diff options
Diffstat (limited to 'qpid/java')
10 files changed, 567 insertions, 385 deletions
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java index 4aa1ba47cd..ec6f6d0410 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java @@ -20,7 +20,6 @@ */ package org.apache.qpid.server.registry; -import java.net.UnknownHostException; import org.apache.commons.configuration.ConfigurationException; import org.apache.log4j.Logger; import org.osgi.framework.BundleContext; @@ -48,12 +47,11 @@ import org.apache.qpid.server.logging.messages.BrokerMessages; import org.apache.qpid.server.logging.messages.VirtualHostMessages; import org.apache.qpid.server.management.ManagedObjectRegistry; import org.apache.qpid.server.management.NoopManagedObjectRegistry; -import org.apache.qpid.server.plugins.Plugin; import org.apache.qpid.server.plugins.PluginManager; import org.apache.qpid.server.security.SecurityManager; -import org.apache.qpid.server.security.SecurityManager.SecurityConfiguration; import org.apache.qpid.server.security.auth.manager.AuthenticationManager; -import org.apache.qpid.server.security.auth.manager.AuthenticationManagerPluginFactory; +import org.apache.qpid.server.security.auth.manager.AuthenticationManagerRegistry; +import org.apache.qpid.server.security.auth.manager.IAuthenticationManagerRegistry; import org.apache.qpid.server.stats.StatisticsCounter; import org.apache.qpid.server.transport.QpidAcceptor; import org.apache.qpid.server.virtualhost.VirtualHost; @@ -85,9 +83,7 @@ public abstract class ApplicationRegistry implements IApplicationRegistry private ManagedObjectRegistry _managedObjectRegistry; - private AuthenticationManager _defaultAuthenticationManager; - - private Map<Integer,AuthenticationManager> _authenticationManagers; + private IAuthenticationManagerRegistry _authenticationManagerRegistry; private VirtualHostRegistry _virtualHostRegistry; @@ -115,6 +111,7 @@ public abstract class ApplicationRegistry implements IApplicationRegistry private BundleContext _bundleContext; + protected Map<InetSocketAddress, QpidAcceptor> getAcceptors() { return _acceptors; @@ -309,10 +306,7 @@ public abstract class ApplicationRegistry implements IApplicationRegistry _securityManager = new SecurityManager(_configuration, _pluginManager); - _authenticationManagers = createAuthenticationManagers(); - - // The default authentication manager is provided in the map associated with the null key - _defaultAuthenticationManager = _authenticationManagers.get(null); + _authenticationManagerRegistry = createAuthenticationManagerRegistry(_configuration, _pluginManager); _managedObjectRegistry.start(); } @@ -335,93 +329,10 @@ public abstract class ApplicationRegistry implements IApplicationRegistry } } - - /** - * Iterates across all discovered authentication manager factories, offering the security configuration to each. - * - * If more than one authentication manager is configured, one MUST be specified as the default - * - * It not to configure any authentication managers. - * - * @return map from port to authentication manager, with the null key being used to indicate the default. - * @throws ConfigurationException - */ - protected Map<Integer, AuthenticationManager> createAuthenticationManagers() - throws ConfigurationException, UnknownHostException + protected IAuthenticationManagerRegistry createAuthenticationManagerRegistry(ServerConfiguration _configuration, PluginManager _pluginManager) + throws ConfigurationException { - final SecurityConfiguration securityConfiguration = _configuration.getConfiguration(SecurityConfiguration.class.getName()); - final Collection<AuthenticationManagerPluginFactory<? extends Plugin>> factories = _pluginManager.getAuthenticationManagerPlugins().values(); - - if (factories.size() == 0) - { - throw new ConfigurationException("No authentication manager factory plugins found. Check the desired authentication" + - "manager plugin has been placed in the plugins directory."); - } - - AuthenticationManager defaultAuthMgr; - - Map<String,AuthenticationManager> authManagersByClass = new HashMap<String,AuthenticationManager>(); - for (final Iterator<AuthenticationManagerPluginFactory<? extends Plugin>> iterator = factories.iterator(); iterator.hasNext();) - { - final AuthenticationManagerPluginFactory<? extends Plugin> factory = (AuthenticationManagerPluginFactory<? extends Plugin>) iterator.next(); - final AuthenticationManager tmp = factory.newInstance(securityConfiguration); - if (tmp != null) - { - if(authManagersByClass.containsKey(tmp.getClass().getSimpleName())) - { - throw new ConfigurationException("Cannot configure more than one authentication manager of type" - + tmp.getClass().getSimpleName() + "." - + " Remove configuration for one of the authentication managers."); - } - authManagersByClass.put(tmp.getClass().getSimpleName(),tmp); - } - - } - - if(authManagersByClass.isEmpty()) - { - throw new ConfigurationException("No authentication managers configured within the configure file."); - } - if(authManagersByClass.size() == 1) - { - defaultAuthMgr = authManagersByClass.values().iterator().next(); - } - else if(!authManagersByClass.isEmpty() && _configuration.getDefaultAuthenticationManager() != null) - { - defaultAuthMgr = authManagersByClass.get(_configuration.getDefaultAuthenticationManager()); - if(defaultAuthMgr == null) - { - throw new ConfigurationException("No authentication managers configured of type " - + _configuration.getDefaultAuthenticationManager() - + " which is specified as the default. Available managers are: " - + authManagersByClass.keySet()); - } - } - else - { - for (AuthenticationManager authenticationManger : authManagersByClass.values()) - { - authenticationManger.close(); - } - throw new ConfigurationException("If more than one authentication manager is configured a default MUST be specified."); - } - - Map<Integer,AuthenticationManager> authManagers = new HashMap<Integer, AuthenticationManager>(); - authManagers .put(null, defaultAuthMgr); - - for(Map.Entry<Integer,String> portMapping : _configuration.getPortAuthenticationMappings().entrySet()) - { - - AuthenticationManager authenticationManager = authManagersByClass.get(portMapping.getValue()); - if(authenticationManager == null) - { - throw new ConfigurationException("Unknown authentication manager class " + portMapping.getValue() + - " configured for port " + portMapping.getKey()); - } - authManagers.put(portMapping.getKey(), authenticationManager); - } - - return authManagers; + return new AuthenticationManagerRegistry(_configuration, _pluginManager); } protected void initialiseVirtualHosts() throws Exception @@ -578,7 +489,7 @@ public abstract class ApplicationRegistry implements IApplicationRegistry //Shutdown virtualhosts close(_virtualHostRegistry); - close(_defaultAuthenticationManager); + close(_authenticationManagerRegistry); close(_qmfService); @@ -650,25 +561,12 @@ public abstract class ApplicationRegistry implements IApplicationRegistry return _managedObjectRegistry; } - public AuthenticationManager getDefaultAuthenticationManager() - { - return _defaultAuthenticationManager; - } - - @Override public AuthenticationManager getAuthenticationManager(SocketAddress address) { - AuthenticationManager authManager = - address instanceof InetSocketAddress - ? _authenticationManagers.get(((InetSocketAddress)address).getPort()) - : null; - - return authManager == null ? _defaultAuthenticationManager : authManager; + return _authenticationManagerRegistry.getAuthenticationManagerFor(address); } - - public PluginManager getPluginManager() { return _pluginManager; diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java index 42a4927555..35e7fe3f61 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java @@ -64,15 +64,6 @@ public interface IApplicationRegistry extends StatisticsGatherer ManagedObjectRegistry getManagedObjectRegistry(); /** - * Get the default AuthenticationManager - * - * @deprecated - * - * @return the AuthenticationManager - */ - AuthenticationManager getDefaultAuthenticationManager(); - - /** * Get the AuthenticationManager for the given socket address * * If no AuthenticationManager has been specifically set for the given address, then use the default diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerRegistry.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerRegistry.java new file mode 100644 index 0000000000..34f038b037 --- /dev/null +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerRegistry.java @@ -0,0 +1,183 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.qpid.server.security.auth.manager; + +import java.net.InetSocketAddress; +import java.net.SocketAddress; +import java.util.Collection; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map; + +import org.apache.commons.configuration.ConfigurationException; +import org.apache.qpid.common.Closeable; +import org.apache.qpid.server.configuration.ServerConfiguration; +import org.apache.qpid.server.plugins.Plugin; +import org.apache.qpid.server.plugins.PluginManager; +import org.apache.qpid.server.security.SecurityManager.SecurityConfiguration; + +/** + * A concrete implementation of {@link IAuthenticationManagerRegistry} that registers all {@link AuthenticationManager} + * instances defined in the configuration, building an optional mapping between port number and AuthenticationManager. + * + * <p>The default AuthenticationManager is either the one nominated as default within the configuration with + * {@link ServerConfiguration#getDefaultAuthenticationManager()}, or if there is only one, it is implicitly + * the default.</p> + * + * <p>It is important to {@link #close()} the registry after use and this allows the AuthenticationManagers + * to reverse any security registrations they have performed.</p> + */ +public class AuthenticationManagerRegistry implements Closeable, IAuthenticationManagerRegistry +{ + private final Map<String,AuthenticationManager> _classToAuthManagerMap = new HashMap<String,AuthenticationManager>(); + private final AuthenticationManager _defaultAuthenticationManager; + private final Map<Integer,AuthenticationManager> _portToAuthenticationManagerMap; + + public AuthenticationManagerRegistry(ServerConfiguration serverConfiguration, PluginManager _pluginManager) + throws ConfigurationException + { + final Collection<AuthenticationManagerPluginFactory<? extends Plugin>> factories = _pluginManager.getAuthenticationManagerPlugins().values(); + + if (factories.size() == 0) + { + throw new ConfigurationException("No authentication manager factory plugins found. Check the desired authentication" + + " manager plugin has been placed in the plugins directory."); + } + + final SecurityConfiguration securityConfiguration = serverConfiguration.getConfiguration(SecurityConfiguration.class.getName()); + + boolean willClose = true; + try + { + createAuthenticationManagersRejectingDuplicates(factories, securityConfiguration); + + if(_classToAuthManagerMap.isEmpty()) + { + throw new ConfigurationException("No authentication managers configured within the configuration file."); + } + + _defaultAuthenticationManager = getDefaultAuthenticationManager(serverConfiguration); + + _portToAuthenticationManagerMap = getPortToAuthenticationManagerMap(serverConfiguration); + willClose = false; + } + finally + { + // if anything went wrong whilst configuring the registry, try to close all the AuthentcationManagers instantiated so far. + // This is done to allow the AuthenticationManager to undo any security registrations that they have performed. + if (willClose) + { + close(); + } + } + } + + @Override + public AuthenticationManager getAuthenticationManagerFor(SocketAddress address) + { + AuthenticationManager authManager = + address instanceof InetSocketAddress + ? _portToAuthenticationManagerMap.get(((InetSocketAddress)address).getPort()) + : null; + + return authManager == null ? _defaultAuthenticationManager : authManager; + } + + @Override + public void close() + { + for (AuthenticationManager authManager : _classToAuthManagerMap.values()) + { + authManager.close(); + } + } + + private void createAuthenticationManagersRejectingDuplicates( + final Collection<AuthenticationManagerPluginFactory<? extends Plugin>> factories, + final SecurityConfiguration securityConfiguration) + throws ConfigurationException + { + for (final Iterator<AuthenticationManagerPluginFactory<? extends Plugin>> iterator = factories.iterator(); iterator.hasNext();) + { + final AuthenticationManagerPluginFactory<? extends Plugin> factory = (AuthenticationManagerPluginFactory<? extends Plugin>) iterator.next(); + final AuthenticationManager tmp = factory.newInstance(securityConfiguration); + if (tmp != null) + { + if(_classToAuthManagerMap.containsKey(tmp.getClass().getSimpleName())) + { + throw new ConfigurationException("Cannot configure more than one authentication manager of type " + + tmp.getClass().getSimpleName() + "." + + " Remove configuration for one of the authentication managers."); + } + _classToAuthManagerMap.put(tmp.getClass().getSimpleName(),tmp); + } + } + } + + private AuthenticationManager getDefaultAuthenticationManager( + ServerConfiguration serverConfiguration) + throws ConfigurationException + { + final AuthenticationManager defaultAuthenticationManager; + if(_classToAuthManagerMap.size() == 1) + { + defaultAuthenticationManager = _classToAuthManagerMap.values().iterator().next(); + } + else if(serverConfiguration.getDefaultAuthenticationManager() != null) + { + defaultAuthenticationManager = _classToAuthManagerMap.get(serverConfiguration.getDefaultAuthenticationManager()); + if(defaultAuthenticationManager == null) + { + throw new ConfigurationException("No authentication managers configured of type " + + serverConfiguration.getDefaultAuthenticationManager() + + " which is specified as the default. Available managers are: " + + _classToAuthManagerMap.keySet()); + } + } + else + { + throw new ConfigurationException("If more than one authentication manager is configured a default MUST be specified."); + } + return defaultAuthenticationManager; + } + + private Map<Integer,AuthenticationManager> getPortToAuthenticationManagerMap( + ServerConfiguration serverConfiguration) + throws ConfigurationException + { + Map<Integer,AuthenticationManager> portToAuthenticationManagerMap = new HashMap<Integer, AuthenticationManager>(); + + for(Map.Entry<Integer,String> portMapping : serverConfiguration.getPortAuthenticationMappings().entrySet()) + { + + AuthenticationManager authenticationManager = _classToAuthManagerMap.get(portMapping.getValue()); + if(authenticationManager == null) + { + throw new ConfigurationException("Unknown authentication manager class " + portMapping.getValue() + + " configured for port " + portMapping.getKey()); + } + portToAuthenticationManagerMap.put(portMapping.getKey(), authenticationManager); + } + + return portToAuthenticationManagerMap; + } + + +} diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/IAuthenticationManagerRegistry.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/IAuthenticationManagerRegistry.java new file mode 100644 index 0000000000..5c20d77804 --- /dev/null +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/IAuthenticationManagerRegistry.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.qpid.server.security.auth.manager; + +import java.net.SocketAddress; + +import org.apache.qpid.common.Closeable; + +/** + * Registry for {@link AuthenticationManager} instances. + * + * <p>A lookup method {@link #getAuthenticationManagerFor(SocketAddress)} allows a caller to determine + * the AuthenticationManager associated with a particular port number.</p> + * + * <p>It is important to {@link #close()} the registry after use and this allows the AuthenticationManagers + * to reverse any security registrations they have performed.</p> + */ +public interface IAuthenticationManagerRegistry extends Closeable +{ + /** + * Returns the {@link AuthenticationManager} associated with a particular {@link SocketAddress}. + * If no authentication manager is associated with this address, a default authentication manager will be + * returned. Null is never returned. + * + * @param address + * @return authentication manager. + */ + public AuthenticationManager getAuthenticationManagerFor(SocketAddress address); +}
\ No newline at end of file diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/registry/ApplicationRegistryAuthenticationManagerTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/registry/ApplicationRegistryAuthenticationManagerTest.java deleted file mode 100644 index 7fd608450a..0000000000 --- a/qpid/java/broker/src/test/java/org/apache/qpid/server/registry/ApplicationRegistryAuthenticationManagerTest.java +++ /dev/null @@ -1,184 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.qpid.server.registry; - -import java.net.InetSocketAddress; -import org.apache.commons.configuration.ConfigurationException; -import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager; -import org.apache.qpid.server.security.auth.manager.AuthenticationManager; -import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager; -import org.apache.qpid.server.util.InternalBrokerBaseCase; - -public class ApplicationRegistryAuthenticationManagerTest extends InternalBrokerBaseCase -{ - private Runnable _configureTask; - - @Override - public void tearDown() throws Exception - { - _configureTask = null; - super.tearDown(); - } - - @Override - protected void createBroker() throws Exception - { - // Do nothing - we don't want create broker called in setUp - } - - @Override - protected void configure() - { - if(_configureTask != null) - { - _configureTask.run(); - } - } - - @Override - protected IApplicationRegistry createApplicationRegistry() throws ConfigurationException - { - return new TestableApplicationRegistry(getConfiguration()); - } - - private void reallyCreateBroker() throws Exception - { - super.createBroker(); - } - - public void testNoAuthenticationManagers() throws Exception - { - try - { - reallyCreateBroker(); - fail("Expected a ConfigurationException when no AuthenticationManagers are defined"); - } - catch(ConfigurationException e) - { - // pass - } - } - - public void testSingleAuthenticationManager() throws Exception - { - _configureTask = - new Runnable() - { - @Override - public void run() - { - getConfiguration().getConfig().addProperty("security.anonymous-auth-manager", ""); - } - }; - - try - { - reallyCreateBroker(); - } - catch(ConfigurationException e) - { - fail("Unexpected ConfigurationException when creating the registry with a single AuthenticationManager"); - } - } - - public void testMultipleAuthenticationManagersNoDefault() throws Exception - { - _configureTask = - new Runnable() - { - @Override - public void run() - { - getConfiguration().getConfig().addProperty("security.anonymous-auth-manager", ""); - getConfiguration().getConfig().addProperty("security.pd-auth-manager.principal-database.class","org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase"); - } - }; - try - { - reallyCreateBroker(); - fail("Expected ConfigurationException as two AuthenticationManagers are defined, but there is no default specified"); - } - catch (ConfigurationException e) - { - // pass - } - } - - public void testDefaultAuthenticationManager() throws Exception - { - _configureTask = - new Runnable() - { - @Override - public void run() - { - getConfiguration().getConfig().addProperty("security.anonymous-auth-manager", ""); - getConfiguration().getConfig().addProperty("security.pd-auth-manager.principal-database.class","org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase"); - getConfiguration().getConfig().addProperty("security.default-auth-manager", "AnonymousAuthenticationManager"); - } - }; - try - { - reallyCreateBroker(); - } - catch (ConfigurationException e) - { - fail("Unexpected ConfigurationException when two AuthenticationManagers are defined, but there is a default specified"); - } - - AuthenticationManager authMgr = - ApplicationRegistry.getInstance().getAuthenticationManager(new InetSocketAddress(1)); - - assertNotNull("AuthenticationManager should not be null for any socket", authMgr); - assertEquals("AuthenticationManager not of expected class", AnonymousAuthenticationManager.class, authMgr.getClass()); - - - } - - public void testMappedAuthenticationManager() throws Exception - { - _configureTask = - new Runnable() - { - @Override - public void run() - { - getConfiguration().getConfig().addProperty("security.anonymous-auth-manager", ""); - getConfiguration().getConfig().addProperty("security.pd-auth-manager.principal-database.class","org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase"); - getConfiguration().getConfig().addProperty("security.default-auth-manager", "PrincipalDatabaseAuthenticationManager"); - getConfiguration().getConfig().addProperty("security.port-mappings.port-mapping.port", "200"); - getConfiguration().getConfig().addProperty("security.port-mappings.port-mapping.auth-manager", "AnonymousAuthenticationManager"); - } - }; - reallyCreateBroker(); - - AuthenticationManager authMgr = - ApplicationRegistry.getInstance().getAuthenticationManager(new InetSocketAddress(200)); - - assertNotNull("AuthenticationManager should not be null for any socket", authMgr); - assertEquals("AuthenticationManager not of expected class", AnonymousAuthenticationManager.class, authMgr.getClass()); - - // test the default is still in effect for other ports - authMgr = ApplicationRegistry.getInstance().getAuthenticationManager(new InetSocketAddress(1)); - assertEquals("AuthenticationManager not of expected class", PrincipalDatabaseAuthenticationManager.class, authMgr.getClass()); - - - } -} diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/registry/ApplicationRegistryShutdownTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/registry/ApplicationRegistryShutdownTest.java index 9ff8f0a531..9af950d385 100644 --- a/qpid/java/broker/src/test/java/org/apache/qpid/server/registry/ApplicationRegistryShutdownTest.java +++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/registry/ApplicationRegistryShutdownTest.java @@ -49,7 +49,7 @@ public class ApplicationRegistryShutdownTest extends InternalBrokerBaseCase /** - * QPID-1399 : Ensure that the Authentiction manager unregisters any SASL providers created during + * QPID-1399 : Ensure that the Authentication manager unregisters any SASL providers created during * ApplicationRegistry initialisation. * */ diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/registry/TestableApplicationRegistry.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/registry/TestableApplicationRegistry.java deleted file mode 100644 index db7a7f7950..0000000000 --- a/qpid/java/broker/src/test/java/org/apache/qpid/server/registry/TestableApplicationRegistry.java +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.qpid.server.registry; - -import org.apache.commons.configuration.ConfigurationException; -import org.apache.qpid.server.configuration.ServerConfiguration; -import org.apache.qpid.server.logging.NullRootMessageLogger; -import org.apache.qpid.server.logging.actors.BrokerActor; -import org.apache.qpid.server.logging.actors.CurrentActor; -import org.apache.qpid.server.logging.actors.GenericActor; - -class TestableApplicationRegistry extends ApplicationRegistry -{ - - public TestableApplicationRegistry(ServerConfiguration config) throws ConfigurationException - { - super(config); - } - - @Override - public void initialise() throws Exception - { - CurrentActor.setDefault(new BrokerActor(new NullRootMessageLogger())); - GenericActor.setDefaultMessageLogger(new NullRootMessageLogger()); - super.initialise(); - } - - - -} - - diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerRegistryTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerRegistryTest.java new file mode 100644 index 0000000000..213039a7fb --- /dev/null +++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerRegistryTest.java @@ -0,0 +1,304 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.qpid.server.security.auth.manager; + +import static org.mockito.Mockito.*; + +import java.net.InetSocketAddress; +import java.net.SocketAddress; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +import org.apache.commons.configuration.ConfigurationException; +import org.apache.qpid.server.configuration.ServerConfiguration; +import org.apache.qpid.server.plugins.Plugin; +import org.apache.qpid.server.plugins.PluginManager; +import org.apache.qpid.server.security.SecurityManager.SecurityConfiguration; +import org.mockito.Mockito; + +import junit.framework.TestCase; + +public class AuthenticationManagerRegistryTest extends TestCase +{ + private static final Map<String, AuthenticationManagerPluginFactory<? extends Plugin>> EMPTY_PLUGINMAP = Collections.emptyMap(); + + private PluginManager _pluginManager = Mockito.mock(PluginManager.class); + private ServerConfiguration _serverConfiguration = Mockito.mock(ServerConfiguration.class); + private SecurityConfiguration _securityConfiguration = Mockito.mock(SecurityConfiguration.class); + + private List<AuthenticationManager> _allCreatedAuthManagers = new ArrayList<AuthenticationManager>(); + + @Override + protected void setUp() throws Exception + { + super.setUp(); + + // Setup server configuration to return mock security config. + when(_serverConfiguration.getConfiguration(SecurityConfiguration.class.getName())).thenReturn(_securityConfiguration); + } + + @Override + protected void tearDown() throws Exception + { + try + { + verifyAllCreatedAuthManagersClosed(); + } + finally + { + super.tearDown(); + } + } + + public void testNoAuthenticationManagerFactoryPluginsFound() throws Exception + { + when(_pluginManager.getAuthenticationManagerPlugins()).thenReturn(EMPTY_PLUGINMAP); + try + { + new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager); + fail("Exception not thrown"); + } + catch (ConfigurationException ce) + { + // PASS + assertEquals("No authentication manager factory plugins found. Check the desired authentication manager plugin has been placed in the plugins directory.", + ce.getMessage()); + } + } + + public void testSameAuthenticationManagerSpecifiedTwice() throws Exception + { + AuthenticationManagerPluginFactory<? extends Plugin> myAuthManagerFactory = newMockFactoryProducingMockAuthManagerImplementing(TestAuthenticationManager1.class); + + Map<String, AuthenticationManagerPluginFactory<? extends Plugin>> pluginMap = createPluginMap(myAuthManagerFactory, myAuthManagerFactory); + + when(_pluginManager.getAuthenticationManagerPlugins()).thenReturn(pluginMap); + + try + { + new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager); + fail("Exception not thrown"); + } + catch (ConfigurationException ce) + { + // PASS + assertEquals("Cannot configure more than one authentication manager of type " + myAuthManagerFactory.getPluginClass().getSimpleName() + ". Remove configuration for one of the authentication managers.", + ce.getMessage()); + } + } + + public void testMultipleAuthenticationManagersSpecifiedButNoDefaultSpecified() throws Exception + { + AuthenticationManagerPluginFactory<? extends Plugin> myAuthManagerFactory1 = newMockFactoryProducingMockAuthManagerImplementing(TestAuthenticationManager1.class); + AuthenticationManagerPluginFactory<? extends Plugin> myAuthManagerFactory2 = newMockFactoryProducingMockAuthManagerImplementing(TestAuthenticationManager2.class); + + Map<String, AuthenticationManagerPluginFactory<? extends Plugin>> pluginMap = createPluginMap(myAuthManagerFactory1, myAuthManagerFactory2); + + when(_pluginManager.getAuthenticationManagerPlugins()).thenReturn(pluginMap); + when(_serverConfiguration.getDefaultAuthenticationManager()).thenReturn(null); + + try + { + new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager); + fail("Exception not thrown"); + } + catch (ConfigurationException ce) + { + // PASS + assertEquals("If more than one authentication manager is configured a default MUST be specified.", + ce.getMessage()); + } + } + + public void testDefaultAuthenticationManagerNotKnown() throws Exception + { + String myDefaultAuthManagerSimpleClassName = "UnknownAuthenticationManager"; + + AuthenticationManagerPluginFactory<? extends Plugin> myAuthManagerFactory1 = newMockFactoryProducingMockAuthManagerImplementing(TestAuthenticationManager1.class); + AuthenticationManagerPluginFactory<? extends Plugin> myAuthManagerFactory2 = newMockFactoryProducingMockAuthManagerImplementing(TestAuthenticationManager2.class); + + Map<String, AuthenticationManagerPluginFactory<? extends Plugin>> pluginMap = createPluginMap(myAuthManagerFactory1, myAuthManagerFactory2); + + when(_pluginManager.getAuthenticationManagerPlugins()).thenReturn(pluginMap); + when(_serverConfiguration.getDefaultAuthenticationManager()).thenReturn(myDefaultAuthManagerSimpleClassName); + + try + { + new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager); + fail("Exception not thrown"); + } + catch (ConfigurationException ce) + { + // PASS + assertTrue("Unexpected message " + ce.getMessage(), + ce.getMessage().startsWith("No authentication managers configured of type " + myDefaultAuthManagerSimpleClassName + " which is specified as the default")); + } + } + + public void testPortMappedToUnknownAuthenticationManager() throws Exception + { + String myDefaultAuthManagerSimpleClassName = "UnknownAuthenticationManager"; + int portNumber = 1234; + + AuthenticationManagerPluginFactory<? extends Plugin> myAuthManagerFactory1 = newMockFactoryProducingMockAuthManagerImplementing(TestAuthenticationManager1.class); + + Map<String, AuthenticationManagerPluginFactory<? extends Plugin>> pluginMap = createPluginMap(myAuthManagerFactory1); + + when(_pluginManager.getAuthenticationManagerPlugins()).thenReturn(pluginMap); + when(_serverConfiguration.getPortAuthenticationMappings()).thenReturn(Collections.singletonMap(portNumber, myDefaultAuthManagerSimpleClassName)); + + try + { + new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager); + fail("Exception not thrown"); + } + catch (ConfigurationException ce) + { + // PASS + assertEquals("Unknown authentication manager class " + myDefaultAuthManagerSimpleClassName + " configured for port " + portNumber, ce.getMessage()); + } + } + + public void testGetAuthenticationManagerForInetSocketAddress() throws Exception + { + AuthenticationManagerPluginFactory<? extends Plugin> myAuthManagerFactory1 = newMockFactoryProducingMockAuthManagerImplementing(TestAuthenticationManager1.class); + Map<String, AuthenticationManagerPluginFactory<? extends Plugin>> pluginMap = createPluginMap(myAuthManagerFactory1); + + when(_pluginManager.getAuthenticationManagerPlugins()).thenReturn(pluginMap); + + AuthenticationManagerRegistry registry = new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager); + + AuthenticationManager authenticationManager = registry.getAuthenticationManagerFor(new InetSocketAddress(1234)); + assertEquals("TestAuthenticationManager1", authenticationManager.getMechanisms()); + + registry.close(); + } + + public void testGetAuthenticationManagerForNonInetSocketAddress() throws Exception + { + AuthenticationManagerPluginFactory<? extends Plugin> myAuthManagerFactory1 = newMockFactoryProducingMockAuthManagerImplementing(TestAuthenticationManager1.class); + Map<String, AuthenticationManagerPluginFactory<? extends Plugin>> pluginMap = createPluginMap(myAuthManagerFactory1); + + when(_pluginManager.getAuthenticationManagerPlugins()).thenReturn(pluginMap); + + AuthenticationManagerRegistry registry = new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager); + + AuthenticationManager authenticationManager = registry.getAuthenticationManagerFor(mock(SocketAddress.class)); + assertEquals("TestAuthenticationManager1", authenticationManager.getMechanisms()); + + registry.close(); + } + + public void testGetAuthenticationManagerWithMultipleAuthenticationManager() throws Exception + { + AuthenticationManagerPluginFactory<? extends Plugin> myAuthManagerFactory1 = newMockFactoryProducingMockAuthManagerImplementing(TestAuthenticationManager1.class); + AuthenticationManagerPluginFactory<? extends Plugin> myAuthManagerFactory2 = newMockFactoryProducingMockAuthManagerImplementing(TestAuthenticationManager2.class); + Map<String, AuthenticationManagerPluginFactory<? extends Plugin>> pluginMap = createPluginMap(myAuthManagerFactory1, myAuthManagerFactory2); + + String defaultAuthManger = myAuthManagerFactory1.getPluginName(); + int unmappedPortNumber = 1234; + int mappedPortNumber = 1235; + String mappedAuthManager = myAuthManagerFactory2.getPluginName(); + + when(_pluginManager.getAuthenticationManagerPlugins()).thenReturn(pluginMap); + when(_serverConfiguration.getDefaultAuthenticationManager()).thenReturn(defaultAuthManger); + when(_serverConfiguration.getPortAuthenticationMappings()).thenReturn(Collections.singletonMap(mappedPortNumber, mappedAuthManager)); + + AuthenticationManagerRegistry registry = new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager); + + AuthenticationManager authenticationManager1 = registry.getAuthenticationManagerFor(new InetSocketAddress(unmappedPortNumber)); + assertEquals("TestAuthenticationManager1", authenticationManager1.getMechanisms()); + + AuthenticationManager authenticationManager2 = registry.getAuthenticationManagerFor(new InetSocketAddress(mappedPortNumber)); + assertEquals("TestAuthenticationManager2", authenticationManager2.getMechanisms()); + + registry.close(); + } + + public void testAuthenticationManagersAreClosed() throws Exception + { + AuthenticationManagerPluginFactory<? extends Plugin> myAuthManagerFactory1 = newMockFactoryProducingMockAuthManagerImplementing(TestAuthenticationManager1.class); + AuthenticationManagerPluginFactory<? extends Plugin> myAuthManagerFactory2 = newMockFactoryProducingMockAuthManagerImplementing(TestAuthenticationManager2.class); + Map<String, AuthenticationManagerPluginFactory<? extends Plugin>> pluginMap = createPluginMap(myAuthManagerFactory1, myAuthManagerFactory2); + + String defaultAuthManger = myAuthManagerFactory1.getPluginName(); + when(_pluginManager.getAuthenticationManagerPlugins()).thenReturn(pluginMap); + when(_serverConfiguration.getDefaultAuthenticationManager()).thenReturn(defaultAuthManger); + + AuthenticationManagerRegistry registry = new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager); + + registry.close(); + } + + private AuthenticationManagerPluginFactory<? extends Plugin> newMockFactoryProducingMockAuthManagerImplementing(Class<? extends AuthenticationManager> authManagerClazz) + throws ConfigurationException + { + AuthenticationManager myAuthManager = mock(authManagerClazz); + when(myAuthManager.getMechanisms()).thenReturn(authManagerClazz.getSimpleName()); // used to verify the getAuthenticationManagerFor returns expected impl. + + AuthenticationManagerPluginFactory myAuthManagerFactory = mock(AuthenticationManagerPluginFactory.class); + when(myAuthManagerFactory.getPluginClass()).thenReturn(myAuthManager.getClass()); + when(myAuthManagerFactory.getPluginName()).thenReturn(myAuthManager.getClass().getSimpleName()); + when(myAuthManagerFactory.newInstance(_securityConfiguration)).thenReturn(myAuthManager); + + _allCreatedAuthManagers.add(myAuthManager); + return myAuthManagerFactory; + } + + private Map<String, AuthenticationManagerPluginFactory<? extends Plugin>> createPluginMap( + AuthenticationManagerPluginFactory<? extends Plugin> myAuthManagerFactory) + { + return createPluginMap(myAuthManagerFactory, null); + } + + private Map<String, AuthenticationManagerPluginFactory<? extends Plugin>> createPluginMap( + AuthenticationManagerPluginFactory<? extends Plugin> authManagerFactory1, + AuthenticationManagerPluginFactory<? extends Plugin> authManagerFactory2) + { + Map<String, AuthenticationManagerPluginFactory<? extends Plugin>> pluginMap = new HashMap<String, AuthenticationManagerPluginFactory<? extends Plugin>>(); + pluginMap.put("config.path.unused1", authManagerFactory1); + if (authManagerFactory2 != null) + { + pluginMap.put("config.path.unused2", authManagerFactory2); + } + return pluginMap; + } + + private void verifyAllCreatedAuthManagersClosed() + { + for (Iterator<AuthenticationManager> iterator = _allCreatedAuthManagers.iterator(); iterator.hasNext();) + { + AuthenticationManager authenticationManager = (AuthenticationManager) iterator.next(); + verify(authenticationManager).close(); + } + } + + private interface TestAuthenticationManager1 extends AuthenticationManager + { + } + + private interface TestAuthenticationManager2 extends AuthenticationManager + { + } +} diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java index 584f3d1358..df3bbb3e8b 100644 --- a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java +++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java @@ -20,18 +20,12 @@ */ package org.apache.qpid.server.security.auth.rmi; -import java.util.Map; import junit.framework.TestCase; -import org.apache.commons.configuration.ConfigurationException; -import org.apache.commons.configuration.XMLConfiguration; -import org.apache.qpid.server.configuration.ServerConfiguration; import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin; -import org.apache.qpid.server.registry.ApplicationRegistry; import org.apache.qpid.server.security.auth.AuthenticationResult; import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus; import org.apache.qpid.server.security.auth.manager.AuthenticationManager; -import org.apache.qpid.server.util.TestApplicationRegistry; import javax.management.remote.JMXPrincipal; import javax.security.auth.Subject; @@ -123,17 +117,7 @@ public class RMIPasswordAuthenticatorTest extends TestCase */ public void testNullAuthenticationManager() throws Exception { - ServerConfiguration serverConfig = new ServerConfiguration(new XMLConfiguration()); - TestApplicationRegistry reg = new TestApplicationRegistry(serverConfig) - { - @Override - protected Map<Integer, AuthenticationManager> createAuthenticationManagers() throws ConfigurationException - { - return Collections.emptyMap(); - } - }; - ApplicationRegistry.initialise(reg); - + _rmipa.setAuthenticationManager(null); try { _rmipa.authenticate(_credentials); @@ -144,10 +128,6 @@ public class RMIPasswordAuthenticatorTest extends TestCase assertEquals("Unexpected exception message", RMIPasswordAuthenticator.UNABLE_TO_LOOKUP, se.getMessage()); } - finally - { - ApplicationRegistry.remove(); - } } /** diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java index 6e18718478..4bb468e823 100644 --- a/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java +++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java @@ -20,8 +20,7 @@ */ package org.apache.qpid.server.util; -import java.util.Collections; -import java.util.Map; +import java.net.SocketAddress; import org.apache.commons.configuration.ConfigurationException; import org.apache.qpid.server.configuration.ServerConfiguration; @@ -30,9 +29,11 @@ import org.apache.qpid.server.logging.NullRootMessageLogger; import org.apache.qpid.server.logging.actors.BrokerActor; import org.apache.qpid.server.logging.actors.CurrentActor; import org.apache.qpid.server.logging.actors.GenericActor; +import org.apache.qpid.server.plugins.PluginManager; import org.apache.qpid.server.registry.ApplicationRegistry; import org.apache.qpid.server.security.auth.database.PropertiesPrincipalDatabase; import org.apache.qpid.server.security.auth.manager.AuthenticationManager; +import org.apache.qpid.server.security.auth.manager.IAuthenticationManagerRegistry; import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager; import java.util.Properties; @@ -53,11 +54,10 @@ public class TestApplicationRegistry extends ApplicationRegistry super.initialise(); } - /** - * @see org.apache.qpid.server.registry.ApplicationRegistry#createAuthenticationManagers() - */ @Override - protected Map<Integer, AuthenticationManager> createAuthenticationManagers() throws ConfigurationException + protected IAuthenticationManagerRegistry createAuthenticationManagerRegistry( + ServerConfiguration _configuration, PluginManager _pluginManager) + throws ConfigurationException { final Properties users = new Properties(); users.put("guest","guest"); @@ -65,7 +65,7 @@ public class TestApplicationRegistry extends ApplicationRegistry final PropertiesPrincipalDatabase ppd = new PropertiesPrincipalDatabase(users); - AuthenticationManager pdam = new PrincipalDatabaseAuthenticationManager() + final AuthenticationManager pdam = new PrincipalDatabaseAuthenticationManager() { /** @@ -85,12 +85,24 @@ public class TestApplicationRegistry extends ApplicationRegistry super.initialise(); } }; - pdam.initialise(); - return Collections.singletonMap(null,pdam); - } + return new IAuthenticationManagerRegistry() + { + @Override + public void close() + { + pdam.close(); + } + @Override + public AuthenticationManager getAuthenticationManagerFor( + SocketAddress address) + { + return pdam; + } + }; + } } |