Author: kwall
Date: Wed Jun 27 11:21:16 2012
New Revision: 1354429
URL: http://svn.apache.org/viewvc?rev=1354429&view=rev
Log:
NO-JIRA: Implement reload principal data. Also implement system tests for JMX
UserManagement against both plain and MD-5 digested passwords principal
databases.
Added:
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/test/java/org/apache/qpid/systest/
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/test/java/org/apache/qpid/systest/management/
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/test/java/org/apache/qpid/systest/management/jmx/
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/test/java/org/apache/qpid/systest/management/jmx/UserManagementTest.java
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/test/java/org/apache/qpid/systest/management/jmx/UserManagementWithBase64MD5PasswordsTest.java
- copied, changed from r1354023,
qpid/branches/java-config-and-management/qpid/java/broker/src/main/java/org/apache/qpid/server/model/PasswordCredentialManagingAuthenticationProvider.java
Modified:
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/build.xml
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/main/java/org/apache/qpid/server/jmx/mbeans/UserManagementMBean.java
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/test/java/org/apache/qpid/server/jmx/mbeans/UserManagementMBeanTest.java
qpid/branches/java-config-and-management/qpid/java/broker/etc/log4j.xml
qpid/branches/java-config-and-management/qpid/java/broker/src/main/java/org/apache/qpid/server/model/PasswordCredentialManagingAuthenticationProvider.java
qpid/branches/java-config-and-management/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderAdapter.java
qpid/branches/java-config-and-management/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/AbstractPasswordFilePrincipalDatabase.java
qpid/branches/java-config-and-management/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/JMXTestUtils.java
qpid/branches/java-config-and-management/qpid/java/test-profiles/CPPExcludes
qpid/branches/java-config-and-management/qpid/java/test-profiles/Excludes
qpid/branches/java-config-and-management/qpid/java/test-profiles/Java010Excludes
Modified:
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/build.xml
URL:
http://svn.apache.org/viewvc/qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/build.xml?rev=1354429&r1=1354428&r2=1354429&view=diff
==============================================================================
---
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/build.xml
(original)
+++
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/build.xml
Wed Jun 27 11:21:16 2012
@@ -18,7 +18,7 @@
-->
<project name="Qpid Broker-Plugins JMX" default="build">
<property name="module.depends" value="common broker broker-plugins
broker-plugins-jmx management/common" />
- <property name="module.test.depends" value="test broker/test common/test
management/common" />
+ <property name="module.test.depends" value="systests test broker/test
common/test management/common client" />
<property name="module.manifest" value="MANIFEST.MF" />
<property name="module.plugin" value="true" />
Modified:
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/main/java/org/apache/qpid/server/jmx/mbeans/UserManagementMBean.java
URL:
http://svn.apache.org/viewvc/qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/main/java/org/apache/qpid/server/jmx/mbeans/UserManagementMBean.java?rev=1354429&r1=1354428&r2=1354429&view=diff
==============================================================================
---
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/main/java/org/apache/qpid/server/jmx/mbeans/UserManagementMBean.java
(original)
+++
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/main/java/org/apache/qpid/server/jmx/mbeans/UserManagementMBean.java
Wed Jun 27 11:21:16 2012
@@ -24,7 +24,6 @@ import org.apache.log4j.Logger;
import org.apache.qpid.management.common.mbeans.UserManagement;
import org.apache.qpid.management.common.mbeans.annotations.MBeanDescription;
-import org.apache.qpid.management.common.mbeans.annotations.MBeanOperation;
import org.apache.qpid.server.jmx.AMQManagedObject;
import org.apache.qpid.server.jmx.ManagedObject;
import org.apache.qpid.server.jmx.ManagedObjectRegistry;
@@ -42,6 +41,7 @@ import javax.management.openmbean.Tabula
import javax.management.openmbean.TabularType;
import javax.security.auth.login.AccountNotFoundException;
+import java.io.IOException;
import java.util.Map;
@MBeanDescription("User Management Interface")
@@ -131,12 +131,19 @@ public class UserManagementMBean extends
@Override
public boolean reloadData()
{
- //TODO - implement? deprecate?
- throw new UnsupportedOperationException("The reload functionality is
not currently supported");
+ try
+ {
+ _authProvider.reload();
+ return true;
+ }
+ catch (IOException e)
+ {
+ _logger.error("Unable to reload user data", e);
+ return false;
+ }
}
@Override
- @MBeanOperation(name = "viewUsers", description = "All users that are
currently available to the system.")
public TabularData viewUsers()
{
Map<String, Map<String, String>> users = _authProvider.getUsers();
Modified:
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/test/java/org/apache/qpid/server/jmx/mbeans/UserManagementMBeanTest.java
URL:
http://svn.apache.org/viewvc/qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/test/java/org/apache/qpid/server/jmx/mbeans/UserManagementMBeanTest.java?rev=1354429&r1=1354428&r2=1354429&view=diff
==============================================================================
---
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/test/java/org/apache/qpid/server/jmx/mbeans/UserManagementMBeanTest.java
(original)
+++
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/test/java/org/apache/qpid/server/jmx/mbeans/UserManagementMBeanTest.java
Wed Jun 27 11:21:16 2012
@@ -21,35 +21,30 @@
package org.apache.qpid.server.jmx.mbeans;
-import java.io.BufferedWriter;
-import java.io.File;
-import java.io.FileWriter;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
import java.io.IOException;
+import java.util.Collections;
+import java.util.Map;
import javax.management.openmbean.CompositeData;
import javax.management.openmbean.TabularData;
+import javax.security.auth.login.AccountNotFoundException;
+
+import junit.framework.TestCase;
-import org.apache.commons.configuration.CompositeConfiguration;
-import org.apache.commons.configuration.XMLConfiguration;
import org.apache.qpid.management.common.mbeans.UserManagement;
-import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
-import org.apache.qpid.server.jmx.NoopManagedObjectRegistry;
+import org.apache.qpid.server.jmx.ManagedObjectRegistry;
import
org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider;
-import org.apache.qpid.server.model.adapter.AuthenticationProviderAdapter;
-import
org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase;
-import
org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager;
-import org.apache.qpid.server.util.InternalBrokerBaseCase;
-
-/**
- * Tests the UserManagementMBean and its interaction with the
PasswordCredentialManagingAuthenticationProvider.
- */
-public class UserManagementMBeanTest extends InternalBrokerBaseCase
+
+public class UserManagementMBeanTest extends TestCase
{
- private UserManagementMBean _umMBean;
-
- private File _passwordFile;
- private PrincipalDatabaseAuthenticationManager _authManager;
- private AuthenticationProviderAdapter<?> _authProvider;
+ private UserManagementMBean _userManagement;
+ private ManagedObjectRegistry _mockRegistry;
+ private PasswordCredentialManagingAuthenticationProvider _mockProvider;
private static final String TEST_USERNAME = "testuser";
private static final String TEST_PASSWORD = "password";
@@ -59,74 +54,92 @@ public class UserManagementMBeanTest ext
{
super.setUp();
- _passwordFile =
File.createTempFile(this.getClass().getName(),".password");
-
- createFreshTestPasswordFile();
-
- ConfigurationPlugin config =
getConfig(PlainPasswordFilePrincipalDatabase.class.getName(), "passwordFile",
_passwordFile.getAbsolutePath());
- _authManager =
PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(config);
- _authProvider =
AuthenticationProviderAdapter.createAuthenticationProviderAdapter(null,
_authManager);
- _umMBean = new
UserManagementMBean((PasswordCredentialManagingAuthenticationProvider)
_authProvider, new NoopManagedObjectRegistry());
+ _mockProvider =
mock(PasswordCredentialManagingAuthenticationProvider.class);
+ _mockRegistry = mock(ManagedObjectRegistry.class);
+ _userManagement = new UserManagementMBean(_mockProvider,
_mockRegistry);
}
- @Override
- public void tearDown() throws Exception
+ public void testMBeanRegistersItself() throws Exception
{
- try
- {
- super.tearDown();
- }
- finally
- {
- //clean up test password files
- File _oldPasswordFile = new File(_passwordFile.getAbsolutePath() +
".old");
- _oldPasswordFile.delete();
- _passwordFile.delete();
- }
+ UserManagementMBean userManagementMBean = new
UserManagementMBean(_mockProvider, _mockRegistry);
+ verify(_mockRegistry).registerObject(userManagementMBean);
}
- public void testDeleteUser()
+ public void testDeleteUser() throws Exception
{
- assertEquals("Unexpected number of users before test",
1,_umMBean.viewUsers().size());
- assertTrue("Delete should return true to flag successful delete",
_umMBean.deleteUser(TEST_USERNAME));
- assertEquals("Unexpected number of users after test",
0,_umMBean.viewUsers().size());
+ boolean deleteSuccess = _userManagement.deleteUser(TEST_USERNAME);
+ assertTrue("Expected successful delete", deleteSuccess);
+
+ verify(_mockProvider).deleteUser(TEST_USERNAME);
}
- public void testDeleteUserWhereUserDoesNotExist()
+ public void testDeleteUserWhereUserDoesNotExist() throws Exception
{
- assertEquals("Unexpected number of users before test",
1,_umMBean.viewUsers().size());
- assertFalse("Delete should return false to flag unsuccessful delete",
_umMBean.deleteUser("made.up.username"));
- assertEquals("Unexpected number of users after test",
1,_umMBean.viewUsers().size());
+
doThrow(AccountNotFoundException.class).when(_mockProvider).deleteUser(TEST_USERNAME);
+ boolean deleteSuccess = _userManagement.deleteUser(TEST_USERNAME);
+ assertFalse("Expected unsuccessful delete", deleteSuccess);
}
- public void testCreateUser()
+ public void testCreateUser() throws Exception
{
- assertEquals("Unexpected number of users before test",
1,_umMBean.viewUsers().size());
- assertTrue("Create should return true to flag successful create",
_umMBean.createUser("newuser", "mypass"));
- assertEquals("Unexpected number of users before test",
2,_umMBean.viewUsers().size());
+ when(_mockProvider.createUser(TEST_USERNAME, TEST_PASSWORD,
null)).thenReturn(true);
+
+ boolean createSuccess = _userManagement.createUser(TEST_USERNAME,
TEST_PASSWORD);
+ assertTrue(createSuccess);
}
public void testCreateUserWhereUserAlreadyExists()
{
- assertEquals("Unexpected number of users before test",
1,_umMBean.viewUsers().size());
- assertFalse("Create should return false to flag unsuccessful create",
_umMBean.createUser(TEST_USERNAME, "mypass"));
- assertEquals("Unexpected number of users before test",
1,_umMBean.viewUsers().size());
+ when(_mockProvider.createUser(TEST_USERNAME, TEST_PASSWORD,
null)).thenReturn(false);
+
+ boolean createSuccess = _userManagement.createUser(TEST_USERNAME,
TEST_PASSWORD);
+ assertFalse(createSuccess);
}
- public void testSetPassword()
+ public void testSetPassword() throws Exception
{
- assertTrue("Set password should return true to flag successful
change", _umMBean.setPassword(TEST_USERNAME, "newpassword"));
+ boolean setPasswordSuccess =
_userManagement.setPassword(TEST_USERNAME, TEST_PASSWORD);
+ assertTrue(setPasswordSuccess);
+
+ assertTrue("Set password should return true to flag successful
change", setPasswordSuccess);
+
+ verify(_mockProvider).setPassword(TEST_USERNAME, TEST_PASSWORD);
}
-
- public void testSetPasswordWhereUserDoesNotExist()
+
+ public void testSetPasswordWhereUserDoesNotExist() throws Exception
+ {
+
doThrow(AccountNotFoundException.class).when(_mockProvider).setPassword(TEST_USERNAME,
TEST_PASSWORD);
+
+ boolean setPasswordSuccess =
_userManagement.setPassword(TEST_USERNAME, TEST_PASSWORD);
+
+ assertFalse("Set password should return false to flag unsuccessful
change", setPasswordSuccess);
+ }
+
+ public void testReload() throws Exception
{
- assertFalse("Set password should return false to flag successful
change", _umMBean.setPassword("made.up.username", "newpassword"));
+ boolean reloadSuccess = _userManagement.reloadData();
+
+ assertTrue("Reload should return true to flag succesful update",
reloadSuccess);
+
+ verify(_mockProvider).reload();
}
- public void testViewUsers()
+ public void testReloadFails() throws Exception
{
- TabularData userList = _umMBean.viewUsers();
+ doThrow(IOException.class).when(_mockProvider).reload();
+
+ boolean reloadSuccess = _userManagement.reloadData();
+
+ assertFalse("Expected reload to fail", reloadSuccess);
+ }
+
+ public void testViewUsers() throws Exception
+ {
+ Map<String,String> args = Collections.emptyMap();
+
when(_mockProvider.getUsers()).thenReturn(Collections.singletonMap(TEST_USERNAME,
args));
+
+ TabularData userList = _userManagement.viewUsers();
assertNotNull(userList);
assertEquals("Unexpected number of users in user list", 1,
userList.size());
@@ -141,42 +154,4 @@ public class UserManagementMBeanTest ext
assertTrue(userRec.containsKey(UserManagement.RIGHTS_ADMIN));
assertEquals(false, userRec.get(UserManagement.RIGHTS_ADMIN));
}
-
- // ============================ Utility methods =========================
-
- private void createFreshTestPasswordFile()
- {
- try
- {
- BufferedWriter passwordWriter = new BufferedWriter(new
FileWriter(_passwordFile, false));
- passwordWriter.write(TEST_USERNAME + ":" + TEST_PASSWORD);
- passwordWriter.newLine();
- passwordWriter.flush();
- passwordWriter.close();
- }
- catch (IOException e)
- {
- fail("Unable to create test password file: " + e.getMessage());
- }
- }
-
- private ConfigurationPlugin getConfig(final String clazz, final String
argName, final String argValue) throws Exception
- {
- final ConfigurationPlugin config = new
PrincipalDatabaseAuthenticationManager.PrincipalDatabaseAuthenticationManagerConfiguration();
-
- XMLConfiguration xmlconfig = new XMLConfiguration();
- xmlconfig.addProperty("pd-auth-manager.principal-database.class",
clazz);
-
- if (argName != null)
- {
-
xmlconfig.addProperty("pd-auth-manager.principal-database.attributes.attribute.name",
argName);
-
xmlconfig.addProperty("pd-auth-manager.principal-database.attributes.attribute.value",
argValue);
- }
-
- // Create a CompositeConfiguration as this is what the broker uses
- CompositeConfiguration composite = new CompositeConfiguration();
- composite.addConfiguration(xmlconfig);
- config.setConfiguration("security", xmlconfig);
- return config;
- }
}
Added:
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/test/java/org/apache/qpid/systest/management/jmx/UserManagementTest.java
URL:
http://svn.apache.org/viewvc/qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/test/java/org/apache/qpid/systest/management/jmx/UserManagementTest.java?rev=1354429&view=auto
==============================================================================
---
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/test/java/org/apache/qpid/systest/management/jmx/UserManagementTest.java
(added)
+++
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/test/java/org/apache/qpid/systest/management/jmx/UserManagementTest.java
Wed Jun 27 11:21:16 2012
@@ -0,0 +1,251 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.qpid.systest.management.jmx;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileReader;
+import java.io.FileWriter;
+import java.io.IOException;
+
+import javax.jms.Connection;
+import javax.jms.JMSException;
+
+import org.apache.qpid.management.common.mbeans.UserManagement;
+import
org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase;
+import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
+import org.apache.qpid.test.utils.JMXTestUtils;
+import org.apache.qpid.test.utils.QpidBrokerTestCase;
+import org.apache.qpid.tools.security.Passwd;
+
+/**
+ * System test for User Management.
+ *
+ */
+public class UserManagementTest extends QpidBrokerTestCase
+{
+ private static final String TEST_NEWPASSWORD = "newpassword";
+ private static final String TEST_PASSWORD = "password";
+ private JMXTestUtils _jmxUtils;
+ private String _testUserName;
+ private File _passwordFile;
+ private UserManagement _userManagement;
+ private Passwd _passwd;
+
+ public void setUp() throws Exception
+ {
+ _passwd = createPasswordEncodingUtility();
+ _passwordFile = createTemporaryPasswordFileWithJmxAdminUser();
+
+
setConfigurationProperty("security.pd-auth-manager.principal-database.class",
getPrincipalDatabaseImplClass().getName());
+
setConfigurationProperty("security.pd-auth-manager.principal-database.attributes.attribute.name",
"passwordFile");
+
setConfigurationProperty("security.pd-auth-manager.principal-database.attributes.attribute.value",
_passwordFile.getAbsolutePath());
+
+ _jmxUtils = new JMXTestUtils(this);
+ _jmxUtils.setUp();
+
+ super.setUp();
+ _jmxUtils.open();
+
+ _testUserName = getTestName() + System.currentTimeMillis();
+
+ _userManagement = _jmxUtils.getUserManagement();
+ }
+
+
+ public void tearDown() throws Exception
+ {
+ try
+ {
+ if (_jmxUtils != null)
+ {
+ _jmxUtils.close();
+ }
+ }
+ finally
+ {
+ super.tearDown();
+ }
+ }
+
+ public void testCreateUser() throws Exception
+ {
+ final int initialNumberOfUsers = _userManagement.viewUsers().size();
+ assertFileDoesNotContainsPasswordForUser(_testUserName);
+
+ boolean success = _userManagement.createUser(_testUserName,
TEST_PASSWORD);
+ assertTrue("Should have been able to create new user " +
_testUserName, success);
+ assertEquals("Unexpected number of users after add",
initialNumberOfUsers + 1, _userManagement.viewUsers().size());
+
+ assertFileContainsPasswordForUser(_testUserName);
+ }
+
+ public void testJmsLoginForNewUser() throws Exception
+ {
+ assertJmsConnectionFails(_testUserName, TEST_PASSWORD);
+ testCreateUser();
+
+ assertJmsConnectionSucceeds(_testUserName, TEST_PASSWORD);
+ }
+
+ public void testDeleteUser() throws Exception
+ {
+ final int initialNumberOfUsers = _userManagement.viewUsers().size();
+
+ testCreateUser();
+
+ boolean success = _userManagement.deleteUser(_testUserName);
+ assertTrue("Should have been able to delete new user " +
_testUserName, success);
+ assertEquals("Unexpected number of users after delete",
initialNumberOfUsers, _userManagement.viewUsers().size());
+ assertFileDoesNotContainsPasswordForUser(_testUserName);
+ }
+
+ public void testJmsLoginNotPossibleForDeletedUser() throws Exception
+ {
+ testDeleteUser();
+
+ assertJmsConnectionFails(_testUserName, TEST_PASSWORD);
+ }
+
+ public void testSetPassword() throws Exception
+ {
+ testCreateUser();
+
+ _userManagement.setPassword(_testUserName, TEST_NEWPASSWORD);
+
+ assertFileContainsPasswordForUser(_testUserName);
+ }
+
+ public void testJmsLoginForPasswordChangedUser() throws Exception
+ {
+ testSetPassword();
+
+ assertJmsConnectionSucceeds(_testUserName, TEST_NEWPASSWORD);
+ assertJmsConnectionFails(_testUserName, TEST_PASSWORD);
+ }
+
+ public void testReload() throws Exception
+ {
+ writePasswordFile(_passwordFile, JMXTestUtils.DEFAULT_USERID,
JMXTestUtils.DEFAULT_PASSWORD, _testUserName, TEST_PASSWORD);
+
+ assertJmsConnectionFails(_testUserName, TEST_PASSWORD);
+
+ _userManagement.reloadData();
+
+ assertJmsConnectionSucceeds(_testUserName, TEST_PASSWORD);
+ }
+
+ protected Passwd createPasswordEncodingUtility()
+ {
+ return new Passwd()
+ {
+ @Override
+ public String getOutput(String username, String password)
+ {
+ return username + ":" + password;
+ }
+ };
+ }
+
+ protected Class<? extends PrincipalDatabase>
getPrincipalDatabaseImplClass()
+ {
+ return PlainPasswordFilePrincipalDatabase.class;
+ }
+
+ private File createTemporaryPasswordFileWithJmxAdminUser() throws Exception
+ {
+ File passwordFile = File.createTempFile("passwd", "pwd");
+ passwordFile.deleteOnExit();
+ writePasswordFile(passwordFile, JMXTestUtils.DEFAULT_USERID,
JMXTestUtils.DEFAULT_PASSWORD);
+ return passwordFile;
+ }
+
+ private void writePasswordFile(File passwordFile, String...
userNamePasswordPairs) throws Exception
+ {
+ FileWriter writer = null;
+ try
+ {
+ writer = new FileWriter(passwordFile);
+ for (int i = 0; i < userNamePasswordPairs.length; i=i+2)
+ {
+ String username = userNamePasswordPairs[i];
+ String password = userNamePasswordPairs[i+1];
+ writer.append(_passwd.getOutput(username, password) + "\n");
+ }
+ }
+ finally
+ {
+ writer.close();
+ }
+ }
+
+
+ private void assertFileContainsPasswordForUser(String username) throws
IOException
+ {
+ assertTrue("Could not find password for user " + username + " within "
+ _passwordFile, passwordFileContainsUser(username));
+ }
+
+ private void assertFileDoesNotContainsPasswordForUser(String username)
throws IOException
+ {
+ assertFalse("Could not find password for user " + username + " within
" + _passwordFile, passwordFileContainsUser(username));
+ }
+
+ private boolean passwordFileContainsUser(String username) throws
IOException
+ {
+ BufferedReader reader = null;
+ try
+ {
+ reader = new BufferedReader(new FileReader(_passwordFile));
+ String line = reader.readLine();
+ while(line != null)
+ {
+ if (line.startsWith(username))
+ {
+ return true;
+ }
+ line = reader.readLine();
+ }
+
+ return false;
+ }
+ finally
+ {
+ reader.close();
+ }
+ }
+
+ private void assertJmsConnectionSucceeds(String username, String password)
throws Exception
+ {
+ Connection connection = getConnection(username, password);
+ assertNotNull(connection);
+ }
+
+ private void assertJmsConnectionFails(String username, String password)
throws Exception
+ {
+ try
+ {
+ getConnection(username, password);
+ fail("Exception not thrown");
+ }
+ catch (JMSException e)
+ {
+ // PASS
+ }
+ }
+}
Copied:
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/test/java/org/apache/qpid/systest/management/jmx/UserManagementWithBase64MD5PasswordsTest.java
(from r1354023,
qpid/branches/java-config-and-management/qpid/java/broker/src/main/java/org/apache/qpid/server/model/PasswordCredentialManagingAuthenticationProvider.java)
URL:
http://svn.apache.org/viewvc/qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/test/java/org/apache/qpid/systest/management/jmx/UserManagementWithBase64MD5PasswordsTest.java?p2=qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/test/java/org/apache/qpid/systest/management/jmx/UserManagementWithBase64MD5PasswordsTest.java&p1=qpid/branches/java-config-and-management/qpid/java/broker/src/main/java/org/apache/qpid/server/model/PasswordCredentialManagingAuthenticationProvider.java&r1=1354023&r2=1354429&rev=1354429&view=diff
==============================================================================
---
qpid/branches/java-config-and-management/qpid/java/broker/src/main/java/org/apache/qpid/server/model/PasswordCredentialManagingAuthenticationProvider.java
(original)
+++
qpid/branches/java-config-and-management/qpid/java/broker-plugins/jmx/src/test/java/org/apache/qpid/systest/management/jmx/UserManagementWithBase64MD5PasswordsTest.java
Wed Jun 27 11:21:16 2012
@@ -1,5 +1,4 @@
/*
- *
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -16,22 +15,25 @@
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
- *
*/
-package org.apache.qpid.server.model;
-
-import java.util.Map;
+package org.apache.qpid.systest.management.jmx;
-import javax.security.auth.login.AccountNotFoundException;
+import
org.apache.qpid.server.security.auth.database.Base64MD5PasswordFilePrincipalDatabase;
+import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
+import org.apache.qpid.tools.security.Passwd;
-public interface PasswordCredentialManagingAuthenticationProvider extends
AuthenticationProvider
+public class UserManagementWithBase64MD5PasswordsTest extends
UserManagementTest
{
- boolean createUser(String username, String password, Map<String, String>
attributes);
-
- void deleteUser(String user) throws AccountNotFoundException;
-
- void setPassword(String username, String password) throws
AccountNotFoundException;
-
- Map<String, Map<String,String>> getUsers();
+ @Override
+ protected Passwd createPasswordEncodingUtility()
+ {
+ return new Passwd();
+ }
+
+ @Override
+ protected Class<? extends PrincipalDatabase>
getPrincipalDatabaseImplClass()
+ {
+ return Base64MD5PasswordFilePrincipalDatabase.class;
+ }
}
Modified:
qpid/branches/java-config-and-management/qpid/java/broker/etc/log4j.xml
URL:
http://svn.apache.org/viewvc/qpid/branches/java-config-and-management/qpid/java/broker/etc/log4j.xml?rev=1354429&r1=1354428&r2=1354429&view=diff
==============================================================================
--- qpid/branches/java-config-and-management/qpid/java/broker/etc/log4j.xml
(original)
+++ qpid/branches/java-config-and-management/qpid/java/broker/etc/log4j.xml Wed
Jun 27 11:21:16 2012
@@ -87,10 +87,6 @@
</layout>
</appender>
- <category additivity="true"
name="org.apache.qpid.server.queue.AMQQueueMBean">
- <priority value="info"/>
- </category>
-
<!-- Provide warnings to standard output -->
<category additivity="true" name="org.apache.qpid">
<priority value="warn"/>
@@ -101,8 +97,6 @@
<level value="info"/>
</logger>
-
-
<!-- Examples of additional logging settings -->
<!-- Used to generate extra debug. See debug.log4j.xml -->
Modified:
qpid/branches/java-config-and-management/qpid/java/broker/src/main/java/org/apache/qpid/server/model/PasswordCredentialManagingAuthenticationProvider.java
URL:
http://svn.apache.org/viewvc/qpid/branches/java-config-and-management/qpid/java/broker/src/main/java/org/apache/qpid/server/model/PasswordCredentialManagingAuthenticationProvider.java?rev=1354429&r1=1354428&r2=1354429&view=diff
==============================================================================
---
qpid/branches/java-config-and-management/qpid/java/broker/src/main/java/org/apache/qpid/server/model/PasswordCredentialManagingAuthenticationProvider.java
(original)
+++
qpid/branches/java-config-and-management/qpid/java/broker/src/main/java/org/apache/qpid/server/model/PasswordCredentialManagingAuthenticationProvider.java
Wed Jun 27 11:21:16 2012
@@ -20,6 +20,7 @@
*/
package org.apache.qpid.server.model;
+import java.io.IOException;
import java.util.Map;
import javax.security.auth.login.AccountNotFoundException;
@@ -34,4 +35,12 @@ public interface PasswordCredentialManag
Map<String, Map<String,String>> getUsers();
+ /**
+ * Refreshes the cache of user and password data from the underlying
storage.
+ *
+ * If there is a failure whilst reloading the data, the implementation must
+ * throw an {@link IOException} and revert to using the previous cached
username
+ * and password data. In this way, the broker will remain usable.
+ */
+ void reload() throws IOException;
}
Modified:
qpid/branches/java-config-and-management/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderAdapter.java
URL:
http://svn.apache.org/viewvc/qpid/branches/java-config-and-management/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderAdapter.java?rev=1354429&r1=1354428&r2=1354429&view=diff
==============================================================================
---
qpid/branches/java-config-and-management/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderAdapter.java
(original)
+++
qpid/branches/java-config-and-management/qpid/java/broker/src/main/java/org/apache/qpid/server/model/adapter/AuthenticationProviderAdapter.java
Wed Jun 27 11:21:16 2012
@@ -20,6 +20,7 @@
*/
package org.apache.qpid.server.model.adapter;
+import java.io.IOException;
import java.security.AccessControlException;
import java.security.Principal;
import java.util.ArrayList;
@@ -29,8 +30,9 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.login.AccountNotFoundException;
+
+import org.apache.log4j.Logger;
import org.apache.qpid.server.model.*;
-import org.apache.qpid.server.model.User;
import org.apache.qpid.server.registry.ApplicationRegistry;
import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
@@ -40,6 +42,8 @@ import org.apache.qpid.server.security.a
public abstract class AuthenticationProviderAdapter<T extends
AuthenticationManager> extends AbstractAdapter implements AuthenticationProvider
{
+ private static final Logger LOGGER =
Logger.getLogger(AuthenticationProviderAdapter.class);
+
private final BrokerAdapter _broker;
private final T _authManager;
@@ -78,13 +82,13 @@ public abstract class AuthenticationProv
@Override
public String setName(String currentName, String desiredName) throws
IllegalStateException, AccessControlException
{
- return null; //To change body of implemented methods use File |
Settings | File Templates.
+ return null;
}
@Override
public State getActualState()
{
- return null; //To change body of implemented methods use File |
Settings | File Templates.
+ return null;
}
@Override
@@ -97,7 +101,6 @@ public abstract class AuthenticationProv
public void setDurable(boolean durable)
throws IllegalStateException, AccessControlException,
IllegalArgumentException
{
- //To change body of implemented methods use File | Settings | File
Templates.
}
@Override
@@ -110,7 +113,7 @@ public abstract class AuthenticationProv
public LifetimePolicy setLifetimePolicy(LifetimePolicy expected,
LifetimePolicy desired)
throws IllegalStateException, AccessControlException,
IllegalArgumentException
{
- return null; //To change body of implemented methods use File |
Settings | File Templates.
+ return null;
}
@Override
@@ -177,13 +180,13 @@ public abstract class AuthenticationProv
{
// TODO
}
- return super.getAttribute(name); //To change body of overridden
methods use File | Settings | File Templates.
+ return super.getAttribute(name);
}
@Override
public <C extends ConfiguredObject> Collection<C> getChildren(Class<C>
clazz)
{
- return null; //To change body of implemented methods use File |
Settings | File Templates.
+ return null;
}
@Override
@@ -191,7 +194,7 @@ public abstract class AuthenticationProv
Map<String, Object>
attributes,
ConfiguredObject...
otherParents)
{
- return null; //To change body of implemented methods use File |
Settings | File Templates.
+ return null;
}
private static class SimpleAuthenticationProviderAdapter extends
AuthenticationProviderAdapter<AuthenticationManager>
@@ -251,6 +254,18 @@ public abstract class AuthenticationProv
getPrincipalDatabase().updatePassword(new
UsernamePrincipal(username), password.toCharArray());
}
+ public void reload() throws IOException
+ {
+ if(getSecurityManager().authoriseMethod(Operation.UPDATE,
"UserManagement", "reload"))
+ {
+ getPrincipalDatabase().reload();
+ }
+ else
+ {
+ throw new AccessControlException("Do not have permission to
reload principal database");
+ }
+ }
+
@Override
public Map<String, Map<String, String>> getUsers()
{
@@ -433,7 +448,7 @@ public abstract class AuthenticationProv
{
return getName();
}
- return super.getAttribute(name); //To change body of
overridden methods use File | Settings | File Templates.
+ return super.getAttribute(name);
}
@Override
@@ -461,12 +476,11 @@ public abstract class AuthenticationProv
}
catch (AccountNotFoundException e)
{
- // TODO - log?
+ LOGGER.warn("Failed to delete user " + _user, e);
}
return State.DELETED;
}
- return super.setDesiredState(currentState,
- desiredState); //To change
body of overridden methods use File | Settings | File Templates.
+ return super.setDesiredState(currentState, desiredState);
}
}
}
Modified:
qpid/branches/java-config-and-management/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/AbstractPasswordFilePrincipalDatabase.java
URL:
http://svn.apache.org/viewvc/qpid/branches/java-config-and-management/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/AbstractPasswordFilePrincipalDatabase.java?rev=1354429&r1=1354428&r2=1354429&view=diff
==============================================================================
---
qpid/branches/java-config-and-management/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/AbstractPasswordFilePrincipalDatabase.java
(original)
+++
qpid/branches/java-config-and-management/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/AbstractPasswordFilePrincipalDatabase.java
Wed Jun 27 11:21:16 2012
@@ -198,7 +198,7 @@ public abstract class AbstractPasswordFi
try
{
_userUpdate.lock();
- _userMap.clear();
+ final Map<String, U> newUserMap = new HashMap<String, U>();
BufferedReader reader = null;
try
@@ -216,7 +216,7 @@ public abstract class AbstractPasswordFi
U user = createUserFromFileData(result);
getLogger().info("Created user:" + user);
- _userMap.put(user.getName(), user);
+ newUserMap.put(user.getName(), user);
}
}
finally
@@ -226,6 +226,9 @@ public abstract class AbstractPasswordFi
reader.close();
}
}
+
+ _userMap.clear();
+ _userMap.putAll(newUserMap);
}
finally
{
Modified:
qpid/branches/java-config-and-management/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/JMXTestUtils.java
URL:
http://svn.apache.org/viewvc/qpid/branches/java-config-and-management/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/JMXTestUtils.java?rev=1354429&r1=1354428&r2=1354429&view=diff
==============================================================================
---
qpid/branches/java-config-and-management/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/JMXTestUtils.java
(original)
+++
qpid/branches/java-config-and-management/qpid/java/systests/src/main/java/org/apache/qpid/test/utils/JMXTestUtils.java
Wed Jun 27 11:21:16 2012
@@ -54,8 +54,8 @@ import java.util.Set;
*/
public class JMXTestUtils
{
- private static final String DEFAULT_PASSWORD = "admin";
- private static final String DEFAULT_USERID = "admin";
+ public static final String DEFAULT_PASSWORD = "admin";
+ public static final String DEFAULT_USERID = "admin";
private MBeanServerConnection _mbsc;
private JMXConnector _jmxc;
@@ -160,7 +160,6 @@ public class JMXTestUtils
throws IOException, JMException, MBeanException
{
ManagedBroker managedBroker = getManagedBroker(virtualHostName);
-
managedBroker.unregisterExchange(exchange);
}
@@ -176,87 +175,81 @@ public class JMXTestUtils
throws IOException, JMException, MBeanException
{
ManagedBroker managedBroker = getManagedBroker(virtualHostName);
-
managedBroker.deleteQueue(queueName);
}
-
+
/**
- * Sets the logging level.
+ * Sets the logging level.
*
* @throws JMException
* @throws IOException if there is a problem with the JMX Connection
* @throws MBeanException
*/
public void setRuntimeLoggerLevel(String logger, String level)
- throws IOException, JMException, MBeanException
+ throws IOException, JMException, MBeanException
{
LoggingManagement loggingManagement = getLoggingManagement();
-
loggingManagement.setRuntimeLoggerLevel(logger, level);
}
-
+
/**
- * Reload logging config file.
+ * Reload logging config file.
*
* @throws JMException
* @throws IOException if there is a problem with the JMX Connection
* @throws MBeanException
*/
public void reloadConfigFile()
- throws IOException, JMException, MBeanException
+ throws IOException, JMException, MBeanException
{
LoggingManagement loggingManagement = getLoggingManagement();
-
loggingManagement.reloadConfigFile();
}
/**
- * Get list of available logger levels.
+ * Get list of available logger levels.
*
* @throws JMException
* @throws IOException if there is a problem with the JMX Connection
* @throws MBeanException
*/
public String[] getAvailableLoggerLevels()
- throws IOException, JMException, MBeanException
+ throws IOException, JMException, MBeanException
{
LoggingManagement loggingManagement = getLoggingManagement();
-
return loggingManagement.getAvailableLoggerLevels();
}
-
+
/**
- * Set root logger level.
+ * Set root logger level.
*
* @throws JMException
* @throws IOException if there is a problem with the JMX Connection
* @throws MBeanException
*/
public void setRuntimeRootLoggerLevel(String level)
- throws IOException, JMException, MBeanException
+ throws IOException, JMException, MBeanException
{
LoggingManagement loggingManagement = getLoggingManagement();
-
loggingManagement.setRuntimeRootLoggerLevel(level);
}
-
+
/**
- * Get root logger level.
+ * Get root logger level.
*
* @throws JMException
* @throws IOException if there is a problem with the JMX Connection
* @throws MBeanException
*/
public String getRuntimeRootLoggerLevel()
- throws IOException, JMException, MBeanException
+ throws IOException, JMException, MBeanException
{
LoggingManagement loggingManagement = getLoggingManagement();
-
return loggingManagement.getRuntimeRootLoggerLevel();
}
/**
- * Retrive the ObjectName for a Virtualhost.
+ * Retrieve the ObjectName for a Virtualhost.
*
* This is then used to create a proxy to the ManagedBroker MBean.
*
@@ -277,12 +270,12 @@ public class JMXTestUtils
// We have verified we have only one value in objectNames so return it
ObjectName objectName = objectNames.iterator().next();
- _test.getLogger().info("Loading: " + objectName);
+ _test.getLogger().info("Loading: " + objectName);
return objectName;
}
/**
- * Retrive the ObjectName for the given Queue on a Virtualhost.
+ * Retrieve the ObjectName for the given Queue on a Virtualhost.
*
* This is then used to create a proxy to the ManagedQueue MBean.
*
@@ -305,7 +298,7 @@ public class JMXTestUtils
// We have verified we have only one value in objectNames so return it
ObjectName objectName = objectNames.iterator().next();
- _test.getLogger().info("Loading: " + objectName);
+ _test.getLogger().info("Loading: " + objectName);
return objectName;
}
@@ -333,7 +326,7 @@ public class JMXTestUtils
// We have verified we have only one value in objectNames so return it
ObjectName objectName = objectNames.iterator().next();
- _test.getLogger().info("Loading: " + objectName);
+ _test.getLogger().info("Loading: " + objectName);
return objectName;
}
@@ -346,7 +339,7 @@ public class JMXTestUtils
_test.assertEquals("Unexpected number of objects matching " +
managedClass + " returned", 1, objectNames.size());
ObjectName objectName = objectNames.iterator().next();
- _test.getLogger().info("Loading: " + objectName);
+ _test.getLogger().info("Loading: " + objectName);
return getManagedObject(managedClass, objectName);
}
@@ -379,34 +372,34 @@ public class JMXTestUtils
{
return getManagedObject(ManagedBroker.class,
getVirtualHostManagerObjectName(virtualHost));
}
-
+
public ManagedExchange getManagedExchange(String exchangeName)
{
- ObjectName objectName = getExchangeObjectName("test",
exchangeName);
+ ObjectName objectName = getExchangeObjectName("test", exchangeName);
return MBeanServerInvocationHandler.newProxyInstance(_mbsc,
objectName, ManagedExchange.class, false);
}
-
+
public ManagedQueue getManagedQueue(String queueName)
{
ObjectName objectName = getQueueObjectName("test", queueName);
return getManagedObject(ManagedQueue.class, objectName);
}
- public LoggingManagement getLoggingManagement() throws
MalformedObjectNameException
+ public LoggingManagement getLoggingManagement() throws
MalformedObjectNameException
{
- ObjectName objectName = new
ObjectName("org.apache.qpid:type=LoggingManagement,name=LoggingManagement");
+ ObjectName objectName = new
ObjectName("org.apache.qpid:type=LoggingManagement,name=LoggingManagement");
return getManagedObject(LoggingManagement.class, objectName);
}
-
- public ConfigurationManagement getConfigurationManagement() throws
MalformedObjectNameException
+
+ public ConfigurationManagement getConfigurationManagement() throws
MalformedObjectNameException
{
- ObjectName objectName = new
ObjectName("org.apache.qpid:type=ConfigurationManagement,name=ConfigurationManagement");
+ ObjectName objectName = new
ObjectName("org.apache.qpid:type=ConfigurationManagement,name=ConfigurationManagement");
return getManagedObject(ConfigurationManagement.class, objectName);
}
-
- public UserManagement getUserManagement() throws
MalformedObjectNameException
+
+ public UserManagement getUserManagement() throws
MalformedObjectNameException
{
- ObjectName objectName = new
ObjectName("org.apache.qpid:type=UserManagement,name=UserManagement");
+ ObjectName objectName = new
ObjectName("org.apache.qpid:type=UserManagement,name=UserManagement");
return getManagedObject(UserManagement.class, objectName);
}
Modified:
qpid/branches/java-config-and-management/qpid/java/test-profiles/CPPExcludes
URL:
http://svn.apache.org/viewvc/qpid/branches/java-config-and-management/qpid/java/test-profiles/CPPExcludes?rev=1354429&r1=1354428&r2=1354429&view=diff
==============================================================================
---
qpid/branches/java-config-and-management/qpid/java/test-profiles/CPPExcludes
(original)
+++
qpid/branches/java-config-and-management/qpid/java/test-profiles/CPPExcludes
Wed Jun 27 11:21:16 2012
@@ -102,10 +102,8 @@ org.apache.qpid.server.logging.actors.*
// CPP Broker does not have a JMX interface to test
org.apache.qpid.management.jmx.*
-org.apache.qpid.server.queue.AMQQueueMBeanTest#*
-org.apache.qpid.server.exchange.ExchangeMBeanTest#*
-org.apache.qpid.server.AMQBrokerManagerMBeanTest#*
-org.apache.qpid.server.protocol.AMQProtocolSessionMBeanTest#*
+org.apache.qpid.server.jmx.mbeans.*
+org.apache.qpid.systest.management.jmx.*
// JMX is used in this test for validation
org.apache.qpid.server.queue.ModelTest#*
Modified:
qpid/branches/java-config-and-management/qpid/java/test-profiles/Excludes
URL:
http://svn.apache.org/viewvc/qpid/branches/java-config-and-management/qpid/java/test-profiles/Excludes?rev=1354429&r1=1354428&r2=1354429&view=diff
==============================================================================
--- qpid/branches/java-config-and-management/qpid/java/test-profiles/Excludes
(original)
+++ qpid/branches/java-config-and-management/qpid/java/test-profiles/Excludes
Wed Jun 27 11:21:16 2012
@@ -43,5 +43,3 @@ org.apache.qpid.systest.disttest.endtoen
org.apache.qpid.management.jmx.ManagementActorLoggingTest#*
# Expects management log messages in SystemOut that arent present anymore due
to move to plugin
org.apache.qpid.server.logging.ManagementLoggingTest#*
-#Need to implement a new way to instantiate the BDBHA MBean
-#org.apache.qpid.server.store.berkeleydb.*
Modified:
qpid/branches/java-config-and-management/qpid/java/test-profiles/Java010Excludes
URL:
http://svn.apache.org/viewvc/qpid/branches/java-config-and-management/qpid/java/test-profiles/Java010Excludes?rev=1354429&r1=1354428&r2=1354429&view=diff
==============================================================================
---
qpid/branches/java-config-and-management/qpid/java/test-profiles/Java010Excludes
(original)
+++
qpid/branches/java-config-and-management/qpid/java/test-profiles/Java010Excludes
Wed Jun 27 11:21:16 2012
@@ -65,3 +65,8 @@ org.apache.qpid.client.failover.AddressB
// QPID-3604: Immediate Prefetch no longer supported by 0-10
org.apache.qpid.client.AsynchMessageListenerTest#testImmediatePrefetchWithMessageListener
+// QPID-4090: Can't connect from Java Client to Java Broker when Broker uses
Base64MD5PasswordFilePrincipalDatabase principal database (0-10 protocol only)
+org.apache.qpid.systest.management.jmx.UserManagementWithBase64MD5PasswordsTest#testJmsLoginForNewUser
+org.apache.qpid.systest.management.jmx.UserManagementWithBase64MD5PasswordsTest#testJmsLoginNotPossibleForDeletedUser
+org.apache.qpid.systest.management.jmx.UserManagementWithBase64MD5PasswordsTest#testJmsLoginForPasswordChangedUser
+org.apache.qpid.systest.management.jmx.UserManagementWithBase64MD5PasswordsTest#testReload
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
