Author: dejanb
Date: Mon Mar 25 17:08:58 2013
New Revision: 1460766
URL: http://svn.apache.org/r1460766
Log:
https://issues.apache.org/jira/browse/AMQ-3883 - refactoring to make
authoriation module with arbitrary group class configuration easier
Added:
activemq/trunk/activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationEntry.java
activemq/trunk/activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationMap.java
Modified:
activemq/trunk/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationEntry.java
activemq/trunk/activemq-broker/src/main/java/org/apache/activemq/security/DefaultAuthorizationMap.java
activemq/trunk/activemq-karaf-itest/src/test/resources/org/apache/activemq/karaf/itest/activemq.xml
Modified:
activemq/trunk/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationEntry.java
URL:
http://svn.apache.org/viewvc/activemq/trunk/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationEntry.java?rev=1460766&r1=1460765&r2=1460766&view=diff
==============================================================================
---
activemq/trunk/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationEntry.java
(original)
+++
activemq/trunk/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationEntry.java
Mon Mar 25 17:08:58 2013
@@ -16,23 +16,17 @@
*/
package org.apache.activemq.security;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Method;
+import org.apache.activemq.filter.DestinationMapEntry;
+
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.StringTokenizer;
-import javax.annotation.PostConstruct;
-import org.apache.activemq.filter.DestinationMapEntry;
-
/**
* Represents an entry in a {@link DefaultAuthorizationMap} for assigning
* different operations (read, write, admin) of user roles to a specific
* destination or a hierarchical wildcard area of destinations.
- *
- * @org.apache.xbean.XBean
- *
*/
@SuppressWarnings("rawtypes")
public class AuthorizationEntry extends DestinationMapEntry {
@@ -41,11 +35,11 @@ public class AuthorizationEntry extends
private Set<Object> writeACLs = emptySet();
private Set<Object> adminACLs = emptySet();
- private String adminRoles;
- private String readRoles;
- private String writeRoles;
+ protected String adminRoles;
+ protected String readRoles;
+ protected String writeRoles;
- private String groupClass = "org.apache.activemq.jaas.GroupPrincipal";
+ private String groupClass;
public String getGroupClass() {
return groupClass;
@@ -112,29 +106,9 @@ public class AuthorizationEntry extends
StringTokenizer iter = new StringTokenizer(roles, ",");
while (iter.hasMoreTokens()) {
String name = iter.nextToken().trim();
- DefaultAuthorizationMap.createGroupPrincipal(name,
getGroupClass());
+ String groupClass = (this.groupClass != null ? this.groupClass :
DefaultAuthorizationMap.DEFAULT_GROUP_CLASS);
+ answer.add(DefaultAuthorizationMap.createGroupPrincipal(name,
groupClass));
}
return answer;
}
-
- /**
- *
- * @org.apache.xbean.InitMethod
- */
- @PostConstruct
- public void afterPropertiesSet() throws Exception {
-
- if (adminRoles != null) {
- setAdminACLs(parseACLs(adminRoles));
- }
-
- if (writeRoles != null) {
- setWriteACLs(parseACLs(writeRoles));
- }
-
- if (readRoles != null) {
- setReadACLs(parseACLs(readRoles));
- }
-
- }
}
Modified:
activemq/trunk/activemq-broker/src/main/java/org/apache/activemq/security/DefaultAuthorizationMap.java
URL:
http://svn.apache.org/viewvc/activemq/trunk/activemq-broker/src/main/java/org/apache/activemq/security/DefaultAuthorizationMap.java?rev=1460766&r1=1460765&r2=1460766&view=diff
==============================================================================
---
activemq/trunk/activemq-broker/src/main/java/org/apache/activemq/security/DefaultAuthorizationMap.java
(original)
+++
activemq/trunk/activemq-broker/src/main/java/org/apache/activemq/security/DefaultAuthorizationMap.java
Mon Mar 25 17:08:58 2013
@@ -16,6 +16,10 @@
*/
package org.apache.activemq.security;
+import org.apache.activemq.command.ActiveMQDestination;
+import org.apache.activemq.filter.DestinationMap;
+import org.apache.activemq.filter.DestinationMapEntry;
+
import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
import java.util.HashSet;
@@ -23,26 +27,23 @@ import java.util.Iterator;
import java.util.List;
import java.util.Set;
-import org.apache.activemq.command.ActiveMQDestination;
-import org.apache.activemq.filter.DestinationMap;
-import org.apache.activemq.filter.DestinationMapEntry;
-
/**
* Represents a destination based configuration of policies so that individual
* destinations or wildcard hierarchies of destinations can be configured using
* different policies. Each entry in the map represents the authorization ACLs
* for each operation.
*
- * @org.apache.xbean.XBean element="authorizationMap"
*
*/
public class DefaultAuthorizationMap extends DestinationMap implements
AuthorizationMap {
+ public static final String DEFAULT_GROUP_CLASS =
"org.apache.activemq.jaas.GroupPrincipal";
+
private AuthorizationEntry defaultEntry;
private TempDestinationAuthorizationEntry
tempDestinationAuthorizationEntry;
- private String groupClass = "org.apache.activemq.jaas.GroupPrincipal";
+ protected String groupClass = DEFAULT_GROUP_CLASS;
public DefaultAuthorizationMap() {
}
@@ -160,8 +161,6 @@ public class DefaultAuthorizationMap ext
/**
* Sets the individual entries on the authorization map
- *
- * @org.apache.xbean.ElementType
class="org.apache.activemq.security.AuthorizationEntry"
*/
@SuppressWarnings("rawtypes")
public void setAuthorizationEntries(List<DestinationMapEntry> entries) {
Modified:
activemq/trunk/activemq-karaf-itest/src/test/resources/org/apache/activemq/karaf/itest/activemq.xml
URL:
http://svn.apache.org/viewvc/activemq/trunk/activemq-karaf-itest/src/test/resources/org/apache/activemq/karaf/itest/activemq.xml?rev=1460766&r1=1460765&r2=1460766&view=diff
==============================================================================
---
activemq/trunk/activemq-karaf-itest/src/test/resources/org/apache/activemq/karaf/itest/activemq.xml
(original)
+++
activemq/trunk/activemq-karaf-itest/src/test/resources/org/apache/activemq/karaf/itest/activemq.xml
Mon Mar 25 17:08:58 2013
@@ -54,6 +54,17 @@
<plugins>
<jaasAuthenticationPlugin configuration="karaf" />
+ <authorizationPlugin>
+ <map>
+ <authorizationMap
groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal">
+ <authorizationEntries>
+ <authorizationEntry queue=">" read="admin" write="admin"
admin="admin"/>
+ <authorizationEntry topic=">" read="admin" write="admin"
admin="admin"/>
+ <authorizationEntry topic="ActiveMQ.Advisory.>"
read="admin" write="admin" admin="admin"/>
+ </authorizationEntries>
+ </authorizationMap>
+ </map>
+ </authorizationPlugin>
</plugins>
<systemUsage>
Added:
activemq/trunk/activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationEntry.java
URL:
http://svn.apache.org/viewvc/activemq/trunk/activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationEntry.java?rev=1460766&view=auto
==============================================================================
---
activemq/trunk/activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationEntry.java
(added)
+++
activemq/trunk/activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationEntry.java
Mon Mar 25 17:08:58 2013
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.security;
+
+import org.springframework.beans.factory.InitializingBean;
+
+import javax.annotation.PostConstruct;
+
+/**
+ * Represents an entry in a {@link DefaultAuthorizationMap} for assigning
+ * different operations (read, write, admin) of user roles to a specific
+ * destination or a hierarchical wildcard area of destinations.
+ *
+ * @org.apache.xbean.XBean element="authorizationEntry"
+ *
+ */
+public class XBeanAuthorizationEntry extends AuthorizationEntry implements
InitializingBean {
+
+ @Override
+ public void setAdmin(String roles) throws Exception {
+ adminRoles = roles;
+ }
+
+ @Override
+ public void setRead(String roles) throws Exception {
+ readRoles = roles;
+ }
+
+ @Override
+ public void setWrite(String roles) throws Exception {
+ writeRoles = roles;
+ }
+
+ /**
+ *
+ * @org.apache.xbean.InitMethod
+ */
+ @PostConstruct
+ public void afterPropertiesSet() throws Exception {
+
+ if (adminRoles != null) {
+ setAdminACLs(parseACLs(adminRoles));
+ }
+
+ if (writeRoles != null) {
+ setWriteACLs(parseACLs(writeRoles));
+ }
+
+ if (readRoles != null) {
+ setReadACLs(parseACLs(readRoles));
+ }
+ }
+
+}
Added:
activemq/trunk/activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationMap.java
URL:
http://svn.apache.org/viewvc/activemq/trunk/activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationMap.java?rev=1460766&view=auto
==============================================================================
---
activemq/trunk/activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationMap.java
(added)
+++
activemq/trunk/activemq-spring/src/main/java/org/apache/activemq/security/XBeanAuthorizationMap.java
Mon Mar 25 17:08:58 2013
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.security;
+
+import org.apache.activemq.filter.DestinationMapEntry;
+import org.springframework.beans.factory.InitializingBean;
+
+import javax.annotation.PostConstruct;
+import java.util.List;
+
+
+/**
+ * @org.apache.xbean.XBean element="authorizationMap"
+ */
+public class XBeanAuthorizationMap extends DefaultAuthorizationMap implements
InitializingBean {
+
+ protected List<DestinationMapEntry> authorizationEntries;
+
+ /**
+ *
+ * @org.apache.xbean.InitMethod
+ */
+ @PostConstruct
+ public void afterPropertiesSet() throws Exception {
+ for (DestinationMapEntry entry : authorizationEntries) {
+ if (((XBeanAuthorizationEntry)entry).getGroupClass() == null) {
+ ((XBeanAuthorizationEntry)entry).setGroupClass(groupClass);
+ }
+ ((XBeanAuthorizationEntry)entry).afterPropertiesSet();
+ }
+ super.setEntries(authorizationEntries);
+ }
+
+ /**
+ * Sets the individual entries on the authorization map
+ *
+ * @org.apache.xbean.ElementType
class="org.apache.activemq.security.AuthorizationEntry"
+ */
+ @SuppressWarnings("rawtypes")
+ public void setAuthorizationEntries(List<DestinationMapEntry> entries) {
+ this.authorizationEntries = entries;
+ }
+
+}
