case where a setter with the desired name cannot be found. + */ + public void testPrincipalDatabaseSetterNotFound() throws Exception + { + try + { + _manager = PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(getConfig(PlainPasswordFilePrincipalDatabase.class.getName(), "noMethod", "test")); + fail("Exception not thrown"); + } + catch (ConfigurationException ce) + { + // PASS + } + } + + /** + * QPID-1347. Make sure the exception message and stack trace is reasonable for an absent password file. + */ + public void testPrincipalDatabaseThrowsSetterFileNotFound() throws Exception + { + try + { + _manager = PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(getConfig(PlainPasswordFilePrincipalDatabase.class.getName(), "passwordFile", "/not/found")); + fail("Exception not thrown"); + } + catch (ConfigurationException ce) + { + // PASS + assertNotNull("Expected an underlying cause", ce.getCause()); + assertEquals(FileNotFoundException.class, ce.getCause().getClass()); + } } /** @@ -72,8 +155,8 @@ public class PrincipalDatabaseAuthenticationManagerTest extends InternalBrokerBa { assertNotNull(_manager.getMechanisms()); // relies on those mechanisms attached to PropertiesPrincipalDatabaseManager - assertEquals("PLAIN CRAM-MD5", _manager.getMechanisms()); - + assertEquals("AMQPLAIN PLAIN CRAM-MD5", _manager.getMechanisms()); + Provider qpidProvider = Security.getProvider(PrincipalDatabaseAuthenticationManager.PROVIDER_NAME); assertNotNull(qpidProvider); } @@ -166,11 +249,11 @@ public class PrincipalDatabaseAuthenticationManagerTest extends InternalBrokerBa */ public void testClose() throws Exception { - assertEquals("PLAIN CRAM-MD5", _manager.getMechanisms()); + assertEquals("AMQPLAIN PLAIN CRAM-MD5", _manager.getMechanisms()); assertNotNull(Security.getProvider(PrincipalDatabaseAuthenticationManager.PROVIDER_NAME)); - + _manager.close(); - + // Check provider has been removed. assertNull(_manager.getMechanisms()); assertNull(Security.getProvider(PrincipalDatabaseAuthenticationManager.PROVIDER_NAME)); @@ -228,4 +311,48 @@ public class PrincipalDatabaseAuthenticationManagerTest extends InternalBrokerBa } }; } + + private ConfigurationPlugin getConfig(final String clazz, final String argName, final String argValue) throws Exception + { + final ConfigurationPlugin config = new PrincipalDatabaseAuthenticationManager.PrincipalDatabaseAuthenticationManagerConfiguration(); + + XMLConfiguration xmlconfig = new XMLConfiguration(); + xmlconfig.addProperty("pd-auth-manager.principal-database.class", clazz); + + if (argName != null) + { + xmlconfig.addProperty("pd-auth-manager.principal-database.attributes.attribute.name", argName); + xmlconfig.addProperty("pd-auth-manager.principal-database.attributes.attribute.value", argValue); + } + + // Create a CompositeConfiguration as this is what the broker uses + CompositeConfiguration composite = new CompositeConfiguration(); + composite.addConfiguration(xmlconfig); + config.setConfiguration("security", xmlconfig); + return config; + } + + private File createPasswordFile() throws Exception + { + BufferedWriter writer = null; + try + { + File testFile = File.createTempFile(this.getClass().getName(),"tmp"); + testFile.deleteOnExit(); + + writer = new BufferedWriter(new FileWriter(testFile)); + writer.write(TEST_USERNAME + ":" + TEST_PASSWORD); + writer.newLine(); + + return testFile; + + } + finally + { + if (writer != null) + { + writer.close(); + } + } + } } diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java index 0403796a46..6dc7b19d3d 100644 --- a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java +++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java @@ -29,6 +29,7 @@ import javax.security.sasl.SaslServer; import junit.framework.TestCase; +import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin; import org.apache.qpid.server.security.auth.AuthenticationResult; import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus; import org.apache.qpid.server.security.auth.manager.AuthenticationManager; @@ -210,6 +211,16 @@ public class RMIPasswordAuthenticatorTest extends TestCase { return new AuthenticationManager() { + public void configure(ConfigurationPlugin config) + { + throw new UnsupportedOperationException(); + } + + public void initialise() + { + throw new UnsupportedOperationException(); + } + public void close() { throw new UnsupportedOperationException(); @@ -246,5 +257,4 @@ public class RMIPasswordAuthenticatorTest extends TestCase } }; } - } diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java index 31b4c20042..8fa820ad95 100644 --- a/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java +++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java @@ -20,15 +20,18 @@ */ package org.apache.qpid.server.util; +import java.util.Properties; + import org.apache.commons.configuration.ConfigurationException; import org.apache.qpid.server.configuration.ServerConfiguration; import org.apache.qpid.server.logging.NullRootMessageLogger; import org.apache.qpid.server.logging.actors.BrokerActor; import org.apache.qpid.server.logging.actors.CurrentActor; +import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin; import org.apache.qpid.server.registry.ApplicationRegistry; -import org.apache.qpid.server.security.auth.database.PropertiesPrincipalDatabaseManager; - -import java.util.Properties; +import org.apache.qpid.server.security.auth.database.PropertiesPrincipalDatabase; +import org.apache.qpid.server.security.auth.manager.AuthenticationManager; +import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager; public class TestApplicationRegistry extends ApplicationRegistry { @@ -45,12 +48,42 @@ public class TestApplicationRegistry extends ApplicationRegistry super.initialise(); } - protected void createDatabaseManager(ServerConfiguration configuration) throws Exception + /** + * @see org.apache.qpid.server.registry.ApplicationRegistry#createAuthenticationManager() + */ + @Override + protected AuthenticationManager createAuthenticationManager() throws ConfigurationException { - Properties users = new Properties(); + final Properties users = new Properties(); users.put("guest","guest"); users.put("admin","admin"); - _databaseManager = new PropertiesPrincipalDatabaseManager("testPasswordFile", users); + + final PropertiesPrincipalDatabase ppd = new PropertiesPrincipalDatabase(users); + + AuthenticationManager pdam = new PrincipalDatabaseAuthenticationManager() + { + + /** + * @see org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager#configure(org.apache.qpid.server.configuration.plugins.ConfigurationPlugin) + */ + @Override + public void configure(ConfigurationPlugin config) throws ConfigurationException + { + // We don't pass configuration to this test instance. + } + + @Override + public void initialise() + { + setPrincipalDatabase(ppd); + + super.initialise(); + } + }; + + pdam.initialise(); + + return pdam; } } diff --git a/qpid/java/systests/etc/config-systests-ServerConfigurationTest-New.xml b/qpid/java/systests/etc/config-systests-ServerConfigurationTest-New.xml deleted file mode 100644 index 1c7c7bb60f..0000000000 --- a/qpid/java/systests/etc/config-systests-ServerConfigurationTest-New.xml +++ /dev/null @@ -1,73 +0,0 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> -<!-- - - - - Licensed to the Apache Software Foundation (ASF) under one - - or more contributor license agreements. See the NOTICE file - - distributed with this work for additional information - - regarding copyright ownership. The ASF licenses this file - - to you under the Apache License, Version 2.0 (the - - "License"); you may not use this file except in compliance - - with the License. You may obtain a copy of the License at - - - - http://www.apache.org/licenses/LICENSE-2.0 - - - - Unless required by applicable law or agreed to in writing, - - software distributed under the License is distributed on an - - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - - KIND, either express or implied. See the License for the - - specific language governing permissions and limitations - - under the License. - - - --> - -<broker> - <work>${QPID_WORK}</work> - <conf>${QPID_HOME}/etc</conf> - <passwordDir>${conf}</passwordDir> - <plugin-directory>${QPID_HOME}/lib/plugins</plugin-directory> - <cache-directory>${QPID_WORK}/cache</cache-directory> - <connector> - <transport>nio</transport> - <port>5672</port> - <socketReceiveBuffer>32768</socketReceiveBuffer> - <socketSendBuffer>32768</socketSendBuffer> - </connector> - <management> - <enabled>false</enabled> - <jmxport>8999</jmxport> - </management> - <advanced> - <filterchain enableExecutorPool="true"/> - <enablePooledAllocator>false</enablePooledAllocator> - <enableDirectBuffers>false</enableDirectBuffers> - <framesize>65535</framesize> - <compressBufferOnQueue>false</compressBufferOnQueue> - </advanced> - - <security> - <principal-databases> - <principal-database> - <name>passwordfile</name> - <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class> - <attributes> - <attribute> - <name>passwordFile</name> - <value>${passwordDir}/passwd</value> - </attribute> - </attributes> - </principal-database> - </principal-databases> - </security> - - <virtualhosts>${conf}/virtualhosts-ServerConfigurationTest-New.xml</virtualhosts> - - <heartbeat> - <delay>0</delay> - <timeoutFactor>2.0</timeoutFactor> - </heartbeat> - <queue> - <auto_register>true</auto_register> - </queue> -</broker> - - diff --git a/qpid/java/systests/etc/config-systests-ServerConfigurationTest-Old.xml b/qpid/java/systests/etc/config-systests-ServerConfigurationTest-Old.xml deleted file mode 100644 index 56eaced9f7..0000000000 --- a/qpid/java/systests/etc/config-systests-ServerConfigurationTest-Old.xml +++ /dev/null @@ -1,88 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> - -<configuration> -<work>${QPID_WORK}</work> -<conf>${QPID_HOME}/etc</conf> -<passwordDir>${conf}</passwordDir> -<plugin-directory>${QPID_HOME}/lib/plugins</plugin-directory> -<cache-directory>${QPID_WORK}/cache</cache-directory> -<connector> -<transport>nio</transport> -<port>5672</port> -<socketReceiveBuffer>32768</socketReceiveBuffer> -<socketSendBuffer>32768</socketSendBuffer> -</connector> -<management> -<enabled>false</enabled> -<jmxport>8999</jmxport> -</management> -<advanced> -<filterchain enableExecutorPool="true"/> -<enablePooledAllocator>false</enablePooledAllocator> -<enableDirectBuffers>false</enableDirectBuffers> -<framesize>65535</framesize> -<compressBufferOnQueue>false</compressBufferOnQueue> -</advanced> -<security> -<principal-databases> -<principal-database> -<name>passwordfile</name> -<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class> -<attributes> -<attribute> -<name>passwordFile</name> -<value>${passwordDir}/passwd</value> -</attribute> -</attributes> -</principal-database> -</principal-databases> -</security> -<virtualhosts>${conf}/virtualhosts-ServerConfigurationTest-New.xml -<default>dev-only</default> -<virtualhost> -<name>dev-only</name> -<dev-only> -<store> -<class>org.apache.qpid.server.store.MemoryMessageStore</class> -<environment-path>${work}/bdbstore/dev-only-store</environment-path> -</store> -<queues> -<exchange>amq.direct</exchange> -<maximumQueueDepth>102400</maximumQueueDepth> -<maximumMessageSize>20480</maximumMessageSize> -<maximumMessageAge>60000</maximumMessageAge> -<queue> -<name>dev-queue</name> -</queue> -</queues> -</dev-only> -</virtualhost> -</virtualhosts> -<heartbeat> -<delay>0</delay> -<timeoutFactor>2.0</timeoutFactor> -</heartbeat> -<queue> -<auto_register>true</auto_register> -</queue> -</configuration> diff --git a/qpid/java/systests/etc/config-systests-firewall-2.xml b/qpid/java/systests/etc/config-systests-firewall-2.xml index 2eedd65d54..f16cce6b85 100644 --- a/qpid/java/systests/etc/config-systests-firewall-2.xml +++ b/qpid/java/systests/etc/config-systests-firewall-2.xml @@ -61,10 +61,8 @@ </advanced> <security> - <principal-databases> - <!-- Example use of Base64 encoded MD5 hashes for authentication via CRAM-MD5-Hashed --> + <pd-auth-manager> <principal-database> - <name>passwordfile</name> <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class> <attributes> <attribute> @@ -73,7 +71,7 @@ </attribute> </attributes> </principal-database> - </principal-databases> + </pd-auth-manager> <msg-auth>false</msg-auth> diff --git a/qpid/java/systests/etc/config-systests-firewall-3.xml b/qpid/java/systests/etc/config-systests-firewall-3.xml index fc7d9a4c76..71644e4185 100644 --- a/qpid/java/systests/etc/config-systests-firewall-3.xml +++ b/qpid/java/systests/etc/config-systests-firewall-3.xml @@ -61,10 +61,8 @@ </advanced> <security> - <principal-databases> - <!-- Example use of Base64 encoded MD5 hashes for authentication via CRAM-MD5-Hashed --> + <pd-auth-manager> <principal-database> - <name>passwordfile</name> <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class> <attributes> <attribute> @@ -73,7 +71,7 @@ </attribute> </attributes> </principal-database> - </principal-databases> + </pd-auth-manager> <msg-auth>false</msg-auth> diff --git a/qpid/java/systests/etc/virtualhosts-ServerConfigurationTest-New.xml b/qpid/java/systests/etc/virtualhosts-ServerConfigurationTest-New.xml deleted file mode 100644 index 1b6845662b..0000000000 --- a/qpid/java/systests/etc/virtualhosts-ServerConfigurationTest-New.xml +++ /dev/null @@ -1,45 +0,0 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> -<!-- - - - - Licensed to the Apache Software Foundation (ASF) under one - - or more contributor license agreements. See the NOTICE file - - distributed with this work for additional information - - regarding copyright ownership. The ASF licenses this file - - to you under the Apache License, Version 2.0 (the - - "License"); you may not use this file except in compliance - - with the License. You may obtain a copy of the License at - - - - http://www.apache.org/licenses/LICENSE-2.0 - - - - Unless required by applicable law or agreed to in writing, - - software distributed under the License is distributed on an - - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - - KIND, either express or implied. See the License for the - - specific language governing permissions and limitations - - under the License. - - - --> -<virtualhosts> - <default>dev-only</default> - <virtualhost> - <name>dev-only</name> - <dev-only> - <queues> - <exchange>amq.direct</exchange> - <!-- Small defaults for development --> - <maximumQueueDepth>102400</maximumQueueDepth> <!-- 100k --> - <maximumMessageSize>20480</maximumMessageSize> <!-- 20kb --> - <maximumMessageAge>60000</maximumMessageAge> <!-- 1 mins --> - - <queue> - <name>dev-queue</name> - </queue> - </queues> - <store> - <class>org.apache.qpid.server.store.MemoryMessageStore</class> - <environment-path>${QPID_WORK}/bdbstore/dev-only-store</environment-path> - </store> - </dev-only> - </virtualhost> -</virtualhosts> -
\ No newline at end of file |