diff options
Diffstat (limited to 'qpid/java')
58 files changed, 1508 insertions, 1354 deletions
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AccessControlProvider.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AccessControlProvider.java index aa797154e4..11b97474c5 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AccessControlProvider.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AccessControlProvider.java @@ -26,6 +26,7 @@ import java.util.UUID; import org.apache.qpid.server.security.AccessControl; +@ManagedObject public interface AccessControlProvider<X extends AccessControlProvider<X>> extends ConfiguredObject<X> { public static final String DURABLE = "durable"; diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java index e1642f8a2b..8e1ea39cec 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AuthenticationProvider.java @@ -26,6 +26,7 @@ import java.util.Collections; import org.apache.qpid.server.security.SubjectCreator; +@ManagedObject public interface AuthenticationProvider<X extends AuthenticationProvider<X>> extends ConfiguredObject<X> { diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Binding.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Binding.java index 5bc7ea2871..d1e78def75 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Binding.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Binding.java @@ -25,6 +25,7 @@ import java.util.Collection; import java.util.Collections; import java.util.Map; +@ManagedObject public interface Binding<X extends Binding<X>> extends ConfiguredObject<X> { diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Broker.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Broker.java index e7f7814c56..28375b0773 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Broker.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Broker.java @@ -32,6 +32,7 @@ import org.apache.qpid.server.security.SecurityManager; import org.apache.qpid.server.security.SubjectCreator; import org.apache.qpid.server.virtualhost.VirtualHostRegistry; +@ManagedObject public interface Broker<X extends Broker<X>> extends ConfiguredObject<X> { diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Consumer.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Consumer.java index 05a0a0bf64..65d87ba623 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Consumer.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Consumer.java @@ -24,6 +24,7 @@ import java.util.Arrays; import java.util.Collection; import java.util.Collections; +@ManagedObject public interface Consumer<X extends Consumer<X>> extends ConfiguredObject<X> { public String DISTRIBUTION_MODE = "distributionMode"; diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Exchange.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Exchange.java index ac953b52a1..0c14fb38c7 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Exchange.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Exchange.java @@ -26,7 +26,6 @@ import java.util.Collections; import java.util.Map; @ManagedObject - public interface Exchange<X extends Exchange<X>> extends ConfiguredObject<X> { String DURABLE = "durable"; diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Group.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Group.java index d4a6b3f2d6..33cefe4bf0 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Group.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Group.java @@ -19,6 +19,7 @@ */ package org.apache.qpid.server.model; +@ManagedObject public interface Group<X extends Group<X>> extends ConfiguredObject<X> { String DURABLE = "durable"; diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/GroupMember.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/GroupMember.java index f7ab5ff223..d5f964b93f 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/GroupMember.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/GroupMember.java @@ -23,6 +23,7 @@ import java.util.Arrays; import java.util.Collection; import java.util.Collections; +@ManagedObject public interface GroupMember<X extends GroupMember<X>> extends ConfiguredObject<X> { String DURABLE = "durable"; diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/GroupProvider.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/GroupProvider.java index c182834788..4d29d27951 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/GroupProvider.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/GroupProvider.java @@ -25,6 +25,7 @@ import java.util.Collection; import java.util.Collections; import java.util.Set; +@ManagedObject public interface GroupProvider<X extends GroupProvider<X>> extends ConfiguredObject<X> { public static final String DESCRIPTION = "description"; diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/KeyStore.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/KeyStore.java index 302bea8344..db0745fbec 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/KeyStore.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/KeyStore.java @@ -26,6 +26,7 @@ import java.util.Collection; import java.util.Collections; import javax.net.ssl.KeyManager; +@ManagedObject public interface KeyStore<X extends KeyStore<X>> extends ConfiguredObject<X> { String DURABLE = "durable"; diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Plugin.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Plugin.java index 792601d946..ff28014090 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Plugin.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Plugin.java @@ -24,6 +24,7 @@ import java.util.Arrays; import java.util.Collection; import java.util.Collections; +@ManagedObject public interface Plugin<X extends Plugin<X>> extends ConfiguredObject<X> { //Hack, using it for the class name only for consistency with the other things. diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Port.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Port.java index 72bf6bc523..497e2bfceb 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Port.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Port.java @@ -23,6 +23,7 @@ package org.apache.qpid.server.model; import java.security.AccessControlException; import java.util.Collection; +@ManagedObject public interface Port<X extends Port<X>> extends ConfiguredObject<X> { String DURABLE = "durable"; diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/PreferencesProvider.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/PreferencesProvider.java index 9310491076..521450894f 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/PreferencesProvider.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/PreferencesProvider.java @@ -24,6 +24,7 @@ package org.apache.qpid.server.model; import java.util.Map; import java.util.Set; +@ManagedObject public interface PreferencesProvider<X extends PreferencesProvider<X>> extends ConfiguredObject<X> { String DURABLE = "durable"; diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Publisher.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Publisher.java index 2cd8f1aad2..13ccc72475 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Publisher.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Publisher.java @@ -20,6 +20,7 @@ */ package org.apache.qpid.server.model; +@ManagedObject public interface Publisher<X extends Publisher<X>> extends ConfiguredObject<X> { } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Session.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Session.java index 519f96eb1b..0eaf014d4e 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Session.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/Session.java @@ -24,6 +24,7 @@ import java.util.Arrays; import java.util.Collection; import java.util.Collections; +@ManagedObject public interface Session<X extends Session<X>> extends ConfiguredObject<X> { public static final String STATE = "state"; diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/TrustStore.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/TrustStore.java index 2685a50776..07b593e9a2 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/TrustStore.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/TrustStore.java @@ -26,6 +26,7 @@ import java.util.Collection; import java.util.Collections; import javax.net.ssl.TrustManager; +@ManagedObject public interface TrustStore<X extends TrustStore<X>> extends ConfiguredObject<X> { String DURABLE = "durable"; diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/User.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/User.java index 1c9c5d844b..9d6c228a70 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/User.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/User.java @@ -26,6 +26,7 @@ import java.util.Collection; import java.util.Collections; import java.util.Map; +@ManagedObject public interface User<X extends User<X>> extends ConfiguredObject<X> { String DURABLE = "durable"; diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/VirtualHost.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/VirtualHost.java index 20e3a7f932..4aec9b38a0 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/VirtualHost.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/VirtualHost.java @@ -30,7 +30,6 @@ import java.util.Collection; import java.util.Map; @ManagedObject( managesChildren = true ) - public interface VirtualHost<X extends VirtualHost<X>> extends ConfiguredObject<X> { diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AbstractConfiguredObject.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AbstractConfiguredObject.java index b82ab55330..aae5902388 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AbstractConfiguredObject.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AbstractConfiguredObject.java @@ -27,19 +27,13 @@ import java.security.AccessControlException; import java.security.AccessController; import java.util.*; -import org.apache.qpid.server.model.ConfigurationChangeListener; -import org.apache.qpid.server.model.ConfiguredObject; -import org.apache.qpid.server.model.IllegalStateTransitionException; -import org.apache.qpid.server.model.ManagedAttribute; -import org.apache.qpid.server.model.ManagedStatistic; -import org.apache.qpid.server.model.State; +import org.apache.qpid.server.model.*; import org.apache.qpid.server.configuration.IllegalConfigurationException; import org.apache.qpid.server.configuration.updater.ChangeAttributesTask; import org.apache.qpid.server.configuration.updater.ChangeStateTask; import org.apache.qpid.server.configuration.updater.CreateChildTask; import org.apache.qpid.server.configuration.updater.SetAttributeTask; import org.apache.qpid.server.configuration.updater.TaskExecutor; -import org.apache.qpid.server.security.*; import org.apache.qpid.server.security.SecurityManager; import org.apache.qpid.server.security.auth.AuthenticatedPrincipal; import org.apache.qpid.server.util.MapValueConverter; @@ -115,17 +109,28 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im TaskExecutor taskExecutor, boolean filterAttributes) { - this(defaults, combineIdWithAttributes(id, attributes), taskExecutor, filterAttributes); + this(Collections.<Class<? extends ConfiguredObject>, ConfiguredObject<?>>emptyMap(), + defaults, combineIdWithAttributes(id, attributes), taskExecutor, filterAttributes); } protected AbstractConfiguredObject(Map<String, Object> defaults, Map<String, Object> attributes, TaskExecutor taskExecutor) { - this(defaults, attributes, taskExecutor, true); + this(Collections.<Class<? extends ConfiguredObject>, ConfiguredObject<?>>emptyMap(), + defaults, attributes, taskExecutor, true); } - protected AbstractConfiguredObject(Map<String, Object> defaults, + protected AbstractConfiguredObject(final Map<Class<? extends ConfiguredObject>, ConfiguredObject<?>> parents, + Map<String, Object> defaults, + Map<String, Object> attributes, + TaskExecutor taskExecutor) + { + this(parents, defaults, attributes, taskExecutor, true); + } + + protected AbstractConfiguredObject(final Map<Class<? extends ConfiguredObject>, ConfiguredObject<?>> parents, + Map<String, Object> defaults, Map<String, Object> attributes, TaskExecutor taskExecutor, boolean filterAttributes) @@ -134,6 +139,10 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im _id = (UUID)attributes.get(ID); _attributeTypes = getAttributeTypes(getClass()); _automatedFields = getAutomatedFields(getClass()); + for(Map.Entry<Class<? extends ConfiguredObject>, ConfiguredObject<?>> entry : parents.entrySet()) + { + addParent((Class<ConfiguredObject>) entry.getKey(), entry.getValue()); + } if (attributes != null) { Collection<String> names = getAttributeNames(); @@ -199,7 +208,8 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im { try { - _automatedFields.get(name).set(this,_attributeTypes.get(name).convert(value)); + final Attribute attribute = _attributeTypes.get(name); + _automatedFields.get(name).set(this, attribute.convert(value, this)); } catch (IllegalAccessException e) { @@ -739,22 +749,16 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im catch (IllegalAccessException e) { Object o = configuredObject.getAttribute(_name); - return _converter.convert(o); + return _converter.convert(o, configuredObject); } catch (InvocationTargetException e) { Object o = configuredObject.getAttribute(_name); - return _converter.convert(o); + return _converter.convert(o, configuredObject); } } - public T getValue(Map<String, Object> attributeMap) - { - Object o = attributeMap.get(_name); - return _converter.convert(o); - } - public T get(final AbstractConfiguredObject<?> object) { try @@ -802,47 +806,47 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im return _annotation; } - public T convert(final Object value) + public T convert(final Object value, C object) { - return _converter.convert(value); + return _converter.convert(value, object); } } private static interface Converter<T> { - T convert(Object o); + T convert(Object value, final ConfiguredObject object); } private static final Converter<String> STRING_CONVERTER = new Converter<String>() { @Override - public String convert(final Object o) + public String convert(final Object value, final ConfiguredObject object) { - return o == null ? null : o.toString(); + return value == null ? null : value.toString(); } }; private static final Converter<UUID> UUID_CONVERTER = new Converter<UUID>() { @Override - public UUID convert(final Object o) + public UUID convert(final Object value, final ConfiguredObject object) { - if(o instanceof UUID) + if(value instanceof UUID) { - return (UUID)o; + return (UUID) value; } - else if(o instanceof String) + else if(value instanceof String) { - return UUID.fromString((String)o); + return UUID.fromString((String) value); } - else if(o == null) + else if(value == null) { return null; } else { - throw new IllegalArgumentException("Cannot convert type " + o.getClass() + " to a UUID"); + throw new IllegalArgumentException("Cannot convert type " + value.getClass() + " to a UUID"); } } }; @@ -851,27 +855,27 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im { @Override - public Long convert(final Object o) + public Long convert(final Object value, final ConfiguredObject object) { - if(o instanceof Long) + if(value instanceof Long) { - return (Long)o; + return (Long) value; } - else if(o instanceof Number) + else if(value instanceof Number) { - return ((Number)o).longValue(); + return ((Number) value).longValue(); } - else if(o instanceof String) + else if(value instanceof String) { - return Long.valueOf((String)o); + return Long.valueOf((String) value); } - else if(o == null) + else if(value == null) { return null; } else { - throw new IllegalArgumentException("Cannot convert type " + o.getClass() + " to a Long"); + throw new IllegalArgumentException("Cannot convert type " + value.getClass() + " to a Long"); } } }; @@ -880,27 +884,27 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im { @Override - public Integer convert(final Object o) + public Integer convert(final Object value, final ConfiguredObject object) { - if(o instanceof Integer) + if(value instanceof Integer) { - return (Integer)o; + return (Integer) value; } - else if(o instanceof Number) + else if(value instanceof Number) { - return ((Number)o).intValue(); + return ((Number) value).intValue(); } - else if(o instanceof String) + else if(value instanceof String) { - return Integer.valueOf((String)o); + return Integer.valueOf((String) value); } - else if(o == null) + else if(value == null) { return null; } else { - throw new IllegalArgumentException("Cannot convert type " + o.getClass() + " to an Integer"); + throw new IllegalArgumentException("Cannot convert type " + value.getClass() + " to an Integer"); } } }; @@ -909,23 +913,23 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im { @Override - public Boolean convert(final Object o) + public Boolean convert(final Object value, final ConfiguredObject object) { - if(o instanceof Boolean) + if(value instanceof Boolean) { - return (Boolean)o; + return (Boolean) value; } - else if(o instanceof String) + else if(value instanceof String) { - return Boolean.valueOf((String)o); + return Boolean.valueOf((String) value); } - else if(o == null) + else if(value == null) { return null; } else { - throw new IllegalArgumentException("Cannot convert type " + o.getClass() + " to a Boolean"); + throw new IllegalArgumentException("Cannot convert type " + value.getClass() + " to a Boolean"); } } }; @@ -933,19 +937,19 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im private static final Converter<List> LIST_CONVERTER = new Converter<List>() { @Override - public List convert(final Object o) + public List convert(final Object value, final ConfiguredObject object) { - if(o instanceof List) + if(value instanceof List) { - return (List)o; + return (List) value; } - else if(o == null) + else if(value == null) { return null; } else { - throw new IllegalArgumentException("Cannot convert type " + o.getClass() + " to a List"); + throw new IllegalArgumentException("Cannot convert type " + value.getClass() + " to a List"); } } }; @@ -953,19 +957,19 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im private static final Converter<Collection> COLLECTION_CONVERTER = new Converter<Collection>() { @Override - public Collection convert(final Object o) + public Collection convert(final Object value, final ConfiguredObject object) { - if(o instanceof Collection) + if(value instanceof Collection) { - return (Collection)o; + return (Collection) value; } - else if(o == null) + else if(value == null) { return null; } else { - throw new IllegalArgumentException("Cannot convert type " + o.getClass() + " to a List"); + throw new IllegalArgumentException("Cannot convert type " + value.getClass() + " to a List"); } } }; @@ -973,19 +977,19 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im private static final Converter<Map> MAP_CONVERTER = new Converter<Map>() { @Override - public Map convert(final Object o) + public Map convert(final Object value, final ConfiguredObject object) { - if(o instanceof Map) + if(value instanceof Map) { - return (Map)o; + return (Map) value; } - else if(o == null) + else if(value == null) { return null; } else { - throw new IllegalArgumentException("Cannot convert type " + o.getClass() + " to a Map"); + throw new IllegalArgumentException("Cannot convert type " + value.getClass() + " to a Map"); } } }; @@ -1000,23 +1004,23 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im } @Override - public X convert(final Object o) + public X convert(final Object value, final ConfiguredObject object) { - if(o == null) + if(value == null) { return null; } - else if(_klazz.isInstance(o)) + else if(_klazz.isInstance(value)) { - return (X) o; + return (X) value; } - else if(o instanceof String) + else if(value instanceof String) { - return Enum.valueOf(_klazz,(String)o); + return Enum.valueOf(_klazz,(String) value); } else { - throw new IllegalArgumentException("Cannot convert type " + o.getClass() + " to a " + _klazz.getName()); + throw new IllegalArgumentException("Cannot convert type " + value.getClass() + " to a " + _klazz.getName()); } } } @@ -1031,22 +1035,54 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im } @Override - public X convert(final Object o) + public X convert(final Object value, final ConfiguredObject object) { - if(o == null) + if(value == null) { return null; } - else if(_klazz.isInstance(o)) + else if(_klazz.isInstance(value)) { - return (X) o; + return (X) value; + } + else if(value instanceof UUID) + { + Collection<X> reachable = getReachableObjects(object,_klazz); + for(X candidate : reachable) + { + if(candidate.getId().equals(value)) + { + return candidate; + } + } + throw new IllegalArgumentException("Cannot find a " + _klazz.getName() + " with id " + value); + } + else if(value instanceof String) + { + Collection<X> reachable = getReachableObjects(object,_klazz); + for(X candidate : reachable) + { + if(candidate.getName().equals(value)) + { + return candidate; + } + } + try + { + UUID id = UUID.fromString((String)value); + return convert(id, object); + } + catch (IllegalArgumentException e) + { + throw new IllegalArgumentException("Cannot find a " + _klazz.getSimpleName() + " with name '" + value + "'"); + } } - // TODO - traverse tree based on UUID else { - throw new IllegalArgumentException("Cannot convert type " + o.getClass() + " to a " + _klazz.getName()); + throw new IllegalArgumentException("Cannot convert type " + value.getClass() + " to a " + _klazz.getName()); } } + } private static <X> Converter<X> getConverter(final Class<X> type) @@ -1452,4 +1488,142 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im } return _allAutomatedFields.get(clazz); } + + private static <X extends ConfiguredObject<X>> Collection<X> getReachableObjects(final ConfiguredObject<?> object, + final Class<X> clazz) + { + Class<? extends ConfiguredObject> category = getCategory(object.getClass()); + Class<? extends ConfiguredObject> ancestorClass = getAncestorClassWithGivenDescendant(category, clazz); + if(ancestorClass != null) + { + ConfiguredObject ancestor = getAncestor(ancestorClass, category, object); + if(ancestor != null) + { + return getAllDescendants(ancestor, ancestorClass, clazz); + } + } + return null; + } + + private static <X extends ConfiguredObject<X>> Collection<X> getAllDescendants(final ConfiguredObject ancestor, + final Class<? extends ConfiguredObject> ancestorClass, + final Class<X> clazz) + { + Set<X> descendants = new HashSet<X>(); + for(Class<? extends ConfiguredObject> childClass : Model.getInstance().getChildTypes(ancestorClass)) + { + Collection<? extends ConfiguredObject> children = ancestor.getChildren(childClass); + if(childClass == clazz) + { + + if(children != null) + { + descendants.addAll((Collection<X>)children); + } + } + else + { + if(children != null) + { + for(ConfiguredObject child : children) + { + descendants.addAll(getAllDescendants(child, childClass, clazz)); + } + } + } + } + return descendants; + } + + private static ConfiguredObject getAncestor(final Class<? extends ConfiguredObject> ancestorClass, + final Class<? extends ConfiguredObject> category, + final ConfiguredObject<?> object) + { + if(ancestorClass.isInstance(object)) + { + return object; + } + else + { + for(Class<? extends ConfiguredObject> parentClass : Model.getInstance().getParentTypes(category)) + { + ConfiguredObject parent = object.getParent(parentClass); + ConfiguredObject ancestor = getAncestor(ancestorClass, parentClass, parent); + if(ancestor != null) + { + return ancestor; + } + } + } + return null; + } + + private static Class<? extends ConfiguredObject> getAncestorClassWithGivenDescendant( + final Class<? extends ConfiguredObject> category, + final Class<? extends ConfiguredObject> descendantClass) + { + Model model = Model.getInstance(); + Collection<Class<? extends ConfiguredObject>> candidateClasses = + Collections.<Class<? extends ConfiguredObject>>singleton(category); + while(!candidateClasses.isEmpty()) + { + for(Class<? extends ConfiguredObject> candidate : candidateClasses) + { + if(hasDescendant(candidate, descendantClass)) + { + return candidate; + } + } + Set<Class<? extends ConfiguredObject>> previous = new HashSet<Class<? extends ConfiguredObject>>(candidateClasses); + candidateClasses = new HashSet<Class<? extends ConfiguredObject>>(); + for(Class<? extends ConfiguredObject> prev : previous) + { + candidateClasses.addAll(model.getParentTypes(prev)); + } + } + return null; + } + + private static boolean hasDescendant(final Class<? extends ConfiguredObject> candidate, + final Class<? extends ConfiguredObject> descendantClass) + { + int oldSize = 0; + Model model = Model.getInstance(); + + Set<Class<? extends ConfiguredObject>> allDescendants = new HashSet<Class<? extends ConfiguredObject>>(Collections.singleton(candidate)); + while(allDescendants.size() > oldSize) + { + oldSize = allDescendants.size(); + Set<Class<? extends ConfiguredObject>> prev = new HashSet<Class<? extends ConfiguredObject>>(allDescendants); + for(Class<? extends ConfiguredObject> clazz : prev) + { + allDescendants.addAll(model.getChildTypes(clazz)); + } + } + return allDescendants.contains(descendantClass); + } + + private static Class<? extends ConfiguredObject> getCategory(final Class<?> clazz) + { + ManagedObject annotation = clazz.getAnnotation(ManagedObject.class); + if(annotation != null && annotation.category()) + { + return (Class<? extends ConfiguredObject>) clazz; + } + for(Class<?> iface : clazz.getInterfaces() ) + { + Class<? extends ConfiguredObject> cat = getCategory(iface); + if(cat != null) + { + return cat; + } + } + if(clazz.getSuperclass() != null) + { + return getCategory(clazz.getSuperclass()); + } + return null; + } + + } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderAdapter.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderAdapter.java deleted file mode 100644 index f24acb7eb5..0000000000 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderAdapter.java +++ /dev/null @@ -1,763 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.server.model.adapter; - -import java.io.IOException; -import java.security.AccessControlException; -import java.security.Principal; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.UUID; -import java.util.concurrent.atomic.AtomicReference; - -import javax.security.auth.login.AccountNotFoundException; - -import org.apache.log4j.Logger; -import org.apache.qpid.server.model.*; -import org.apache.qpid.server.plugin.AuthenticationManagerFactory; -import org.apache.qpid.server.plugin.PreferencesProviderFactory; -import org.apache.qpid.server.plugin.QpidServiceLoader; -import org.apache.qpid.server.configuration.IllegalConfigurationException; -import org.apache.qpid.server.security.SubjectCreator; -import org.apache.qpid.server.security.access.Operation; -import org.apache.qpid.server.security.auth.UsernamePrincipal; -import org.apache.qpid.server.security.auth.database.PrincipalDatabase; -import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManagerFactory; -import org.apache.qpid.server.security.auth.manager.AuthenticationManager; -import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager; -import org.apache.qpid.server.security.SecurityManager; -import org.apache.qpid.server.util.MapValueConverter; - -public abstract class AuthenticationProviderAdapter<X extends AuthenticationProvider<X>, T extends AuthenticationManager> extends - AbstractConfiguredObject<X> - implements AuthenticationProvider<X> -{ - private static final Logger LOGGER = Logger.getLogger(AuthenticationProviderAdapter.class); - - protected T _authManager; - protected final Broker _broker; - - protected Collection<String> _supportedAttributes; - protected Map<String, AuthenticationManagerFactory> _factories; - private final AtomicReference<State> _state; - private PreferencesProvider _preferencesProvider; - - private AuthenticationProviderAdapter(UUID id, Broker broker, final T authManager, Map<String, Object> attributes, Collection<String> attributeNames) - { - super(createAttributes(id, attributes), Collections.<String,Object>emptyMap(), broker.getTaskExecutor()); - _authManager = authManager; - _broker = broker; - _supportedAttributes = createSupportedAttributes(attributeNames); - _factories = getAuthenticationManagerFactories(); - - State state = MapValueConverter.getEnumAttribute(State.class, STATE, attributes, State.INITIALISING); - _state = new AtomicReference<State>(state); - addParent(Broker.class, broker); - - // set attributes now after all attribute names are known - if (attributes != null) - { - for (String name : _supportedAttributes) - { - if (attributes.containsKey(name)) - { - changeAttribute(name, null, attributes.get(name)); - } - } - } - } - - private static Map<String, Object> createAttributes(final UUID id, final Map<String, Object> attributes) - { - Map<String, Object> initialAttributes = new HashMap<String, Object>(); - initialAttributes.put(ID, id); - initialAttributes.put(NAME, attributes.get(NAME)); - return initialAttributes; - } - - T getAuthManager() - { - return _authManager; - } - - @Override - public Collection<VirtualHostAlias> getVirtualHostPortBindings() - { - return Collections.emptyList(); - } - - @Override - public String setName(String currentName, String desiredName) throws IllegalStateException, AccessControlException - { - return null; - } - - @Override - public State getState() - { - return _state.get(); - } - - @Override - public boolean isDurable() - { - return true; - } - - @Override - public void setDurable(boolean durable) - throws IllegalStateException, AccessControlException, IllegalArgumentException - { - } - - @Override - public LifetimePolicy getLifetimePolicy() - { - return LifetimePolicy.PERMANENT; - } - - @Override - public LifetimePolicy setLifetimePolicy(LifetimePolicy expected, LifetimePolicy desired) - throws IllegalStateException, AccessControlException, IllegalArgumentException - { - return null; - } - - @Override - public Collection<String> getAttributeNames() - { - return _supportedAttributes; - } - - @Override - public Object getAttribute(String name) - { - if(DURABLE.equals(name)) - { - return true; - } - else if(ID.equals(name)) - { - return getId(); - } - else if(LIFETIME_POLICY.equals(name)) - { - return LifetimePolicy.PERMANENT; - } - else if(STATE.equals(name)) - { - return getState(); - } - return super.getAttribute(name); - } - - @SuppressWarnings("unchecked") - @Override - public <C extends ConfiguredObject> Collection<C> getChildren(Class<C> clazz) - { - if (clazz == PreferencesProvider.class && _preferencesProvider != null) - { - return (Collection<C>)Collections.<PreferencesProvider>singleton(_preferencesProvider); - } - return Collections.emptySet(); - } - - @Override - public boolean setState(State currentState, State desiredState) - throws IllegalStateTransitionException, AccessControlException - { - State state = _state.get(); - if(desiredState == State.DELETED) - { - String providerName = getName(); - - // verify that provider is not in use - Collection<Port> ports = new ArrayList<Port>(_broker.getPorts()); - for (Port port : ports) - { - if (providerName.equals(port.getAttribute(Port.AUTHENTICATION_PROVIDER))) - { - throw new IntegrityViolationException("Authentication provider '" + providerName + "' is set on port " + port.getName()); - } - } - - if ((state == State.INITIALISING || state == State.ACTIVE || state == State.STOPPED || state == State.QUIESCED || state == State.ERRORED) - && _state.compareAndSet(state, State.DELETED)) - { - _authManager.close(); - _authManager.onDelete(); - if (_preferencesProvider != null) - { - _preferencesProvider.setDesiredState(_preferencesProvider.getState(), State.DELETED); - } - return true; - } - else - { - throw new IllegalStateException("Cannot delete authentication provider in state: " + state); - } - } - else if(desiredState == State.ACTIVE) - { - if ((state == State.INITIALISING || state == State.QUIESCED || state == State.STOPPED) && _state.compareAndSet(state, State.ACTIVE)) - { - try - { - _authManager.initialise(); - if (_preferencesProvider != null) - { - _preferencesProvider.setDesiredState(_preferencesProvider.getState(), State.ACTIVE); - } - return true; - } - catch(RuntimeException e) - { - _state.compareAndSet(State.ACTIVE, State.ERRORED); - if (_broker.isManagementMode()) - { - LOGGER.warn("Failed to activate authentication provider: " + getName(), e); - } - else - { - throw e; - } - } - } - else - { - throw new IllegalStateException("Cannot activate authentication provider in state: " + state); - } - } - else if (desiredState == State.QUIESCED) - { - if (state == State.INITIALISING && _state.compareAndSet(state, State.QUIESCED)) - { - return true; - } - } - else if(desiredState == State.STOPPED) - { - if (_state.compareAndSet(state, State.STOPPED)) - { - _authManager.close(); - if (_preferencesProvider != null) - { - _preferencesProvider.setDesiredState(_preferencesProvider.getState(), State.STOPPED); - } - return true; - } - else - { - throw new IllegalStateException("Cannot stop authentication provider in state: " + state); - } - } - - return false; - } - - @Override - public SubjectCreator getSubjectCreator() - { - return new SubjectCreator(_authManager, _broker.getGroupProviders()); - } - - @Override - protected void changeAttributes(Map<String, Object> attributes) - { - Map<String, Object> effectiveAttributes = super.generateEffectiveAttributes(attributes); - AuthenticationManager manager = validateAttributes(effectiveAttributes); - manager.initialise(); - super.changeAttributes(attributes); - _authManager = (T)manager; - - // if provider was previously in ERRORED state then set its state to ACTIVE - _state.compareAndSet(State.ERRORED, State.ACTIVE); - } - - private Map<String, AuthenticationManagerFactory> getAuthenticationManagerFactories() - { - QpidServiceLoader<AuthenticationManagerFactory> loader = new QpidServiceLoader<AuthenticationManagerFactory>(); - Iterable<AuthenticationManagerFactory> factories = loader.atLeastOneInstanceOf(AuthenticationManagerFactory.class); - Map<String, AuthenticationManagerFactory> factoryMap = new HashMap<String, AuthenticationManagerFactory>(); - for (AuthenticationManagerFactory factory : factories) - { - factoryMap.put(factory.getType(), factory); - } - return factoryMap; - } - - protected Collection<String> createSupportedAttributes(Collection<String> factoryAttributes) - { - List<String> attributesNames = new ArrayList<String>(getAttributeNames(AuthenticationProvider.class)); - if (factoryAttributes != null) - { - attributesNames.addAll(factoryAttributes); - } - return Collections.unmodifiableCollection(attributesNames); - } - - protected AuthenticationManager validateAttributes(Map<String, Object> attributes) - { - super.validateChangeAttributes(attributes); - - String newName = (String)attributes.get(NAME); - String currentName = getName(); - if (!currentName.equals(newName)) - { - throw new IllegalConfigurationException("Changing the name of authentication provider is not supported"); - } - String newType = (String)attributes.get(AuthenticationManagerFactory.ATTRIBUTE_TYPE); - String currentType = (String)getAttribute(AuthenticationManagerFactory.ATTRIBUTE_TYPE); - if (!currentType.equals(newType)) - { - throw new IllegalConfigurationException("Changing the type of authentication provider is not supported"); - } - AuthenticationManagerFactory managerFactory = _factories.get(newType); - if (managerFactory == null) - { - throw new IllegalConfigurationException("Cannot find authentication provider factory for type " + newType); - } - AuthenticationManager manager = managerFactory.createInstance(_broker, attributes); - if (manager == null) - { - throw new IllegalConfigurationException("Cannot change authentication provider " + newName + " of type " + newType + " with the given attributes"); - } - return manager; - } - - @Override - protected void authoriseSetDesiredState(State currentState, State desiredState) throws AccessControlException - { - if(desiredState == State.DELETED) - { - if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), AuthenticationProvider.class, Operation.DELETE)) - { - throw new AccessControlException("Deletion of authentication provider is denied"); - } - } - } - - @Override - protected void authoriseSetAttribute(String name, Object expected, Object desired) throws AccessControlException - { - if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), AuthenticationProvider.class, Operation.UPDATE)) - { - throw new AccessControlException("Setting of authentication provider attributes is denied"); - } - } - - @Override - protected void authoriseSetAttributes(Map<String, Object> attributes) throws AccessControlException - { - if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), AuthenticationProvider.class, Operation.UPDATE)) - { - throw new AccessControlException("Setting of authentication provider attributes is denied"); - } - } - - public PreferencesProvider getPreferencesProvider() - { - return _preferencesProvider; - } - - public void setPreferencesProvider(PreferencesProvider provider) - { - if (AnonymousAuthenticationManagerFactory.PROVIDER_TYPE.equals(getAttribute(TYPE))) - { - throw new IllegalConfigurationException("Cannot set preferences provider for anonymous authentication provider"); - } - _preferencesProvider = provider; - } - - @SuppressWarnings("unchecked") - @Override - public <C extends ConfiguredObject> C addChild(Class<C> childClass, Map<String, Object> attributes, ConfiguredObject... otherParents) - { - if(childClass == PreferencesProvider.class) - { - String name = MapValueConverter.getStringAttribute(PreferencesProvider.NAME, attributes); - String type = MapValueConverter.getStringAttribute(PreferencesProvider.TYPE, attributes); - PreferencesProviderFactory factory = PreferencesProviderFactory.FACTORIES.get(type); - UUID id = UUIDGenerator.generatePreferencesProviderUUID(name, getName()); - PreferencesProvider pp = factory.createInstance(id, attributes, this); - pp.setDesiredState(State.INITIALISING, State.ACTIVE); - _preferencesProvider = pp; - return (C)pp; - } - throw new IllegalArgumentException("Cannot create child of class " + childClass.getSimpleName()); - } - - public static class SimpleAuthenticationProviderAdapter extends AuthenticationProviderAdapter<SimpleAuthenticationProviderAdapter,AuthenticationManager> - { - - public SimpleAuthenticationProviderAdapter( - UUID id, Broker broker, AuthenticationManager authManager, Map<String, Object> attributes, Collection<String> attributeNames) - { - super(id, broker,authManager, attributes, attributeNames); - } - } - - public static class PrincipalDatabaseAuthenticationManagerAdapter - extends AuthenticationProviderAdapter<PrincipalDatabaseAuthenticationManagerAdapter, PrincipalDatabaseAuthenticationManager> - implements PasswordCredentialManagingAuthenticationProvider<PrincipalDatabaseAuthenticationManagerAdapter> - { - public PrincipalDatabaseAuthenticationManagerAdapter( - UUID id, Broker broker, PrincipalDatabaseAuthenticationManager authManager, Map<String, Object> attributes, Collection<String> attributeNames) - { - super(id, broker, authManager, attributes, attributeNames); - } - - @Override - public boolean createUser(String username, String password, Map<String, String> attributes) - { - getSecurityManager().authoriseUserOperation(Operation.CREATE, username); - return getPrincipalDatabase().createPrincipal(new UsernamePrincipal(username), password.toCharArray()); - - } - - @Override - public void deleteUser(String username) throws AccountNotFoundException - { - getSecurityManager().authoriseUserOperation(Operation.DELETE, username); - getPrincipalDatabase().deletePrincipal(new UsernamePrincipal(username)); - - } - - private SecurityManager getSecurityManager() - { - return _broker.getSecurityManager(); - } - - private PrincipalDatabase getPrincipalDatabase() - { - return getAuthManager().getPrincipalDatabase(); - } - - @Override - public void setPassword(String username, String password) throws AccountNotFoundException - { - getSecurityManager().authoriseUserOperation(Operation.UPDATE, username); - - getPrincipalDatabase().updatePassword(new UsernamePrincipal(username), password.toCharArray()); - - } - - @Override - public Map<String, Map<String, String>> getUsers() - { - - Map<String, Map<String,String>> users = new HashMap<String, Map<String, String>>(); - for(Principal principal : getPrincipalDatabase().getUsers()) - { - users.put(principal.getName(), Collections.<String, String>emptyMap()); - } - return users; - } - - public void reload() throws IOException - { - getPrincipalDatabase().reload(); - } - - @Override - public <C extends ConfiguredObject> C addChild(Class<C> childClass, - Map<String, Object> attributes, - ConfiguredObject... otherParents) - { - if(childClass == User.class) - { - String username = (String) attributes.get("name"); - String password = (String) attributes.get("password"); - Principal p = new UsernamePrincipal(username); - - if(createUser(username, password,null)) - { - @SuppressWarnings("unchecked") - C principalAdapter = (C) new PrincipalAdapter(p); - return principalAdapter; - } - else - { - LOGGER.info("Failed to create user " + username + ". User already exists?"); - return null; - - } - } - - return super.addChild(childClass, attributes, otherParents); - } - - @Override - public <C extends ConfiguredObject> Collection<C> getChildren(Class<C> clazz) - { - if(clazz == User.class) - { - List<Principal> users = getPrincipalDatabase().getUsers(); - Collection<User> principals = new ArrayList<User>(users.size()); - for(Principal user : users) - { - principals.add(new PrincipalAdapter(user)); - } - @SuppressWarnings("unchecked") - Collection<C> unmodifiablePrincipals = (Collection<C>) Collections.unmodifiableCollection(principals); - return unmodifiablePrincipals; - } - else - { - return super.getChildren(clazz); - } - } - - @Override - protected void childAdded(ConfiguredObject child) - { - if (child instanceof User) - { - // no-op, prevent storing users in the broker store - return; - } - super.childAdded(child); - } - - @Override - protected void childRemoved(ConfiguredObject child) - { - if (child instanceof User) - { - // no-op, as per above, users are not in the store - return; - } - super.childRemoved(child); - } - - private class PrincipalAdapter extends AbstractConfiguredObject<PrincipalAdapter> implements User<PrincipalAdapter> - { - private final Principal _user; - - public PrincipalAdapter(Principal user) - { - super(Collections.<String,Object>emptyMap(), createPrincipalAttributes(PrincipalDatabaseAuthenticationManagerAdapter.this, user), - PrincipalDatabaseAuthenticationManagerAdapter.this.getTaskExecutor()); - _user = user; - - } - - @Override - public String getPassword() - { - return (String)getAttribute(PASSWORD); - } - - @Override - public void setPassword(String password) - { - try - { - PrincipalDatabaseAuthenticationManagerAdapter.this.setPassword(_user.getName(), password); - } - catch (AccountNotFoundException e) - { - throw new IllegalStateException(e); - } - } - - - @Override - public String setName(String currentName, String desiredName) - throws IllegalStateException, AccessControlException - { - throw new IllegalStateException("Names cannot be updated"); - } - - @Override - public State getState() - { - return State.ACTIVE; - } - - @Override - public boolean isDurable() - { - return true; - } - - @Override - public void setDurable(boolean durable) - throws IllegalStateException, AccessControlException, IllegalArgumentException - { - throw new IllegalStateException("Durability cannot be updated"); - } - - @Override - public LifetimePolicy getLifetimePolicy() - { - return LifetimePolicy.PERMANENT; - } - - @Override - public LifetimePolicy setLifetimePolicy(LifetimePolicy expected, LifetimePolicy desired) - throws IllegalStateException, AccessControlException, IllegalArgumentException - { - throw new IllegalStateException("LifetimePolicy cannot be updated"); - } - - @Override - public <C extends ConfiguredObject> Collection<C> getChildren(Class<C> clazz) - { - return null; - } - - @Override - public <C extends ConfiguredObject> C createChild(Class<C> childClass, - Map<String, Object> attributes, - ConfiguredObject... otherParents) - { - return null; - } - - @Override - public Collection<String> getAttributeNames() - { - return getAttributeNames(User.class); - } - - @Override - public Object getAttribute(String name) - { - if(ID.equals(name)) - { - return getId(); - } - else if(PASSWORD.equals(name)) - { - return null; // for security reasons we don't expose the password - } - else if(NAME.equals(name)) - { - return getName(); - } - return super.getAttribute(name); - } - - @Override - public boolean changeAttribute(String name, Object expected, Object desired) - throws IllegalStateException, AccessControlException, IllegalArgumentException - { - if(name.equals(PASSWORD)) - { - setPassword((String)desired); - return true; - } - return super.changeAttribute(name, expected, desired); - } - - @Override - protected boolean setState(State currentState, State desiredState) - throws IllegalStateTransitionException, AccessControlException - { - if(desiredState == State.DELETED) - { - try - { - String userName = _user.getName(); - deleteUser(userName); - PreferencesProvider preferencesProvider = getPreferencesProvider(); - if (preferencesProvider != null) - { - preferencesProvider.deletePreferences(userName); - } - } - catch (AccountNotFoundException e) - { - LOGGER.warn("Failed to delete user " + _user, e); - } - return true; - } - return false; - } - - @Override - public Map<String, Object> getPreferences() - { - PreferencesProvider preferencesProvider = getPreferencesProvider(); - if (preferencesProvider == null) - { - return null; - } - return preferencesProvider.getPreferences(this.getName()); - } - - @Override - public Object getPreference(String name) - { - Map<String, Object> preferences = getPreferences(); - if (preferences == null) - { - return null; - } - return preferences.get(name); - } - - @Override - public Map<String, Object> setPreferences(Map<String, Object> preferences) - { - PreferencesProvider preferencesProvider = getPreferencesProvider(); - if (preferencesProvider == null) - { - return null; - } - return preferencesProvider.setPreferences(this.getName(), preferences); - } - - @Override - public boolean deletePreferences() - { - PreferencesProvider preferencesProvider = getPreferencesProvider(); - if (preferencesProvider == null) - { - return false; - } - String[] deleted = preferencesProvider.deletePreferences(this.getName()); - return deleted.length == 1; - } - - private PreferencesProvider getPreferencesProvider() - { - return PrincipalDatabaseAuthenticationManagerAdapter.this.getPreferencesProvider(); - } - - } - - private static Map<String, Object> createPrincipalAttributes(PrincipalDatabaseAuthenticationManagerAdapter manager, final Principal user) - { - final Map<String, Object> attributes = new HashMap<String, Object>(); - attributes.put(ID, UUIDGenerator.generateUserUUID(manager.getName(), user.getName())); - attributes.put(NAME, user.getName()); - return attributes; - } - - } - -} diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderFactory.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderFactory.java index 06f3dbd50e..7536f8b39f 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderFactory.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderFactory.java @@ -23,6 +23,7 @@ package org.apache.qpid.server.model.adapter; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; +import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.UUID; @@ -31,10 +32,7 @@ import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.plugin.AuthenticationManagerFactory; import org.apache.qpid.server.plugin.QpidServiceLoader; -import org.apache.qpid.server.security.auth.manager.AuthenticationManager; -import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager; -import org.apache.qpid.server.model.adapter.AuthenticationProviderAdapter.PrincipalDatabaseAuthenticationManagerAdapter; -import org.apache.qpid.server.model.adapter.AuthenticationProviderAdapter.SimpleAuthenticationProviderAdapter; +import org.apache.qpid.server.security.auth.manager.AbstractAuthenticationManager; public class AuthenticationProviderFactory { @@ -60,9 +58,7 @@ public class AuthenticationProviderFactory */ public AuthenticationProvider create(UUID id, Broker broker, Map<String, Object> attributes) { - AuthenticationProviderAdapter provider = createAuthenticationProvider(id, broker, attributes); - provider.getAuthManager().onCreate(); - return provider; + return createAuthenticationProvider(id, broker, attributes, false); } /** @@ -73,27 +69,20 @@ public class AuthenticationProviderFactory */ public AuthenticationProvider recover(UUID id, Map<String, Object> attributes, Broker broker) { - return createAuthenticationProvider(id, broker, attributes); + return createAuthenticationProvider(id, broker, attributes, true); } - private AuthenticationProviderAdapter createAuthenticationProvider(UUID id, Broker broker, Map<String, Object> attributes) + private AuthenticationProvider createAuthenticationProvider(UUID id, Broker broker, Map<String, Object> attributes, boolean recovering) { + attributes = new HashMap<String, Object>(attributes); + attributes.put(AuthenticationProvider.ID,id); + for (AuthenticationManagerFactory factory : _factories) { - AuthenticationManager manager = factory.createInstance(broker, attributes); + AbstractAuthenticationManager manager = factory.createInstance(broker, attributes, recovering); if (manager != null) { - AuthenticationProviderAdapter authenticationProvider; - if (manager instanceof PrincipalDatabaseAuthenticationManager) - { - authenticationProvider = new PrincipalDatabaseAuthenticationManagerAdapter(id, broker, - (PrincipalDatabaseAuthenticationManager) manager, attributes, factory.getAttributeNames()); - } - else - { - authenticationProvider = new SimpleAuthenticationProviderAdapter(id, broker, manager, attributes, factory.getAttributeNames()); - } - return authenticationProvider; + return manager; } } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java index d1f083deed..01798ad4ac 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java @@ -45,13 +45,11 @@ import org.apache.qpid.server.logging.actors.BrokerActor; import org.apache.qpid.server.logging.actors.CurrentActor; import org.apache.qpid.server.logging.messages.BrokerMessages; import org.apache.qpid.server.model.*; -import org.apache.qpid.server.model.adapter.AuthenticationProviderAdapter.SimpleAuthenticationProviderAdapter; import org.apache.qpid.server.plugin.PreferencesProviderFactory; import org.apache.qpid.server.plugin.VirtualHostFactory; import org.apache.qpid.server.security.SecurityManager; import org.apache.qpid.server.security.SubjectCreator; import org.apache.qpid.server.security.access.Operation; -import org.apache.qpid.server.security.auth.manager.AuthenticationManager; import org.apache.qpid.server.security.auth.manager.SimpleAuthenticationManager; import org.apache.qpid.server.stats.StatisticsGatherer; import org.apache.qpid.server.store.MessageStoreCreator; @@ -198,9 +196,12 @@ public class BrokerAdapter<X extends Broker<X>> extends AbstractConfiguredObject _brokerStore = brokerStore; if (_brokerOptions.isManagementMode()) { - AuthenticationManager authManager = new SimpleAuthenticationManager(BrokerOptions.MANAGEMENT_MODE_USER_NAME, _brokerOptions.getManagementModePassword()); - _managementAuthenticationProvider = new SimpleAuthenticationProviderAdapter(UUID.randomUUID(), this, - authManager, Collections.<String, Object> emptyMap(), Collections.<String> emptySet()); + Map<String,Object> authManagerAttrs = new HashMap<String, Object>(); + authManagerAttrs.put(NAME,"MANAGEMENT_MODE_AUTHENTICATION"); + authManagerAttrs.put(ID, UUID.randomUUID()); + SimpleAuthenticationManager authManager = new SimpleAuthenticationManager(this, Collections.<String,Object>emptyMap(), authManagerAttrs); + authManager.addUser(BrokerOptions.MANAGEMENT_MODE_USER_NAME, _brokerOptions.getManagementModePassword()); + _managementAuthenticationProvider = authManager; } } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/plugin/AuthenticationManagerFactory.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/plugin/AuthenticationManagerFactory.java index 4805f06760..6e92121036 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/plugin/AuthenticationManagerFactory.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/plugin/AuthenticationManagerFactory.java @@ -21,13 +21,11 @@ package org.apache.qpid.server.plugin; import java.util.Collection; import java.util.Map; -import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.model.Broker; -import org.apache.qpid.server.security.auth.manager.AuthenticationManager; +import org.apache.qpid.server.security.auth.manager.AbstractAuthenticationManager; public interface AuthenticationManagerFactory extends Pluggable { - public static final String ATTRIBUTE_TYPE = AuthenticationProvider.TYPE; /** * Returns the authentication provider type @@ -37,17 +35,21 @@ public interface AuthenticationManagerFactory extends Pluggable /** * Creates authentication manager from the provided attributes + * * @param broker * broker model object * @param attributes * attributes to create authentication manager * + * @param recovering * @return authentication manager instance */ - AuthenticationManager createInstance(Broker broker, Map<String, Object> attributes); + AbstractAuthenticationManager createInstance(Broker broker, + Map<String, Object> attributes, + final boolean recovering); /** - * Get the names of attributes the authentication manager which can be passed into {@link #createInstance(Broker, Map)} to create the + * Get the names of attributes the authentication manager which can be passed into {@link #createInstance(org.apache.qpid.server.model.Broker, java.util.Map, boolean)} to create the * authentication manager * * @return the collection of attribute names diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java new file mode 100644 index 0000000000..7c521c1f8a --- /dev/null +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java @@ -0,0 +1,312 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.qpid.server.security.auth.manager; + +import org.apache.log4j.Logger; +import org.apache.qpid.server.configuration.updater.TaskExecutor; +import org.apache.qpid.server.model.*; +import org.apache.qpid.server.model.adapter.AbstractConfiguredObject; +import org.apache.qpid.server.plugin.PreferencesProviderFactory; +import org.apache.qpid.server.security.SubjectCreator; +import org.apache.qpid.server.security.access.Operation; +import org.apache.qpid.server.util.MapValueConverter; + +import java.security.AccessControlException; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Map; +import java.util.UUID; +import java.util.concurrent.atomic.AtomicReference; + +public abstract class AbstractAuthenticationManager<T extends AbstractAuthenticationManager<T>> + extends AbstractConfiguredObject<T> + implements AuthenticationProvider<T>, AuthenticationManager +{ + private static final Logger LOGGER = Logger.getLogger(AbstractAuthenticationManager.class); + + private final Broker _broker; + private PreferencesProvider _preferencesProvider; + private AtomicReference<State> _state = new AtomicReference<State>(State.INITIALISING); + + protected AbstractAuthenticationManager(final Broker broker, + final Map<String, Object> defaults, + final Map<String, Object> attributes) + { + super(Collections.<Class<? extends ConfiguredObject>, ConfiguredObject<?>>singletonMap(Broker.class, broker), + defaults, attributes, broker.getTaskExecutor()); + _broker = broker; + } + + protected final Broker getBroker() + { + return _broker; + } + + @Override + public Collection<VirtualHostAlias> getVirtualHostPortBindings() + { + return null; + } + + @Override + public SubjectCreator getSubjectCreator() + { + return new SubjectCreator(this, _broker.getGroupProviders()); + } + + @Override + public PreferencesProvider getPreferencesProvider() + { + return _preferencesProvider; + } + + @Override + public void setPreferencesProvider(final PreferencesProvider preferencesProvider) + { + _preferencesProvider = preferencesProvider; + } + + + + + @Override + public String setName(final String currentName, final String desiredName) + throws IllegalStateException, AccessControlException + { + return null; + } + + @Override + public State getState() + { + return _state.get(); + } + + @Override + public boolean isDurable() + { + return true; + } + + @Override + public void setDurable(final boolean durable) + throws IllegalStateException, AccessControlException, IllegalArgumentException + { + + } + + @Override + public LifetimePolicy getLifetimePolicy() + { + return LifetimePolicy.PERMANENT; + } + + @Override + public LifetimePolicy setLifetimePolicy(final LifetimePolicy expected, final LifetimePolicy desired) + throws IllegalStateException, AccessControlException, IllegalArgumentException + { + return null; + } + + @SuppressWarnings("unchecked") + @Override + public <C extends ConfiguredObject> C addChild(Class<C> childClass, Map<String, Object> attributes, ConfiguredObject... otherParents) + { + if(childClass == PreferencesProvider.class) + { + String name = MapValueConverter.getStringAttribute(PreferencesProvider.NAME, attributes); + String type = MapValueConverter.getStringAttribute(PreferencesProvider.TYPE, attributes); + PreferencesProviderFactory factory = PreferencesProviderFactory.FACTORIES.get(type); + UUID id = UUIDGenerator.generatePreferencesProviderUUID(name, getName()); + PreferencesProvider pp = factory.createInstance(id, attributes, this); + pp.setDesiredState(State.INITIALISING, State.ACTIVE); + _preferencesProvider = pp; + return (C)pp; + } + throw new IllegalArgumentException("Cannot create child of class " + childClass.getSimpleName()); + } + + + @Override + protected void authoriseSetDesiredState(State currentState, State desiredState) throws AccessControlException + { + if(desiredState == State.DELETED) + { + if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), AuthenticationProvider.class, Operation.DELETE)) + { + throw new AccessControlException("Deletion of authentication provider is denied"); + } + } + } + + @Override + protected void authoriseSetAttribute(String name, Object expected, Object desired) throws AccessControlException + { + if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), AuthenticationProvider.class, Operation.UPDATE)) + { + throw new AccessControlException("Setting of authentication provider attributes is denied"); + } + } + + @Override + protected void authoriseSetAttributes(Map<String, Object> attributes) throws AccessControlException + { + if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), AuthenticationProvider.class, Operation.UPDATE)) + { + throw new AccessControlException("Setting of authentication provider attributes is denied"); + } + } + + @SuppressWarnings("unchecked") + @Override + public <C extends ConfiguredObject> Collection<C> getChildren(Class<C> clazz) + { + if (clazz == PreferencesProvider.class && _preferencesProvider != null) + { + return (Collection<C>) Collections.<PreferencesProvider>singleton(_preferencesProvider); + } + return Collections.emptySet(); + } + + @Override + public boolean setState(State currentState, State desiredState) + throws IllegalStateTransitionException, AccessControlException + { + State state = _state.get(); + if(desiredState == State.DELETED) + { + String providerName = getName(); + + // verify that provider is not in use + Collection<Port> ports = new ArrayList<Port>(_broker.getPorts()); + for (Port port : ports) + { + if (providerName.equals(port.getAttribute(Port.AUTHENTICATION_PROVIDER))) + { + throw new IntegrityViolationException("Authentication provider '" + providerName + "' is set on port " + port.getName()); + } + } + + if ((state == State.INITIALISING || state == State.ACTIVE || state == State.STOPPED || state == State.QUIESCED || state == State.ERRORED) + && _state.compareAndSet(state, State.DELETED)) + { + close(); + delete(); + if (_preferencesProvider != null) + { + _preferencesProvider.setDesiredState(_preferencesProvider.getState(), State.DELETED); + } + return true; + } + else + { + throw new IllegalStateException("Cannot delete authentication provider in state: " + state); + } + } + else if(desiredState == State.ACTIVE) + { + if ((state == State.INITIALISING || state == State.QUIESCED || state == State.STOPPED) && _state.compareAndSet(state, State.ACTIVE)) + { + try + { + initialise(); + if (_preferencesProvider != null) + { + _preferencesProvider.setDesiredState(_preferencesProvider.getState(), State.ACTIVE); + } + return true; + } + catch(RuntimeException e) + { + _state.compareAndSet(State.ACTIVE, State.ERRORED); + if (_broker.isManagementMode()) + { + LOGGER.warn("Failed to activate authentication provider: " + getName(), e); + } + else + { + throw e; + } + } + } + else + { + throw new IllegalStateException("Cannot activate authentication provider in state: " + state); + } + } + else if (desiredState == State.QUIESCED) + { + if (state == State.INITIALISING && _state.compareAndSet(state, State.QUIESCED)) + { + return true; + } + } + else if(desiredState == State.STOPPED) + { + if (_state.compareAndSet(state, State.STOPPED)) + { + close(); + if (_preferencesProvider != null) + { + _preferencesProvider.setDesiredState(_preferencesProvider.getState(), State.STOPPED); + } + return true; + } + else + { + throw new IllegalStateException("Cannot stop authentication provider in state: " + state); + } + } + + return false; + } + + + protected boolean updateState(State from, State to) + { + return _state.compareAndSet(from, to); + } + + @Override + public Collection<String> getAttributeNames() + { + return getAttributeNames(getClass()); + } + + @Override + public Object getAttribute(final String name) + { + if(STATE.equals(name)) + { + return getState(); + } + else if(DURABLE.equals(name)) + { + return isDurable(); + } + else if(LIFETIME_POLICY.equals(name)) + { + return getLifetimePolicy(); + } + return super.getAttribute(name); + } +} diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractPrincipalDatabaseAuthManagerFactory.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractPrincipalDatabaseAuthManagerFactory.java deleted file mode 100644 index 86d012cc96..0000000000 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractPrincipalDatabaseAuthManagerFactory.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.server.security.auth.manager; - -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.Map; - -import org.apache.log4j.Logger; -import org.apache.qpid.server.model.Broker; -import org.apache.qpid.server.plugin.AuthenticationManagerFactory; -import org.apache.qpid.server.security.auth.database.PrincipalDatabase; - -/** - * Factory for {@link PrincipalDatabaseAuthenticationManager} objects configured - * with either the Plain or Base64MD5 digest {@link PrincipalDatabase} - * implementation. - */ -public abstract class AbstractPrincipalDatabaseAuthManagerFactory implements AuthenticationManagerFactory -{ - public static final String RESOURCE_BUNDLE = "org.apache.qpid.server.security.auth.manager.PasswordFileAuthenticationProviderAttributeDescriptions"; - public static final String ATTRIBUTE_PATH = "path"; - - private static final Logger LOGGER = Logger.getLogger(AbstractPrincipalDatabaseAuthManagerFactory.class); - - public static final Collection<String> ATTRIBUTES = Collections.unmodifiableList(Arrays.asList( - ATTRIBUTE_TYPE, - ATTRIBUTE_PATH)); - - - @Override - public AuthenticationManager createInstance(Broker broker, Map<String, Object> attributes) - { - if (attributes == null || !getType().equals(attributes.get(ATTRIBUTE_TYPE))) - { - return null; - } - - String passwordFile = (String) attributes.get(ATTRIBUTE_PATH); - if (passwordFile == null) - { - LOGGER.warn("Password file path must not be null"); - return null; - } - - PrincipalDatabase principalDatabase = createPrincipalDatabase(); - return new PrincipalDatabaseAuthenticationManager(principalDatabase, passwordFile); - } - - abstract PrincipalDatabase createPrincipalDatabase(); - - @Override - public Collection<String> getAttributeNames() - { - return ATTRIBUTES; - } -} diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java index 30626ce98c..0300f9f503 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManager.java @@ -21,16 +21,19 @@ package org.apache.qpid.server.security.auth.manager; import java.security.Principal; +import java.util.Map; import javax.security.auth.Subject; import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; +import org.apache.qpid.server.configuration.updater.TaskExecutor; +import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.security.auth.AuthenticationResult; import org.apache.qpid.server.security.auth.UsernamePrincipal; import org.apache.qpid.server.security.auth.sasl.anonymous.AnonymousSaslServer; -public class AnonymousAuthenticationManager implements AuthenticationManager +public class AnonymousAuthenticationManager extends AbstractAuthenticationManager<AnonymousAuthenticationManager> { private static final String ANONYMOUS = "ANONYMOUS"; @@ -46,10 +49,11 @@ public class AnonymousAuthenticationManager implements AuthenticationManager private static final AuthenticationResult ANONYMOUS_AUTHENTICATION = new AuthenticationResult(ANONYMOUS_PRINCIPAL); - static final AnonymousAuthenticationManager INSTANCE = new AnonymousAuthenticationManager(); - - AnonymousAuthenticationManager() + protected AnonymousAuthenticationManager(final Broker broker, + final Map<String, Object> defaults, + final Map<String, Object> attributes) { + super(broker, defaults, attributes); } @Override @@ -112,13 +116,7 @@ public class AnonymousAuthenticationManager implements AuthenticationManager } @Override - public void onCreate() - { - // nothing to do, no external resource is required - } - - @Override - public void onDelete() + public void delete() { // nothing to do, no external resource is used } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManagerFactory.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManagerFactory.java index 2160a082f4..af8d3149aa 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManagerFactory.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManagerFactory.java @@ -23,6 +23,7 @@ import java.util.Collection; import java.util.Collections; import java.util.Map; +import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.plugin.AuthenticationManagerFactory; @@ -31,11 +32,13 @@ public class AnonymousAuthenticationManagerFactory implements AuthenticationMana public static final String PROVIDER_TYPE = "Anonymous"; @Override - public AuthenticationManager createInstance(Broker broker, Map<String, Object> attributes) + public AnonymousAuthenticationManager createInstance(Broker broker, + Map<String, Object> attributes, + final boolean recovering) { - if (attributes != null && PROVIDER_TYPE.equals(attributes.get(ATTRIBUTE_TYPE))) + if (attributes != null && PROVIDER_TYPE.equals(attributes.get(AuthenticationProvider.TYPE))) { - return new AnonymousAuthenticationManager(); + return new AnonymousAuthenticationManager(broker, Collections.<String,Object>emptyMap(),attributes); } return null; } @@ -43,7 +46,7 @@ public class AnonymousAuthenticationManagerFactory implements AuthenticationMana @Override public Collection<String> getAttributeNames() { - return Collections.<String>singletonList(ATTRIBUTE_TYPE); + return Collections.<String>singletonList(AuthenticationProvider.TYPE); } @Override diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java index 67a4f348b1..02145bc66a 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AuthenticationManager.java @@ -83,12 +83,7 @@ public interface AuthenticationManager extends Closeable AuthenticationResult authenticate(String username, String password); /** - * Called after manager creation to create the required resources, for example, user databases etc. + * Called before manager deletion to release and clean the resources. */ - void onCreate(); - - /** - * Called before manager deletion to release and clean the resources created in {@link #onCreate()}. - */ - void onDelete(); + void delete(); } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/Base64MD5PasswordDatabaseAuthenticationManager.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/Base64MD5PasswordDatabaseAuthenticationManager.java new file mode 100644 index 0000000000..9866460162 --- /dev/null +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/Base64MD5PasswordDatabaseAuthenticationManager.java @@ -0,0 +1,52 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.qpid.server.security.auth.manager; + +import org.apache.qpid.server.configuration.updater.TaskExecutor; +import org.apache.qpid.server.model.Broker; +import org.apache.qpid.server.security.auth.database.Base64MD5PasswordFilePrincipalDatabase; +import org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase; +import org.apache.qpid.server.security.auth.database.PrincipalDatabase; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Map; + +public class Base64MD5PasswordDatabaseAuthenticationManager + extends PrincipalDatabaseAuthenticationManager<Base64MD5PasswordDatabaseAuthenticationManager> +{ + + + protected Base64MD5PasswordDatabaseAuthenticationManager(final Broker broker, + final Map<String, Object> defaults, + final Map<String, Object> attributes, + final boolean recovering) + { + super(broker, defaults, attributes,recovering); + } + + @Override + protected PrincipalDatabase createDatabase() + { + return new Base64MD5PasswordFilePrincipalDatabase(); + } +} diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/Base64MD5PasswordFileAuthenticationManagerFactory.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/Base64MD5PasswordFileAuthenticationManagerFactory.java index 8b979c324d..79a2e584b3 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/Base64MD5PasswordFileAuthenticationManagerFactory.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/Base64MD5PasswordFileAuthenticationManagerFactory.java @@ -20,15 +20,26 @@ */ package org.apache.qpid.server.security.auth.manager; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; import java.util.Map; -import org.apache.qpid.server.security.auth.database.Base64MD5PasswordFilePrincipalDatabase; -import org.apache.qpid.server.security.auth.database.PrincipalDatabase; +import org.apache.qpid.server.model.AuthenticationProvider; +import org.apache.qpid.server.model.Broker; +import org.apache.qpid.server.plugin.AuthenticationManagerFactory; import org.apache.qpid.server.util.ResourceBundleLoader; -public class Base64MD5PasswordFileAuthenticationManagerFactory extends AbstractPrincipalDatabaseAuthManagerFactory +public class Base64MD5PasswordFileAuthenticationManagerFactory implements AuthenticationManagerFactory { public static final String PROVIDER_TYPE = "Base64MD5PasswordFile"; + public static final String RESOURCE_BUNDLE = "org.apache.qpid.server.security.auth.manager.PasswordFileAuthenticationProviderAttributeDescriptions"; + public static final String ATTRIBUTE_PATH = "path"; + + + public static final Collection<String> ATTRIBUTES = Collections.unmodifiableList(Arrays.asList( + AuthenticationProvider.TYPE, + ATTRIBUTE_PATH)); @Override public String getType() @@ -37,15 +48,29 @@ public class Base64MD5PasswordFileAuthenticationManagerFactory extends AbstractP } @Override - PrincipalDatabase createPrincipalDatabase() + public Map<String, String> getAttributeDescriptions() { - return new Base64MD5PasswordFilePrincipalDatabase(); + return ResourceBundleLoader.getResources(RESOURCE_BUNDLE); } + @Override - public Map<String, String> getAttributeDescriptions() + public AbstractAuthenticationManager createInstance(final Broker broker, + final Map<String, Object> attributes, + final boolean recovering) { - return ResourceBundleLoader.getResources(RESOURCE_BUNDLE); + if (attributes == null || !getType().equals(attributes.get(AuthenticationProvider.TYPE))) + { + return null; + } + + return new Base64MD5PasswordDatabaseAuthenticationManager(broker, Collections.<String,Object>emptyMap(),attributes,recovering); + } + + @Override + public Collection<String> getAttributeNames() + { + return ATTRIBUTES; } } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java index c503549bf2..e4b166114d 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManager.java @@ -19,31 +19,44 @@ package org.apache.qpid.server.security.auth.manager; import java.security.Principal; +import java.util.Map; import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; +import org.apache.qpid.server.configuration.updater.TaskExecutor; +import org.apache.qpid.server.model.Broker; +import org.apache.qpid.server.model.ManagedAttribute; import org.apache.qpid.server.security.auth.AuthenticationResult; import org.apache.qpid.server.security.auth.UsernamePrincipal; import org.apache.qpid.server.security.auth.sasl.external.ExternalSaslServer; -public class ExternalAuthenticationManager implements AuthenticationManager +public class ExternalAuthenticationManager extends AbstractAuthenticationManager<ExternalAuthenticationManager> { private static final String EXTERNAL = "EXTERNAL"; - private boolean _useFullDN = false; + private boolean _useFullDN; - ExternalAuthenticationManager(boolean useFullDN) + protected ExternalAuthenticationManager(final Broker broker, + final Map<String, Object> defaults, + final Map<String, Object> attributes) { - _useFullDN = useFullDN; + super(broker, defaults, attributes); } + @Override public void initialise() { } + @ManagedAttribute( automate = true ) + public boolean getUseFullDN() + { + return _useFullDN; + } + @Override public String getMechanisms() { @@ -101,13 +114,7 @@ public class ExternalAuthenticationManager implements AuthenticationManager } @Override - public void onCreate() - { - // nothing to do, no external resource is required - } - - @Override - public void onDelete() + public void delete() { // nothing to do, no external resource is used } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerFactory.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerFactory.java index 3f8449c529..b62012b203 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerFactory.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerFactory.java @@ -24,6 +24,7 @@ import java.util.Collection; import java.util.Collections; import java.util.Map; +import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.plugin.AuthenticationManagerFactory; import org.apache.qpid.server.util.ResourceBundleLoader; @@ -35,17 +36,17 @@ public class ExternalAuthenticationManagerFactory implements AuthenticationManag public static final String ATTRIBUTE_USE_FULL_DN = "useFullDN"; public static final Collection<String> ATTRIBUTES = Collections.<String> unmodifiableList(Arrays.asList( - ATTRIBUTE_TYPE, + AuthenticationProvider.TYPE, ATTRIBUTE_USE_FULL_DN)); @Override - public AuthenticationManager createInstance(Broker broker, Map<String, Object> attributes) + public ExternalAuthenticationManager createInstance(Broker broker, + Map<String, Object> attributes, + final boolean recovering) { - if (attributes != null && PROVIDER_TYPE.equals(attributes.get(ATTRIBUTE_TYPE))) + if (attributes != null && PROVIDER_TYPE.equals(attributes.get(AuthenticationProvider.TYPE))) { - boolean useFullDN = Boolean.valueOf(String.valueOf(attributes.get(ATTRIBUTE_USE_FULL_DN))); - - return new ExternalAuthenticationManager(useFullDN); + return new ExternalAuthenticationManager(broker, Collections.<String,Object>emptyMap(),attributes); } return null; } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java index 6bbf3ca6f5..720b778cd2 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.java @@ -21,6 +21,7 @@ package org.apache.qpid.server.security.auth.manager; import java.io.IOException; import java.security.Principal; import java.util.HashMap; +import java.util.Map; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; @@ -28,18 +29,25 @@ import javax.security.sasl.AuthorizeCallback; import javax.security.sasl.Sasl; import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; + +import org.apache.qpid.server.configuration.updater.TaskExecutor; +import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.security.auth.AuthenticationResult; import org.apache.qpid.server.security.auth.UsernamePrincipal; -public class KerberosAuthenticationManager implements AuthenticationManager +public class KerberosAuthenticationManager extends AbstractAuthenticationManager<KerberosAuthenticationManager> { private static final String GSSAPI_MECHANISM = "GSSAPI"; private final CallbackHandler _callbackHandler = new GssApiCallbackHandler(); - KerberosAuthenticationManager() + protected KerberosAuthenticationManager(final Broker broker, + final Map<String, Object> defaults, + final Map<String, Object> attributes) { + super(broker, defaults, attributes); } + @Override public void initialise() { @@ -57,16 +65,8 @@ public class KerberosAuthenticationManager implements AuthenticationManager { if(GSSAPI_MECHANISM.equals(mechanism)) { - try - { return Sasl.createSaslServer(GSSAPI_MECHANISM, "AMQP", localFQDN, new HashMap<String, Object>(), _callbackHandler); - } - catch (SaslException e) - { - e.printStackTrace(System.err); - throw e; - } } else { @@ -110,13 +110,7 @@ public class KerberosAuthenticationManager implements AuthenticationManager } @Override - public void onCreate() - { - // nothing to do, no external resource is required - } - - @Override - public void onDelete() + public void delete() { // nothing to do, no external resource is used } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManagerFactory.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManagerFactory.java index 8b86a783a9..3481afb8e2 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManagerFactory.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManagerFactory.java @@ -23,6 +23,7 @@ import java.util.Collection; import java.util.Collections; import java.util.Map; +import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.plugin.AuthenticationManagerFactory; @@ -31,11 +32,13 @@ public class KerberosAuthenticationManagerFactory implements AuthenticationManag public static final String PROVIDER_TYPE = "Kerberos"; @Override - public AuthenticationManager createInstance(Broker broker, Map<String, Object> attributes) + public KerberosAuthenticationManager createInstance(Broker broker, + Map<String, Object> attributes, + final boolean recovering) { - if (attributes != null && PROVIDER_TYPE.equals(attributes.get(ATTRIBUTE_TYPE))) + if (attributes != null && PROVIDER_TYPE.equals(attributes.get(AuthenticationProvider.TYPE))) { - return new KerberosAuthenticationManager(); + return new KerberosAuthenticationManager(broker, Collections.<String,Object>emptyMap(), attributes); } return null; } @@ -43,7 +46,7 @@ public class KerberosAuthenticationManagerFactory implements AuthenticationManag @Override public Collection<String> getAttributeNames() { - return Collections.<String>singletonList(ATTRIBUTE_TYPE); + return Collections.<String>singletonList(AuthenticationProvider.TYPE); } @Override diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainPasswordDatabaseAuthenticationManager.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainPasswordDatabaseAuthenticationManager.java new file mode 100644 index 0000000000..647678a6ea --- /dev/null +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainPasswordDatabaseAuthenticationManager.java @@ -0,0 +1,43 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.qpid.server.security.auth.manager; + +import org.apache.qpid.server.model.Broker; +import org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase; +import org.apache.qpid.server.security.auth.database.PrincipalDatabase; + +import java.util.Map; + +public class PlainPasswordDatabaseAuthenticationManager extends PrincipalDatabaseAuthenticationManager<PlainPasswordDatabaseAuthenticationManager> +{ + protected PlainPasswordDatabaseAuthenticationManager(final Broker broker, + final Map<String, Object> defaults, + final Map<String, Object> attributes, final boolean recovering) + { + super(broker, defaults, attributes,recovering); + } + + @Override + protected PrincipalDatabase createDatabase() + { + return new PlainPasswordFilePrincipalDatabase(); + } +} diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainPasswordFileAuthenticationManagerFactory.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainPasswordFileAuthenticationManagerFactory.java index 5e077cfe79..3ed66d07c6 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainPasswordFileAuthenticationManagerFactory.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PlainPasswordFileAuthenticationManagerFactory.java @@ -20,14 +20,26 @@ */ package org.apache.qpid.server.security.auth.manager; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; import java.util.Map; -import org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase; -import org.apache.qpid.server.security.auth.database.PrincipalDatabase; +import org.apache.qpid.server.model.AuthenticationProvider; +import org.apache.qpid.server.model.Broker; +import org.apache.qpid.server.plugin.AuthenticationManagerFactory; import org.apache.qpid.server.util.ResourceBundleLoader; -public class PlainPasswordFileAuthenticationManagerFactory extends AbstractPrincipalDatabaseAuthManagerFactory +public class PlainPasswordFileAuthenticationManagerFactory implements AuthenticationManagerFactory { + public static final String RESOURCE_BUNDLE = "org.apache.qpid.server.security.auth.manager.PasswordFileAuthenticationProviderAttributeDescriptions"; + public static final String ATTRIBUTE_PATH = "path"; + + + public static final Collection<String> ATTRIBUTES = Collections.unmodifiableList(Arrays.asList( + AuthenticationProvider.TYPE, + ATTRIBUTE_PATH)); + public static final String PROVIDER_TYPE = "PlainPasswordFile"; @Override @@ -37,14 +49,28 @@ public class PlainPasswordFileAuthenticationManagerFactory extends AbstractPrinc } @Override - PrincipalDatabase createPrincipalDatabase() + public AbstractAuthenticationManager createInstance(final Broker broker, + final Map<String, Object> attributes, + final boolean recovering) { - return new PlainPasswordFilePrincipalDatabase(); + if (attributes == null || !getType().equals(attributes.get(AuthenticationProvider.TYPE))) + { + return null; + } + + return new PlainPasswordDatabaseAuthenticationManager(broker, Collections.<String,Object>emptyMap(),attributes,recovering); } @Override public Map<String, String> getAttributeDescriptions() { - return ResourceBundleLoader.getResources(AbstractPrincipalDatabaseAuthManagerFactory.RESOURCE_BUNDLE); + return ResourceBundleLoader.getResources(RESOURCE_BUNDLE); + } + + + @Override + public Collection<String> getAttributeNames() + { + return ATTRIBUTES; } } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java index da6464a57e..dd975cc0c7 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java @@ -23,34 +23,84 @@ package org.apache.qpid.server.security.auth.manager; import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; +import java.security.AccessControlException; import java.security.Principal; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; import javax.security.auth.login.AccountNotFoundException; import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; +import org.apache.log4j.Logger; import org.apache.qpid.server.configuration.IllegalConfigurationException; +import org.apache.qpid.server.model.*; +import org.apache.qpid.server.model.adapter.AbstractConfiguredObject; +import org.apache.qpid.server.plugin.AuthenticationManagerFactory; +import org.apache.qpid.server.security.access.Operation; import org.apache.qpid.server.security.auth.AuthenticationResult; import org.apache.qpid.server.security.auth.UsernamePrincipal; import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus; import org.apache.qpid.server.security.auth.database.PrincipalDatabase; -public class PrincipalDatabaseAuthenticationManager implements AuthenticationManager +public abstract class PrincipalDatabaseAuthenticationManager<T extends PrincipalDatabaseAuthenticationManager<T>> + extends AbstractAuthenticationManager<T> + implements PasswordCredentialManagingAuthenticationProvider<T> { + + private static final Logger LOGGER = Logger.getLogger(PrincipalDatabaseAuthenticationManager.class); + + private final PrincipalDatabase _principalDatabase; - private final String _passwordFile; + private String _path; - public PrincipalDatabaseAuthenticationManager(PrincipalDatabase pd, String passwordFile) + protected PrincipalDatabaseAuthenticationManager(final Broker broker, + final Map<String, Object> defaults, + final Map<String, Object> attributes, + boolean recovering) { - _principalDatabase = pd; - _passwordFile = passwordFile; + super(broker, defaults, attributes); + + if(!recovering) + { + try + { + File passwordFile = new File(_path); + if (!passwordFile.exists()) + { + passwordFile.createNewFile(); + } + else if (!passwordFile.canRead()) + { + throw new IllegalConfigurationException("Cannot read password file" + _path + ". Check permissions."); + } + } + catch (IOException e) + { + throw new IllegalConfigurationException("Cannot use password database at :" + _path, e); + } + } + _principalDatabase = createDatabase(); + } + + protected abstract PrincipalDatabase createDatabase(); + + + @ManagedAttribute( automate = true , mandatory = true ) + public String getPath() + { + return _path; } public void initialise() { try { - _principalDatabase.open(new File(_passwordFile)); + _principalDatabase.open(new File(_path)); } catch (FileNotFoundException e) { @@ -58,7 +108,7 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan } catch (IOException e) { - throw new IllegalConfigurationException("Cannot use password database at :" + _passwordFile, e); + throw new IllegalConfigurationException("Cannot use password database at :" + _path, e); } } @@ -130,34 +180,371 @@ public class PrincipalDatabaseAuthenticationManager implements AuthenticationMan return _principalDatabase; } + @Override - public void onCreate() + public void delete() { - try + File file = new File(_path); + if (file.exists() && file.isFile()) + { + file.delete(); + } + } + + @Override + public boolean createUser(String username, String password, Map<String, String> attributes) + { + getSecurityManager().authoriseUserOperation(Operation.CREATE, username); + return getPrincipalDatabase().createPrincipal(new UsernamePrincipal(username), password.toCharArray()); + + } + + @Override + public void deleteUser(String username) throws AccountNotFoundException + { + getSecurityManager().authoriseUserOperation(Operation.DELETE, username); + getPrincipalDatabase().deletePrincipal(new UsernamePrincipal(username)); + + } + + private org.apache.qpid.server.security.SecurityManager getSecurityManager() + { + return getBroker().getSecurityManager(); + } + + @Override + public void setPassword(String username, String password) throws AccountNotFoundException + { + getSecurityManager().authoriseUserOperation(Operation.UPDATE, username); + + getPrincipalDatabase().updatePassword(new UsernamePrincipal(username), password.toCharArray()); + + } + + @Override + public Map<String, Map<String, String>> getUsers() + { + + Map<String, Map<String,String>> users = new HashMap<String, Map<String, String>>(); + for(Principal principal : getPrincipalDatabase().getUsers()) { - File passwordFile = new File(_passwordFile); - if (!passwordFile.exists()) + users.put(principal.getName(), Collections.<String, String>emptyMap()); + } + return users; + } + + public void reload() throws IOException + { + getPrincipalDatabase().reload(); + } + + @Override + public <C extends ConfiguredObject> C addChild(Class<C> childClass, + Map<String, Object> attributes, + ConfiguredObject... otherParents) + { + if(childClass == User.class) + { + String username = (String) attributes.get("name"); + String password = (String) attributes.get("password"); + Principal p = new UsernamePrincipal(username); + + if(createUser(username, password,null)) { - passwordFile.createNewFile(); + @SuppressWarnings("unchecked") + C principalAdapter = (C) new PrincipalAdapter(p); + return principalAdapter; } - else if (!passwordFile.canRead()) + else { - throw new IllegalConfigurationException("Cannot read password file" + _passwordFile + ". Check permissions."); + LOGGER.info("Failed to create user " + username + ". User already exists?"); + return null; + } } - catch (IOException e) + + return super.addChild(childClass, attributes, otherParents); + } + + @Override + public <C extends ConfiguredObject> Collection<C> getChildren(Class<C> clazz) + { + if(clazz == User.class) { - throw new IllegalConfigurationException("Cannot use password database at :" + _passwordFile, e); + List<Principal> users = getPrincipalDatabase().getUsers(); + Collection<User> principals = new ArrayList<User>(users.size()); + for(Principal user : users) + { + principals.add(new PrincipalAdapter(user)); + } + @SuppressWarnings("unchecked") + Collection<C> unmodifiablePrincipals = (Collection<C>) Collections.unmodifiableCollection(principals); + return unmodifiablePrincipals; + } + else + { + return super.getChildren(clazz); } } @Override - public void onDelete() + protected void childAdded(ConfiguredObject child) { - File file = new File(_passwordFile); - if (file.exists() && file.isFile()) + if (child instanceof User) { - file.delete(); + // no-op, prevent storing users in the broker store + return; + } + super.childAdded(child); + } + + @Override + protected void childRemoved(ConfiguredObject child) + { + if (child instanceof User) + { + // no-op, as per above, users are not in the store + return; + } + super.childRemoved(child); + } + + protected void validateAttributes(Map<String, Object> attributes) + { + super.validateChangeAttributes(attributes); + + String newName = (String)attributes.get(NAME); + String currentName = getName(); + if (!currentName.equals(newName)) + { + throw new IllegalConfigurationException("Changing the name of authentication provider is not supported"); + } + String newType = (String)attributes.get(TYPE); + String currentType = (String)getAttribute(TYPE); + if (!currentType.equals(newType)) + { + throw new IllegalConfigurationException("Changing the type of authentication provider is not supported"); + } + + } + + @Override + protected void changeAttributes(Map<String, Object> attributes) + { + Map<String, Object> effectiveAttributes = super.generateEffectiveAttributes(attributes); + validateAttributes(effectiveAttributes); + super.changeAttributes(attributes); + initialise(); + + // if provider was previously in ERRORED state then set its state to ACTIVE + updateState(State.ERRORED, State.ACTIVE); + + } + + private class PrincipalAdapter extends AbstractConfiguredObject<PrincipalAdapter> implements User<PrincipalAdapter> + { + private final Principal _user; + + public PrincipalAdapter(Principal user) + { + super(Collections.<String,Object>emptyMap(), createPrincipalAttributes(PrincipalDatabaseAuthenticationManager.this, user), + PrincipalDatabaseAuthenticationManager.this.getTaskExecutor()); + _user = user; + + } + + @Override + public String getPassword() + { + return (String)getAttribute(PASSWORD); + } + + @Override + public void setPassword(String password) + { + try + { + PrincipalDatabaseAuthenticationManager.this.setPassword(_user.getName(), password); + } + catch (AccountNotFoundException e) + { + throw new IllegalStateException(e); + } + } + + + @Override + public String setName(String currentName, String desiredName) + throws IllegalStateException, AccessControlException + { + throw new IllegalStateException("Names cannot be updated"); + } + + @Override + public State getState() + { + return State.ACTIVE; } + + @Override + public boolean isDurable() + { + return true; + } + + @Override + public void setDurable(boolean durable) + throws IllegalStateException, AccessControlException, IllegalArgumentException + { + throw new IllegalStateException("Durability cannot be updated"); + } + + @Override + public LifetimePolicy getLifetimePolicy() + { + return LifetimePolicy.PERMANENT; + } + + @Override + public LifetimePolicy setLifetimePolicy(LifetimePolicy expected, LifetimePolicy desired) + throws IllegalStateException, AccessControlException, IllegalArgumentException + { + throw new IllegalStateException("LifetimePolicy cannot be updated"); + } + + @Override + public <C extends ConfiguredObject> Collection<C> getChildren(Class<C> clazz) + { + return null; + } + + @Override + public <C extends ConfiguredObject> C createChild(Class<C> childClass, + Map<String, Object> attributes, + ConfiguredObject... otherParents) + { + return null; + } + + @Override + public Collection<String> getAttributeNames() + { + return getAttributeNames(User.class); + } + + @Override + public Object getAttribute(String name) + { + if(ID.equals(name)) + { + return getId(); + } + else if(PASSWORD.equals(name)) + { + return null; // for security reasons we don't expose the password + } + else if(NAME.equals(name)) + { + return getName(); + } + return super.getAttribute(name); + } + + @Override + public boolean changeAttribute(String name, Object expected, Object desired) + throws IllegalStateException, AccessControlException, IllegalArgumentException + { + if(name.equals(PASSWORD)) + { + setPassword((String)desired); + return true; + } + return super.changeAttribute(name, expected, desired); + } + + @Override + protected boolean setState(State currentState, State desiredState) + throws IllegalStateTransitionException, AccessControlException + { + if(desiredState == State.DELETED) + { + try + { + String userName = _user.getName(); + deleteUser(userName); + PreferencesProvider preferencesProvider = getPreferencesProvider(); + if (preferencesProvider != null) + { + preferencesProvider.deletePreferences(userName); + } + } + catch (AccountNotFoundException e) + { + LOGGER.warn("Failed to delete user " + _user, e); + } + return true; + } + return false; + } + + @Override + public Map<String, Object> getPreferences() + { + PreferencesProvider preferencesProvider = getPreferencesProvider(); + if (preferencesProvider == null) + { + return null; + } + return preferencesProvider.getPreferences(this.getName()); + } + + @Override + public Object getPreference(String name) + { + Map<String, Object> preferences = getPreferences(); + if (preferences == null) + { + return null; + } + return preferences.get(name); + } + + @Override + public Map<String, Object> setPreferences(Map<String, Object> preferences) + { + PreferencesProvider preferencesProvider = getPreferencesProvider(); + if (preferencesProvider == null) + { + return null; + } + return preferencesProvider.setPreferences(this.getName(), preferences); + } + + @Override + public boolean deletePreferences() + { + PreferencesProvider preferencesProvider = getPreferencesProvider(); + if (preferencesProvider == null) + { + return false; + } + String[] deleted = preferencesProvider.deletePreferences(this.getName()); + return deleted.length == 1; + } + + private PreferencesProvider getPreferencesProvider() + { + return PrincipalDatabaseAuthenticationManager.this.getPreferencesProvider(); + } + } + + private static Map<String, Object> createPrincipalAttributes(PrincipalDatabaseAuthenticationManager manager, final Principal user) + { + final Map<String, Object> attributes = new HashMap<String, Object>(); + attributes.put(ID, UUIDGenerator.generateUserUUID(manager.getName(), user.getName())); + attributes.put(NAME, user.getName()); + return attributes; + } + } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java index 903f54dd8e..68cd3f5cb4 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.java @@ -36,28 +36,33 @@ import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; import org.apache.log4j.Logger; +import org.apache.qpid.server.configuration.updater.TaskExecutor; +import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.security.auth.AuthenticationResult; import org.apache.qpid.server.security.auth.UsernamePrincipal; import org.apache.qpid.server.security.auth.sasl.plain.PlainPasswordCallback; import org.apache.qpid.server.security.auth.sasl.plain.PlainSaslServer; -public class SimpleAuthenticationManager implements AuthenticationManager +public class SimpleAuthenticationManager extends AbstractAuthenticationManager<SimpleAuthenticationManager> { private static final Logger _logger = Logger.getLogger(SimpleAuthenticationManager.class); private static final String PLAIN_MECHANISM = "PLAIN"; private static final String CRAM_MD5_MECHANISM = "CRAM-MD5"; - private Map<String, String> _users; + private final Map<String, String> _users = Collections.synchronizedMap(new HashMap<String, String>()); - public SimpleAuthenticationManager(String userName, String userPassword) + public SimpleAuthenticationManager(final Broker broker, + final Map<String, Object> defaults, + final Map<String, Object> attributes) { - this(Collections.singletonMap(userName, userPassword)); + super(broker, defaults, attributes); } - public SimpleAuthenticationManager(Map<String, String> users) + + public void addUser(String username, String password) { - _users = new HashMap<String, String>(users); + _users.put(username, password); } @Override @@ -134,13 +139,7 @@ public class SimpleAuthenticationManager implements AuthenticationManager } @Override - public void onCreate() - { - // nothing to do, no external resource is required - } - - @Override - public void onDelete() + public void delete() { // nothing to do, no external resource is used } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java index 2cb61b451f..5352e36d63 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java @@ -24,7 +24,9 @@ import java.security.GeneralSecurityException; import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import java.security.Principal; +import java.util.HashMap; import java.util.Hashtable; +import java.util.Map; import javax.naming.AuthenticationException; import javax.naming.Context; @@ -44,6 +46,9 @@ import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; import org.apache.log4j.Logger; +import org.apache.qpid.server.configuration.updater.TaskExecutor; +import org.apache.qpid.server.model.Broker; +import org.apache.qpid.server.model.ManagedAttribute; import org.apache.qpid.server.model.TrustStore; import org.apache.qpid.server.security.auth.AuthenticationResult; import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus; @@ -56,7 +61,7 @@ import org.apache.qpid.server.util.ServerScopedRuntimeException; import org.apache.qpid.server.util.StringUtil; import org.apache.qpid.ssl.SSLContextFactory; -public class SimpleLDAPAuthenticationManager implements AuthenticationManager +public class SimpleLDAPAuthenticationManager extends AbstractAuthenticationManager<SimpleLDAPAuthenticationManager> { private static final Logger _logger = Logger.getLogger(SimpleLDAPAuthenticationManager.class); @@ -65,34 +70,40 @@ public class SimpleLDAPAuthenticationManager implements AuthenticationManager */ private static final String JAVA_NAMING_LDAP_FACTORY_SOCKET = "java.naming.ldap.factory.socket"; - private final String _authManagerName; - private final String _providerSearchURL; - private final String _providerAuthURL; - private final String _searchContext; - private final String _searchFilter; - private final String _ldapContextFactory; + private String _providerUrl; + private String _providerAuthUrl; + private String _searchContext; + private String _searchFilter; + private String _ldapContextFactory; + /** * Trust store - typically used when the Directory has been secured with a certificate signed by a * private CA (or self-signed certificate). */ - private final TrustStore _trustStore; + private TrustStore _trustStore; /** * Dynamically created SSL Socket Factory implementation used in the case where user has specified a trust store. */ private Class<? extends SocketFactory> _sslSocketFactoryOverrideClass; + protected SimpleLDAPAuthenticationManager(final Broker broker, + final Map<String, Object> defaults, + final Map<String, Object> attributes) + { + super(broker, createDefaults(defaults, attributes), attributes); + } - SimpleLDAPAuthenticationManager(String authManagerName, String providerSearchUrl, String providerAuthUrl, String searchContext, String searchFilter, String ldapContextFactory, TrustStore trustStore) + private static Map<String, Object> createDefaults(final Map<String, Object> defaults, + final Map<String, Object> attributes) { - _authManagerName = authManagerName; - _providerSearchURL = providerSearchUrl; - _providerAuthURL = providerAuthUrl; - _searchContext = searchContext; - _searchFilter = searchFilter; - _ldapContextFactory = ldapContextFactory; - _trustStore = trustStore; + final Map<String, Object> newDefaults = new HashMap<String, Object>(defaults); + if(!defaults.containsKey("providerAuthUrl") && attributes.containsKey("providerUrl")) + { + newDefaults.put("providerAuthUrl", attributes.get("providerUrl")); + } + return newDefaults; } @Override @@ -103,6 +114,43 @@ public class SimpleLDAPAuthenticationManager implements AuthenticationManager validateInitialDirContext(); } + @ManagedAttribute( automate = true ) + public String getProviderUrl() + { + return _providerUrl; + } + + @ManagedAttribute( automate = true ) + public String getProviderAuthUrl() + { + return _providerAuthUrl; + } + + @ManagedAttribute( automate = true ) + public String getSearchContext() + { + return _searchContext; + } + + @ManagedAttribute( automate = true ) + public String getSearchFilter() + { + return _searchFilter; + } + + @ManagedAttribute( automate = true ) + public String getLdapContextFactory() + { + return _ldapContextFactory; + } + + @ManagedAttribute( automate = true ) + public TrustStore getTrustStore() + { + return _trustStore; + } + + @Override public String getMechanisms() { @@ -181,7 +229,7 @@ public class SimpleLDAPAuthenticationManager implements AuthenticationManager return new AuthenticationResult(AuthenticationStatus.CONTINUE); } - Hashtable<String, Object> env = createInitialDirContextEnvironment(_providerAuthURL); + Hashtable<String, Object> env = createInitialDirContextEnvironment(_providerAuthUrl); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PRINCIPAL, name); @@ -264,7 +312,7 @@ public class SimpleLDAPAuthenticationManager implements AuthenticationManager { if (_trustStore != null) { - String clazzName = new StringUtil().createUniqueJavaName(_authManagerName); + String clazzName = new StringUtil().createUniqueJavaName(getName()); SSLContext sslContext = null; try { @@ -300,7 +348,7 @@ public class SimpleLDAPAuthenticationManager implements AuthenticationManager private void validateInitialDirContext() { - Hashtable<String,Object> env = createInitialDirContextEnvironment(_providerSearchURL); + Hashtable<String,Object> env = createInitialDirContextEnvironment(_providerUrl); env.put(Context.SECURITY_AUTHENTICATION, "none"); InitialDirContext ctx = null; @@ -310,7 +358,7 @@ public class SimpleLDAPAuthenticationManager implements AuthenticationManager } catch (NamingException e) { - throw new ServerScopedRuntimeException("Unable to establish anonymous connection to the ldap server at " + _providerSearchURL, e); + throw new ServerScopedRuntimeException("Unable to establish anonymous connection to the ldap server at " + _providerUrl, e); } finally { @@ -371,7 +419,7 @@ public class SimpleLDAPAuthenticationManager implements AuthenticationManager private String getNameFromId(String id) throws NamingException { - Hashtable<String,Object> env = createInitialDirContextEnvironment(_providerSearchURL); + Hashtable<String,Object> env = createInitialDirContextEnvironment(_providerUrl); env.put(Context.SECURITY_AUTHENTICATION, "none"); InitialDirContext ctx = createInitialDirContext(env); @@ -417,13 +465,7 @@ public class SimpleLDAPAuthenticationManager implements AuthenticationManager } @Override - public void onCreate() - { - // nothing to do, no external resource is required - } - - @Override - public void onDelete() + public void delete() { // nothing to do, no external resource is used } diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerFactory.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerFactory.java index 767e675125..4c32cdc2c8 100644 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerFactory.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerFactory.java @@ -25,6 +25,7 @@ import java.util.Collections; import java.util.Map; import org.apache.qpid.server.configuration.IllegalConfigurationException; +import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.model.TrustStore; import org.apache.qpid.server.plugin.AuthenticationManagerFactory; @@ -46,7 +47,7 @@ public class SimpleLDAPAuthenticationManagerFactory implements AuthenticationMan public static final String ATTRIBUTE_PROVIDER_URL = "providerUrl"; public static final Collection<String> ATTRIBUTES = Collections.<String> unmodifiableList(Arrays.asList( - ATTRIBUTE_TYPE, + AuthenticationProvider.TYPE, ATTRIBUTE_PROVIDER_URL, ATTRIBUTE_SEARCH_CONTEXT, ATTRIBUTE_SEARCH_FILTER, @@ -56,42 +57,17 @@ public class SimpleLDAPAuthenticationManagerFactory implements AuthenticationMan )); @Override - public AuthenticationManager createInstance(Broker broker, Map<String, Object> attributes) + public SimpleLDAPAuthenticationManager createInstance(Broker broker, + Map<String, Object> attributes, + final boolean recovering) { - if (attributes == null || !PROVIDER_TYPE.equals(attributes.get(ATTRIBUTE_TYPE))) + if (attributes == null || !PROVIDER_TYPE.equals(attributes.get(AuthenticationProvider.TYPE))) { return null; } - String name = (String) attributes.get(ATTRIBUTE_NAME); - String providerUrl = (String) attributes.get(ATTRIBUTE_PROVIDER_URL); - String providerAuthUrl = (String) attributes.get(ATTRIBUTE_PROVIDER_AUTH_URL); - if (providerAuthUrl == null) - { - providerAuthUrl = providerUrl; - } - String searchContext = (String) attributes.get(ATTRIBUTE_SEARCH_CONTEXT); - String searchFilter = (String) attributes.get(ATTRIBUTE_SEARCH_FILTER); - String ldapContextFactory = (String) attributes.get(ATTRIBUTE_LDAP_CONTEXT_FACTORY); - String trustStoreName = (String) attributes.get(ATTRIBUTE_TRUST_STORE); - if (ldapContextFactory == null) - { - ldapContextFactory = DEFAULT_LDAP_CONTEXT_FACTORY; - } - - TrustStore trustStore = null; - if (trustStoreName != null) - { - trustStore = broker.findTrustStoreByName(trustStoreName); - if (trustStore == null) - { - throw new IllegalConfigurationException("Can't find truststore with name '" + trustStoreName + "'"); - } - } - - return new SimpleLDAPAuthenticationManager(name, providerUrl, providerAuthUrl, searchContext, - searchFilter, ldapContextFactory, trustStore); + return new SimpleLDAPAuthenticationManager(broker, Collections.<String,Object>emptyMap(),attributes); } @Override diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/AuthenticationProviderRecovererTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/AuthenticationProviderRecovererTest.java index ab5147c1e3..8b2fa4c8d7 100644 --- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/AuthenticationProviderRecovererTest.java +++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/startup/AuthenticationProviderRecovererTest.java @@ -83,7 +83,7 @@ public class AuthenticationProviderRecovererTest extends QpidTestCase try { Map<String, Object> authenticationAttributes = new HashMap<String, Object>(); - authenticationAttributes.put(AuthenticationManagerFactory.ATTRIBUTE_TYPE, + authenticationAttributes.put(AuthenticationProvider.TYPE, PlainPasswordFileAuthenticationManagerFactory.PROVIDER_TYPE); authenticationAttributes.put(AuthenticationProvider.NAME, "test-authenticator"); authenticationAttributes.put(PlainPasswordFileAuthenticationManagerFactory.ATTRIBUTE_PATH, diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/store/ConfigurationEntryStoreTestCase.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/store/ConfigurationEntryStoreTestCase.java index 18484999de..133eb94e43 100644 --- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/store/ConfigurationEntryStoreTestCase.java +++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/configuration/store/ConfigurationEntryStoreTestCase.java @@ -38,7 +38,6 @@ import org.apache.qpid.server.model.Transport; import org.apache.qpid.server.model.TrustStore; import org.apache.qpid.server.model.VirtualHost; import org.apache.qpid.server.model.adapter.FileSystemPreferencesProvider; -import org.apache.qpid.server.plugin.AuthenticationManagerFactory; import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager; import org.apache.qpid.server.security.auth.manager.ExternalAuthenticationManager; import org.apache.qpid.test.utils.QpidTestCase; @@ -85,7 +84,7 @@ public abstract class ConfigurationEntryStoreTestCase extends QpidTestCase _authenticationProviderId = UUID.randomUUID(); _authenticationProviderAttributes = new HashMap<String, Object>(); _authenticationProviderAttributes.put(AuthenticationProvider.NAME, "authenticationProvider1"); - _authenticationProviderAttributes.put(AuthenticationManagerFactory.ATTRIBUTE_TYPE, AnonymousAuthenticationManager.class.getSimpleName()); + _authenticationProviderAttributes.put(AuthenticationProvider.TYPE, AnonymousAuthenticationManager.class.getSimpleName()); _store = createStore(_brokerId, _brokerAttributes); addConfiguration(_virtualHostId, VirtualHost.class.getSimpleName(), _virtualHostAttributes); @@ -247,7 +246,7 @@ public abstract class ConfigurationEntryStoreTestCase extends QpidTestCase UUID authenticationProviderId = UUID.randomUUID(); Map<String, Object> authenticationProviderAttributes = new HashMap<String, Object>(); authenticationProviderAttributes.put(AuthenticationProvider.NAME, "authenticationProvider1"); - authenticationProviderAttributes.put(AuthenticationManagerFactory.ATTRIBUTE_TYPE, ExternalAuthenticationManager.class.getSimpleName()); + authenticationProviderAttributes.put(AuthenticationProvider.TYPE, ExternalAuthenticationManager.class.getSimpleName()); ConfigurationEntry providerEntry = new ConfigurationEntry(authenticationProviderId, AuthenticationProvider.class.getSimpleName(), authenticationProviderAttributes, Collections.<UUID> emptySet(), _store); @@ -267,7 +266,7 @@ public abstract class ConfigurationEntryStoreTestCase extends QpidTestCase Map<String, Object> authenticationProviderAttributes = new HashMap<String, Object>(); authenticationProviderAttributes.put(AuthenticationProvider.NAME, "authenticationProvider1"); - authenticationProviderAttributes.put(AuthenticationManagerFactory.ATTRIBUTE_TYPE, ExternalAuthenticationManager.class.getSimpleName()); + authenticationProviderAttributes.put(AuthenticationProvider.TYPE, ExternalAuthenticationManager.class.getSimpleName()); ConfigurationEntry updatedEntry = new ConfigurationEntry(_authenticationProviderId, AuthenticationProvider.class.getSimpleName(), authenticationProviderAttributes, Collections.<UUID> emptySet(), _store); _store.save(updatedEntry); diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/adapter/AuthenticationProviderFactoryTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/adapter/AuthenticationProviderFactoryTest.java deleted file mode 100644 index 59eaf96ec3..0000000000 --- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/adapter/AuthenticationProviderFactoryTest.java +++ /dev/null @@ -1,155 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.server.model.adapter; - -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; -import static org.mockito.Mockito.any; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.never; - -import java.util.Collections; -import java.util.HashMap; -import java.util.Map; -import java.util.UUID; - -import junit.framework.TestCase; - -import org.apache.qpid.server.model.AuthenticationProvider; -import org.apache.qpid.server.model.Broker; -import org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider; -import org.apache.qpid.server.plugin.AuthenticationManagerFactory; -import org.apache.qpid.server.plugin.QpidServiceLoader; -import org.apache.qpid.server.security.auth.manager.AuthenticationManager; -import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager; - -public class AuthenticationProviderFactoryTest extends TestCase -{ - - public void testCreatePasswordCredentialManagingAuthenticationProvider() - { - AuthenticationManager am = mock(PrincipalDatabaseAuthenticationManager.class); - AuthenticationProvider provider = testForFactory(am, true); - assertTrue("The created provider should match the factory's AuthenticationManager type", - provider instanceof PasswordCredentialManagingAuthenticationProvider); - verify(am).onCreate(); - } - - public void testCreateNonPasswordCredentialManagingAuthenticationProvider() - { - AuthenticationManager am = mock(AuthenticationManager.class); - AuthenticationProvider provider = testForFactory(am, true); - assertFalse("The created provider should match the factory's AuthenticationManager type", - provider instanceof PasswordCredentialManagingAuthenticationProvider); - verify(am).onCreate(); - } - - public void testRecoverPasswordCredentialManagingAuthenticationProvider() - { - AuthenticationManager am = mock(PrincipalDatabaseAuthenticationManager.class); - AuthenticationProvider provider = testForFactory(am, false); - assertTrue("The created provider should match the factory's AuthenticationManager type", - provider instanceof PasswordCredentialManagingAuthenticationProvider); - verify(am, never()).onCreate(); - } - - public void testRecoverNonPasswordCredentialManagingAuthenticationProvider() - { - AuthenticationManager am = mock(AuthenticationManager.class); - AuthenticationProvider provider = testForFactory(am, false); - assertFalse("The created provider should match the factory's AuthenticationManager type", - provider instanceof PasswordCredentialManagingAuthenticationProvider); - verify(am, never()).onCreate(); - } - - @SuppressWarnings("unchecked") - private AuthenticationProvider testForFactory(AuthenticationManager authenticationManager, boolean create) - { - UUID id = UUID.randomUUID(); - Map<String, Object> attributes = new HashMap<String, Object>(); - - QpidServiceLoader<AuthenticationManagerFactory> authManagerFactoryServiceLoader = mock(QpidServiceLoader.class); - AuthenticationManagerFactory authenticationManagerFactory = mock(AuthenticationManagerFactory.class); - - Broker broker = mock(Broker.class); - - when(authManagerFactoryServiceLoader.atLeastOneInstanceOf(AuthenticationManagerFactory.class)).thenReturn( - Collections.singleton(authenticationManagerFactory)); - when(authenticationManagerFactory.createInstance(broker, attributes)).thenReturn(authenticationManager); - - AuthenticationProviderFactory providerFactory = new AuthenticationProviderFactory(authManagerFactoryServiceLoader); - - AuthenticationProvider provider = null; - if (create) - { - provider = providerFactory.create(id, broker, attributes); - } - else - { - provider = providerFactory.recover(id, attributes, broker); - } - - assertNotNull("Provider is not created", provider); - assertEquals("Unexpected ID", id, provider.getId()); - - return provider; - } - - public void testCreatePasswordCredentialManagingAuthenticationProviderFailsWhenAnotherOneAlready() - { - Broker broker = mock(Broker.class); - PasswordCredentialManagingAuthenticationProvider anotherProvider = mock(PasswordCredentialManagingAuthenticationProvider.class); - when(broker.getAuthenticationProviders()).thenReturn(Collections.<AuthenticationProvider>singleton(anotherProvider)); - - QpidServiceLoader<AuthenticationManagerFactory> loader = mock(QpidServiceLoader.class); - AuthenticationManagerFactory managerFactory = mock(AuthenticationManagerFactory.class); - when(managerFactory.createInstance(any(Broker.class), any(Map.class))).thenReturn(mock(PrincipalDatabaseAuthenticationManager.class)); - when(loader.atLeastOneInstanceOf(AuthenticationManagerFactory.class)).thenReturn(Collections.singleton(managerFactory)); - - AuthenticationProviderFactory providerFactory = new AuthenticationProviderFactory(loader); - - UUID randomUUID = UUID.randomUUID(); - AuthenticationProvider provider = providerFactory.create(randomUUID, broker, new HashMap<String, Object>()); - - assertNotNull("Provider is not created", provider); - assertEquals("Unexpected ID", randomUUID, provider.getId()); - } - - @SuppressWarnings("unchecked") - public void testCreateNonPasswordCredentialManagingAuthenticationProviderWhenAnotherOneAlreadyExist() - { - Broker broker = mock(Broker.class); - AuthenticationProvider anotherProvider = mock(AuthenticationProvider.class); - when(broker.getAuthenticationProviders()).thenReturn(Collections.singleton(anotherProvider)); - - QpidServiceLoader<AuthenticationManagerFactory> loader = mock(QpidServiceLoader.class); - AuthenticationManagerFactory managerFactory = mock(AuthenticationManagerFactory.class); - when(managerFactory.createInstance(any(Broker.class), any(Map.class))).thenReturn(mock(AuthenticationManager.class)); - when(loader.atLeastOneInstanceOf(AuthenticationManagerFactory.class)).thenReturn(Collections.singleton(managerFactory)); - - AuthenticationProviderFactory providerFactory = new AuthenticationProviderFactory(loader); - UUID id = UUID.randomUUID(); - AuthenticationProvider provider = providerFactory.create(id, broker, new HashMap<String, Object>()); - - assertNotNull("Provider is not created", provider); - assertEquals("Unexpected ID", id, provider.getId()); - } -} diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManagerTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManagerTest.java index cfeb7c525b..23267de59d 100644 --- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManagerTest.java +++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManagerTest.java @@ -21,16 +21,35 @@ package org.apache.qpid.server.security.auth.manager; import static org.apache.qpid.server.security.auth.AuthenticatedPrincipalTestHelper.assertOnlyContainsWrapped; +import static org.mockito.Mockito.mock; import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; +import org.apache.qpid.server.model.AuthenticationProvider; +import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.security.auth.AuthenticationResult; import org.apache.qpid.test.utils.QpidTestCase; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; +import java.util.UUID; + public class AnonymousAuthenticationManagerTest extends QpidTestCase { - private AuthenticationManager _manager = new AnonymousAuthenticationManager(); + private AuthenticationManager _manager; + + @Override + public void setUp() throws Exception + { + super.setUp(); + Map<String,Object> attrs = new HashMap<String, Object>(); + attrs.put(AuthenticationProvider.ID, UUID.randomUUID()); + attrs.put(AuthenticationProvider.NAME, getTestName()); + _manager = new AnonymousAuthenticationManager(mock(Broker.class), Collections.<String,Object>emptyMap(), attrs); + + } public void tearDown() throws Exception { diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/Base64MD5PasswordFileAuthenticationManagerFactoryTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/Base64MD5PasswordFileAuthenticationManagerFactoryTest.java index b3d94a5043..c911a88aa2 100644 --- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/Base64MD5PasswordFileAuthenticationManagerFactoryTest.java +++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/Base64MD5PasswordFileAuthenticationManagerFactoryTest.java @@ -25,9 +25,11 @@ import java.io.File; import java.io.FileNotFoundException; import java.util.HashMap; import java.util.Map; +import java.util.UUID; import junit.framework.TestCase; +import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.plugin.AuthenticationManagerFactory; import org.apache.qpid.server.security.auth.database.Base64MD5PasswordFilePrincipalDatabase; @@ -45,14 +47,17 @@ public class Base64MD5PasswordFileAuthenticationManagerFactoryTest extends Test super.setUp(); _emptyPasswordFile = File.createTempFile(getName(), "passwd"); _emptyPasswordFile.deleteOnExit(); + + _configuration.put(AuthenticationProvider.ID, UUID.randomUUID()); + _configuration.put(AuthenticationProvider.NAME, getName()); } public void testBase64MD5InstanceCreated() throws Exception { - _configuration.put(AbstractPrincipalDatabaseAuthManagerFactory.ATTRIBUTE_TYPE, Base64MD5PasswordFileAuthenticationManagerFactory.PROVIDER_TYPE); - _configuration.put(AbstractPrincipalDatabaseAuthManagerFactory.ATTRIBUTE_PATH, _emptyPasswordFile.getAbsolutePath()); + _configuration.put(AuthenticationProvider.TYPE, Base64MD5PasswordFileAuthenticationManagerFactory.PROVIDER_TYPE); + _configuration.put("path", _emptyPasswordFile.getAbsolutePath()); - AuthenticationManager manager = _factory.createInstance(_broker, _configuration); + AuthenticationManager manager = _factory.createInstance(_broker, _configuration, false); assertNotNull(manager); assertTrue(manager instanceof PrincipalDatabaseAuthenticationManager); assertTrue(((PrincipalDatabaseAuthenticationManager)manager).getPrincipalDatabase() instanceof Base64MD5PasswordFilePrincipalDatabase); @@ -63,12 +68,12 @@ public class Base64MD5PasswordFileAuthenticationManagerFactoryTest extends Test //delete the file _emptyPasswordFile.delete(); - _configuration.put(AbstractPrincipalDatabaseAuthManagerFactory.ATTRIBUTE_TYPE, Base64MD5PasswordFileAuthenticationManagerFactory.PROVIDER_TYPE); - _configuration.put(AbstractPrincipalDatabaseAuthManagerFactory.ATTRIBUTE_PATH, _emptyPasswordFile.getAbsolutePath()); + _configuration.put(AuthenticationProvider.TYPE, Base64MD5PasswordFileAuthenticationManagerFactory.PROVIDER_TYPE); + _configuration.put("path", _emptyPasswordFile.getAbsolutePath()); try { - _factory.createInstance(_broker, _configuration); + _factory.createInstance(_broker, _configuration, false); } catch (RuntimeException re) { @@ -78,23 +83,30 @@ public class Base64MD5PasswordFileAuthenticationManagerFactoryTest extends Test public void testReturnsNullWhenNoConfig() throws Exception { - AuthenticationManager manager = _factory.createInstance(_broker, _configuration); + AuthenticationManager manager = _factory.createInstance(_broker, _configuration, false); assertNull(manager); } public void testReturnsNullWhenConfigForOtherAuthManagerType() throws Exception { - _configuration.put(AbstractPrincipalDatabaseAuthManagerFactory.ATTRIBUTE_TYPE, "other-auth-manager"); - AuthenticationManager manager = _factory.createInstance(_broker, _configuration); + _configuration.put(AuthenticationProvider.TYPE, "other-auth-manager"); + AuthenticationManager manager = _factory.createInstance(_broker, _configuration, false); assertNull(manager); } - public void testReturnsNullWhenConfigForPlainPDImplementationNoPasswordFileValueSpecified() throws Exception + public void testThrowsExceptionWhenConfigForPlainPDImplementationNoPasswordFileValueSpecified() throws Exception { - _configuration.put(AbstractPrincipalDatabaseAuthManagerFactory.ATTRIBUTE_TYPE, Base64MD5PasswordFileAuthenticationManagerFactory.PROVIDER_TYPE); + _configuration.put(AuthenticationProvider.TYPE, Base64MD5PasswordFileAuthenticationManagerFactory.PROVIDER_TYPE); - AuthenticationManager manager = _factory.createInstance(_broker, _configuration); - assertNull(manager); + try + { + AuthenticationManager manager = _factory.createInstance(_broker, _configuration, false); + fail("No authentication manager should be created"); + } + catch(IllegalArgumentException e) + { + // pass + } } @Override diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java index 99a24c0150..cdd9abf0ab 100644 --- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java +++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java @@ -19,19 +19,43 @@ package org.apache.qpid.server.security.auth.manager; import static org.apache.qpid.server.security.auth.AuthenticatedPrincipalTestHelper.assertOnlyContainsWrapped; +import static org.mockito.Mockito.mock; import javax.security.auth.x500.X500Principal; import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; +import org.apache.qpid.server.model.AuthenticationProvider; +import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.security.auth.AuthenticationResult; import org.apache.qpid.server.security.auth.UsernamePrincipal; import org.apache.qpid.test.utils.QpidTestCase; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; +import java.util.UUID; + public class ExternalAuthenticationManagerTest extends QpidTestCase { - private AuthenticationManager _manager = new ExternalAuthenticationManager(false); - private AuthenticationManager _managerUsingFullDN = new ExternalAuthenticationManager(true); + private AuthenticationManager _manager; + private AuthenticationManager _managerUsingFullDN; + + @Override + public void setUp() throws Exception + { + super.setUp(); + Map<String,Object> attrs = new HashMap<String, Object>(); + attrs.put(AuthenticationProvider.ID, UUID.randomUUID()); + attrs.put(AuthenticationProvider.NAME, getTestName()); + attrs.put("useFullDN",false); + _manager = new ExternalAuthenticationManager(mock(Broker.class), Collections.<String,Object>emptyMap(), attrs); + HashMap<String, Object> attrsFullDN = new HashMap<String, Object>(); + attrsFullDN.put(AuthenticationProvider.ID, UUID.randomUUID()); + attrsFullDN.put(AuthenticationProvider.NAME, getTestName()+"FullDN"); + attrsFullDN.put("useFullDN",true); + _managerUsingFullDN = new ExternalAuthenticationManager(mock(Broker.class), Collections.<String,Object>emptyMap(), attrsFullDN); + } public void testGetMechanisms() throws Exception { diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/PlainPasswordFileAuthenticationManagerFactoryTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/PlainPasswordFileAuthenticationManagerFactoryTest.java index 9ff8d18238..e37bee0832 100644 --- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/PlainPasswordFileAuthenticationManagerFactoryTest.java +++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/PlainPasswordFileAuthenticationManagerFactoryTest.java @@ -24,9 +24,11 @@ import static org.mockito.Mockito.mock; import java.io.File; import java.util.HashMap; import java.util.Map; +import java.util.UUID; import junit.framework.TestCase; +import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.plugin.AuthenticationManagerFactory; import org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase; @@ -44,14 +46,16 @@ public class PlainPasswordFileAuthenticationManagerFactoryTest extends TestCase super.setUp(); _emptyPasswordFile = File.createTempFile(getName(), "passwd"); _emptyPasswordFile.deleteOnExit(); + _configuration.put(AuthenticationProvider.ID, UUID.randomUUID()); + _configuration.put(AuthenticationProvider.NAME, getName()); } public void testPlainInstanceCreated() throws Exception { - _configuration.put(AbstractPrincipalDatabaseAuthManagerFactory.ATTRIBUTE_TYPE, PlainPasswordFileAuthenticationManagerFactory.PROVIDER_TYPE); - _configuration.put(AbstractPrincipalDatabaseAuthManagerFactory.ATTRIBUTE_PATH, _emptyPasswordFile.getAbsolutePath()); + _configuration.put(AuthenticationProvider.TYPE, PlainPasswordFileAuthenticationManagerFactory.PROVIDER_TYPE); + _configuration.put("path", _emptyPasswordFile.getAbsolutePath()); - AuthenticationManager manager = _factory.createInstance(_broker, _configuration); + AuthenticationManager manager = _factory.createInstance(_broker, _configuration, false); assertNotNull(manager); assertTrue(manager instanceof PrincipalDatabaseAuthenticationManager); assertTrue(((PrincipalDatabaseAuthenticationManager)manager).getPrincipalDatabase() instanceof PlainPasswordFilePrincipalDatabase); @@ -62,10 +66,11 @@ public class PlainPasswordFileAuthenticationManagerFactoryTest extends TestCase //delete the file _emptyPasswordFile.delete(); - _configuration.put(AbstractPrincipalDatabaseAuthManagerFactory.ATTRIBUTE_TYPE, PlainPasswordFileAuthenticationManagerFactory.PROVIDER_TYPE); - _configuration.put(AbstractPrincipalDatabaseAuthManagerFactory.ATTRIBUTE_PATH, _emptyPasswordFile.getAbsolutePath()); + _configuration.put(AuthenticationProvider.TYPE, PlainPasswordFileAuthenticationManagerFactory.PROVIDER_TYPE); + _configuration.put("path", _emptyPasswordFile.getAbsolutePath()); - AuthenticationManager manager = _factory.createInstance(_broker, _configuration); + + AuthenticationManager manager = _factory.createInstance(_broker, _configuration, false); assertNotNull(manager); assertTrue(manager instanceof PrincipalDatabaseAuthenticationManager); @@ -74,23 +79,30 @@ public class PlainPasswordFileAuthenticationManagerFactoryTest extends TestCase public void testReturnsNullWhenNoConfig() throws Exception { - AuthenticationManager manager = _factory.createInstance(_broker, _configuration); + AuthenticationManager manager = _factory.createInstance(_broker, _configuration, false); assertNull(manager); } public void testReturnsNullWhenConfigForOtherAuthManagerType() throws Exception { - _configuration.put(AbstractPrincipalDatabaseAuthManagerFactory.ATTRIBUTE_TYPE, "other-auth-manager"); - AuthenticationManager manager = _factory.createInstance(_broker, _configuration); + _configuration.put(AuthenticationProvider.TYPE, "other-auth-manager"); + AuthenticationManager manager = _factory.createInstance(_broker, _configuration, false); assertNull(manager); } - public void testReturnsNullWhenConfigForPlainPDImplementationNoPasswordFileValueSpecified() throws Exception + public void testThrowsExceptionWhenConfigForPlainPDImplementationNoPasswordFileValueSpecified() throws Exception { - _configuration.put(AbstractPrincipalDatabaseAuthManagerFactory.ATTRIBUTE_TYPE, PlainPasswordFileAuthenticationManagerFactory.PROVIDER_TYPE); + _configuration.put(AuthenticationProvider.TYPE, PlainPasswordFileAuthenticationManagerFactory.PROVIDER_TYPE); - AuthenticationManager manager = _factory.createInstance(_broker, _configuration); - assertNull(manager); + try + { + AuthenticationManager manager = _factory.createInstance(_broker, _configuration, false); + fail("No authentication manager should be created"); + } + catch (IllegalArgumentException e) + { + // pass; + } } @Override diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java index cba6058426..7b7ed2218e 100644 --- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java +++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java @@ -28,8 +28,11 @@ import java.io.File; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.security.Principal; +import java.util.Collections; +import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.UUID; import javax.security.auth.callback.CallbackHandler; import javax.security.sasl.SaslException; @@ -37,12 +40,13 @@ import javax.security.sasl.SaslServer; import javax.security.sasl.SaslServerFactory; import org.apache.qpid.server.configuration.IllegalConfigurationException; +import org.apache.qpid.server.model.Broker; +import org.apache.qpid.server.model.ConfiguredObject; import org.apache.qpid.server.security.auth.AuthenticationResult; import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus; import org.apache.qpid.server.security.auth.UsernamePrincipal; import org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase; import org.apache.qpid.server.security.auth.database.PrincipalDatabase; -import org.apache.qpid.server.security.auth.sasl.UsernamePasswordInitialiser; import org.apache.qpid.test.utils.QpidTestCase; /** @@ -91,15 +95,32 @@ public class PrincipalDatabaseAuthenticationManagerTest extends QpidTestCase when(_principalDatabase.getMechanisms()).thenReturn(MOCK_MECH_NAME); when(_principalDatabase.createSaslServer(MOCK_MECH_NAME, LOCALHOST, null)).thenReturn(new MySaslServer(false, true)); - _manager = new PrincipalDatabaseAuthenticationManager(_principalDatabase, _passwordFileLocation); + setupManager(false); + _manager.initialise(); } + private void setupManager(final boolean recovering) + { + Map<String,Object> attrs = new HashMap<String, Object>(); + attrs.put(ConfiguredObject.ID, UUID.randomUUID()); + attrs.put(ConfiguredObject.NAME, getTestName()); + attrs.put("path", _passwordFileLocation); + _manager = new PrincipalDatabaseAuthenticationManager(mock(Broker.class), Collections.<String,Object>emptyMap(), attrs, recovering) + { + @Override + protected PrincipalDatabase createDatabase() + { + return _principalDatabase; + } + + }; + } + public void testInitialiseWhenPasswordFileNotFound() throws Exception { _principalDatabase = new PlainPasswordFilePrincipalDatabase(); - _manager = new PrincipalDatabaseAuthenticationManager(_principalDatabase, _passwordFileLocation); - + setupManager(true); try { _manager.initialise(); @@ -114,7 +135,7 @@ public class PrincipalDatabaseAuthenticationManagerTest extends QpidTestCase public void testInitialiseWhenPasswordFileExists() throws Exception { _principalDatabase = new PlainPasswordFilePrincipalDatabase(); - _manager = new PrincipalDatabaseAuthenticationManager(_principalDatabase, _passwordFileLocation); + setupManager(true); File f = new File(_passwordFileLocation); f.createNewFile(); @@ -230,7 +251,6 @@ public class PrincipalDatabaseAuthenticationManagerTest extends QpidTestCase { setupMocks(); - _manager.onCreate(); assertTrue("Password file was not created", new File(_passwordFileLocation).exists()); } @@ -238,10 +258,9 @@ public class PrincipalDatabaseAuthenticationManagerTest extends QpidTestCase { setupMocks(); - _manager.onCreate(); assertTrue("Password file was not created", new File(_passwordFileLocation).exists()); - _manager.onDelete(); + _manager.delete(); assertFalse("Password file was not deleted", new File(_passwordFileLocation).exists()); } diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.java index 110206a83d..c148e2951d 100644 --- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.java +++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.java @@ -21,17 +21,25 @@ package org.apache.qpid.server.security.auth.manager; import java.security.Principal; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; import java.util.Set; +import java.util.UUID; import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; +import org.apache.qpid.server.model.AuthenticationProvider; +import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.security.auth.AuthenticationResult; import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus; import org.apache.qpid.server.security.auth.sasl.SaslUtil; import org.apache.qpid.server.security.auth.sasl.plain.PlainSaslServer; import org.apache.qpid.test.utils.QpidTestCase; +import static org.mockito.Mockito.mock; + public class SimpleAuthenticationManagerTest extends QpidTestCase { private static final String TEST_USER = "testUser"; @@ -41,7 +49,13 @@ public class SimpleAuthenticationManagerTest extends QpidTestCase public void setUp() throws Exception { super.setUp(); - _authenticationManager = new SimpleAuthenticationManager(TEST_USER, TEST_PASSWORD); + Map<String,Object> authManagerAttrs = new HashMap<String, Object>(); + authManagerAttrs.put(AuthenticationProvider.NAME,"MANAGEMENT_MODE_AUTHENTICATION"); + authManagerAttrs.put(AuthenticationProvider.ID, UUID.randomUUID()); + final SimpleAuthenticationManager authManager = new SimpleAuthenticationManager(mock(Broker.class), Collections.<String,Object>emptyMap(),authManagerAttrs); + authManager.addUser(TEST_USER, TEST_PASSWORD); + _authenticationManager = authManager; + } public void testGetMechanisms() diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerFactoryTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerFactoryTest.java index cadc5d3a3d..967ae2e4f9 100644 --- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerFactoryTest.java +++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerFactoryTest.java @@ -20,14 +20,17 @@ package org.apache.qpid.server.security.auth.manager; +import static org.mockito.Matchers.eq; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; -import static org.mockito.Mockito.verifyZeroInteractions; +import java.util.Collections; import java.util.HashMap; import java.util.Map; +import java.util.UUID; import org.apache.qpid.server.configuration.IllegalConfigurationException; +import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.model.TrustStore; @@ -41,66 +44,76 @@ public class SimpleLDAPAuthenticationManagerFactoryTest extends TestCase private Broker _broker = mock(Broker.class); private TrustStore _trustStore = mock(TrustStore.class); + public void setUp() throws Exception + { + super.setUp(); + + when(_trustStore.getName()).thenReturn("mytruststore"); + when(_trustStore.getId()).thenReturn(UUID.randomUUID()); + + _configuration.put(AuthenticationProvider.ID, UUID.randomUUID()); + _configuration.put(AuthenticationProvider.NAME, getName()); + } + public void testLdapInstanceCreated() throws Exception { - _configuration.put(SimpleLDAPAuthenticationManagerFactory.ATTRIBUTE_TYPE, SimpleLDAPAuthenticationManagerFactory.PROVIDER_TYPE); + _configuration.put(AuthenticationProvider.TYPE, SimpleLDAPAuthenticationManagerFactory.PROVIDER_TYPE); _configuration.put("providerUrl", "ldap://example.com:389/"); _configuration.put("searchContext", "dc=example"); - AuthenticationManager manager = _factory.createInstance(_broker, _configuration); + AuthenticationManager manager = _factory.createInstance(_broker, _configuration, false); assertNotNull(manager); - verifyZeroInteractions(_broker); } public void testLdapsInstanceCreated() throws Exception { - _configuration.put(SimpleLDAPAuthenticationManagerFactory.ATTRIBUTE_TYPE, SimpleLDAPAuthenticationManagerFactory.PROVIDER_TYPE); + _configuration.put(AuthenticationProvider.TYPE, SimpleLDAPAuthenticationManagerFactory.PROVIDER_TYPE); _configuration.put("providerUrl", "ldaps://example.com:636/"); _configuration.put("searchContext", "dc=example"); - AuthenticationManager manager = _factory.createInstance(_broker, _configuration); + AuthenticationManager manager = _factory.createInstance(_broker, _configuration, false); assertNotNull(manager); - verifyZeroInteractions(_broker); } public void testLdapsWithTrustStoreInstanceCreated() throws Exception { - when(_broker.findTrustStoreByName("mytruststore")).thenReturn(_trustStore); + when(_broker.getChildren(eq(TrustStore.class))).thenReturn(Collections.singletonList(_trustStore)); + - _configuration.put(SimpleLDAPAuthenticationManagerFactory.ATTRIBUTE_TYPE, SimpleLDAPAuthenticationManagerFactory.PROVIDER_TYPE); + _configuration.put(AuthenticationProvider.TYPE, SimpleLDAPAuthenticationManagerFactory.PROVIDER_TYPE); _configuration.put("providerUrl", "ldaps://example.com:636/"); _configuration.put("searchContext", "dc=example"); _configuration.put("trustStore", "mytruststore"); - AuthenticationManager manager = _factory.createInstance(_broker, _configuration); + AuthenticationManager manager = _factory.createInstance(_broker, _configuration, false); assertNotNull(manager); } public void testLdapsWhenTrustStoreNotFound() throws Exception { - when(_broker.findTrustStoreByName("notfound")).thenReturn(null); + when(_broker.getChildren(eq(TrustStore.class))).thenReturn(Collections.singletonList(_trustStore)); - _configuration.put(SimpleLDAPAuthenticationManagerFactory.ATTRIBUTE_TYPE, SimpleLDAPAuthenticationManagerFactory.PROVIDER_TYPE); + _configuration.put(AuthenticationProvider.TYPE, SimpleLDAPAuthenticationManagerFactory.PROVIDER_TYPE); _configuration.put("providerUrl", "ldaps://example.com:636/"); _configuration.put("searchContext", "dc=example"); _configuration.put("trustStore", "notfound"); try { - _factory.createInstance(_broker, _configuration); + _factory.createInstance(_broker, _configuration, false); fail("Exception not thrown"); } - catch(IllegalConfigurationException e) + catch(IllegalArgumentException e) { - assertEquals("Can't find truststore with name 'notfound'", e.getMessage()); + assertEquals("Cannot find a TrustStore with name 'notfound'", e.getMessage()); } } public void testReturnsNullWhenNoConfig() throws Exception { - AuthenticationManager manager = _factory.createInstance(_broker, _configuration); + AuthenticationManager manager = _factory.createInstance(_broker, _configuration, false); assertNull(manager); } } diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java b/qpid/java/systests/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java index 6cc4ec17c7..e076415146 100644 --- a/qpid/java/systests/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java +++ b/qpid/java/systests/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java @@ -45,7 +45,6 @@ import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.model.Port; import org.apache.qpid.server.model.Transport; import org.apache.qpid.server.model.TrustStore; -import org.apache.qpid.server.plugin.AuthenticationManagerFactory; import org.apache.qpid.test.utils.JMXTestUtils; import org.apache.qpid.test.utils.QpidBrokerTestCase; import org.apache.qpid.test.utils.TestBrokerConfiguration; @@ -349,7 +348,7 @@ public class ExternalAuthenticationTest extends QpidBrokerTestCase Map<String, Object> externalAuthProviderAttributes = new HashMap<String, Object>(); externalAuthProviderAttributes.put(AuthenticationProvider.NAME, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER); - externalAuthProviderAttributes.put(AuthenticationManagerFactory.ATTRIBUTE_TYPE, ExternalAuthenticationManagerFactory.PROVIDER_TYPE); + externalAuthProviderAttributes.put(AuthenticationProvider.TYPE, ExternalAuthenticationManagerFactory.PROVIDER_TYPE); config.addAuthenticationProviderConfiguration(externalAuthProviderAttributes); config.setObjectAttribute(TestBrokerConfiguration.ENTRY_NAME_SSL_PORT, Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER); diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/server/security/auth/manager/MultipleAuthenticationManagersTest.java b/qpid/java/systests/src/main/java/org/apache/qpid/server/security/auth/manager/MultipleAuthenticationManagersTest.java index 44057025ba..e70897c68e 100644 --- a/qpid/java/systests/src/main/java/org/apache/qpid/server/security/auth/manager/MultipleAuthenticationManagersTest.java +++ b/qpid/java/systests/src/main/java/org/apache/qpid/server/security/auth/manager/MultipleAuthenticationManagersTest.java @@ -36,7 +36,6 @@ import org.apache.qpid.client.AMQConnection; import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.model.Port; import org.apache.qpid.server.model.Transport; -import org.apache.qpid.server.plugin.AuthenticationManagerFactory; import org.apache.qpid.test.utils.QpidBrokerTestCase; import org.apache.qpid.test.utils.TestBrokerConfiguration; @@ -48,7 +47,7 @@ public class MultipleAuthenticationManagersTest extends QpidBrokerTestCase TestBrokerConfiguration config = getBrokerConfiguration(); Map<String, Object> externalAuthProviderAttributes = new HashMap<String, Object>(); - externalAuthProviderAttributes.put(AuthenticationManagerFactory.ATTRIBUTE_TYPE, AnonymousAuthenticationManagerFactory.PROVIDER_TYPE); + externalAuthProviderAttributes.put(AuthenticationProvider.TYPE, AnonymousAuthenticationManagerFactory.PROVIDER_TYPE); externalAuthProviderAttributes.put(AuthenticationProvider.NAME, TestBrokerConfiguration.ENTRY_NAME_ANONYMOUS_PROVIDER); config.addAuthenticationProviderConfiguration(externalAuthProviderAttributes); diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/systest/management/jmx/UserManagementTest.java b/qpid/java/systests/src/main/java/org/apache/qpid/systest/management/jmx/UserManagementTest.java index 9ab88f8bbf..db1e6f6617 100644 --- a/qpid/java/systests/src/main/java/org/apache/qpid/systest/management/jmx/UserManagementTest.java +++ b/qpid/java/systests/src/main/java/org/apache/qpid/systest/management/jmx/UserManagementTest.java @@ -30,8 +30,7 @@ import javax.jms.Connection; import javax.jms.JMSException; import org.apache.qpid.management.common.mbeans.UserManagement; -import org.apache.qpid.server.plugin.AuthenticationManagerFactory; -import org.apache.qpid.server.security.auth.manager.AbstractPrincipalDatabaseAuthManagerFactory; +import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.security.auth.manager.PlainPasswordFileAuthenticationManagerFactory; import org.apache.qpid.test.utils.JMXTestUtils; import org.apache.qpid.test.utils.QpidBrokerTestCase; @@ -58,8 +57,8 @@ public class UserManagementTest extends QpidBrokerTestCase _passwordFile = createTemporaryPasswordFileWithJmxAdminUser(); Map<String, Object> newAttributes = new HashMap<String, Object>(); - newAttributes.put(AuthenticationManagerFactory.ATTRIBUTE_TYPE, getAuthenticationManagerType()); - newAttributes.put(AbstractPrincipalDatabaseAuthManagerFactory.ATTRIBUTE_PATH, _passwordFile.getAbsolutePath()); + newAttributes.put(AuthenticationProvider.TYPE, getAuthenticationManagerType()); + newAttributes.put("path", _passwordFile.getAbsolutePath()); getBrokerConfiguration().setObjectAttributes(TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER, newAttributes); getBrokerConfiguration().addJmxManagementConfiguration(); diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/AnonymousAccessRestTest.java b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/AnonymousAccessRestTest.java index fa435eecc8..d227460e6a 100644 --- a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/AnonymousAccessRestTest.java +++ b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/AnonymousAccessRestTest.java @@ -29,7 +29,6 @@ import org.apache.qpid.server.management.plugin.HttpManagement; import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.model.Broker; import org.apache.qpid.server.model.Port; -import org.apache.qpid.server.plugin.AuthenticationManagerFactory; import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManagerFactory; import org.apache.qpid.test.utils.TestBrokerConfiguration; @@ -53,7 +52,7 @@ public class AnonymousAccessRestTest extends QpidRestTestCase TestBrokerConfiguration config = getBrokerConfiguration(); Map<String, Object> anonymousAuthProviderAttributes = new HashMap<String, Object>(); - anonymousAuthProviderAttributes.put(AuthenticationManagerFactory.ATTRIBUTE_TYPE, AnonymousAuthenticationManagerFactory.PROVIDER_TYPE); + anonymousAuthProviderAttributes.put(AuthenticationProvider.TYPE, AnonymousAuthenticationManagerFactory.PROVIDER_TYPE); anonymousAuthProviderAttributes.put(AuthenticationProvider.NAME, TestBrokerConfiguration.ENTRY_NAME_ANONYMOUS_PROVIDER); config.addAuthenticationProviderConfiguration(anonymousAuthProviderAttributes); diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/PortRestTest.java b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/PortRestTest.java index 81273589ea..e80c1df41a 100644 --- a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/PortRestTest.java +++ b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/PortRestTest.java @@ -35,7 +35,6 @@ import org.apache.qpid.server.model.Port; import org.apache.qpid.server.model.Protocol; import org.apache.qpid.server.model.State; import org.apache.qpid.server.model.Transport; -import org.apache.qpid.server.plugin.AuthenticationManagerFactory; import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManagerFactory; import org.apache.qpid.test.utils.TestBrokerConfiguration; @@ -153,7 +152,7 @@ public class PortRestTest extends QpidRestTestCase Asserts.assertPortAttributes(port); Map<String, Object> authProviderAttributes = new HashMap<String, Object>(); - authProviderAttributes.put(AuthenticationManagerFactory.ATTRIBUTE_TYPE, AnonymousAuthenticationManagerFactory.PROVIDER_TYPE); + authProviderAttributes.put(AuthenticationProvider.TYPE, AnonymousAuthenticationManagerFactory.PROVIDER_TYPE); authProviderAttributes.put(AuthenticationProvider.NAME, TestBrokerConfiguration.ENTRY_NAME_ANONYMOUS_PROVIDER); responseCode = getRestTestHelper().submitRequest("/rest/authenticationprovider/" + TestBrokerConfiguration.ENTRY_NAME_ANONYMOUS_PROVIDER, "PUT", authProviderAttributes); diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/PreferencesProviderRestTest.java b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/PreferencesProviderRestTest.java index 94b088dbaf..85a50c4ce8 100644 --- a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/PreferencesProviderRestTest.java +++ b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/PreferencesProviderRestTest.java @@ -35,7 +35,6 @@ import org.apache.qpid.server.model.PreferencesProvider; import org.apache.qpid.server.model.State; import org.apache.qpid.server.model.adapter.AbstractConfiguredObject; import org.apache.qpid.server.model.adapter.FileSystemPreferencesProvider; -import org.apache.qpid.server.plugin.AuthenticationManagerFactory; import org.apache.qpid.server.security.auth.manager.PlainPasswordFileAuthenticationManagerFactory; import org.apache.qpid.test.utils.TestBrokerConfiguration; import org.apache.qpid.test.utils.TestFileUtils; @@ -76,7 +75,7 @@ public class PreferencesProviderRestTest extends QpidRestTestCase { super.customizeConfiguration(); Map<String, Object> anonymousAuthProviderAttributes = new HashMap<String, Object>(); - anonymousAuthProviderAttributes.put(AuthenticationManagerFactory.ATTRIBUTE_TYPE, PlainPasswordFileAuthenticationManagerFactory.PROVIDER_TYPE); + anonymousAuthProviderAttributes.put(AuthenticationProvider.TYPE, PlainPasswordFileAuthenticationManagerFactory.PROVIDER_TYPE); anonymousAuthProviderAttributes.put(AuthenticationProvider.NAME, TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER + "-2"); anonymousAuthProviderAttributes.put(PlainPasswordFileAuthenticationManagerFactory.ATTRIBUTE_PATH, _authenticationProviderFile.getAbsolutePath()); getBrokerConfiguration().addAuthenticationProviderConfiguration(anonymousAuthProviderAttributes); diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java index 810b70a2ba..ef87457925 100644 --- a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java +++ b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java @@ -55,7 +55,6 @@ import org.apache.commons.codec.binary.Base64; import org.apache.commons.configuration.ConfigurationException; import org.apache.log4j.Logger; import org.apache.qpid.server.BrokerOptions; -import org.apache.qpid.server.security.auth.manager.AbstractPrincipalDatabaseAuthManagerFactory; import org.apache.qpid.ssl.SSLContextFactory; import org.apache.qpid.test.utils.QpidBrokerTestCase; import org.apache.qpid.test.utils.TestBrokerConfiguration; @@ -443,7 +442,7 @@ public class RestTestHelper _passwdFile = createTemporaryPasswdFile(users); testCase.getBrokerConfiguration().setObjectAttribute(TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER, - AbstractPrincipalDatabaseAuthManagerFactory.ATTRIBUTE_PATH, _passwdFile.getAbsolutePath()); + "path", _passwdFile.getAbsolutePath()); } public void tearDown() diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/SaslRestTest.java b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/SaslRestTest.java index 61f4a1a8e2..590858fbf5 100644 --- a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/SaslRestTest.java +++ b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/SaslRestTest.java @@ -36,8 +36,7 @@ import java.util.Map; import org.apache.commons.codec.binary.Base64; import org.apache.commons.configuration.ConfigurationException; -import org.apache.qpid.server.plugin.AuthenticationManagerFactory; -import org.apache.qpid.server.security.auth.manager.AbstractPrincipalDatabaseAuthManagerFactory; +import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.security.auth.manager.Base64MD5PasswordFileAuthenticationManagerFactory; import org.apache.qpid.test.utils.TestBrokerConfiguration; import org.apache.qpid.tools.security.Passwd; @@ -378,8 +377,8 @@ public class SaslRestTest extends QpidRestTestCase // configure broker to use Base64MD5PasswordFilePrincipalDatabase Map<String, Object> newAttributes = new HashMap<String, Object>(); - newAttributes.put(AbstractPrincipalDatabaseAuthManagerFactory.ATTRIBUTE_PATH, passwordFile.getAbsolutePath()); - newAttributes.put(AuthenticationManagerFactory.ATTRIBUTE_TYPE, Base64MD5PasswordFileAuthenticationManagerFactory.PROVIDER_TYPE); + newAttributes.put("path", passwordFile.getAbsolutePath()); + newAttributes.put(AuthenticationProvider.TYPE, Base64MD5PasswordFileAuthenticationManagerFactory.PROVIDER_TYPE); getBrokerConfiguration().setObjectAttributes(TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER, newAttributes); } } |