From 3ea98f8556773b4880da89142714ffa472da57c5 Mon Sep 17 00:00:00 2001
From: Robert Godfrey <rgodfrey@apache.org>
Date: Wed, 23 Jul 2014 12:14:45 +0000
Subject: QPID-5917 : deleting a user from a SCRAM-* auth provider causes the
 auth provider to deregister

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1612824 13f79535-47bb-0310-9956-ffa450edef68
---
 .../AbstractScramAuthenticationManager.java        | 11 ++--------
 .../security/auth/manager/ScramAuthUser.java       | 24 +++++++++++++---------
 2 files changed, 16 insertions(+), 19 deletions(-)

(limited to 'qpid/java')

diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java
index f08c37008a..76afad2f12 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java
@@ -45,7 +45,6 @@ import org.apache.qpid.server.configuration.updater.VoidTaskWithException;
 import org.apache.qpid.server.model.Broker;
 import org.apache.qpid.server.model.ConfiguredObject;
 import org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider;
-import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.User;
 import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.security.auth.AuthenticationResult;
@@ -56,7 +55,6 @@ public abstract class AbstractScramAuthenticationManager<X extends AbstractScram
         extends AbstractAuthenticationManager<X>
         implements PasswordCredentialManagingAuthenticationProvider<X>
 {
-    public static final String SCRAM_USER_TYPE = "scram";
 
     static final Charset ASCII = Charset.forName("ASCII");
     private final SecureRandom _random = new SecureRandom();
@@ -257,7 +255,7 @@ public abstract class AbstractScramAuthenticationManager<X extends AbstractScram
                     userAttrs.put(User.ID, UUID.randomUUID());
                     userAttrs.put(User.NAME, username);
                     userAttrs.put(User.PASSWORD, createStoredPassword(password));
-                    userAttrs.put(User.TYPE, SCRAM_USER_TYPE);
+                    userAttrs.put(User.TYPE, ScramAuthUser.SCRAM_USER_TYPE);
                     ScramAuthUser user = new ScramAuthUser(userAttrs, AbstractScramAuthenticationManager.this);
                     user.create();
 
@@ -287,7 +285,7 @@ public abstract class AbstractScramAuthenticationManager<X extends AbstractScram
                 final ScramAuthUser authUser = getUser(user);
                 if(authUser != null)
                 {
-                    authUser.setState(State.DELETED);
+                    authUser.delete();
                 }
                 else
                 {
@@ -384,11 +382,6 @@ public abstract class AbstractScramAuthenticationManager<X extends AbstractScram
         return super.addChild(childClass, attributes, otherParents);
     }
 
-    void doDeleted()
-    {
-        deleted();
-    }
-
     Map<String, ScramAuthUser> getUserMap()
     {
         return _users;
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramAuthUser.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramAuthUser.java
index 9a2d27f512..f28b46d1dd 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramAuthUser.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ScramAuthUser.java
@@ -37,12 +37,14 @@ import org.apache.qpid.server.model.ManagedObject;
 import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
 import org.apache.qpid.server.model.PreferencesProvider;
 import org.apache.qpid.server.model.State;
+import org.apache.qpid.server.model.StateTransition;
 import org.apache.qpid.server.model.User;
 import org.apache.qpid.server.security.access.Operation;
 
-@ManagedObject( category = false, type = "scram")
+@ManagedObject( category = false, type = ScramAuthUser.SCRAM_USER_TYPE)
 class ScramAuthUser extends AbstractConfiguredObject<ScramAuthUser> implements User<ScramAuthUser>
 {
+    public static final String SCRAM_USER_TYPE = "scram";
 
     private AbstractScramAuthenticationManager _authenticationManager;
     @ManagedAttributeField
@@ -86,23 +88,25 @@ class ScramAuthUser extends AbstractConfiguredObject<ScramAuthUser> implements U
             throw new IllegalArgumentException(getClass().getSimpleName() + " must be durable");
         }
     }
+
     @Override
-    protected boolean setState(final State desiredState)
+    protected void authoriseSetDesiredState(final State desiredState) throws AccessControlException
     {
         if(desiredState == State.DELETED)
         {
             _authenticationManager.getSecurityManager().authoriseUserOperation(Operation.DELETE, getName());
-            _authenticationManager.getUserMap().remove(getName());
-            _authenticationManager.doDeleted();
-            deleted();
-            return true;
-        }
-        else
-        {
-            return false;
         }
+
     }
 
+    @StateTransition(currentState = {State.ACTIVE}, desiredState = State.DELETED)
+    private void doDelete()
+    {
+        _authenticationManager.getUserMap().remove(getName());
+        deleted();
+    }
+
+
     @Override
     public void setAttributes(final Map<String, Object> attributes)
             throws IllegalStateException, AccessControlException, IllegalArgumentException
-- 
cgit v1.2.1